diff options
| author | Cy Schubert <cy@FreeBSD.org> | 2020-08-21 22:56:05 +0000 |
|---|---|---|
| committer | Cy Schubert <cy@FreeBSD.org> | 2020-08-21 22:56:05 +0000 |
| commit | 7973006f41cdaf144441d1a39f9f075053435e2f (patch) | |
| tree | 157d55b04796bb6f041656c0e84dd5106f4bc4be | |
| parent | 6a53c00e64c4cf911eb00846733d9e6a47b2e7f4 (diff) | |
| download | src-7973006f41cdaf144441d1a39f9f075053435e2f.tar.gz src-7973006f41cdaf144441d1a39f9f075053435e2f.zip | |
Vendor import of Unbound 1.11.0.vendor/unbound/1.11.0
Notes
Notes:
svn path=/vendor/unbound/dist/; revision=364468
svn path=/vendor/unbound/1.11.0/; revision=364470; tag=vendor/unbound/1.11.0
302 files changed, 21783 insertions, 8788 deletions
diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml index ecee84aa4132..2a357c0c7778 100644 --- a/.github/FUNDING.yml +++ b/.github/FUNDING.yml @@ -1,12 +1,2 @@ -# These are supported funding model platforms - -github: # Replace with up to 4 GitHub Sponsors-enabled usernames e.g., [user1, user2] -patreon: # Replace with a single Patreon username -open_collective: # Replace with a single Open Collective username -ko_fi: # Replace with a single Ko-fi username -tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel -community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry -liberapay: # Replace with a single Liberapay username -issuehunt: # Replace with a single IssueHunt username -otechie: # Replace with a single Otechie username +github: [NLnetLabs] custom: ['https://nlnetlabs.nl/funding/'] diff --git a/.gitignore b/.gitignore index c1e2649db25d..7688fd758bd2 100644 --- a/.gitignore +++ b/.gitignore @@ -37,6 +37,7 @@ /petal /pktview /streamtcp +/unbound-dnstap-socket /testbound /unittest /contrib/libunbound.pc diff --git a/.travis.yml b/.travis.yml index 45a7cb153501..37ea672b3494 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,7 +1,8 @@ -sudo: false language: c -compiler: - - gcc + +git: + depth: 5 + addons: apt: packages: @@ -9,8 +10,335 @@ addons: - libevent-dev - libexpat-dev - clang + homebrew: + packages: + - openssl + - libevent + - expat + update: true + +jobs: + include: + - os: linux + name: GCC on Linux, Amd64 + compiler: gcc + arch: amd64 + env: + - CONFIG_OPTS="--enable-debug --disable-flto" + - os: linux + name: Clang on Linux, Amd64 + compiler: clang + arch: amd64 + env: + - CONFIG_OPTS="--enable-debug --disable-flto" + - os: osx + name: Clang on OS X, Amd64 + compiler: clang + arch: amd64 + env: + - TEST_OSX=yes + - CONFIG_OPTS="--enable-debug --disable-flto --with-ssl=/usr/local/opt/openssl/" + - os: linux + name: Libevent, GCC on Linux, Amd64 + compiler: gcc + arch: amd64 + env: + - TEST_LIBEVENT=yes + - CONFIG_OPTS="--with-libevent" + - os: linux + name: Libevent, Clang on Linux, Amd64 + compiler: clang + arch: amd64 + env: + - TEST_LIBEVENT=yes + - CONFIG_OPTS="--with-libevent" + - os: osx + name: Libevent, Clang on OS X, Amd64 + compiler: clang + arch: amd64 + env: + - TEST_OSX=yes + - TEST_LIBEVENT=yes + - CONFIG_OPTS="--with-ssl=/usr/local/opt/openssl/ --with-libevent=/usr/local/opt/libevent/" + - os: linux + name: UBsan, GCC on Linux, Amd64 + compiler: gcc + arch: amd64 + dist: bionic + env: + - TEST_UBSAN=yes + - os: linux + name: UBsan, Clang on Linux, Amd64 + compiler: clang + arch: amd64 + dist: bionic + env: + - TEST_UBSAN=yes + - os: linux + name: Asan, GCC on Linux, Amd64 + compiler: gcc + arch: amd64 + dist: bionic + env: + - TEST_ASAN=yes + - os: linux + name: Asan, Clang on Linux, Amd64 + compiler: clang + arch: amd64 + dist: bionic + env: + - TEST_ASAN=yes + - os: linux + name: GCC on Linux, Aarch64 + compiler: gcc + arch: arm64 + dist: bionic + env: + - CONFIG_OPTS="--enable-debug --disable-flto" + - os: linux + name: Clang on Linux, Aarch64 + compiler: clang + arch: arm64 + dist: bionic + env: + - CONFIG_OPTS="--enable-debug --disable-flto" + - os: linux + name: GCC on Linux, PowerPC64 + compiler: gcc + arch: ppc64le + dist: bionic + env: + - CONFIG_OPTS="--enable-debug --disable-flto" + - os: linux + name: Clang on Linux, PowerPC64 + compiler: clang + arch: ppc64le + dist: bionic + env: + - CONFIG_OPTS="--enable-debug --disable-flto" + - os: linux + name: GCC on Linux, s390x + compiler: gcc + arch: s390x + dist: bionic + env: + - CONFIG_OPTS="--enable-debug --disable-flto" + - os: linux + name: Clang on Linux, s390x + compiler: clang + arch: s390x + dist: bionic + env: + - CONFIG_OPTS="--enable-debug --disable-flto" + - os: osx + osx_image: xcode10 + name: Apple iPhone on iOS, armv7 + compiler: clang + env: + - TEST_IOS=yes + - AUTOTOOLS_HOST=armv7-apple-ios + - OPENSSL_HOST=ios-cross + - IOS_SDK=iPhoneOS + - IOS_CPU=armv7s + - IOS_PREFIX="$HOME/$IOS_SDK-$IOS_CPU" + - os: osx + osx_image: xcode10 + name: Apple iPhone on iOS, arm64 + compiler: clang + env: + - TEST_IOS=yes + - AUTOTOOLS_HOST=aarch64-apple-ios + - OPENSSL_HOST=ios64-cross + - IOS_SDK=iPhoneOS + - IOS_CPU=arm64 + - IOS_PREFIX="$HOME/$IOS_SDK-$IOS_CPU" + - os: osx + osx_image: xcode10 + name: Apple TV on iOS, arm64 + compiler: clang + env: + - TEST_IOS=yes + - AUTOTOOLS_HOST=aarch64-apple-ios + - OPENSSL_HOST=ios64-cross + - IOS_SDK=AppleTVOS + - IOS_CPU=arm64 + - IOS_PREFIX="$HOME/$IOS_SDK-$IOS_CPU" + - os: osx + osx_image: xcode10 + name: Apple Watch on iOS, armv7 + compiler: clang + env: + - TEST_IOS=yes + - AUTOTOOLS_HOST=armv7-apple-ios + - OPENSSL_HOST=ios-cross + - IOS_SDK=WatchOS + - IOS_CPU=armv7k + - IOS_PREFIX="$HOME/$IOS_SDK-$IOS_CPU" + - os: osx + osx_image: xcode10 + name: iPhoneSimulator on OS X, i386 + env: + - TEST_IOS=yes + - AUTOTOOLS_HOST=i386-apple-ios + - OPENSSL_HOST=iphoneos-cross + - IOS_CPU=i386 + - IOS_SDK=iPhoneSimulator + - IOS_PREFIX="$HOME/$IOS_SDK-$IOS_CPU" + - os: osx + osx_image: xcode10 + name: iPhoneSimulator on OS X, x86_64 + env: + - TEST_IOS=yes + - AUTOTOOLS_HOST=x86_64-apple-ios + - OPENSSL_HOST=iphoneos-cross + - IOS_CPU=x86_64 + - IOS_SDK=iPhoneSimulator + - IOS_PREFIX="$HOME/$IOS_SDK-$IOS_CPU" + - os: osx + osx_image: xcode10 + name: AppleTVSimulator on OS X, x86_64 + env: + - TEST_IOS=yes + - AUTOTOOLS_HOST=x86_64-apple-ios + - OPENSSL_HOST=iphoneos-cross + - IOS_CPU=x86_64 + - IOS_SDK=AppleTVSimulator + - IOS_PREFIX="$HOME/$IOS_SDK-$IOS_CPU" + - os: osx + osx_image: xcode10 + name: WatchSimulator on OS X, i386 + env: + - TEST_IOS=yes + - AUTOTOOLS_HOST=i386-apple-ios + - OPENSSL_HOST=iphoneos-cross + - IOS_CPU=i386 + - IOS_SDK=WatchSimulator + - IOS_PREFIX="$HOME/$IOS_SDK-$IOS_CPU" + - os: linux + name: Android armv7a, Linux, Amd64 + compiler: clang + arch: amd64 + dist: bionic + env: + - TEST_ANDROID=yes + - AUTOTOOLS_HOST=armv7a-linux-androideabi + - OPENSSL_HOST=android-arm + - ANDROID_CPU=armv7a + - ANDROID_API=23 + - ANDROID_PREFIX="$HOME/android$ANDROID_API-$ANDROID_CPU" + - ANDROID_SDK_ROOT="$HOME/android-sdk" + - ANDROID_NDK_ROOT="$HOME/android-ndk" + - os: linux + name: Android aarch64, Linux, Amd64 + compiler: clang + arch: amd64 + dist: bionic + env: + - TEST_ANDROID=yes + - AUTOTOOLS_HOST=aarch64-linux-android + - OPENSSL_HOST=android-arm64 + - ANDROID_CPU=aarch64 + - ANDROID_API=23 + - ANDROID_PREFIX="$HOME/android$ANDROID_API-$ANDROID_CPU" + - ANDROID_SDK_ROOT="$HOME/android-sdk" + - ANDROID_NDK_ROOT="$HOME/android-ndk" + - os: linux + name: Android x86, Linux, Amd64 + compiler: clang + arch: amd64 + dist: bionic + env: + - TEST_ANDROID=yes + - AUTOTOOLS_HOST=i686-linux-android + - OPENSSL_HOST=android-x86 + - ANDROID_CPU=x86 + - ANDROID_API=23 + - ANDROID_PREFIX="$HOME/android$ANDROID_API-$ANDROID_CPU" + - ANDROID_SDK_ROOT="$HOME/android-sdk" + - ANDROID_NDK_ROOT="$HOME/android-ndk" + - os: linux + name: Android x86_64, Linux, Amd64 + compiler: clang + arch: amd64 + dist: bionic + env: + - TEST_ANDROID=yes + - AUTOTOOLS_HOST=x86_64-linux-android + - OPENSSL_HOST=android-x86_64 + - ANDROID_CPU=x86_64 + - ANDROID_API=23 + - ANDROID_PREFIX="$HOME/android$ANDROID_API-$ANDROID_CPU" + - ANDROID_SDK_ROOT="$HOME/android-sdk" + - ANDROID_NDK_ROOT="$HOME/android-ndk" + + allow_failures: + - os: linux + name: Android armv7a, Linux, Amd64 + - os: linux + name: Android aarch64, Linux, Amd64 + - os: linux + name: Android x86, Linux, Amd64 + - os: linux + name: Android x86_64, Linux, Amd64 + +before_script: + - | + if [ "$TEST_ANDROID" = "yes" ]; then + ./contrib/android/install_tools.sh + elif [ "$TEST_IOS" = "yes" ]; then + ./contrib/ios/install_tools.sh + fi + +# The Travis docs say to avoid calling exit in the script. It leads to +# some code duplication to avoid failures in cross-compiles. Also see +# https://docs.travis-ci.com/user/job-lifecycle/ in the Travis docs. script: - - ./configure --enable-debug --disable-flto - - make - - make test - - (cd testdata/clang-analysis.tdir; bash clang-analysis.test) + - | + if [ "$TEST_UBSAN" = "yes" ]; then + export CFLAGS="-DNDEBUG -g2 -O3 -fsanitize=undefined -fno-sanitize-recover" + ./configure + make -j 2 + make test + elif [ "$TEST_ASAN" = "yes" ]; then + export CFLAGS="-DNDEBUG -g2 -O3 -fsanitize=address" + ./configure + make -j 2 + make test + elif [ "$TEST_IOS" = "yes" ]; then + export AUTOTOOLS_BUILD="$(./config.guess)" + export PKG_CONFIG_PATH="$IOS_PREFIX/lib/pkgconfig" + source ./contrib/ios/setenv_ios.sh + ./contrib/ios/install_openssl.sh + ./contrib/ios/install_expat.sh + ./configure \ + --build="$AUTOTOOLS_BUILD" --host="$AUTOTOOLS_HOST" \ + --prefix="$IOS_PREFIX" \ + --with-ssl="$IOS_PREFIX" --disable-gost \ + --with-libexpat="$IOS_PREFIX"; + make -j 2 + make install + elif [ "$TEST_ANDROID" = "yes" ]; then + export AUTOTOOLS_BUILD="$(./config.guess)" + export PKG_CONFIG_PATH="$ANDROID_PREFIX/lib/pkgconfig" + ./contrib/android/install_ndk.sh + source ./contrib/android/setenv_android.sh + ./contrib/android/install_openssl.sh + ./contrib/android/install_expat.sh + ./configure \ + --build="$AUTOTOOLS_BUILD" --host="$AUTOTOOLS_HOST" \ + --prefix="$ANDROID_PREFIX" \ + --with-ssl="$ANDROID_PREFIX" --disable-gost \ + --with-libexpat="$ANDROID_PREFIX"; + make -j 2 + make install + elif [ "$TEST_OSX" = "yes" ]; then + ./configure --enable-debug --disable-flto --with-ssl=/usr/local/opt/openssl/ + make -j 2 + make test + (cd testdata/clang-analysis.tdir; bash clang-analysis.test) + else + ./configure ${CONFIG_OPTS} + make -j 2 + make test + (cd testdata/clang-analysis.tdir; bash clang-analysis.test) + fi diff --git a/Makefile.in b/Makefile.in index a20058cc23c6..bac212df2170 100644 --- a/Makefile.in +++ b/Makefile.in @@ -25,6 +25,7 @@ DNSTAP_SRC=@DNSTAP_SRC@ DNSTAP_OBJ=@DNSTAP_OBJ@ DNSCRYPT_SRC=@DNSCRYPT_SRC@ DNSCRYPT_OBJ=@DNSCRYPT_OBJ@ +WITH_DYNLIBMODULE=@WITH_DYNLIBMODULE@ WITH_PYTHONMODULE=@WITH_PYTHONMODULE@ WITH_PYUNBOUND=@WITH_PYUNBOUND@ PY_MAJOR_VERSION=@PY_MAJOR_VERSION@ @@ -77,7 +78,7 @@ LINT=splint LINTFLAGS=+quiet -weak -warnposix -unrecog -Din_addr_t=uint32_t -Du_int=unsigned -Du_char=uint8_t -preproc -Drlimit=rlimit64 -D__gnuc_va_list=va_list -formatcode #-Dglob64=glob -Dglobfree64=globfree # compat with openssl linux edition. -LINTFLAGS+="-DBN_ULONG=unsigned long" -Dkrb5_int32=int "-Dkrb5_ui_4=unsigned int" -DPQ_64BIT=uint64_t -DRC4_INT=unsigned -fixedformalarray -D"ENGINE=unsigned" -D"RSA=unsigned" -D"DSA=unsigned" -D"EVP_PKEY=unsigned" -D"EVP_MD=unsigned" -D"SSL=unsigned" -D"SSL_CTX=unsigned" -D"X509=unsigned" -D"RC4_KEY=unsigned" -D"EVP_MD_CTX=unsigned" -D"ECDSA_SIG=DSA_SIG" -Dfstrm_res=int +LINTFLAGS+="-DBN_ULONG=unsigned long" -Dkrb5_int32=int "-Dkrb5_ui_4=unsigned int" -DPQ_64BIT=uint64_t -DRC4_INT=unsigned -fixedformalarray -D"ENGINE=unsigned" -D"RSA=unsigned" -D"DSA=unsigned" -D"EVP_PKEY=unsigned" -D"EVP_MD=unsigned" -D"SSL=unsigned" -D"SSL_CTX=unsigned" -D"X509=unsigned" -D"RC4_KEY=unsigned" -D"EVP_MD_CTX=unsigned" -D"ECDSA_SIG=DSA_SIG" # compat with NetBSD LINTFLAGS+=@NETBSD_LINTFLAGS@ # compat with OpenBSD @@ -87,6 +88,12 @@ LINTFLAGS+="-D__uint16_t=uint16_t" "-DEVP_PKEY_ASN1_METHOD=int" "-D_RuneLocale=i INSTALL=$(SHELL) $(srcdir)/install-sh +DYNLIBMOD_SRC=dynlibmod/dynlibmod.c +DYNLIBMOD_OBJ=@DYNLIBMOD_OBJ@ +DYNLIBMOD_HEADER=@DYNLIBMOD_HEADER@ +DYNLIBMOD_EXTRALIBS=@DYNLIBMOD_EXTRALIBS@ + + #pythonmod.c is not here, it is mentioned by itself in its own rules, #makedepend fails on missing interface.h otherwise. PYTHONMOD_SRC=pythonmod/pythonmod_utils.c @@ -140,7 +147,7 @@ autotrust.lo val_anchor.lo rpz.lo \ validator.lo val_kcache.lo val_kentry.lo val_neg.lo val_nsec3.lo val_nsec.lo \ val_secalgo.lo val_sigcrypt.lo val_utils.lo dns64.lo cachedb.lo redis.lo authzone.lo \ $(SUBNET_OBJ) $(PYTHONMOD_OBJ) $(CHECKLOCK_OBJ) $(DNSTAP_OBJ) $(DNSCRYPT_OBJ) \ -$(IPSECMOD_OBJ) $(IPSET_OBJ) respip.lo +$(IPSECMOD_OBJ) $(IPSET_OBJ) $(DYNLIBMOD_OBJ) respip.lo COMMON_OBJ_WITHOUT_UB_EVENT=$(COMMON_OBJ_WITHOUT_NETCALL) netevent.lo listen_dnsport.lo \ outside_network.lo COMMON_OBJ=$(COMMON_OBJ_WITHOUT_UB_EVENT) ub_event.lo @@ -219,7 +226,7 @@ MEMSTATS_OBJ_LINK=$(MEMSTATS_OBJ) worker_cb.lo $(COMMON_OBJ) $(COMPAT_OBJ) \ $(SLDNS_OBJ) ASYNCLOOK_SRC=testcode/asynclook.c ASYNCLOOK_OBJ=asynclook.lo -ASYNCLOOK_OBJ_LINK=$(ASYNCLOOK_OBJ) log.lo locks.lo $(COMPAT_OBJ) @ASYNCLOOK_ALLOCCHECK_EXTRA_OBJ@ +ASYNCLOOK_OBJ_LINK=$(ASYNCLOOK_OBJ) log.lo locks.lo $(CHECKLOCK_OBJ) $(COMPAT_OBJ) @ASYNCLOOK_ALLOCCHECK_EXTRA_OBJ@ STREAMTCP_SRC=testcode/streamtcp.c STREAMTCP_OBJ=streamtcp.lo STREAMTCP_OBJ_LINK=$(STREAMTCP_OBJ) worker_cb.lo $(COMMON_OBJ) $(COMPAT_OBJ) \ @@ -233,6 +240,10 @@ DELAYER_OBJ_LINK=$(DELAYER_OBJ) worker_cb.lo $(COMMON_OBJ) $(COMPAT_OBJ) \ $(SLDNS_OBJ) IPSET_SRC=@IPSET_SRC@ IPSET_OBJ=@IPSET_OBJ@ +DNSTAP_SOCKET_SRC=dnstap/unbound-dnstap-socket.c +DNSTAP_SOCKET_OBJ=unbound-dnstap-socket.lo +DNSTAP_SOCKET_OBJ_LINK=$(DNSTAP_SOCKET_OBJ) $(COMMON_OBJ) \ +$(COMPAT_OBJ) $(SLDNS_OBJ) LIBUNBOUND_SRC=libunbound/context.c libunbound/libunbound.c \ libunbound/libworker.c LIBUNBOUND_OBJ=context.lo libunbound.lo libworker.lo ub_event_pluggable.lo @@ -259,7 +270,7 @@ ALL_SRC=$(COMMON_SRC) $(UNITTEST_SRC) $(DAEMON_SRC) \ $(TESTBOUND_SRC) $(LOCKVERIFY_SRC) $(PKTVIEW_SRC) \ $(MEMSTATS_SRC) $(CHECKCONF_SRC) $(LIBUNBOUND_SRC) $(HOST_SRC) \ $(ASYNCLOOK_SRC) $(STREAMTCP_SRC) $(PERF_SRC) $(DELAYER_SRC) \ - $(CONTROL_SRC) $(UBANCHOR_SRC) $(PETAL_SRC) \ + $(CONTROL_SRC) $(UBANCHOR_SRC) $(PETAL_SRC) $(DNSTAP_SOCKET_SRC)\ $(PYTHONMOD_SRC) $(PYUNBOUND_SRC) $(WIN_DAEMON_THE_SRC) \ $(SVCINST_SRC) $(SVCUNINST_SRC) $(ANCHORUPD_SRC) $(SLDNS_SRC) @@ -267,7 +278,7 @@ ALL_OBJ=$(COMMON_OBJ) $(UNITTEST_OBJ) $(DAEMON_OBJ) \ $(TESTBOUND_OBJ) $(LOCKVERIFY_OBJ) $(PKTVIEW_OBJ) \ $(MEMSTATS_OBJ) $(CHECKCONF_OBJ) $(LIBUNBOUND_OBJ) $(HOST_OBJ) \ $(ASYNCLOOK_OBJ) $(STREAMTCP_OBJ) $(PERF_OBJ) $(DELAYER_OBJ) \ - $(CONTROL_OBJ) $(UBANCHOR_OBJ) $(PETAL_OBJ) \ + $(CONTROL_OBJ) $(UBANCHOR_OBJ) $(PETAL_OBJ) $(DNSTAP_SOCKET_OBJ)\ $(COMPAT_OBJ) $(PYUNBOUND_OBJ) \ $(SVCINST_OBJ) $(SVCUNINST_OBJ) $(ANCHORUPD_OBJ) $(SLDNS_OBJ) @@ -306,6 +317,7 @@ rsrc_unbound_checkconf.o: $(srcdir)/winrc/rsrc_unbound_checkconf.rc config.h TEST_BIN=asynclook$(EXEEXT) delayer$(EXEEXT) \ lock-verify$(EXEEXT) memstats$(EXEEXT) perf$(EXEEXT) \ petal$(EXEEXT) pktview$(EXEEXT) streamtcp$(EXEEXT) \ + unbound-dnstap-socket$(EXEEXT) \ testbound$(EXEEXT) unittest$(EXEEXT) tests: all $(TEST_BIN) @@ -315,7 +327,7 @@ longcheck: longtest test: unittest$(EXEEXT) testbound$(EXEEXT) ./unittest$(EXEEXT) ./testbound$(EXEEXT) -s - for x in $(srcdir)/testdata/*.rpl; do echo -n "$$x "; if ./testbound$(EXEEXT) -p $$x >/dev/null 2>&1; then echo OK; else echo failed; exit 1; fi done + for x in $(srcdir)/testdata/*.rpl; do printf "%s" "$$x "; if ./testbound$(EXEEXT) -p $$x >/dev/null 2>&1; then echo OK; else echo failed; exit 1; fi done @echo test OK longtest: tests @@ -328,13 +340,13 @@ libunbound.la: $(LIBUNBOUND_OBJ_LINK) $(LINK_LIB) $(UBSYMS) -o $@ $(LIBUNBOUND_OBJ_LINK) -rpath $(libdir) $(SSLLIB) $(LIBS) unbound$(EXEEXT): $(DAEMON_OBJ_LINK) libunbound.la - $(LINK) -o $@ $(DAEMON_OBJ_LINK) $(EXTRALINK) $(SSLLIB) $(LIBS) + $(LINK) -o $@ $(DAEMON_OBJ_LINK) $(EXTRALINK) $(SSLLIB) $(LIBS) $(DYNLIBMOD_EXTRALIBS) unbound-checkconf$(EXEEXT): $(CHECKCONF_OBJ_LINK) libunbound.la - $(LINK) -o $@ $(CHECKCONF_OBJ_LINK) $(EXTRALINK) $(SSLLIB) $(LIBS) + $(LINK) -o $@ $(CHECKCONF_OBJ_LINK) $(EXTRALINK) $(SSLLIB) $(LIBS) $(DYNLIBMOD_EXTRALIBS) unbound-control$(EXEEXT): $(CONTROL_OBJ_LINK) libunbound.la - $(LINK) -o $@ $(CONTROL_OBJ_LINK) $(EXTRALINK) $(SSLLIB) $(LIBS) + $(LINK) -o $@ $(CONTROL_OBJ_LINK) $(EXTRALINK) $(SSLLIB) $(LIBS) $(DYNLIBMOD_EXTRALIBS) unbound-host$(EXEEXT): $(HOST_OBJ_LINK) libunbound.la $(LINK) -o $@ $(HOST_OBJ_LINK) -L. -L.libs -lunbound $(SSLLIB) $(LIBS) @@ -352,34 +364,34 @@ anchor-update$(EXEEXT): $(ANCHORUPD_OBJ_LINK) libunbound.la $(LINK) -o $@ $(ANCHORUPD_OBJ_LINK) -L. -L.libs -lunbound $(LIBS) unittest$(EXEEXT): $(UNITTEST_OBJ_LINK) - $(LINK) -o $@ $(UNITTEST_OBJ_LINK) $(SSLLIB) $(LIBS) + $(LINK) -o $@ $(UNITTEST_OBJ_LINK) $(SSLLIB) $(LIBS) $(DYNLIBMOD_EXTRALIBS) testbound$(EXEEXT): $(TESTBOUND_OBJ_LINK) - $(LINK) -o $@ $(TESTBOUND_OBJ_LINK) $(SSLLIB) $(LIBS) + $(LINK) -o $@ $(TESTBOUND_OBJ_LINK) $(SSLLIB) $(LIBS) $(DYNLIBMOD_EXTRALIBS) lock-verify$(EXEEXT): $(LOCKVERIFY_OBJ_LINK) - $(LINK) -o $@ $(LOCKVERIFY_OBJ_LINK) $(SSLLIB) $(LIBS) + $(LINK) -o $@ $(LOCKVERIFY_OBJ_LINK) $(SSLLIB) $(LIBS) $(DYNLIBMOD_EXTRALIBS) petal$(EXEEXT): $(PETAL_OBJ_LINK) $(LINK) -o $@ $(PETAL_OBJ_LINK) $(SSLLIB) $(LIBS) pktview$(EXEEXT): $(PKTVIEW_OBJ_LINK) - $(LINK) -o $@ $(PKTVIEW_OBJ_LINK) $(SSLLIB) $(LIBS) + $(LINK) -o $@ $(PKTVIEW_OBJ_LINK) $(SSLLIB) $(LIBS) $(DYNLIBMOD_EXTRALIBS) memstats$(EXEEXT): $(MEMSTATS_OBJ_LINK) - $(LINK) -o $@ $(MEMSTATS_OBJ_LINK) $(SSLLIB) $(LIBS) + $(LINK) -o $@ $(MEMSTATS_OBJ_LINK) $(SSLLIB) $(LIBS) $(DYNLIBMOD_EXTRALIBS) asynclook$(EXEEXT): $(ASYNCLOOK_OBJ_LINK) libunbound.la $(LINK) -o $@ $(ASYNCLOOK_OBJ_LINK) -L. -L.libs -lunbound $(SSLLIB) $(LIBS) streamtcp$(EXEEXT): $(STREAMTCP_OBJ_LINK) - $(LINK) -o $@ $(STREAMTCP_OBJ_LINK) $(SSLLIB) $(LIBS) + $(LINK) -o $@ $(STREAMTCP_OBJ_LINK) $(SSLLIB) $(LIBS) $(DYNLIBMOD_EXTRALIBS) perf$(EXEEXT): $(PERF_OBJ_LINK) - $(LINK) -o $@ $(PERF_OBJ_LINK) $(SSLLIB) $(LIBS) + $(LINK) -o $@ $(PERF_OBJ_LINK) $(SSLLIB) $(LIBS) $(DYNLIBMOD_EXTRALIBS) delayer$(EXEEXT): $(DELAYER_OBJ_LINK) - $(LINK) -o $@ $(DELAYER_OBJ_LINK) $(SSLLIB) $(LIBS) + $(LINK) -o $@ $(DELAYER_OBJ_LINK) $(SSLLIB) $(LIBS) $(DYNLIBMOD_EXTRALIBS) signit$(EXEEXT): testcode/signit.c $(CC) $(CPPFLAGS) $(CFLAGS) @PTHREAD_CFLAGS_ONLY@ -o $@ testcode/signit.c $(LDFLAGS) -lldns $(SSLLIB) $(LIBS) @@ -401,7 +413,13 @@ dnstap/dnstap.pb-c.c dnstap/dnstap.pb-c.h: $(srcdir)/dnstap/dnstap.proto @-if test ! -d dnstap; then $(INSTALL) -d dnstap; fi $(PROTOC_C) --c_out=. --proto_path=$(srcdir) $(srcdir)/dnstap/dnstap.proto +unbound-dnstap-socket$(EXEEXT): $(DNSTAP_SOCKET_OBJ_LINK) + $(LINK) -o $@ $(DNSTAP_SOCKET_OBJ_LINK) $(SSLLIB) $(LIBS) $(DYNLIBMOD_EXTRALIBS) + dnstap.pb-c.lo dnstap.pb-c.o: dnstap/dnstap.pb-c.c dnstap/dnstap.pb-c.h +dtstream.lo dtstream.o: $(srcdir)/dnstap/dtstream.c config.h $(srcdir)/dnstap/dtstream.h +dnstap_fstrm.lo dnstap_fstrm.o: $(srcdir)/dnstap/dnstap_fstrm.c config.h $(srcdir)/dnstap/dnstap_fstrm.h +unbound-dnstap-socket.lo unbound-dnstap-socket.o: $(srcdir)/dnstap/unbound-dnstap-socket.c config.h $(srcdir)/dnstap/dtstream.h # dnscrypt dnscrypt.lo dnscrypt.o: $(srcdir)/dnscrypt/dnscrypt.c config.h \ @@ -455,6 +473,7 @@ clean: rm -f unbound$(EXEEXT) unbound-checkconf$(EXEEXT) unbound-host$(EXEEXT) unbound-control$(EXEEXT) unbound-anchor$(EXEEXT) unbound-control-setup libunbound.la unbound.h rm -f $(ALL_SRC:.c=.lint) rm -f _unbound.la libunbound/python/libunbound_wrap.c libunbound/python/unbound.py pythonmod/interface.h pythonmod/unboundmodule.py + rm -f libunbound.a rm -rf autom4te.cache .libs build doc/html doc/xml distclean: clean @@ -629,6 +648,7 @@ depend: -e 's?$$(srcdir)/pythonmod/pythonmod.h?$$(PYTHONMOD_HEADER)?g' \ -e 's?$$(srcdir)/edns-subnet/subnetmod.h $$(srcdir)/edns-subnet/subnet-whitelist.h $$(srcdir)/edns-subnet/edns-subnet.h $$(srcdir)/edns-subnet/addrtree.h?$$(SUBNET_HEADER)?g' \ -e 's?$$(srcdir)/ipsecmod/ipsecmod.h $$(srcdir)/ipsecmod/ipsecmod-whitelist.h?$$(IPSECMOD_HEADER)?g' \ + -e 's?$$(srcdir)/dynlibmod/dynlibmod.h?$$(DYNLIBMOD_HEADER)?g' \ -e 's!\(.*\)\.o[ :]*!\1.lo \1.o: !g' \ > $(DEPEND_TMP) cp $(DEPEND_TARGET) $(DEPEND_TMP2) @@ -796,12 +816,13 @@ modstack.lo modstack.o: $(srcdir)/services/modstack.c config.h $(srcdir)/service $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h \ - $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/tube.h \ - $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \ - $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h \ - $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \ - $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/dns64/dns64.h $(srcdir)/iterator/iterator.h \ - $(srcdir)/services/outbound_list.h $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h + $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/dnscrypt/cert.h \ + $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/dns64/dns64.h \ + $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/validator/validator.h \ + $(srcdir)/validator/val_utils.h $(srcdir)/respip/respip.h $(srcdir)/services/localzone.h \ + $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(PYTHONMOD_HEADER) $(srcdir)/ipsecmod/ipsecmod.h \ + $(srcdir)/util/storage/slabhash.h $(srcdir)/edns-subnet/addrtree.h $(srcdir)/edns-subnet/edns-subnet.h \ + $(srcdir)/ipset/ipset.h $(srcdir)/dynlibmod/dynlibmod.h view.lo view.o: $(srcdir)/services/view.c config.h $(srcdir)/services/view.h $(srcdir)/util/rbtree.h \ $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h \ $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/data/msgreply.h \ @@ -886,21 +907,23 @@ authzone.lo authzone.o: $(srcdir)/services/authzone.c config.h $(srcdir)/service $(srcdir)/validator/val_secalgo.h fptr_wlist.lo fptr_wlist.o: $(srcdir)/util/fptr_wlist.c config.h $(srcdir)/util/fptr_wlist.h \ $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/module.h \ - $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ - $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \ - $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \ - $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h \ - $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \ - $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h \ - $(srcdir)/services/outside_network.h $(srcdir)/services/cache/infra.h \ - $(srcdir)/util/rtt.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/dns64/dns64.h \ - $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/iterator/iter_fwd.h \ - $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h $(srcdir)/validator/val_anchor.h \ - $(srcdir)/validator/val_nsec3.h $(srcdir)/validator/val_sigcrypt.h $(srcdir)/validator/val_kentry.h \ - $(srcdir)/validator/val_neg.h $(srcdir)/validator/autotrust.h $(srcdir)/libunbound/libworker.h \ - $(srcdir)/libunbound/context.h $(srcdir)/util/alloc.h $(srcdir)/libunbound/unbound-event.h \ - $(srcdir)/libunbound/worker.h + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/storage/lruhash.h \ + $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ + $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \ + $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h $(srcdir)/util/mini_event.h \ + $(srcdir)/services/outside_network.h $(srcdir)/services/localzone.h \ + $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/services/authzone.h \ + $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/services/cache/rrset.h \ + $(srcdir)/util/storage/slabhash.h $(srcdir)/dns64/dns64.h $(srcdir)/iterator/iterator.h \ + $(srcdir)/services/outbound_list.h $(srcdir)/iterator/iter_fwd.h $(srcdir)/validator/validator.h \ + $(srcdir)/validator/val_utils.h $(srcdir)/validator/val_anchor.h $(srcdir)/validator/val_nsec3.h \ + $(srcdir)/validator/val_sigcrypt.h $(srcdir)/validator/val_kentry.h $(srcdir)/validator/val_neg.h \ + $(srcdir)/validator/autotrust.h $(srcdir)/libunbound/libworker.h $(srcdir)/libunbound/context.h \ + $(srcdir)/util/alloc.h $(srcdir)/libunbound/unbound.h $(srcdir)/libunbound/unbound-event.h \ + $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h $(srcdir)/respip/respip.h \ + $(PYTHONMOD_HEADER) $(srcdir)/ipsecmod/ipsecmod.h $(srcdir)/edns-subnet/subnetmod.h $(srcdir)/util/net_help.h \ + $(srcdir)/edns-subnet/addrtree.h $(srcdir)/edns-subnet/edns-subnet.h $(srcdir)/ipset/ipset.h \ + $(srcdir)/dynlibmod/dynlibmod.h locks.lo locks.o: $(srcdir)/util/locks.c config.h $(srcdir)/util/locks.h $(srcdir)/util/log.h log.lo log.o: $(srcdir)/util/log.c config.h $(srcdir)/util/log.h $(srcdir)/util/locks.h $(srcdir)/sldns/sbuffer.h mini_event.lo mini_event.o: $(srcdir)/util/mini_event.c config.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h \ @@ -1108,7 +1131,32 @@ respip.lo respip.o: $(srcdir)/respip/respip.c config.h $(srcdir)/services/localz $(srcdir)/util/regional.h checklocks.lo checklocks.o: $(srcdir)/testcode/checklocks.c config.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ $(srcdir)/testcode/checklocks.h +dnstap.lo dnstap.o: $(srcdir)/dnstap/dnstap.c config.h $(srcdir)/sldns/sbuffer.h \ + $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h $(srcdir)/util/netevent.h \ + $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/dnscrypt/cert.h \ + $(srcdir)/util/locks.h $(srcdir)/dnstap/dnstap.h \ + dnstap/dnstap.pb-c.h +dnstap.pb-c.lo dnstap.pb-c.o: dnstap/dnstap.pb-c.c dnstap/dnstap.pb-c.h \ + +dynlibmod.lo dynlibmod.o: $(srcdir)/dynlibmod/dynlibmod.c config.h $(srcdir)/dynlibmod/dynlibmod.h \ + $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ + $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ + $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/rbtree.h\ + $(srcdir)/util/storage/dnstree.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h \ + $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/tube.h \ + $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h \ + $(srcdir)/util/config_file.h $(srcdir)/services/cache/dns.h $(srcdir)/sldns/wire2str.h +dnscrypt.lo dnscrypt.o: $(srcdir)/dnscrypt/dnscrypt.c config.h $(srcdir)/sldns/sbuffer.h \ + $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h $(srcdir)/util/netevent.h \ + $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/dnscrypt/cert.h \ + $(srcdir)/util/locks.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/storage/lruhash.h \ + $(srcdir)/util/storage/lookup3.h ipsecmod.lo ipsecmod.o: $(srcdir)/ipsecmod/ipsecmod.c config.h +ipset.lo ipset.o: $(srcdir)/ipset/ipset.c config.h $(srcdir)/ipset/ipset.h $(srcdir)/util/module.h \ + $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h \ + $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ + $(srcdir)/sldns/rrdef.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/services/cache/dns.h \ + $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/parseutil.h ipsecmod-whitelist.lo ipsecmod-whitelist.o: $(srcdir)/ipsecmod/ipsecmod-whitelist.c config.h unitanchor.lo unitanchor.o: $(srcdir)/testcode/unitanchor.c config.h $(srcdir)/util/log.h $(srcdir)/util/data/dname.h \ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/testcode/unitmain.h \ diff --git a/README-Travis.md b/README-Travis.md new file mode 100644 index 000000000000..3ce22cc20f59 --- /dev/null +++ b/README-Travis.md @@ -0,0 +1,278 @@ +# Travis Testing + +Unbound 1.10 and above leverage Travis CI to increase coverage of compilers and platforms. Compilers include Clang and GCC; while platforms include Android, iOS, Linux, and OS X on AMD64, Aarch64, PowerPC and s390x hardware. + +Android is tested on armv7a, aarch64, x86 and x86_64. The Android recipes build and install OpenSSL and Expat, and then builds Unbound. The testing is tailored for Android NDK-r19 and above, and includes NDK-r20 and NDK-r21. Mips and Mips64 are not tested because they are no longer supported under current NDKs. + +iOS is tested for iPhoneOS, WatchOS, AppleTVOS, iPhoneSimulator, AppleTVSimulator and WatchSimulator. The testing uses Xcode 10 on OS X 10.13. + +The Unbound Travis configuration file `.travis.yml` does not use top-level keys like `os:` and `compiler:` so there is no matrix expansion. Instead Unbound specifies the exact job to run under the `jobs:` and `include:` keys. + +## Typical recipe + +A typical recipe tests Clang and GCC on various hardware. The hardware includes AMD64, Aarch64, PowerPC and s390x. PowerPC is a little-endian platform, and s390x is a big-endian platform. There are pairs of recipes that are similar to the following. + +``` +- os: linux + name: GCC on Linux, Aarch64 + compiler: gcc + arch: arm64 + dist: bionic +- os: linux + name: Clang on Linux, Aarch64 + compiler: clang + arch: arm64 + dist: bionic +``` + +OS X provides a single recipe to test Clang. GCC is not tested because GCC is an alias for Clang. + +## Sanitizer builds + +Two sanitizer builds are tested using Clang and GCC, for a total of four builds. The first sanitizer is Undefined Behavior sanitizer (UBsan), and the second is Address sanitizer (Asan). The sanitizers are only run on AMD64 hardware. Note the environment includes `TEST_UBSAN=yes` or `TEST_ASAN=yes` for the sanitizer builds. + +The recipes are similar to the following. + +``` +- os: linux + name: UBsan, GCC on Linux, Amd64 + compiler: gcc + arch: amd64 + dist: bionic + env: TEST_UBSAN=yes +- os: linux + name: UBsan, Clang on Linux, Amd64 + compiler: clang + arch: amd64 + dist: bionic + env: TEST_UBSAN=yes +``` + +When the Travis script encounters a sanitizer it uses different `CFLAGS` and configuration string. + +``` +if [ "$TEST_UBSAN" = "yes" ]; then + export CFLAGS="-DNDEBUG -g2 -O3 -fsanitize=undefined -fno-sanitize-recover" + ./configure + make -j 2 + make test +elif [ "$TEST_ASAN" = "yes" ]; then + export CFLAGS="-DNDEBUG -g2 -O3 -fsanitize=address" + ./configure + make -j 2 + make test +... +``` + +## Android builds + +Travis tests Android builds for the armv7a, aarch64, x86 and x86_64 architectures. The builds are trickier than other builds for several reasons. The testing requires installation of the Android NDK and SDK, it requires a cross-compile, and requires OpenSSL and Expat prerequisites. The Android cross-compiles also require care to set the Autotools triplet, the OpenSSL triplet, the toolchain path, the tool variables, and the sysroot. The discussion below detail the steps of the Android recipes. + +### Android job + +The first step sets environmental variables for the cross-compile using the Travis job. A typical job with variables is shown below. + +``` +- os: linux + name: Android armv7a, Linux, Amd64 + compiler: clang + arch: amd64 + dist: bionic + env: + - TEST_ANDROID=yes + - AUTOTOOLS_HOST=armv7a-linux-androideabi + - OPENSSL_HOST=android-arm + - ANDROID_CPU=armv7a + - ANDROID_API=23 + - ANDROID_PREFIX="$HOME/android$ANDROID_API-$ANDROID_CPU" + - ANDROID_SDK_ROOT="$HOME/android-sdk" + - ANDROID_NDK_ROOT="$HOME/android-ndk" +``` + +### ANDROID_NDK_ROOT + +The second step for Android is to set the environmental variables `ANDROID_NDK_ROOT` and `ANDROID_SDK_ROOT`. This is an important step because the NDK and SDK use the variables internally to locate their own tools. Also see [Recommended NDK Directory?](https://groups.google.com/forum/#!topic/android-ndk/qZjhOaynHXc) on the android-ndk mailing list. (Many folks miss this step, or use incorrect variables like `ANDROID_NDK_HOME` or `ANDROID_SDK_HOME`). + +If you are working from a developer machine you probably already have the necessary tools installed. You should ensure `ANDROID_NDK_ROOT` and `ANDROID_SDK_ROOT` are set properly. + +### Tool installation + +The second step installs tools needed for OpenSSL, Expat and Unbound. This step is handled in by the script `contrib/android/install_tools.sh`. The tools include curl, tar, zip, unzip and java. + +``` +before_script: + - | + if [ "$TEST_ANDROID" = "yes" ]; then + ./contrib/android/install_tools.sh + elif [ "$TEST_IOS" = "yes" ]; then + ./contrib/ios/install_tools.sh + fi +``` + +### NDK installation + +The third step installs the NDK and SDK. This step is handled in by the script `contrib/android/install_ndk.sh`. The script uses `ANDROID_NDK_ROOT` and `ANDROID_SDK_ROOT` to place the NDK and SDK in the `$HOME` directory. + +If you are working from a developer machine you probably already have a NDK and SDK installed. + +### Android environment + +The fourth step sets the Android cross-compile environment using the script `contrib/android/setenv_android.sh`. The script is `sourced` so the variables in the script are available to the calling shell. The script sets variables like `CC`, `CXX`, `AS` and `AR`; sets `CFLAGS` and `CXXFLAGS`; sets a `sysroot` so Android headers and libraries are found; and adds the path to the toolchain to `PATH`. + +`contrib/android/setenv_android.sh` knows which toolchain and architecture to select by inspecting environmental variables set by Travis for the job. In particular, the variables `ANDROID_CPU` and `ANDROID_API` tell `contrib/android/setenv_android.sh` which tools and libraries to select. + +The `contrib/android/setenv_android.sh` script specifies the tools in a `case` statement like the following. There is a case for each of the architectures armv7a, aarch64, x86 and x86_64. + +``` +armv8a|aarch64|arm64|arm64-v8a) + CC="aarch64-linux-android$ANDROID_API-clang" + CXX="aarch64-linux-android$ANDROID_API-clang++" + LD="aarch64-linux-android-ld" + AS="aarch64-linux-android-as" + AR="aarch64-linux-android-ar" + RANLIB="aarch64-linux-android-ranlib" + STRIP="aarch64-linux-android-strip" + + CFLAGS="-funwind-tables -fexceptions" + CXXFLAGS="-funwind-tables -fexceptions -frtti" +``` + +### OpenSSL and Expat + +The fifth step builds OpenSSL and Expat. OpenSSL and Expat are built for Android using the scripts `contrib/android/install_openssl.sh` and `contrib/android/install_expat.sh`. The scripts download, configure and install the latest release version of the libraries. The libraries are configured with `--prefix="$ANDROID_PREFIX"` so the headers are placed in `$ANDROID_PREFIX/include` directory, and the libraries are placed in the `$ANDROID_PREFIX/lib` directory. + +`ANDROID_PREFIX` is the value `$HOME/android$ANDROID_API-$ANDROID_CPU`. The libraries will be installed in `$HOME/android23-armv7a`, `$HOME/android23-aarch64`, etc. For Autotools projects, the appropriate `PKG_CONFIG_PATH` is exported. `PKG_CONFIG_PATH` is the userland equivalent to sysroot, and allows Autotools to find non-system headers and libraries for an architecture. Typical `PKG_CONFIG_PATH` are `$HOME/android23-armv7a/lib/pkgconfig` and `$HOME/android23-aarch64/lib/pkgconfig`. + +OpenSSL also uses a custom configuration file called `15-android.conf`. It is a copy of the OpenSSL's project file and located at `contrib/android/15-android.conf`. The Unbound version is copied to the OpenSSL source files after unpacking the OpenSSL distribution. The Unbound version has legacy NDK support removed and some other fixes, like `ANDROID_NDK_ROOT` awareness. The changes mean Unbound's `15-android.conf` will only work with Unbound, with NDK-r19 and above, and a properly set environment. + +OpenSSL is configured with `no-engine`. If you want to include OpenSSL engines then edit `contrib/android/install_openssl.sh` and remove the config option. + +### Android build + +Finally, once OpenSSL and Expat are built, then the Travis script configures and builds Unbound. The recipe looks as follows. + +``` +elif [ "$TEST_ANDROID" = "yes" ]; then + export AUTOTOOLS_BUILD="$(./config.guess)" + export PKG_CONFIG_PATH="$ANDROID_PREFIX/lib/pkgconfig" + ./contrib/android/install_ndk.sh + source ./contrib/android/setenv_android.sh + ./contrib/android/install_openssl.sh + ./contrib/android/install_expat.sh + ./configure \ + --build="$AUTOTOOLS_BUILD" \ + --host="$AUTOTOOLS_HOST" \ + --prefix="$ANDROID_PREFIX" \ + --with-ssl="$ANDROID_PREFIX" \ + --with-libexpat="$ANDROID_PREFIX" \ + --disable-gost; + make -j 2 + make install +``` + +Travis only smoke tests an Android build using a compile, link and install. The self tests are not run. TODO: figure out how to fire up an emulator, push the tests to the device and run them. + +### Android flags + +`contrib/android/setenv_android.sh` uses specific flags for `CFLAGS` and `CXXFLAGS`. They are taken from `ndk-build`, so we consider them the official flag set. It is important to use the same flags across projects to avoid subtle problems due to mixing and matching different flags. + +`CXXFLAGS` includes `-fexceptions` and `-frtti` because exceptions and runtime type info are disabled by default. `CFLAGS` include `-funwind-tables` and `-fexceptions` to ensure C++ exceptions pass through C code, if needed. Also see `docs/CPLUSPLUS-SUPPORT.html` in the NDK docs. + +To inspect the flags used by `ndk-build` for a platform clone ASOP's [ndk-samples](https://github.com/android/ndk-samples/tree/master/hello-jni) and build the `hello-jni` project. Use the `V=1` flag to see the full compiler output from `ndk-build`. + +## iOS builds + +Travis tests iOS builds for the armv7a, armv7s and aarch64 architectures for iPhoneOS, AppleTVOS and WatchOS. iPhoneOS is tested using both 32-bit builds (iPhones) and 64-bit builds (iPads). Travis also tests compiles against the simulators. The builds are trickier than other builds for several reasons. The testing requires a cross-compile, and requires OpenSSL and Expat prerequisites. The iOS cross-compiles also require care to set the Autotools triplet, the OpenSSL triplet, the toolchain path, the tool variables, and the sysroot. The discussion below detail the steps of the iOS recipes. + +### iOS job + +The first step sets environmental variables for the cross-compile using the Travis job. A typical job with variables is shown below. + +``` +- os: osx + osx_image: xcode10 + name: Apple iPhone on iOS, armv7 + compiler: clang + env: + - TEST_IOS=yes + - AUTOTOOLS_HOST=armv7-apple-ios + - OPENSSL_HOST=ios-cross + - IOS_SDK=iPhoneOS + - IOS_CPU=armv7s + - IOS_PREFIX="$HOME/$IOS_SDK-$IOS_CPU" +``` + +### Tool installation + +The second step installs tools needed for OpenSSL, Expat and Unbound. This step is handled in by the script `contrib/ios/install_tools.sh`. The tools include autotools, curl and perl. The installation happens at the `before_script:` stage of Travis. + +``` +before_script: + - | + if [ "$TEST_ANDROID" = "yes" ]; then + ./contrib/android/install_tools.sh + elif [ "$TEST_IOS" = "yes" ]; then + ./contrib/ios/install_tools.sh + fi +``` + +### iOS environment + +The third step sets the iOS cross-compile environment using the script `contrib/ios/setenv_ios.sh`. The script is `sourced` so the variables in the script are available to the calling shell. The script sets variables like `CC`, `CXX`, `AS` and `AR`; sets `CFLAGS` and `CXXFLAGS`; sets a `sysroot` so iOS headers and libraries are found; and adds the path to the toolchain to `PATH`. + +`contrib/ios/setenv_ios.sh` knows which toolchain and architecture to select by inspecting environmental variables set by Travis for the job. In particular, the variables `IOS_SDK` and `IOS_CPU` tell `contrib/ios/setenv_ios.sh` which tools and libraries to select. + +The `contrib/ios/setenv_ios.sh` script specifies the tools to use during the cross-compile. For Apple SDKs, the tool names are the same as a desktop. There are no special prefixes for the mobile tools. + +``` +CPP=cpp +CC=clang +CXX=clang++ +LD=ld +AS=as +AR=ar +RANLIB=ranlib +STRIP=strip +``` + +If you are working from a developer machine you probably already have the necessary tools installed. + +### OpenSSL and Expat + +The fourth step builds OpenSSL and Expat. OpenSSL and Expat are built for iOS using the scripts `contrib/ios/install_openssl.sh` and `contrib/ios/install_expat.sh`. The scripts download, configure and install the latest release version of the libraries. The libraries are configured with `--prefix="$IOS_PREFIX"` so the headers are placed in `$IOS_PREFIX/include` directory, and the libraries are placed in the `$IOS_PREFIX/lib` directory. + +`IOS_PREFIX` is the value `$HOME/$IOS_SDK-$IOS_CPU`. The scheme handles both iOS SDKs and cpu architectures so the pair recieves a unique installation directory. The libraries will be installed in `$HOME/iPhoneOS-armv7s`, `$HOME/iPhoneOS-arm64`, `$HOME/iPhoneSimulator-i386`, etc. For Autotools projects, the appropriate `PKG_CONFIG_PATH` is exported. + +`PKG_CONFIG_PATH` is an important variable. It is the userland equivalent to sysroot, and allows Autotools to find non-system headers and libraries for an architecture. Typical `PKG_CONFIG_PATH` are `$HOME/iPhoneOS-armv7s/lib/pkgconfig` and `$HOME/iPhoneOS-arm64/lib/pkgconfig`. + +OpenSSL also uses a custom configuration file called `15-ios.conf`. It is a copy of the OpenSSL's project file and located at `contrib/ios/15-ios.conf`. The Unbound version is copied to the OpenSSL source files after unpacking the OpenSSL distribution. The changes mean Unbound's `15-ios.conf` will only work with Unbound and a properly set environment. + +OpenSSL is configured with `no-engine`. Engines require dynamic loading so engines are disabled permanently in `15-ios.conf`. + +### iOS build + +Finally, once OpenSSL and Expat are built, then the Travis script configures and builds Unbound. The full recipe looks as follows. + +``` +elif [ "$TEST_IOS" = "yes" ]; then + export AUTOTOOLS_BUILD="$(./config.guess)" + export PKG_CONFIG_PATH="$IOS_PREFIX/lib/pkgconfig" + source ./contrib/ios/setenv_ios.sh + ./contrib/ios/install_openssl.sh + ./contrib/ios/install_expat.sh + ./configure \ + --build="$AUTOTOOLS_BUILD" \ + --host="$AUTOTOOLS_HOST" \ + --prefix="$IOS_PREFIX" \ + --with-ssl="$IOS_PREFIX" \ + --with-libexpat="$IOS_PREFIX" \ + --disable-gost; + make -j 2 + make install +``` + +Travis only smoke tests an iOS build using a compile, link and install. The self tests are not run. TODO: figure out how to fire up an simulator, push the tests to the device and run them. + +### iOS flags + +`contrib/ios/setenv_ios.sh` uses specific flags for `CFLAGS` and `CXXFLAGS`. They are taken from Xcode, so we consider them the official flag set. It is important to use the same flags across projects to avoid subtle problems due to mixing and matching different flags. diff --git a/acx_python.m4 b/acx_python.m4 index 2940971f1a4e..a84daa035884 100644 --- a/acx_python.m4 +++ b/acx_python.m4 @@ -58,6 +58,11 @@ $ac_distutils_result]) AC_MSG_RESULT([$PYTHON_LDFLAGS]) AC_SUBST([PYTHON_LDFLAGS]) + if test -z "$PYTHON_LIBDIR"; then + PYTHON_LIBDIR=`$PYTHON -c "from distutils.sysconfig import *; \ + print(get_config_var('LIBDIR'));"` + fi + # # Check for site packages # diff --git a/cachedb/cachedb.c b/cachedb/cachedb.c index c5be516225f9..eed4d5fd9bed 100644 --- a/cachedb/cachedb.c +++ b/cachedb/cachedb.c @@ -160,7 +160,7 @@ testframe_lookup(struct module_env* env, struct cachedb_env* cachedb_env, static void testframe_store(struct module_env* env, struct cachedb_env* cachedb_env, - char* key, uint8_t* data, size_t data_len) + char* key, uint8_t* data, size_t data_len, time_t ATTR_UNUSED(ttl)) { struct testframe_moddata* d = (struct testframe_moddata*) cachedb_env->backend_data; @@ -606,7 +606,8 @@ cachedb_extcache_store(struct module_qstate* qstate, struct cachedb_env* ie) /* call backend */ (*ie->backend->store)(qstate->env, ie, key, sldns_buffer_begin(qstate->env->scratch_buffer), - sldns_buffer_limit(qstate->env->scratch_buffer)); + sldns_buffer_limit(qstate->env->scratch_buffer), + qstate->return_msg->rep->ttl); } /** diff --git a/cachedb/cachedb.h b/cachedb/cachedb.h index 27187dc56dc6..05c4368e60b4 100644 --- a/cachedb/cachedb.h +++ b/cachedb/cachedb.h @@ -84,7 +84,7 @@ struct cachedb_backend { /** Store (env, cachedb_env, key, data, data_len) */ void (*store)(struct module_env*, struct cachedb_env*, char*, - uint8_t*, size_t); + uint8_t*, size_t, time_t); }; #define CACHEDB_HASHSIZE 256 /* bit hash */ diff --git a/cachedb/redis.c b/cachedb/redis.c index 3dfbf8f7a25c..16c3741f786b 100644 --- a/cachedb/redis.c +++ b/cachedb/redis.c @@ -59,6 +59,9 @@ struct redis_moddata { struct timeval timeout; /* timeout for connection setup and commands */ }; +static redisReply* redis_command(struct module_env*, struct cachedb_env*, + const char*, const uint8_t*, size_t); + static redisContext* redis_connect(const struct redis_moddata* moddata) { @@ -114,6 +117,33 @@ redis_init(struct module_env* env, struct cachedb_env* cachedb_env) for(i = 0; i < moddata->numctxs; i++) moddata->ctxs[i] = redis_connect(moddata); cachedb_env->backend_data = moddata; + if(env->cfg->redis_expire_records) { + redisReply* rep = NULL; + int redis_reply_type = 0; + /** check if setex command is supported */ + rep = redis_command(env, cachedb_env, + "SETEX __UNBOUND_REDIS_CHECK__ 1 none", NULL, 0); + if(!rep) { + /** init failed, no response from redis server*/ + log_err("redis_init: failed to init redis, the " + "redis-expire-records option requires the SETEX command " + "(redis >= 2.0.0)"); + return 0; + } + redis_reply_type = rep->type; + freeReplyObject(rep); + switch(redis_reply_type) { + case REDIS_REPLY_STATUS: + break; + default: + /** init failed, setex command not supported */ + log_err("redis_init: failed to init redis, the " + "redis-expire-records option requires the SETEX command " + "(redis >= 2.0.0)"); + return 0; + } + } + return 1; } @@ -219,7 +249,7 @@ redis_lookup(struct module_env* env, struct cachedb_env* cachedb_env, rep = redis_command(env, cachedb_env, cmdbuf, NULL, 0); if(!rep) return 0; - switch (rep->type) { + switch(rep->type) { case REDIS_REPLY_NIL: verbose(VERB_ALGO, "redis_lookup: no data cached"); break; @@ -249,16 +279,33 @@ redis_lookup(struct module_env* env, struct cachedb_env* cachedb_env, static void redis_store(struct module_env* env, struct cachedb_env* cachedb_env, - char* key, uint8_t* data, size_t data_len) + char* key, uint8_t* data, size_t data_len, time_t ttl) { redisReply* rep; - char cmdbuf[4+(CACHEDB_HASHSIZE/8)*2+3+1]; /* "SET " + key + " %b" */ int n; + int set_ttl = (env->cfg->redis_expire_records && + (!env->cfg->serve_expired || env->cfg->serve_expired_ttl > 0)); + /* Supported commands: + * - "SET " + key + " %b" + * - "SETEX " + key + " " + ttl + " %b" + */ + char cmdbuf[6+(CACHEDB_HASHSIZE/8)*2+11+3+1]; + + if (!set_ttl) { + verbose(VERB_ALGO, "redis_store %s (%d bytes)", key, (int)data_len); + /* build command to set to a binary safe string */ + n = snprintf(cmdbuf, sizeof(cmdbuf), "SET %s %%b", key); + } else { + /* add expired ttl time to redis ttl to avoid premature eviction of key */ + ttl += env->cfg->serve_expired_ttl; + verbose(VERB_ALGO, "redis_store %s (%d bytes) with ttl %u", + key, (int)data_len, (uint32_t)ttl); + /* build command to set to a binary safe string */ + n = snprintf(cmdbuf, sizeof(cmdbuf), "SETEX %s %u %%b", key, + (uint32_t)ttl); + } - verbose(VERB_ALGO, "redis_store %s (%d bytes)", key, (int)data_len); - /* build command to set to a binary safe string */ - n = snprintf(cmdbuf, sizeof(cmdbuf), "SET %s %%b", key); if(n < 0 || n >= (int)sizeof(cmdbuf)) { log_err("redis_store: unexpected failure to build command"); return; diff --git a/config.guess b/config.guess index 7ea49fadcd8b..e94095c5fbe8 100755 --- a/config.guess +++ b/config.guess @@ -1,8 +1,8 @@ -#!/usr/bin/sh +#! /bin/sh # Attempt to guess a canonical system name. -# Copyright 1992-2016 Free Software Foundation, Inc. +# Copyright 1992-2020 Free Software Foundation, Inc. -timestamp='2016-10-02' +timestamp='2020-07-12' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by @@ -15,7 +15,7 @@ timestamp='2016-10-02' # General Public License for more details. # # You should have received a copy of the GNU General Public License -# along with this program; if not, see <http://www.gnu.org/licenses/>. +# along with this program; if not, see <https://www.gnu.org/licenses/>. # # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a @@ -27,7 +27,7 @@ timestamp='2016-10-02' # Originally written by Per Bothner; maintained since 2000 by Ben Elliston. # # You can get the latest version of this script from: -# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess +# https://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess # # Please send patches to <config-patches@gnu.org>. @@ -39,7 +39,7 @@ Usage: $0 [OPTION] Output the configuration name of the system \`$me' is run on. -Operation modes: +Options: -h, --help print this help, then exit -t, --time-stamp print date of last modification, then exit -v, --version print version number, then exit @@ -50,7 +50,7 @@ version="\ GNU config.guess ($timestamp) Originally written by Per Bothner. -Copyright 1992-2016 Free Software Foundation, Inc. +Copyright 1992-2020 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." @@ -84,8 +84,6 @@ if test $# != 0; then exit 1 fi -trap 'exit 1' 1 2 15 - # CC_FOR_BUILD -- compiler used by this script. Note that the use of a # compiler to aid in system detection is discouraged as it requires # temporary files to be created and, as you can see below, it is a @@ -96,34 +94,40 @@ trap 'exit 1' 1 2 15 # Portable tmp directory creation inspired by the Autoconf team. -set_cc_for_build=' -trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ; -trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ; -: ${TMPDIR=/tmp} ; - { tmp=`(umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } || - { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } || - { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir $tmp) && echo "Warning: creating insecure temp directory" >&2 ; } || - { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } ; -dummy=$tmp/dummy ; -tmpfiles="$dummy.c $dummy.o $dummy.rel $dummy" ; -case $CC_FOR_BUILD,$HOST_CC,$CC in - ,,) echo "int x;" > $dummy.c ; - for c in cc gcc c89 c99 ; do - if ($c -c -o $dummy.o $dummy.c) >/dev/null 2>&1 ; then - CC_FOR_BUILD="$c"; break ; - fi ; - done ; - if test x"$CC_FOR_BUILD" = x ; then - CC_FOR_BUILD=no_compiler_found ; - fi - ;; - ,,*) CC_FOR_BUILD=$CC ;; - ,*,*) CC_FOR_BUILD=$HOST_CC ;; -esac ; set_cc_for_build= ;' +tmp= +# shellcheck disable=SC2172 +trap 'test -z "$tmp" || rm -fr "$tmp"' 0 1 2 13 15 + +set_cc_for_build() { + # prevent multiple calls if $tmp is already set + test "$tmp" && return 0 + : "${TMPDIR=/tmp}" + # shellcheck disable=SC2039 + { tmp=`(umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } || + { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir "$tmp" 2>/dev/null) ; } || + { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir "$tmp" 2>/dev/null) && echo "Warning: creating insecure temp directory" >&2 ; } || + { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } + dummy=$tmp/dummy + case ${CC_FOR_BUILD-},${HOST_CC-},${CC-} in + ,,) echo "int x;" > "$dummy.c" + for driver in cc gcc c89 c99 ; do + if ($driver -c -o "$dummy.o" "$dummy.c") >/dev/null 2>&1 ; then + CC_FOR_BUILD="$driver" + break + fi + done + if test x"$CC_FOR_BUILD" = x ; then + CC_FOR_BUILD=no_compiler_found + fi + ;; + ,,*) CC_FOR_BUILD=$CC ;; + ,*,*) CC_FOR_BUILD=$HOST_CC ;; + esac +} # This is needed to find uname on a Pyramid OSx when run in the BSD universe. # (ghazi@noc.rutgers.edu 1994-08-24) -if (test -f /.attbin/uname) >/dev/null 2>&1 ; then +if test -f /.attbin/uname ; then PATH=$PATH:/.attbin ; export PATH fi @@ -132,14 +136,14 @@ UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown -case "${UNAME_SYSTEM}" in +case "$UNAME_SYSTEM" in Linux|GNU|GNU/*) # If the system lacks a compiler, then just pick glibc. # We could probably try harder. LIBC=gnu - eval $set_cc_for_build - cat <<-EOF > $dummy.c + set_cc_for_build + cat <<-EOF > "$dummy.c" #include <features.h> #if defined(__UCLIBC__) LIBC=uclibc @@ -149,13 +153,20 @@ Linux|GNU|GNU/*) LIBC=gnu #endif EOF - eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^LIBC' | sed 's, ,,g'` + eval "`$CC_FOR_BUILD -E "$dummy.c" 2>/dev/null | grep '^LIBC' | sed 's, ,,g'`" + + # If ldd exists, use it to detect musl libc. + if command -v ldd >/dev/null && \ + ldd --version 2>&1 | grep -q ^musl + then + LIBC=musl + fi ;; esac # Note: order is significant - the case branches are not exclusive. -case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in +case "$UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION" in *:NetBSD:*:*) # NetBSD (nbsd) targets should (where applicable) match one or # more of the tuples: *-*-netbsdelf*, *-*-netbsdaout*, @@ -169,30 +180,30 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in # portion of the name. We always set it to "unknown". sysctl="sysctl -n hw.machine_arch" UNAME_MACHINE_ARCH=`(uname -p 2>/dev/null || \ - /sbin/$sysctl 2>/dev/null || \ - /usr/sbin/$sysctl 2>/dev/null || \ + "/sbin/$sysctl" 2>/dev/null || \ + "/usr/sbin/$sysctl" 2>/dev/null || \ echo unknown)` - case "${UNAME_MACHINE_ARCH}" in + case "$UNAME_MACHINE_ARCH" in armeb) machine=armeb-unknown ;; arm*) machine=arm-unknown ;; sh3el) machine=shl-unknown ;; sh3eb) machine=sh-unknown ;; sh5el) machine=sh5le-unknown ;; earmv*) - arch=`echo ${UNAME_MACHINE_ARCH} | sed -e 's,^e\(armv[0-9]\).*$,\1,'` - endian=`echo ${UNAME_MACHINE_ARCH} | sed -ne 's,^.*\(eb\)$,\1,p'` - machine=${arch}${endian}-unknown + arch=`echo "$UNAME_MACHINE_ARCH" | sed -e 's,^e\(armv[0-9]\).*$,\1,'` + endian=`echo "$UNAME_MACHINE_ARCH" | sed -ne 's,^.*\(eb\)$,\1,p'` + machine="${arch}${endian}"-unknown ;; - *) machine=${UNAME_MACHINE_ARCH}-unknown ;; + *) machine="$UNAME_MACHINE_ARCH"-unknown ;; esac # The Operating System including object format, if it has switched # to ELF recently (or will in the future) and ABI. - case "${UNAME_MACHINE_ARCH}" in + case "$UNAME_MACHINE_ARCH" in earm*) os=netbsdelf ;; arm*|i386|m68k|ns32k|sh3*|sparc|vax) - eval $set_cc_for_build + set_cc_for_build if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \ | grep -q __ELF__ then @@ -208,10 +219,10 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in ;; esac # Determine ABI tags. - case "${UNAME_MACHINE_ARCH}" in + case "$UNAME_MACHINE_ARCH" in earm*) expr='s/^earmv[0-9]/-eabi/;s/eb$//' - abi=`echo ${UNAME_MACHINE_ARCH} | sed -e "$expr"` + abi=`echo "$UNAME_MACHINE_ARCH" | sed -e "$expr"` ;; esac # The OS release @@ -219,45 +230,60 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in # thus, need a distinct triplet. However, they do not need # kernel version information, so it can be replaced with a # suitable tag, in the style of linux-gnu. - case "${UNAME_VERSION}" in + case "$UNAME_VERSION" in Debian*) release='-gnu' ;; *) - release=`echo ${UNAME_RELEASE} | sed -e 's/[-_].*//' | cut -d. -f1,2` + release=`echo "$UNAME_RELEASE" | sed -e 's/[-_].*//' | cut -d. -f1,2` ;; esac # Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM: # contains redundant information, the shorter form: # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used. - echo "${machine}-${os}${release}${abi}" + echo "$machine-${os}${release}${abi-}" exit ;; *:Bitrig:*:*) UNAME_MACHINE_ARCH=`arch | sed 's/Bitrig.//'` - echo ${UNAME_MACHINE_ARCH}-unknown-bitrig${UNAME_RELEASE} + echo "$UNAME_MACHINE_ARCH"-unknown-bitrig"$UNAME_RELEASE" exit ;; *:OpenBSD:*:*) UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'` - echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE} + echo "$UNAME_MACHINE_ARCH"-unknown-openbsd"$UNAME_RELEASE" exit ;; *:LibertyBSD:*:*) UNAME_MACHINE_ARCH=`arch | sed 's/^.*BSD\.//'` - echo ${UNAME_MACHINE_ARCH}-unknown-libertybsd${UNAME_RELEASE} + echo "$UNAME_MACHINE_ARCH"-unknown-libertybsd"$UNAME_RELEASE" + exit ;; + *:MidnightBSD:*:*) + echo "$UNAME_MACHINE"-unknown-midnightbsd"$UNAME_RELEASE" exit ;; *:ekkoBSD:*:*) - echo ${UNAME_MACHINE}-unknown-ekkobsd${UNAME_RELEASE} + echo "$UNAME_MACHINE"-unknown-ekkobsd"$UNAME_RELEASE" exit ;; *:SolidBSD:*:*) - echo ${UNAME_MACHINE}-unknown-solidbsd${UNAME_RELEASE} + echo "$UNAME_MACHINE"-unknown-solidbsd"$UNAME_RELEASE" + exit ;; + *:OS108:*:*) + echo "$UNAME_MACHINE"-unknown-os108_"$UNAME_RELEASE" exit ;; macppc:MirBSD:*:*) - echo powerpc-unknown-mirbsd${UNAME_RELEASE} + echo powerpc-unknown-mirbsd"$UNAME_RELEASE" exit ;; *:MirBSD:*:*) - echo ${UNAME_MACHINE}-unknown-mirbsd${UNAME_RELEASE} + echo "$UNAME_MACHINE"-unknown-mirbsd"$UNAME_RELEASE" exit ;; *:Sortix:*:*) - echo ${UNAME_MACHINE}-unknown-sortix + echo "$UNAME_MACHINE"-unknown-sortix + exit ;; + *:Twizzler:*:*) + echo "$UNAME_MACHINE"-unknown-twizzler + exit ;; + *:Redox:*:*) + echo "$UNAME_MACHINE"-unknown-redox + exit ;; + mips:OSF1:*.*) + echo mips-dec-osf1 exit ;; alpha:OSF1:*:*) case $UNAME_RELEASE in @@ -310,28 +336,19 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in # A Tn.n version is a released field test version. # A Xn.n version is an unreleased experimental baselevel. # 1.2 uses "1.2" for uname -r. - echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz` + echo "$UNAME_MACHINE"-dec-osf"`echo "$UNAME_RELEASE" | sed -e 's/^[PVTX]//' | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz`" # Reset EXIT trap before exiting to avoid spurious non-zero exit code. exitcode=$? trap '' 0 exit $exitcode ;; - Alpha\ *:Windows_NT*:*) - # How do we know it's Interix rather than the generic POSIX subsystem? - # Should we change UNAME_MACHINE based on the output of uname instead - # of the specific Alpha model? - echo alpha-pc-interix - exit ;; - 21064:Windows_NT:50:3) - echo alpha-dec-winnt3.5 - exit ;; Amiga*:UNIX_System_V:4.0:*) echo m68k-unknown-sysv4 exit ;; *:[Aa]miga[Oo][Ss]:*:*) - echo ${UNAME_MACHINE}-unknown-amigaos + echo "$UNAME_MACHINE"-unknown-amigaos exit ;; *:[Mm]orph[Oo][Ss]:*:*) - echo ${UNAME_MACHINE}-unknown-morphos + echo "$UNAME_MACHINE"-unknown-morphos exit ;; *:OS/390:*:*) echo i370-ibm-openedition @@ -343,7 +360,7 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in echo powerpc-ibm-os400 exit ;; arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*) - echo arm-acorn-riscix${UNAME_RELEASE} + echo arm-acorn-riscix"$UNAME_RELEASE" exit ;; arm*:riscos:*:*|arm*:RISCOS:*:*) echo arm-unknown-riscos @@ -370,19 +387,19 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in sparc) echo sparc-icl-nx7; exit ;; esac ;; s390x:SunOS:*:*) - echo ${UNAME_MACHINE}-ibm-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + echo "$UNAME_MACHINE"-ibm-solaris2"`echo "$UNAME_RELEASE" | sed -e 's/[^.]*//'`" exit ;; sun4H:SunOS:5.*:*) - echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + echo sparc-hal-solaris2"`echo "$UNAME_RELEASE"|sed -e 's/[^.]*//'`" exit ;; sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*) - echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + echo sparc-sun-solaris2"`echo "$UNAME_RELEASE" | sed -e 's/[^.]*//'`" exit ;; i86pc:AuroraUX:5.*:* | i86xen:AuroraUX:5.*:*) - echo i386-pc-auroraux${UNAME_RELEASE} + echo i386-pc-auroraux"$UNAME_RELEASE" exit ;; i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*) - eval $set_cc_for_build + set_cc_for_build SUN_ARCH=i386 # If there is a compiler, see if it is configured for 64-bit objects. # Note that the Sun cc does not turn __LP64__ into 1 like gcc does. @@ -395,13 +412,13 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in SUN_ARCH=x86_64 fi fi - echo ${SUN_ARCH}-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + echo "$SUN_ARCH"-pc-solaris2"`echo "$UNAME_RELEASE"|sed -e 's/[^.]*//'`" exit ;; sun4*:SunOS:6*:*) # According to config.sub, this is the proper way to canonicalize # SunOS6. Hard to guess exactly what SunOS6 will be like, but # it's likely to be more like Solaris than SunOS4. - echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + echo sparc-sun-solaris3"`echo "$UNAME_RELEASE"|sed -e 's/[^.]*//'`" exit ;; sun4*:SunOS:*:*) case "`/usr/bin/arch -k`" in @@ -410,25 +427,25 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in ;; esac # Japanese Language versions have a version number like `4.1.3-JL'. - echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'` + echo sparc-sun-sunos"`echo "$UNAME_RELEASE"|sed -e 's/-/_/'`" exit ;; sun3*:SunOS:*:*) - echo m68k-sun-sunos${UNAME_RELEASE} + echo m68k-sun-sunos"$UNAME_RELEASE" exit ;; sun*:*:4.2BSD:*) UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null` - test "x${UNAME_RELEASE}" = x && UNAME_RELEASE=3 + test "x$UNAME_RELEASE" = x && UNAME_RELEASE=3 case "`/bin/arch`" in sun3) - echo m68k-sun-sunos${UNAME_RELEASE} + echo m68k-sun-sunos"$UNAME_RELEASE" ;; sun4) - echo sparc-sun-sunos${UNAME_RELEASE} + echo sparc-sun-sunos"$UNAME_RELEASE" ;; esac exit ;; aushp:SunOS:*:*) - echo sparc-auspex-sunos${UNAME_RELEASE} + echo sparc-auspex-sunos"$UNAME_RELEASE" exit ;; # The situation for MiNT is a little confusing. The machine name # can be virtually everything (everything which is not @@ -439,44 +456,44 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in # MiNT. But MiNT is downward compatible to TOS, so this should # be no problem. atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*) - echo m68k-atari-mint${UNAME_RELEASE} + echo m68k-atari-mint"$UNAME_RELEASE" exit ;; atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*) - echo m68k-atari-mint${UNAME_RELEASE} + echo m68k-atari-mint"$UNAME_RELEASE" exit ;; *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*) - echo m68k-atari-mint${UNAME_RELEASE} + echo m68k-atari-mint"$UNAME_RELEASE" exit ;; milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*) - echo m68k-milan-mint${UNAME_RELEASE} + echo m68k-milan-mint"$UNAME_RELEASE" exit ;; hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*) - echo m68k-hades-mint${UNAME_RELEASE} + echo m68k-hades-mint"$UNAME_RELEASE" exit ;; *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*) - echo m68k-unknown-mint${UNAME_RELEASE} + echo m68k-unknown-mint"$UNAME_RELEASE" exit ;; m68k:machten:*:*) - echo m68k-apple-machten${UNAME_RELEASE} + echo m68k-apple-machten"$UNAME_RELEASE" exit ;; powerpc:machten:*:*) - echo powerpc-apple-machten${UNAME_RELEASE} + echo powerpc-apple-machten"$UNAME_RELEASE" exit ;; RISC*:Mach:*:*) echo mips-dec-mach_bsd4.3 exit ;; RISC*:ULTRIX:*:*) - echo mips-dec-ultrix${UNAME_RELEASE} + echo mips-dec-ultrix"$UNAME_RELEASE" exit ;; VAX*:ULTRIX*:*:*) - echo vax-dec-ultrix${UNAME_RELEASE} + echo vax-dec-ultrix"$UNAME_RELEASE" exit ;; 2020:CLIX:*:* | 2430:CLIX:*:*) - echo clipper-intergraph-clix${UNAME_RELEASE} + echo clipper-intergraph-clix"$UNAME_RELEASE" exit ;; mips:*:*:UMIPS | mips:*:*:RISCos) - eval $set_cc_for_build - sed 's/^ //' << EOF >$dummy.c + set_cc_for_build + sed 's/^ //' << EOF > "$dummy.c" #ifdef __cplusplus #include <stdio.h> /* for printf() prototype */ int main (int argc, char *argv[]) { @@ -485,23 +502,23 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in #endif #if defined (host_mips) && defined (MIPSEB) #if defined (SYSTYPE_SYSV) - printf ("mips-mips-riscos%ssysv\n", argv[1]); exit (0); + printf ("mips-mips-riscos%ssysv\\n", argv[1]); exit (0); #endif #if defined (SYSTYPE_SVR4) - printf ("mips-mips-riscos%ssvr4\n", argv[1]); exit (0); + printf ("mips-mips-riscos%ssvr4\\n", argv[1]); exit (0); #endif #if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD) - printf ("mips-mips-riscos%sbsd\n", argv[1]); exit (0); + printf ("mips-mips-riscos%sbsd\\n", argv[1]); exit (0); #endif #endif exit (-1); } EOF - $CC_FOR_BUILD -o $dummy $dummy.c && - dummyarg=`echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` && - SYSTEM_NAME=`$dummy $dummyarg` && + $CC_FOR_BUILD -o "$dummy" "$dummy.c" && + dummyarg=`echo "$UNAME_RELEASE" | sed -n 's/\([0-9]*\).*/\1/p'` && + SYSTEM_NAME=`"$dummy" "$dummyarg"` && { echo "$SYSTEM_NAME"; exit; } - echo mips-mips-riscos${UNAME_RELEASE} + echo mips-mips-riscos"$UNAME_RELEASE" exit ;; Motorola:PowerMAX_OS:*:*) echo powerpc-motorola-powermax @@ -527,17 +544,17 @@ EOF AViiON:dgux:*:*) # DG/UX returns AViiON for all architectures UNAME_PROCESSOR=`/usr/bin/uname -p` - if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ] + if [ "$UNAME_PROCESSOR" = mc88100 ] || [ "$UNAME_PROCESSOR" = mc88110 ] then - if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \ - [ ${TARGET_BINARY_INTERFACE}x = x ] + if [ "$TARGET_BINARY_INTERFACE"x = m88kdguxelfx ] || \ + [ "$TARGET_BINARY_INTERFACE"x = x ] then - echo m88k-dg-dgux${UNAME_RELEASE} + echo m88k-dg-dgux"$UNAME_RELEASE" else - echo m88k-dg-dguxbcs${UNAME_RELEASE} + echo m88k-dg-dguxbcs"$UNAME_RELEASE" fi else - echo i586-dg-dgux${UNAME_RELEASE} + echo i586-dg-dgux"$UNAME_RELEASE" fi exit ;; M88*:DolphinOS:*:*) # DolphinOS (SVR3) @@ -554,7 +571,7 @@ EOF echo m68k-tektronix-bsd exit ;; *:IRIX*:*:*) - echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'` + echo mips-sgi-irix"`echo "$UNAME_RELEASE"|sed -e 's/-/_/g'`" exit ;; ????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX. echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id @@ -566,14 +583,14 @@ EOF if [ -x /usr/bin/oslevel ] ; then IBM_REV=`/usr/bin/oslevel` else - IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} + IBM_REV="$UNAME_VERSION.$UNAME_RELEASE" fi - echo ${UNAME_MACHINE}-ibm-aix${IBM_REV} + echo "$UNAME_MACHINE"-ibm-aix"$IBM_REV" exit ;; *:AIX:2:3) if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then - eval $set_cc_for_build - sed 's/^ //' << EOF >$dummy.c + set_cc_for_build + sed 's/^ //' << EOF > "$dummy.c" #include <sys/systemcfg.h> main() @@ -584,7 +601,7 @@ EOF exit(0); } EOF - if $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` + if $CC_FOR_BUILD -o "$dummy" "$dummy.c" && SYSTEM_NAME=`"$dummy"` then echo "$SYSTEM_NAME" else @@ -598,7 +615,7 @@ EOF exit ;; *:AIX:*:[4567]) IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'` - if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then + if /usr/sbin/lsattr -El "$IBM_CPU_ID" | grep ' POWER' >/dev/null 2>&1; then IBM_ARCH=rs6000 else IBM_ARCH=powerpc @@ -607,18 +624,18 @@ EOF IBM_REV=`/usr/bin/lslpp -Lqc bos.rte.libc | awk -F: '{ print $3 }' | sed s/[0-9]*$/0/` else - IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} + IBM_REV="$UNAME_VERSION.$UNAME_RELEASE" fi - echo ${IBM_ARCH}-ibm-aix${IBM_REV} + echo "$IBM_ARCH"-ibm-aix"$IBM_REV" exit ;; *:AIX:*:*) echo rs6000-ibm-aix exit ;; - ibmrt:4.4BSD:*|romp-ibm:BSD:*) + ibmrt:4.4BSD:*|romp-ibm:4.4BSD:*) echo romp-ibm-bsd4.4 exit ;; ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC BSD and - echo romp-ibm-bsd${UNAME_RELEASE} # 4.3 with uname added to + echo romp-ibm-bsd"$UNAME_RELEASE" # 4.3 with uname added to exit ;; # report: romp-ibm BSD 4.3 *:BOSX:*:*) echo rs6000-bull-bosx @@ -633,28 +650,28 @@ EOF echo m68k-hp-bsd4.4 exit ;; 9000/[34678]??:HP-UX:*:*) - HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` - case "${UNAME_MACHINE}" in - 9000/31? ) HP_ARCH=m68000 ;; - 9000/[34]?? ) HP_ARCH=m68k ;; + HPUX_REV=`echo "$UNAME_RELEASE"|sed -e 's/[^.]*.[0B]*//'` + case "$UNAME_MACHINE" in + 9000/31?) HP_ARCH=m68000 ;; + 9000/[34]??) HP_ARCH=m68k ;; 9000/[678][0-9][0-9]) if [ -x /usr/bin/getconf ]; then sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null` sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null` - case "${sc_cpu_version}" in + case "$sc_cpu_version" in 523) HP_ARCH=hppa1.0 ;; # CPU_PA_RISC1_0 528) HP_ARCH=hppa1.1 ;; # CPU_PA_RISC1_1 532) # CPU_PA_RISC2_0 - case "${sc_kernel_bits}" in + case "$sc_kernel_bits" in 32) HP_ARCH=hppa2.0n ;; 64) HP_ARCH=hppa2.0w ;; '') HP_ARCH=hppa2.0 ;; # HP-UX 10.20 esac ;; esac fi - if [ "${HP_ARCH}" = "" ]; then - eval $set_cc_for_build - sed 's/^ //' << EOF >$dummy.c + if [ "$HP_ARCH" = "" ]; then + set_cc_for_build + sed 's/^ //' << EOF > "$dummy.c" #define _HPUX_SOURCE #include <stdlib.h> @@ -687,13 +704,13 @@ EOF exit (0); } EOF - (CCOPTS="" $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy` + (CCOPTS="" $CC_FOR_BUILD -o "$dummy" "$dummy.c" 2>/dev/null) && HP_ARCH=`"$dummy"` test -z "$HP_ARCH" && HP_ARCH=hppa fi ;; esac - if [ ${HP_ARCH} = hppa2.0w ] + if [ "$HP_ARCH" = hppa2.0w ] then - eval $set_cc_for_build + set_cc_for_build # hppa2.0w-hp-hpux* has a 64-bit kernel and a compiler generating # 32-bit code. hppa64-hp-hpux* has the same kernel and a compiler @@ -712,15 +729,15 @@ EOF HP_ARCH=hppa64 fi fi - echo ${HP_ARCH}-hp-hpux${HPUX_REV} + echo "$HP_ARCH"-hp-hpux"$HPUX_REV" exit ;; ia64:HP-UX:*:*) - HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` - echo ia64-hp-hpux${HPUX_REV} + HPUX_REV=`echo "$UNAME_RELEASE"|sed -e 's/[^.]*.[0B]*//'` + echo ia64-hp-hpux"$HPUX_REV" exit ;; 3050*:HI-UX:*:*) - eval $set_cc_for_build - sed 's/^ //' << EOF >$dummy.c + set_cc_for_build + sed 's/^ //' << EOF > "$dummy.c" #include <unistd.h> int main () @@ -745,11 +762,11 @@ EOF exit (0); } EOF - $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` && + $CC_FOR_BUILD -o "$dummy" "$dummy.c" && SYSTEM_NAME=`"$dummy"` && { echo "$SYSTEM_NAME"; exit; } echo unknown-hitachi-hiuxwe2 exit ;; - 9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* ) + 9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:*) echo hppa1.1-hp-bsd exit ;; 9000/8??:4.3bsd:*:*) @@ -758,7 +775,7 @@ EOF *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*) echo hppa1.0-hp-mpeix exit ;; - hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* ) + hp7??:OSF1:*:* | hp8?[79]:OSF1:*:*) echo hppa1.1-hp-osf exit ;; hp8??:OSF1:*:*) @@ -766,9 +783,9 @@ EOF exit ;; i*86:OSF1:*:*) if [ -x /usr/sbin/sysversion ] ; then - echo ${UNAME_MACHINE}-unknown-osf1mk + echo "$UNAME_MACHINE"-unknown-osf1mk else - echo ${UNAME_MACHINE}-unknown-osf1 + echo "$UNAME_MACHINE"-unknown-osf1 fi exit ;; parisc*:Lites*:*:*) @@ -793,130 +810,123 @@ EOF echo c4-convex-bsd exit ;; CRAY*Y-MP:*:*:*) - echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + echo ymp-cray-unicos"$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/' exit ;; CRAY*[A-Z]90:*:*:*) - echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \ + echo "$UNAME_MACHINE"-cray-unicos"$UNAME_RELEASE" \ | sed -e 's/CRAY.*\([A-Z]90\)/\1/' \ -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \ -e 's/\.[^.]*$/.X/' exit ;; CRAY*TS:*:*:*) - echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + echo t90-cray-unicos"$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/' exit ;; CRAY*T3E:*:*:*) - echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + echo alphaev5-cray-unicosmk"$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/' exit ;; CRAY*SV1:*:*:*) - echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + echo sv1-cray-unicos"$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/' exit ;; *:UNICOS/mp:*:*) - echo craynv-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + echo craynv-cray-unicosmp"$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/' exit ;; F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*) FUJITSU_PROC=`uname -m | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz` FUJITSU_SYS=`uname -p | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/\///'` - FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'` + FUJITSU_REL=`echo "$UNAME_RELEASE" | sed -e 's/ /_/'` echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" exit ;; 5000:UNIX_System_V:4.*:*) FUJITSU_SYS=`uname -p | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/\///'` - FUJITSU_REL=`echo ${UNAME_RELEASE} | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/ /_/'` + FUJITSU_REL=`echo "$UNAME_RELEASE" | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/ /_/'` echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" exit ;; i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*) - echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE} + echo "$UNAME_MACHINE"-pc-bsdi"$UNAME_RELEASE" exit ;; sparc*:BSD/OS:*:*) - echo sparc-unknown-bsdi${UNAME_RELEASE} + echo sparc-unknown-bsdi"$UNAME_RELEASE" exit ;; *:BSD/OS:*:*) - echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE} + echo "$UNAME_MACHINE"-unknown-bsdi"$UNAME_RELEASE" + exit ;; + arm:FreeBSD:*:*) + UNAME_PROCESSOR=`uname -p` + set_cc_for_build + if echo __ARM_PCS_VFP | $CC_FOR_BUILD -E - 2>/dev/null \ + | grep -q __ARM_PCS_VFP + then + echo "${UNAME_PROCESSOR}"-unknown-freebsd"`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`"-gnueabi + else + echo "${UNAME_PROCESSOR}"-unknown-freebsd"`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`"-gnueabihf + fi exit ;; *:FreeBSD:*:*) UNAME_PROCESSOR=`/usr/bin/uname -p` - case ${UNAME_PROCESSOR} in + case "$UNAME_PROCESSOR" in amd64) - echo x86_64-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; - *) - echo ${UNAME_PROCESSOR}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; + UNAME_PROCESSOR=x86_64 ;; + i386) + UNAME_PROCESSOR=i586 ;; esac + echo "$UNAME_PROCESSOR"-unknown-freebsd"`echo "$UNAME_RELEASE"|sed -e 's/[-(].*//'`" exit ;; i*:CYGWIN*:*) - echo ${UNAME_MACHINE}-pc-cygwin + echo "$UNAME_MACHINE"-pc-cygwin exit ;; *:MINGW64*:*) - echo ${UNAME_MACHINE}-pc-mingw64 + echo "$UNAME_MACHINE"-pc-mingw64 exit ;; *:MINGW*:*) - echo ${UNAME_MACHINE}-pc-mingw32 + echo "$UNAME_MACHINE"-pc-mingw32 exit ;; *:MSYS*:*) - echo ${UNAME_MACHINE}-pc-msys - exit ;; - i*:windows32*:*) - # uname -m includes "-pc" on this system. - echo ${UNAME_MACHINE}-mingw32 + echo "$UNAME_MACHINE"-pc-msys exit ;; i*:PW*:*) - echo ${UNAME_MACHINE}-pc-pw32 + echo "$UNAME_MACHINE"-pc-pw32 exit ;; *:Interix*:*) - case ${UNAME_MACHINE} in + case "$UNAME_MACHINE" in x86) - echo i586-pc-interix${UNAME_RELEASE} + echo i586-pc-interix"$UNAME_RELEASE" exit ;; authenticamd | genuineintel | EM64T) - echo x86_64-unknown-interix${UNAME_RELEASE} + echo x86_64-unknown-interix"$UNAME_RELEASE" exit ;; IA64) - echo ia64-unknown-interix${UNAME_RELEASE} + echo ia64-unknown-interix"$UNAME_RELEASE" exit ;; esac ;; - [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*) - echo i${UNAME_MACHINE}-pc-mks - exit ;; - 8664:Windows_NT:*) - echo x86_64-pc-mks - exit ;; - i*:Windows_NT*:* | Pentium*:Windows_NT*:*) - # How do we know it's Interix rather than the generic POSIX subsystem? - # It also conflicts with pre-2.0 versions of AT&T UWIN. Should we - # UNAME_MACHINE based on the output of uname instead of i386? - echo i586-pc-interix - exit ;; i*:UWIN*:*) - echo ${UNAME_MACHINE}-pc-uwin + echo "$UNAME_MACHINE"-pc-uwin exit ;; amd64:CYGWIN*:*:* | x86_64:CYGWIN*:*:*) - echo x86_64-unknown-cygwin - exit ;; - p*:CYGWIN*:*) - echo powerpcle-unknown-cygwin + echo x86_64-pc-cygwin exit ;; prep*:SunOS:5.*:*) - echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + echo powerpcle-unknown-solaris2"`echo "$UNAME_RELEASE"|sed -e 's/[^.]*//'`" exit ;; *:GNU:*:*) # the GNU system - echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-${LIBC}`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'` + echo "`echo "$UNAME_MACHINE"|sed -e 's,[-/].*$,,'`-unknown-$LIBC`echo "$UNAME_RELEASE"|sed -e 's,/.*$,,'`" exit ;; *:GNU/*:*:*) # other systems with GNU libc and userland - echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr "[:upper:]" "[:lower:]"``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-${LIBC} + echo "$UNAME_MACHINE-unknown-`echo "$UNAME_SYSTEM" | sed 's,^[^/]*/,,' | tr "[:upper:]" "[:lower:]"``echo "$UNAME_RELEASE"|sed -e 's/[-(].*//'`-$LIBC" exit ;; - i*86:Minix:*:*) - echo ${UNAME_MACHINE}-pc-minix + *:Minix:*:*) + echo "$UNAME_MACHINE"-unknown-minix exit ;; aarch64:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" exit ;; aarch64_be:Linux:*:*) UNAME_MACHINE=aarch64_be - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" exit ;; alpha:Linux:*:*) - case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in + case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' /proc/cpuinfo 2>/dev/null` in EV5) UNAME_MACHINE=alphaev5 ;; EV56) UNAME_MACHINE=alphaev56 ;; PCA56) UNAME_MACHINE=alphapca56 ;; @@ -927,140 +937,178 @@ EOF esac objdump --private-headers /bin/sh | grep -q ld.so.1 if test "$?" = 0 ; then LIBC=gnulibc1 ; fi - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" exit ;; arc:Linux:*:* | arceb:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" exit ;; arm*:Linux:*:*) - eval $set_cc_for_build + set_cc_for_build if echo __ARM_EABI__ | $CC_FOR_BUILD -E - 2>/dev/null \ | grep -q __ARM_EABI__ then - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" else if echo __ARM_PCS_VFP | $CC_FOR_BUILD -E - 2>/dev/null \ | grep -q __ARM_PCS_VFP then - echo ${UNAME_MACHINE}-unknown-linux-${LIBC}eabi + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"eabi else - echo ${UNAME_MACHINE}-unknown-linux-${LIBC}eabihf + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"eabihf fi fi exit ;; avr32*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" exit ;; cris:Linux:*:*) - echo ${UNAME_MACHINE}-axis-linux-${LIBC} + echo "$UNAME_MACHINE"-axis-linux-"$LIBC" exit ;; crisv32:Linux:*:*) - echo ${UNAME_MACHINE}-axis-linux-${LIBC} + echo "$UNAME_MACHINE"-axis-linux-"$LIBC" exit ;; e2k:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" exit ;; frv:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" exit ;; hexagon:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" exit ;; i*86:Linux:*:*) - echo ${UNAME_MACHINE}-pc-linux-${LIBC} + echo "$UNAME_MACHINE"-pc-linux-"$LIBC" exit ;; ia64:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" exit ;; k1om:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" exit ;; m32r*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" exit ;; m68*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" exit ;; mips:Linux:*:* | mips64:Linux:*:*) - eval $set_cc_for_build - sed 's/^ //' << EOF >$dummy.c + set_cc_for_build + IS_GLIBC=0 + test x"${LIBC}" = xgnu && IS_GLIBC=1 + sed 's/^ //' << EOF > "$dummy.c" #undef CPU - #undef ${UNAME_MACHINE} - #undef ${UNAME_MACHINE}el + #undef mips + #undef mipsel + #undef mips64 + #undef mips64el + #if ${IS_GLIBC} && defined(_ABI64) + LIBCABI=gnuabi64 + #else + #if ${IS_GLIBC} && defined(_ABIN32) + LIBCABI=gnuabin32 + #else + LIBCABI=${LIBC} + #endif + #endif + + #if ${IS_GLIBC} && defined(__mips64) && defined(__mips_isa_rev) && __mips_isa_rev>=6 + CPU=mipsisa64r6 + #else + #if ${IS_GLIBC} && !defined(__mips64) && defined(__mips_isa_rev) && __mips_isa_rev>=6 + CPU=mipsisa32r6 + #else + #if defined(__mips64) + CPU=mips64 + #else + CPU=mips + #endif + #endif + #endif + #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL) - CPU=${UNAME_MACHINE}el + MIPS_ENDIAN=el #else #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB) - CPU=${UNAME_MACHINE} + MIPS_ENDIAN= #else - CPU= + MIPS_ENDIAN= #endif #endif EOF - eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^CPU'` - test x"${CPU}" != x && { echo "${CPU}-unknown-linux-${LIBC}"; exit; } + eval "`$CC_FOR_BUILD -E "$dummy.c" 2>/dev/null | grep '^CPU\|^MIPS_ENDIAN\|^LIBCABI'`" + test "x$CPU" != x && { echo "$CPU${MIPS_ENDIAN}-unknown-linux-$LIBCABI"; exit; } ;; mips64el:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" exit ;; openrisc*:Linux:*:*) - echo or1k-unknown-linux-${LIBC} + echo or1k-unknown-linux-"$LIBC" exit ;; or32:Linux:*:* | or1k*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" exit ;; padre:Linux:*:*) - echo sparc-unknown-linux-${LIBC} + echo sparc-unknown-linux-"$LIBC" exit ;; parisc64:Linux:*:* | hppa64:Linux:*:*) - echo hppa64-unknown-linux-${LIBC} + echo hppa64-unknown-linux-"$LIBC" exit ;; parisc:Linux:*:* | hppa:Linux:*:*) # Look for CPU level case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in - PA7*) echo hppa1.1-unknown-linux-${LIBC} ;; - PA8*) echo hppa2.0-unknown-linux-${LIBC} ;; - *) echo hppa-unknown-linux-${LIBC} ;; + PA7*) echo hppa1.1-unknown-linux-"$LIBC" ;; + PA8*) echo hppa2.0-unknown-linux-"$LIBC" ;; + *) echo hppa-unknown-linux-"$LIBC" ;; esac exit ;; ppc64:Linux:*:*) - echo powerpc64-unknown-linux-${LIBC} + echo powerpc64-unknown-linux-"$LIBC" exit ;; ppc:Linux:*:*) - echo powerpc-unknown-linux-${LIBC} + echo powerpc-unknown-linux-"$LIBC" exit ;; ppc64le:Linux:*:*) - echo powerpc64le-unknown-linux-${LIBC} + echo powerpc64le-unknown-linux-"$LIBC" exit ;; ppcle:Linux:*:*) - echo powerpcle-unknown-linux-${LIBC} + echo powerpcle-unknown-linux-"$LIBC" exit ;; riscv32:Linux:*:* | riscv64:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" exit ;; s390:Linux:*:* | s390x:Linux:*:*) - echo ${UNAME_MACHINE}-ibm-linux-${LIBC} + echo "$UNAME_MACHINE"-ibm-linux-"$LIBC" exit ;; sh64*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" exit ;; sh*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" exit ;; sparc:Linux:*:* | sparc64:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" exit ;; tile*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" exit ;; vax:Linux:*:*) - echo ${UNAME_MACHINE}-dec-linux-${LIBC} + echo "$UNAME_MACHINE"-dec-linux-"$LIBC" exit ;; x86_64:Linux:*:*) - echo ${UNAME_MACHINE}-pc-linux-${LIBC} + set_cc_for_build + LIBCABI=$LIBC + if [ "$CC_FOR_BUILD" != no_compiler_found ]; then + if (echo '#ifdef __ILP32__'; echo IS_X32; echo '#endif') | \ + (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \ + grep IS_X32 >/dev/null + then + LIBCABI="$LIBC"x32 + fi + fi + echo "$UNAME_MACHINE"-pc-linux-"$LIBCABI" exit ;; xtensa*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" exit ;; i*86:DYNIX/ptx:4*:*) # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. @@ -1074,34 +1122,34 @@ EOF # I am not positive that other SVR4 systems won't match this, # I just have to hope. -- rms. # Use sysv4.2uw... so that sysv4* matches it. - echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION} + echo "$UNAME_MACHINE"-pc-sysv4.2uw"$UNAME_VERSION" exit ;; i*86:OS/2:*:*) # If we were able to find `uname', then EMX Unix compatibility # is probably installed. - echo ${UNAME_MACHINE}-pc-os2-emx + echo "$UNAME_MACHINE"-pc-os2-emx exit ;; i*86:XTS-300:*:STOP) - echo ${UNAME_MACHINE}-unknown-stop + echo "$UNAME_MACHINE"-unknown-stop exit ;; i*86:atheos:*:*) - echo ${UNAME_MACHINE}-unknown-atheos + echo "$UNAME_MACHINE"-unknown-atheos exit ;; i*86:syllable:*:*) - echo ${UNAME_MACHINE}-pc-syllable + echo "$UNAME_MACHINE"-pc-syllable exit ;; i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.[02]*:*) - echo i386-unknown-lynxos${UNAME_RELEASE} + echo i386-unknown-lynxos"$UNAME_RELEASE" exit ;; i*86:*DOS:*:*) - echo ${UNAME_MACHINE}-pc-msdosdjgpp + echo "$UNAME_MACHINE"-pc-msdosdjgpp exit ;; - i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*) - UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'` + i*86:*:4.*:*) + UNAME_REL=`echo "$UNAME_RELEASE" | sed 's/\/MP$//'` if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then - echo ${UNAME_MACHINE}-univel-sysv${UNAME_REL} + echo "$UNAME_MACHINE"-univel-sysv"$UNAME_REL" else - echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL} + echo "$UNAME_MACHINE"-pc-sysv"$UNAME_REL" fi exit ;; i*86:*:5:[678]*) @@ -1111,12 +1159,12 @@ EOF *Pentium) UNAME_MACHINE=i586 ;; *Pent*|*Celeron) UNAME_MACHINE=i686 ;; esac - echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION} + echo "$UNAME_MACHINE-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION}" exit ;; i*86:*:3.2:*) if test -f /usr/options/cb.name; then UNAME_REL=`sed -n 's/.*Version //p' </usr/options/cb.name` - echo ${UNAME_MACHINE}-pc-isc$UNAME_REL + echo "$UNAME_MACHINE"-pc-isc"$UNAME_REL" elif /bin/uname -X 2>/dev/null >/dev/null ; then UNAME_REL=`(/bin/uname -X|grep Release|sed -e 's/.*= //')` (/bin/uname -X|grep i80486 >/dev/null) && UNAME_MACHINE=i486 @@ -1126,9 +1174,9 @@ EOF && UNAME_MACHINE=i686 (/bin/uname -X|grep '^Machine.*Pentium Pro' >/dev/null) \ && UNAME_MACHINE=i686 - echo ${UNAME_MACHINE}-pc-sco$UNAME_REL + echo "$UNAME_MACHINE"-pc-sco"$UNAME_REL" else - echo ${UNAME_MACHINE}-pc-sysv32 + echo "$UNAME_MACHINE"-pc-sysv32 fi exit ;; pc:*:*:*) @@ -1148,9 +1196,9 @@ EOF exit ;; i860:*:4.*:*) # i860-SVR4 if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then - echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4 + echo i860-stardent-sysv"$UNAME_RELEASE" # Stardent Vistra i860-SVR4 else # Add other i860-SVR4 vendors below as they are discovered. - echo i860-unknown-sysv${UNAME_RELEASE} # Unknown i860-SVR4 + echo i860-unknown-sysv"$UNAME_RELEASE" # Unknown i860-SVR4 fi exit ;; mini*:CTIX:SYS*5:*) @@ -1170,9 +1218,9 @@ EOF test -r /etc/.relid \ && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ - && { echo i486-ncr-sysv4.3${OS_REL}; exit; } + && { echo i486-ncr-sysv4.3"$OS_REL"; exit; } /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ - && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;; + && { echo i586-ncr-sysv4.3"$OS_REL"; exit; } ;; 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*) /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ && { echo i486-ncr-sysv4; exit; } ;; @@ -1181,28 +1229,28 @@ EOF test -r /etc/.relid \ && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ - && { echo i486-ncr-sysv4.3${OS_REL}; exit; } + && { echo i486-ncr-sysv4.3"$OS_REL"; exit; } /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ - && { echo i586-ncr-sysv4.3${OS_REL}; exit; } + && { echo i586-ncr-sysv4.3"$OS_REL"; exit; } /bin/uname -p 2>/dev/null | /bin/grep pteron >/dev/null \ - && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;; + && { echo i586-ncr-sysv4.3"$OS_REL"; exit; } ;; m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*) - echo m68k-unknown-lynxos${UNAME_RELEASE} + echo m68k-unknown-lynxos"$UNAME_RELEASE" exit ;; mc68030:UNIX_System_V:4.*:*) echo m68k-atari-sysv4 exit ;; TSUNAMI:LynxOS:2.*:*) - echo sparc-unknown-lynxos${UNAME_RELEASE} + echo sparc-unknown-lynxos"$UNAME_RELEASE" exit ;; rs6000:LynxOS:2.*:*) - echo rs6000-unknown-lynxos${UNAME_RELEASE} + echo rs6000-unknown-lynxos"$UNAME_RELEASE" exit ;; PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.[02]*:*) - echo powerpc-unknown-lynxos${UNAME_RELEASE} + echo powerpc-unknown-lynxos"$UNAME_RELEASE" exit ;; SM[BE]S:UNIX_SV:*:*) - echo mips-dde-sysv${UNAME_RELEASE} + echo mips-dde-sysv"$UNAME_RELEASE" exit ;; RM*:ReliantUNIX-*:*:*) echo mips-sni-sysv4 @@ -1213,7 +1261,7 @@ EOF *:SINIX-*:*:*) if uname -p 2>/dev/null >/dev/null ; then UNAME_MACHINE=`(uname -p) 2>/dev/null` - echo ${UNAME_MACHINE}-sni-sysv4 + echo "$UNAME_MACHINE"-sni-sysv4 else echo ns32k-sni-sysv fi @@ -1233,23 +1281,23 @@ EOF exit ;; i*86:VOS:*:*) # From Paul.Green@stratus.com. - echo ${UNAME_MACHINE}-stratus-vos + echo "$UNAME_MACHINE"-stratus-vos exit ;; *:VOS:*:*) # From Paul.Green@stratus.com. echo hppa1.1-stratus-vos exit ;; mc68*:A/UX:*:*) - echo m68k-apple-aux${UNAME_RELEASE} + echo m68k-apple-aux"$UNAME_RELEASE" exit ;; news*:NEWS-OS:6*:*) echo mips-sony-newsos6 exit ;; R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*) if [ -d /usr/nec ]; then - echo mips-nec-sysv${UNAME_RELEASE} + echo mips-nec-sysv"$UNAME_RELEASE" else - echo mips-unknown-sysv${UNAME_RELEASE} + echo mips-unknown-sysv"$UNAME_RELEASE" fi exit ;; BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only. @@ -1268,60 +1316,71 @@ EOF echo x86_64-unknown-haiku exit ;; SX-4:SUPER-UX:*:*) - echo sx4-nec-superux${UNAME_RELEASE} + echo sx4-nec-superux"$UNAME_RELEASE" exit ;; SX-5:SUPER-UX:*:*) - echo sx5-nec-superux${UNAME_RELEASE} + echo sx5-nec-superux"$UNAME_RELEASE" exit ;; SX-6:SUPER-UX:*:*) - echo sx6-nec-superux${UNAME_RELEASE} + echo sx6-nec-superux"$UNAME_RELEASE" exit ;; SX-7:SUPER-UX:*:*) - echo sx7-nec-superux${UNAME_RELEASE} + echo sx7-nec-superux"$UNAME_RELEASE" exit ;; SX-8:SUPER-UX:*:*) - echo sx8-nec-superux${UNAME_RELEASE} + echo sx8-nec-superux"$UNAME_RELEASE" exit ;; SX-8R:SUPER-UX:*:*) - echo sx8r-nec-superux${UNAME_RELEASE} + echo sx8r-nec-superux"$UNAME_RELEASE" exit ;; SX-ACE:SUPER-UX:*:*) - echo sxace-nec-superux${UNAME_RELEASE} + echo sxace-nec-superux"$UNAME_RELEASE" exit ;; Power*:Rhapsody:*:*) - echo powerpc-apple-rhapsody${UNAME_RELEASE} + echo powerpc-apple-rhapsody"$UNAME_RELEASE" exit ;; *:Rhapsody:*:*) - echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE} + echo "$UNAME_MACHINE"-apple-rhapsody"$UNAME_RELEASE" + exit ;; + arm64:Darwin:*:*) + echo aarch64-apple-darwin"$UNAME_RELEASE" exit ;; *:Darwin:*:*) - UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown - eval $set_cc_for_build - if test "$UNAME_PROCESSOR" = unknown ; then - UNAME_PROCESSOR=powerpc + UNAME_PROCESSOR=`uname -p` + case $UNAME_PROCESSOR in + unknown) UNAME_PROCESSOR=powerpc ;; + esac + if command -v xcode-select > /dev/null 2> /dev/null && \ + ! xcode-select --print-path > /dev/null 2> /dev/null ; then + # Avoid executing cc if there is no toolchain installed as + # cc will be a stub that puts up a graphical alert + # prompting the user to install developer tools. + CC_FOR_BUILD=no_compiler_found + else + set_cc_for_build fi - if test `echo "$UNAME_RELEASE" | sed -e 's/\..*//'` -le 10 ; then - if [ "$CC_FOR_BUILD" != no_compiler_found ]; then - if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \ - (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \ - grep IS_64BIT_ARCH >/dev/null - then - case $UNAME_PROCESSOR in - i386) UNAME_PROCESSOR=x86_64 ;; - powerpc) UNAME_PROCESSOR=powerpc64 ;; - esac - fi + if [ "$CC_FOR_BUILD" != no_compiler_found ]; then + if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \ + (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \ + grep IS_64BIT_ARCH >/dev/null + then + case $UNAME_PROCESSOR in + i386) UNAME_PROCESSOR=x86_64 ;; + powerpc) UNAME_PROCESSOR=powerpc64 ;; + esac + fi + # On 10.4-10.6 one might compile for PowerPC via gcc -arch ppc + if (echo '#ifdef __POWERPC__'; echo IS_PPC; echo '#endif') | \ + (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \ + grep IS_PPC >/dev/null + then + UNAME_PROCESSOR=powerpc fi elif test "$UNAME_PROCESSOR" = i386 ; then - # Avoid executing cc on OS X 10.9, as it ships with a stub - # that puts up a graphical alert prompting to install - # developer tools. Any system running Mac OS X 10.7 or - # later (Darwin 11 and later) is required to have a 64-bit - # processor. This is not true of the ARM version of Darwin - # that Apple uses in portable devices. - UNAME_PROCESSOR=x86_64 + # uname -m returns i386 or x86_64 + UNAME_PROCESSOR=$UNAME_MACHINE fi - echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE} + echo "$UNAME_PROCESSOR"-apple-darwin"$UNAME_RELEASE" exit ;; *:procnto*:*:* | *:QNX:[0123456789]*:*) UNAME_PROCESSOR=`uname -p` @@ -1329,19 +1388,25 @@ EOF UNAME_PROCESSOR=i386 UNAME_MACHINE=pc fi - echo ${UNAME_PROCESSOR}-${UNAME_MACHINE}-nto-qnx${UNAME_RELEASE} + echo "$UNAME_PROCESSOR"-"$UNAME_MACHINE"-nto-qnx"$UNAME_RELEASE" exit ;; *:QNX:*:4*) echo i386-pc-qnx exit ;; - NEO-?:NONSTOP_KERNEL:*:*) - echo neo-tandem-nsk${UNAME_RELEASE} + NEO-*:NONSTOP_KERNEL:*:*) + echo neo-tandem-nsk"$UNAME_RELEASE" exit ;; NSE-*:NONSTOP_KERNEL:*:*) - echo nse-tandem-nsk${UNAME_RELEASE} + echo nse-tandem-nsk"$UNAME_RELEASE" + exit ;; + NSR-*:NONSTOP_KERNEL:*:*) + echo nsr-tandem-nsk"$UNAME_RELEASE" + exit ;; + NSV-*:NONSTOP_KERNEL:*:*) + echo nsv-tandem-nsk"$UNAME_RELEASE" exit ;; - NSR-?:NONSTOP_KERNEL:*:*) - echo nsr-tandem-nsk${UNAME_RELEASE} + NSX-*:NONSTOP_KERNEL:*:*) + echo nsx-tandem-nsk"$UNAME_RELEASE" exit ;; *:NonStop-UX:*:*) echo mips-compaq-nonstopux @@ -1350,18 +1415,19 @@ EOF echo bs2000-siemens-sysv exit ;; DS/*:UNIX_System_V:*:*) - echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE} + echo "$UNAME_MACHINE"-"$UNAME_SYSTEM"-"$UNAME_RELEASE" exit ;; *:Plan9:*:*) # "uname -m" is not consistent, so use $cputype instead. 386 # is converted to i386 for consistency with other x86 # operating systems. + # shellcheck disable=SC2154 if test "$cputype" = 386; then UNAME_MACHINE=i386 else UNAME_MACHINE="$cputype" fi - echo ${UNAME_MACHINE}-unknown-plan9 + echo "$UNAME_MACHINE"-unknown-plan9 exit ;; *:TOPS-10:*:*) echo pdp10-unknown-tops10 @@ -1382,14 +1448,14 @@ EOF echo pdp10-unknown-its exit ;; SEI:*:*:SEIUX) - echo mips-sei-seiux${UNAME_RELEASE} + echo mips-sei-seiux"$UNAME_RELEASE" exit ;; *:DragonFly:*:*) - echo ${UNAME_MACHINE}-unknown-dragonfly`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` + echo "$UNAME_MACHINE"-unknown-dragonfly"`echo "$UNAME_RELEASE"|sed -e 's/[-(].*//'`" exit ;; *:*VMS:*:*) UNAME_MACHINE=`(uname -p) 2>/dev/null` - case "${UNAME_MACHINE}" in + case "$UNAME_MACHINE" in A*) echo alpha-dec-vms ; exit ;; I*) echo ia64-dec-vms ; exit ;; V*) echo vax-dec-vms ; exit ;; @@ -1398,32 +1464,190 @@ EOF echo i386-pc-xenix exit ;; i*86:skyos:*:*) - echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE} | sed -e 's/ .*$//'` + echo "$UNAME_MACHINE"-pc-skyos"`echo "$UNAME_RELEASE" | sed -e 's/ .*$//'`" exit ;; i*86:rdos:*:*) - echo ${UNAME_MACHINE}-pc-rdos + echo "$UNAME_MACHINE"-pc-rdos exit ;; i*86:AROS:*:*) - echo ${UNAME_MACHINE}-pc-aros + echo "$UNAME_MACHINE"-pc-aros exit ;; x86_64:VMkernel:*:*) - echo ${UNAME_MACHINE}-unknown-esx + echo "$UNAME_MACHINE"-unknown-esx exit ;; amd64:Isilon\ OneFS:*:*) echo x86_64-unknown-onefs exit ;; + *:Unleashed:*:*) + echo "$UNAME_MACHINE"-unknown-unleashed"$UNAME_RELEASE" + exit ;; +esac + +# No uname command or uname output not recognized. +set_cc_for_build +cat > "$dummy.c" <<EOF +#ifdef _SEQUENT_ +#include <sys/types.h> +#include <sys/utsname.h> +#endif +#if defined(ultrix) || defined(_ultrix) || defined(__ultrix) || defined(__ultrix__) +#if defined (vax) || defined (__vax) || defined (__vax__) || defined(mips) || defined(__mips) || defined(__mips__) || defined(MIPS) || defined(__MIPS__) +#include <signal.h> +#if defined(_SIZE_T_) || defined(SIGLOST) +#include <sys/utsname.h> +#endif +#endif +#endif +main () +{ +#if defined (sony) +#if defined (MIPSEB) + /* BFD wants "bsd" instead of "newsos". Perhaps BFD should be changed, + I don't know.... */ + printf ("mips-sony-bsd\n"); exit (0); +#else +#include <sys/param.h> + printf ("m68k-sony-newsos%s\n", +#ifdef NEWSOS4 + "4" +#else + "" +#endif + ); exit (0); +#endif +#endif + +#if defined (NeXT) +#if !defined (__ARCHITECTURE__) +#define __ARCHITECTURE__ "m68k" +#endif + int version; + version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`; + if (version < 4) + printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version); + else + printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version); + exit (0); +#endif + +#if defined (MULTIMAX) || defined (n16) +#if defined (UMAXV) + printf ("ns32k-encore-sysv\n"); exit (0); +#else +#if defined (CMU) + printf ("ns32k-encore-mach\n"); exit (0); +#else + printf ("ns32k-encore-bsd\n"); exit (0); +#endif +#endif +#endif + +#if defined (__386BSD__) + printf ("i386-pc-bsd\n"); exit (0); +#endif + +#if defined (sequent) +#if defined (i386) + printf ("i386-sequent-dynix\n"); exit (0); +#endif +#if defined (ns32000) + printf ("ns32k-sequent-dynix\n"); exit (0); +#endif +#endif + +#if defined (_SEQUENT_) + struct utsname un; + + uname(&un); + if (strncmp(un.version, "V2", 2) == 0) { + printf ("i386-sequent-ptx2\n"); exit (0); + } + if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */ + printf ("i386-sequent-ptx1\n"); exit (0); + } + printf ("i386-sequent-ptx\n"); exit (0); +#endif + +#if defined (vax) +#if !defined (ultrix) +#include <sys/param.h> +#if defined (BSD) +#if BSD == 43 + printf ("vax-dec-bsd4.3\n"); exit (0); +#else +#if BSD == 199006 + printf ("vax-dec-bsd4.3reno\n"); exit (0); +#else + printf ("vax-dec-bsd\n"); exit (0); +#endif +#endif +#else + printf ("vax-dec-bsd\n"); exit (0); +#endif +#else +#if defined(_SIZE_T_) || defined(SIGLOST) + struct utsname un; + uname (&un); + printf ("vax-dec-ultrix%s\n", un.release); exit (0); +#else + printf ("vax-dec-ultrix\n"); exit (0); +#endif +#endif +#endif +#if defined(ultrix) || defined(_ultrix) || defined(__ultrix) || defined(__ultrix__) +#if defined(mips) || defined(__mips) || defined(__mips__) || defined(MIPS) || defined(__MIPS__) +#if defined(_SIZE_T_) || defined(SIGLOST) + struct utsname *un; + uname (&un); + printf ("mips-dec-ultrix%s\n", un.release); exit (0); +#else + printf ("mips-dec-ultrix\n"); exit (0); +#endif +#endif +#endif + +#if defined (alliant) && defined (i860) + printf ("i860-alliant-bsd\n"); exit (0); +#endif + + exit (1); +} +EOF + +$CC_FOR_BUILD -o "$dummy" "$dummy.c" 2>/dev/null && SYSTEM_NAME=`$dummy` && + { echo "$SYSTEM_NAME"; exit; } + +# Apollos put the system type in the environment. +test -d /usr/apollo && { echo "$ISP-apollo-$SYSTYPE"; exit; } + +echo "$0: unable to guess system type" >&2 + +case "$UNAME_MACHINE:$UNAME_SYSTEM" in + mips:Linux | mips64:Linux) + # If we got here on MIPS GNU/Linux, output extra information. + cat >&2 <<EOF + +NOTE: MIPS GNU/Linux systems require a C compiler to fully recognize +the system type. Please install a C compiler and try again. +EOF + ;; esac cat >&2 <<EOF -$0: unable to guess system type This script (version $timestamp), has failed to recognize the -operating system you are using. If your script is old, overwrite -config.guess and config.sub with the latest versions from: +operating system you are using. If your script is old, overwrite *all* +copies of config.guess and config.sub with the latest versions from: - http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess + https://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess and - http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub + https://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub +EOF + +year=`echo $timestamp | sed 's,-.*,,'` +# shellcheck disable=SC2003 +if test "`expr "\`date +%Y\`" - "$year"`" -lt 3 ; then + cat >&2 <<EOF If $0 has already been updated, send the following data and any information you think might be pertinent to config-patches@gnu.org to @@ -1446,16 +1670,17 @@ hostinfo = `(hostinfo) 2>/dev/null` /usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null` /usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null` -UNAME_MACHINE = ${UNAME_MACHINE} -UNAME_RELEASE = ${UNAME_RELEASE} -UNAME_SYSTEM = ${UNAME_SYSTEM} -UNAME_VERSION = ${UNAME_VERSION} +UNAME_MACHINE = "$UNAME_MACHINE" +UNAME_RELEASE = "$UNAME_RELEASE" +UNAME_SYSTEM = "$UNAME_SYSTEM" +UNAME_VERSION = "$UNAME_VERSION" EOF +fi exit 1 # Local variables: -# eval: (add-hook 'write-file-hooks 'time-stamp) +# eval: (add-hook 'before-save-hook 'time-stamp) # time-stamp-start: "timestamp='" # time-stamp-format: "%:y-%02m-%02d" # time-stamp-end: "'" diff --git a/config.h.in b/config.h.in index 78d47fedc139..f7a4095ed348 100644 --- a/config.h.in +++ b/config.h.in @@ -28,6 +28,9 @@ /* Whether daemon is deprecated */ #undef DEPRECATED_DAEMON +/* Define this to enable kernel based UDP source port randomization. */ +#undef DISABLE_EXPLICIT_PORT_RANDOMISATION + /* default dnstap socket path */ #undef DNSTAP_SOCKET_PATH @@ -176,6 +179,9 @@ /* Define to 1 if you have the `endservent' function. */ #undef HAVE_ENDSERVENT +/* Define to 1 if you have the `ENGINE_cleanup' function. */ +#undef HAVE_ENGINE_CLEANUP + /* Define to 1 if you have the `ERR_free_strings' function. */ #undef HAVE_ERR_FREE_STRINGS @@ -380,6 +386,9 @@ /* Define to 1 if you have the <openssl/conf.h> header file. */ #undef HAVE_OPENSSL_CONF_H +/* Define to 1 if you have the <openssl/core_names.h> header file. */ +#undef HAVE_OPENSSL_CORE_NAMES_H + /* Define to 1 if you have the <openssl/dh.h> header file. */ #undef HAVE_OPENSSL_DH_H @@ -494,8 +503,9 @@ /* Define to 1 if you have the `SSL_CTX_set_security_level' function. */ #undef HAVE_SSL_CTX_SET_SECURITY_LEVEL -/* Define to 1 if you have the `SSL_CTX_set_tlsext_ticket_key_cb' function. */ -#undef HAVE_SSL_CTX_SET_TLSEXT_TICKET_KEY_CB +/* Define to 1 if you have the `SSL_CTX_set_tlsext_ticket_key_evp_cb' + function. */ +#undef HAVE_SSL_CTX_SET_TLSEXT_TICKET_KEY_EVP_CB /* Define to 1 if you have the `SSL_get0_peername' function. */ #undef HAVE_SSL_GET0_PEERNAME @@ -590,6 +600,9 @@ /* Define to 1 if you have the <sys/wait.h> header file. */ #undef HAVE_SYS_WAIT_H +/* Define to 1 if you have the <TargetConditionals.h> header file. */ +#undef HAVE_TARGETCONDITIONALS_H + /* Define to 1 if you have the <time.h> header file. */ #undef HAVE_TIME_H @@ -805,6 +818,9 @@ /* Define to 1 to use ipset support */ #undef USE_IPSET +/* Define if you enable libevent */ +#undef USE_LIBEVENT + /* Define if you want to use internal select based events */ #undef USE_MINI_EVENT @@ -854,6 +870,9 @@ /* the version of the windows API enabled */ #undef WINVER +/* Define if you want dynlib module. */ +#undef WITH_DYNLIBMODULE + /* Define if you want Python module. */ #undef WITH_PYTHONMODULE diff --git a/config.sub b/config.sub index ba15a57a5cf3..3d9a8dc3d5a7 100755 --- a/config.sub +++ b/config.sub @@ -1,8 +1,8 @@ -#!/usr/bin/sh +#! /bin/sh # Configuration validation subroutine script. -# Copyright 1992-2016 Free Software Foundation, Inc. +# Copyright 1992-2020 Free Software Foundation, Inc. -timestamp='2016-09-05' +timestamp='2020-07-10' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by @@ -15,7 +15,7 @@ timestamp='2016-09-05' # General Public License for more details. # # You should have received a copy of the GNU General Public License -# along with this program; if not, see <http://www.gnu.org/licenses/>. +# along with this program; if not, see <https://www.gnu.org/licenses/>. # # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a @@ -33,7 +33,7 @@ timestamp='2016-09-05' # Otherwise, we print the canonical config type on stdout and succeed. # You can get the latest version of this script from: -# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub +# https://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub # This file is supposed to be the same for all GNU packages # and recognize all the CPU types, system types and aliases @@ -57,7 +57,7 @@ Usage: $0 [OPTION] CPU-MFR-OPSYS or ALIAS Canonicalize a configuration name. -Operation modes: +Options: -h, --help print this help, then exit -t, --time-stamp print date of last modification, then exit -v, --version print version number, then exit @@ -67,7 +67,7 @@ Report bugs and patches to <config-patches@gnu.org>." version="\ GNU config.sub ($timestamp) -Copyright 1992-2016 Free Software Foundation, Inc. +Copyright 1992-2020 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." @@ -89,12 +89,12 @@ while test $# -gt 0 ; do - ) # Use stdin as input. break ;; -* ) - echo "$me: invalid option $1$help" + echo "$me: invalid option $1$help" >&2 exit 1 ;; *local*) # First pass through any local machine types. - echo $1 + echo "$1" exit ;; * ) @@ -110,1242 +110,1167 @@ case $# in exit 1;; esac -# Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any). -# Here we must recognize all the valid KERNEL-OS combinations. -maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` -case $maybe_os in - nto-qnx* | linux-gnu* | linux-android* | linux-dietlibc | linux-newlib* | \ - linux-musl* | linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \ - knetbsd*-gnu* | netbsd*-gnu* | netbsd*-eabi* | \ - kopensolaris*-gnu* | cloudabi*-eabi* | \ - storm-chaos* | os2-emx* | rtmk-nova*) - os=-$maybe_os - basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'` - ;; - android-linux) - os=-linux-android - basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`-unknown - ;; - *) - basic_machine=`echo $1 | sed 's/-[^-]*$//'` - if [ $basic_machine != $1 ] - then os=`echo $1 | sed 's/.*-/-/'` - else os=; fi - ;; -esac +# Split fields of configuration type +# shellcheck disable=SC2162 +IFS="-" read field1 field2 field3 field4 <<EOF +$1 +EOF -### Let's recognize common machines as not being operating systems so -### that things like config.sub decstation-3100 work. We also -### recognize some manufacturers as not being operating systems, so we -### can provide default operating systems below. -case $os in - -sun*os*) - # Prevent following clause from handling this invalid input. - ;; - -dec* | -mips* | -sequent* | -encore* | -pc532* | -sgi* | -sony* | \ - -att* | -7300* | -3300* | -delta* | -motorola* | -sun[234]* | \ - -unicom* | -ibm* | -next | -hp | -isi* | -apollo | -altos* | \ - -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\ - -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \ - -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \ - -apple | -axis | -knuth | -cray | -microblaze*) - os= - basic_machine=$1 - ;; - -bluegene*) - os=-cnk - ;; - -sim | -cisco | -oki | -wec | -winbond) - os= - basic_machine=$1 - ;; - -scout) - ;; - -wrs) - os=-vxworks - basic_machine=$1 - ;; - -chorusos*) - os=-chorusos - basic_machine=$1 - ;; - -chorusrdb) - os=-chorusrdb - basic_machine=$1 - ;; - -hiux*) - os=-hiuxwe2 - ;; - -sco6) - os=-sco5v6 - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` - ;; - -sco5) - os=-sco3.2v5 - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` - ;; - -sco4) - os=-sco3.2v4 - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` - ;; - -sco3.2.[4-9]*) - os=`echo $os | sed -e 's/sco3.2./sco3.2v/'` - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` - ;; - -sco3.2v[4-9]*) - # Don't forget version if it is 3.2v4 or newer. - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` - ;; - -sco5v6*) - # Don't forget version if it is 3.2v4 or newer. - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` - ;; - -sco*) - os=-sco3.2v2 - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` - ;; - -udk*) - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` - ;; - -isc) - os=-isc2.2 - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` - ;; - -clix*) - basic_machine=clipper-intergraph - ;; - -isc*) - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` - ;; - -lynx*178) - os=-lynxos178 - ;; - -lynx*5) - os=-lynxos5 - ;; - -lynx*) - os=-lynxos +# Separate into logical components for further validation +case $1 in + *-*-*-*-*) + echo Invalid configuration \`"$1"\': more than four components >&2 + exit 1 ;; - -ptx*) - basic_machine=`echo $1 | sed -e 's/86-.*/86-sequent/'` + *-*-*-*) + basic_machine=$field1-$field2 + basic_os=$field3-$field4 ;; - -windowsnt*) - os=`echo $os | sed -e 's/windowsnt/winnt/'` + *-*-*) + # Ambiguous whether COMPANY is present, or skipped and KERNEL-OS is two + # parts + maybe_os=$field2-$field3 + case $maybe_os in + nto-qnx* | linux-* | uclinux-uclibc* \ + | uclinux-gnu* | kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* \ + | netbsd*-eabi* | kopensolaris*-gnu* | cloudabi*-eabi* \ + | storm-chaos* | os2-emx* | rtmk-nova*) + basic_machine=$field1 + basic_os=$maybe_os + ;; + android-linux) + basic_machine=$field1-unknown + basic_os=linux-android + ;; + *) + basic_machine=$field1-$field2 + basic_os=$field3 + ;; + esac ;; - -psos*) - os=-psos + *-*) + # A lone config we happen to match not fitting any pattern + case $field1-$field2 in + decstation-3100) + basic_machine=mips-dec + basic_os= + ;; + *-*) + # Second component is usually, but not always the OS + case $field2 in + # Prevent following clause from handling this valid os + sun*os*) + basic_machine=$field1 + basic_os=$field2 + ;; + # Manufacturers + dec* | mips* | sequent* | encore* | pc533* | sgi* | sony* \ + | att* | 7300* | 3300* | delta* | motorola* | sun[234]* \ + | unicom* | ibm* | next | hp | isi* | apollo | altos* \ + | convergent* | ncr* | news | 32* | 3600* | 3100* \ + | hitachi* | c[123]* | convex* | sun | crds | omron* | dg \ + | ultra | tti* | harris | dolphin | highlevel | gould \ + | cbm | ns | masscomp | apple | axis | knuth | cray \ + | microblaze* | sim | cisco \ + | oki | wec | wrs | winbond) + basic_machine=$field1-$field2 + basic_os= + ;; + *) + basic_machine=$field1 + basic_os=$field2 + ;; + esac + ;; + esac ;; - -mint | -mint[0-9]*) - basic_machine=m68k-atari - os=-mint + *) + # Convert single-component short-hands not valid as part of + # multi-component configurations. + case $field1 in + 386bsd) + basic_machine=i386-pc + basic_os=bsd + ;; + a29khif) + basic_machine=a29k-amd + basic_os=udi + ;; + adobe68k) + basic_machine=m68010-adobe + basic_os=scout + ;; + alliant) + basic_machine=fx80-alliant + basic_os= + ;; + altos | altos3068) + basic_machine=m68k-altos + basic_os= + ;; + am29k) + basic_machine=a29k-none + basic_os=bsd + ;; + amdahl) + basic_machine=580-amdahl + basic_os=sysv + ;; + amiga) + basic_machine=m68k-unknown + basic_os= + ;; + amigaos | amigados) + basic_machine=m68k-unknown + basic_os=amigaos + ;; + amigaunix | amix) + basic_machine=m68k-unknown + basic_os=sysv4 + ;; + apollo68) + basic_machine=m68k-apollo + basic_os=sysv + ;; + apollo68bsd) + basic_machine=m68k-apollo + basic_os=bsd + ;; + aros) + basic_machine=i386-pc + basic_os=aros + ;; + aux) + basic_machine=m68k-apple + basic_os=aux + ;; + balance) + basic_machine=ns32k-sequent + basic_os=dynix + ;; + blackfin) + basic_machine=bfin-unknown + basic_os=linux + ;; + cegcc) + basic_machine=arm-unknown + basic_os=cegcc + ;; + convex-c1) + basic_machine=c1-convex + basic_os=bsd + ;; + convex-c2) + basic_machine=c2-convex + basic_os=bsd + ;; + convex-c32) + basic_machine=c32-convex + basic_os=bsd + ;; + convex-c34) + basic_machine=c34-convex + basic_os=bsd + ;; + convex-c38) + basic_machine=c38-convex + basic_os=bsd + ;; + cray) + basic_machine=j90-cray + basic_os=unicos + ;; + crds | unos) + basic_machine=m68k-crds + basic_os= + ;; + da30) + basic_machine=m68k-da30 + basic_os= + ;; + decstation | pmax | pmin | dec3100 | decstatn) + basic_machine=mips-dec + basic_os= + ;; + delta88) + basic_machine=m88k-motorola + basic_os=sysv3 + ;; + dicos) + basic_machine=i686-pc + basic_os=dicos + ;; + djgpp) + basic_machine=i586-pc + basic_os=msdosdjgpp + ;; + ebmon29k) + basic_machine=a29k-amd + basic_os=ebmon + ;; + es1800 | OSE68k | ose68k | ose | OSE) + basic_machine=m68k-ericsson + basic_os=ose + ;; + gmicro) + basic_machine=tron-gmicro + basic_os=sysv + ;; + go32) + basic_machine=i386-pc + basic_os=go32 + ;; + h8300hms) + basic_machine=h8300-hitachi + basic_os=hms + ;; + h8300xray) + basic_machine=h8300-hitachi + basic_os=xray + ;; + h8500hms) + basic_machine=h8500-hitachi + basic_os=hms + ;; + harris) + basic_machine=m88k-harris + basic_os=sysv3 + ;; + hp300 | hp300hpux) + basic_machine=m68k-hp + basic_os=hpux + ;; + hp300bsd) + basic_machine=m68k-hp + basic_os=bsd + ;; + hppaosf) + basic_machine=hppa1.1-hp + basic_os=osf + ;; + hppro) + basic_machine=hppa1.1-hp + basic_os=proelf + ;; + i386mach) + basic_machine=i386-mach + basic_os=mach + ;; + isi68 | isi) + basic_machine=m68k-isi + basic_os=sysv + ;; + m68knommu) + basic_machine=m68k-unknown + basic_os=linux + ;; + magnum | m3230) + basic_machine=mips-mips + basic_os=sysv + ;; + merlin) + basic_machine=ns32k-utek + basic_os=sysv + ;; + mingw64) + basic_machine=x86_64-pc + basic_os=mingw64 + ;; + mingw32) + basic_machine=i686-pc + basic_os=mingw32 + ;; + mingw32ce) + basic_machine=arm-unknown + basic_os=mingw32ce + ;; + monitor) + basic_machine=m68k-rom68k + basic_os=coff + ;; + morphos) + basic_machine=powerpc-unknown + basic_os=morphos + ;; + moxiebox) + basic_machine=moxie-unknown + basic_os=moxiebox + ;; + msdos) + basic_machine=i386-pc + basic_os=msdos + ;; + msys) + basic_machine=i686-pc + basic_os=msys + ;; + mvs) + basic_machine=i370-ibm + basic_os=mvs + ;; + nacl) + basic_machine=le32-unknown + basic_os=nacl + ;; + ncr3000) + basic_machine=i486-ncr + basic_os=sysv4 + ;; + netbsd386) + basic_machine=i386-pc + basic_os=netbsd + ;; + netwinder) + basic_machine=armv4l-rebel + basic_os=linux + ;; + news | news700 | news800 | news900) + basic_machine=m68k-sony + basic_os=newsos + ;; + news1000) + basic_machine=m68030-sony + basic_os=newsos + ;; + necv70) + basic_machine=v70-nec + basic_os=sysv + ;; + nh3000) + basic_machine=m68k-harris + basic_os=cxux + ;; + nh[45]000) + basic_machine=m88k-harris + basic_os=cxux + ;; + nindy960) + basic_machine=i960-intel + basic_os=nindy + ;; + mon960) + basic_machine=i960-intel + basic_os=mon960 + ;; + nonstopux) + basic_machine=mips-compaq + basic_os=nonstopux + ;; + os400) + basic_machine=powerpc-ibm + basic_os=os400 + ;; + OSE68000 | ose68000) + basic_machine=m68000-ericsson + basic_os=ose + ;; + os68k) + basic_machine=m68k-none + basic_os=os68k + ;; + paragon) + basic_machine=i860-intel + basic_os=osf + ;; + parisc) + basic_machine=hppa-unknown + basic_os=linux + ;; + psp) + basic_machine=mipsallegrexel-sony + basic_os=psp + ;; + pw32) + basic_machine=i586-unknown + basic_os=pw32 + ;; + rdos | rdos64) + basic_machine=x86_64-pc + basic_os=rdos + ;; + rdos32) + basic_machine=i386-pc + basic_os=rdos + ;; + rom68k) + basic_machine=m68k-rom68k + basic_os=coff + ;; + sa29200) + basic_machine=a29k-amd + basic_os=udi + ;; + sei) + basic_machine=mips-sei + basic_os=seiux + ;; + sequent) + basic_machine=i386-sequent + basic_os= + ;; + sps7) + basic_machine=m68k-bull + basic_os=sysv2 + ;; + st2000) + basic_machine=m68k-tandem + basic_os= + ;; + stratus) + basic_machine=i860-stratus + basic_os=sysv4 + ;; + sun2) + basic_machine=m68000-sun + basic_os= + ;; + sun2os3) + basic_machine=m68000-sun + basic_os=sunos3 + ;; + sun2os4) + basic_machine=m68000-sun + basic_os=sunos4 + ;; + sun3) + basic_machine=m68k-sun + basic_os= + ;; + sun3os3) + basic_machine=m68k-sun + basic_os=sunos3 + ;; + sun3os4) + basic_machine=m68k-sun + basic_os=sunos4 + ;; + sun4) + basic_machine=sparc-sun + basic_os= + ;; + sun4os3) + basic_machine=sparc-sun + basic_os=sunos3 + ;; + sun4os4) + basic_machine=sparc-sun + basic_os=sunos4 + ;; + sun4sol2) + basic_machine=sparc-sun + basic_os=solaris2 + ;; + sun386 | sun386i | roadrunner) + basic_machine=i386-sun + basic_os= + ;; + sv1) + basic_machine=sv1-cray + basic_os=unicos + ;; + symmetry) + basic_machine=i386-sequent + basic_os=dynix + ;; + t3e) + basic_machine=alphaev5-cray + basic_os=unicos + ;; + t90) + basic_machine=t90-cray + basic_os=unicos + ;; + toad1) + basic_machine=pdp10-xkl + basic_os=tops20 + ;; + tpf) + basic_machine=s390x-ibm + basic_os=tpf + ;; + udi29k) + basic_machine=a29k-amd + basic_os=udi + ;; + ultra3) + basic_machine=a29k-nyu + basic_os=sym1 + ;; + v810 | necv810) + basic_machine=v810-nec + basic_os=none + ;; + vaxv) + basic_machine=vax-dec + basic_os=sysv + ;; + vms) + basic_machine=vax-dec + basic_os=vms + ;; + vsta) + basic_machine=i386-pc + basic_os=vsta + ;; + vxworks960) + basic_machine=i960-wrs + basic_os=vxworks + ;; + vxworks68) + basic_machine=m68k-wrs + basic_os=vxworks + ;; + vxworks29k) + basic_machine=a29k-wrs + basic_os=vxworks + ;; + xbox) + basic_machine=i686-pc + basic_os=mingw32 + ;; + ymp) + basic_machine=ymp-cray + basic_os=unicos + ;; + *) + basic_machine=$1 + basic_os= + ;; + esac ;; esac -# Decode aliases for certain CPU-COMPANY combinations. +# Decode 1-component or ad-hoc basic machines case $basic_machine in - # Recognize the basic CPU types without company name. - # Some are omitted here because they have special meanings below. - 1750a | 580 \ - | a29k \ - | aarch64 | aarch64_be \ - | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \ - | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \ - | am33_2.0 \ - | arc | arceb \ - | arm | arm[bl]e | arme[lb] | armv[2-8] | armv[3-8][lb] | armv7[arm] \ - | avr | avr32 \ - | ba \ - | be32 | be64 \ - | bfin \ - | c4x | c8051 | clipper \ - | d10v | d30v | dlx | dsp16xx \ - | e2k | epiphany \ - | fido | fr30 | frv | ft32 \ - | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ - | hexagon \ - | i370 | i860 | i960 | ia64 \ - | ip2k | iq2000 \ - | k1om \ - | le32 | le64 \ - | lm32 \ - | m32c | m32r | m32rle | m68000 | m68k | m88k \ - | maxq | mb | microblaze | microblazeel | mcore | mep | metag \ - | mips | mipsbe | mipseb | mipsel | mipsle \ - | mips16 \ - | mips64 | mips64el \ - | mips64octeon | mips64octeonel \ - | mips64orion | mips64orionel \ - | mips64r5900 | mips64r5900el \ - | mips64vr | mips64vrel \ - | mips64vr4100 | mips64vr4100el \ - | mips64vr4300 | mips64vr4300el \ - | mips64vr5000 | mips64vr5000el \ - | mips64vr5900 | mips64vr5900el \ - | mipsisa32 | mipsisa32el \ - | mipsisa32r2 | mipsisa32r2el \ - | mipsisa32r6 | mipsisa32r6el \ - | mipsisa64 | mipsisa64el \ - | mipsisa64r2 | mipsisa64r2el \ - | mipsisa64r6 | mipsisa64r6el \ - | mipsisa64sb1 | mipsisa64sb1el \ - | mipsisa64sr71k | mipsisa64sr71kel \ - | mipsr5900 | mipsr5900el \ - | mipstx39 | mipstx39el \ - | mn10200 | mn10300 \ - | moxie \ - | mt \ - | msp430 \ - | nds32 | nds32le | nds32be \ - | nios | nios2 | nios2eb | nios2el \ - | ns16k | ns32k \ - | open8 | or1k | or1knd | or32 \ - | pdp10 | pdp11 | pj | pjl \ - | powerpc | powerpc64 | powerpc64le | powerpcle \ - | pyramid \ - | riscv32 | riscv64 \ - | rl78 | rx \ - | score \ - | sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[234]eb | sheb | shbe | shle | sh[1234]le | sh3ele \ - | sh64 | sh64le \ - | sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \ - | sparcv8 | sparcv9 | sparcv9b | sparcv9v \ - | spu \ - | tahoe | tic4x | tic54x | tic55x | tic6x | tic80 | tron \ - | ubicom32 \ - | v850 | v850e | v850e1 | v850e2 | v850es | v850e2v3 \ - | visium \ - | we32k \ - | x86 | xc16x | xstormy16 | xtensa \ - | z8k | z80) - basic_machine=$basic_machine-unknown - ;; - c54x) - basic_machine=tic54x-unknown - ;; - c55x) - basic_machine=tic55x-unknown - ;; - c6x) - basic_machine=tic6x-unknown - ;; - leon|leon[3-9]) - basic_machine=sparc-$basic_machine - ;; - m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x | nvptx | picochip) - basic_machine=$basic_machine-unknown - os=-none + # Here we handle the default manufacturer of certain CPU types. It is in + # some cases the only manufacturer, in others, it is the most popular. + w89k) + cpu=hppa1.1 + vendor=winbond ;; - m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65 | z8k) + op50n) + cpu=hppa1.1 + vendor=oki ;; - ms1) - basic_machine=mt-unknown + op60c) + cpu=hppa1.1 + vendor=oki ;; - - strongarm | thumb | xscale) - basic_machine=arm-unknown + ibm*) + cpu=i370 + vendor=ibm ;; - xgate) - basic_machine=$basic_machine-unknown - os=-none + orion105) + cpu=clipper + vendor=highlevel ;; - xscaleeb) - basic_machine=armeb-unknown + mac | mpw | mac-mpw) + cpu=m68k + vendor=apple ;; - - xscaleel) - basic_machine=armel-unknown + pmac | pmac-mpw) + cpu=powerpc + vendor=apple ;; - # We use `pc' rather than `unknown' - # because (1) that's what they normally are, and - # (2) the word "unknown" tends to confuse beginning users. - i*86 | x86_64) - basic_machine=$basic_machine-pc - ;; - # Object if more than one company name word. - *-*-*) - echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 - exit 1 - ;; - # Recognize the basic CPU types with company name. - 580-* \ - | a29k-* \ - | aarch64-* | aarch64_be-* \ - | alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \ - | alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \ - | alphapca5[67]-* | alpha64pca5[67]-* | arc-* | arceb-* \ - | arm-* | armbe-* | armle-* | armeb-* | armv*-* \ - | avr-* | avr32-* \ - | ba-* \ - | be32-* | be64-* \ - | bfin-* | bs2000-* \ - | c[123]* | c30-* | [cjt]90-* | c4x-* \ - | c8051-* | clipper-* | craynv-* | cydra-* \ - | d10v-* | d30v-* | dlx-* \ - | e2k-* | elxsi-* \ - | f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \ - | h8300-* | h8500-* \ - | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \ - | hexagon-* \ - | i*86-* | i860-* | i960-* | ia64-* \ - | ip2k-* | iq2000-* \ - | k1om-* \ - | le32-* | le64-* \ - | lm32-* \ - | m32c-* | m32r-* | m32rle-* \ - | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \ - | m88110-* | m88k-* | maxq-* | mcore-* | metag-* \ - | microblaze-* | microblazeel-* \ - | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \ - | mips16-* \ - | mips64-* | mips64el-* \ - | mips64octeon-* | mips64octeonel-* \ - | mips64orion-* | mips64orionel-* \ - | mips64r5900-* | mips64r5900el-* \ - | mips64vr-* | mips64vrel-* \ - | mips64vr4100-* | mips64vr4100el-* \ - | mips64vr4300-* | mips64vr4300el-* \ - | mips64vr5000-* | mips64vr5000el-* \ - | mips64vr5900-* | mips64vr5900el-* \ - | mipsisa32-* | mipsisa32el-* \ - | mipsisa32r2-* | mipsisa32r2el-* \ - | mipsisa32r6-* | mipsisa32r6el-* \ - | mipsisa64-* | mipsisa64el-* \ - | mipsisa64r2-* | mipsisa64r2el-* \ - | mipsisa64r6-* | mipsisa64r6el-* \ - | mipsisa64sb1-* | mipsisa64sb1el-* \ - | mipsisa64sr71k-* | mipsisa64sr71kel-* \ - | mipsr5900-* | mipsr5900el-* \ - | mipstx39-* | mipstx39el-* \ - | mmix-* \ - | mt-* \ - | msp430-* \ - | nds32-* | nds32le-* | nds32be-* \ - | nios-* | nios2-* | nios2eb-* | nios2el-* \ - | none-* | np1-* | ns16k-* | ns32k-* \ - | open8-* \ - | or1k*-* \ - | orion-* \ - | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \ - | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* \ - | pyramid-* \ - | riscv32-* | riscv64-* \ - | rl78-* | romp-* | rs6000-* | rx-* \ - | sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \ - | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \ - | sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \ - | sparclite-* \ - | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | sv1-* | sx*-* \ - | tahoe-* \ - | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \ - | tile*-* \ - | tron-* \ - | ubicom32-* \ - | v850-* | v850e-* | v850e1-* | v850es-* | v850e2-* | v850e2v3-* \ - | vax-* \ - | visium-* \ - | we32k-* \ - | x86-* | x86_64-* | xc16x-* | xps100-* \ - | xstormy16-* | xtensa*-* \ - | ymp-* \ - | z8k-* | z80-*) - ;; - # Recognize the basic CPU types without company name, with glob match. - xtensa*) - basic_machine=$basic_machine-unknown - ;; # Recognize the various machine names and aliases which stand # for a CPU type and a company and sometimes even an OS. - 386bsd) - basic_machine=i386-unknown - os=-bsd - ;; 3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc) - basic_machine=m68000-att + cpu=m68000 + vendor=att ;; 3b*) - basic_machine=we32k-att - ;; - a29khif) - basic_machine=a29k-amd - os=-udi - ;; - abacus) - basic_machine=abacus-unknown - ;; - adobe68k) - basic_machine=m68010-adobe - os=-scout - ;; - alliant | fx80) - basic_machine=fx80-alliant - ;; - altos | altos3068) - basic_machine=m68k-altos - ;; - am29k) - basic_machine=a29k-none - os=-bsd - ;; - amd64) - basic_machine=x86_64-pc - ;; - amd64-*) - basic_machine=x86_64-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - amdahl) - basic_machine=580-amdahl - os=-sysv - ;; - amiga | amiga-*) - basic_machine=m68k-unknown - ;; - amigaos | amigados) - basic_machine=m68k-unknown - os=-amigaos - ;; - amigaunix | amix) - basic_machine=m68k-unknown - os=-sysv4 - ;; - apollo68) - basic_machine=m68k-apollo - os=-sysv - ;; - apollo68bsd) - basic_machine=m68k-apollo - os=-bsd - ;; - aros) - basic_machine=i386-pc - os=-aros - ;; - asmjs) - basic_machine=asmjs-unknown - ;; - aux) - basic_machine=m68k-apple - os=-aux - ;; - balance) - basic_machine=ns32k-sequent - os=-dynix - ;; - blackfin) - basic_machine=bfin-unknown - os=-linux - ;; - blackfin-*) - basic_machine=bfin-`echo $basic_machine | sed 's/^[^-]*-//'` - os=-linux + cpu=we32k + vendor=att ;; bluegene*) - basic_machine=powerpc-ibm - os=-cnk - ;; - c54x-*) - basic_machine=tic54x-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - c55x-*) - basic_machine=tic55x-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - c6x-*) - basic_machine=tic6x-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - c90) - basic_machine=c90-cray - os=-unicos - ;; - cegcc) - basic_machine=arm-unknown - os=-cegcc - ;; - convex-c1) - basic_machine=c1-convex - os=-bsd - ;; - convex-c2) - basic_machine=c2-convex - os=-bsd - ;; - convex-c32) - basic_machine=c32-convex - os=-bsd - ;; - convex-c34) - basic_machine=c34-convex - os=-bsd - ;; - convex-c38) - basic_machine=c38-convex - os=-bsd - ;; - cray | j90) - basic_machine=j90-cray - os=-unicos - ;; - craynv) - basic_machine=craynv-cray - os=-unicosmp - ;; - cr16 | cr16-*) - basic_machine=cr16-unknown - os=-elf - ;; - crds | unos) - basic_machine=m68k-crds - ;; - crisv32 | crisv32-* | etraxfs*) - basic_machine=crisv32-axis - ;; - cris | cris-* | etrax*) - basic_machine=cris-axis - ;; - crx) - basic_machine=crx-unknown - os=-elf - ;; - da30 | da30-*) - basic_machine=m68k-da30 - ;; - decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn) - basic_machine=mips-dec + cpu=powerpc + vendor=ibm + basic_os=cnk ;; decsystem10* | dec10*) - basic_machine=pdp10-dec - os=-tops10 + cpu=pdp10 + vendor=dec + basic_os=tops10 ;; decsystem20* | dec20*) - basic_machine=pdp10-dec - os=-tops20 + cpu=pdp10 + vendor=dec + basic_os=tops20 ;; delta | 3300 | motorola-3300 | motorola-delta \ | 3300-motorola | delta-motorola) - basic_machine=m68k-motorola - ;; - delta88) - basic_machine=m88k-motorola - os=-sysv3 - ;; - dicos) - basic_machine=i686-pc - os=-dicos - ;; - djgpp) - basic_machine=i586-pc - os=-msdosdjgpp - ;; - dpx20 | dpx20-*) - basic_machine=rs6000-bull - os=-bosx - ;; - dpx2* | dpx2*-bull) - basic_machine=m68k-bull - os=-sysv3 - ;; - e500v[12]) - basic_machine=powerpc-unknown - os=$os"spe" + cpu=m68k + vendor=motorola ;; - e500v[12]-*) - basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'` - os=$os"spe" - ;; - ebmon29k) - basic_machine=a29k-amd - os=-ebmon - ;; - elxsi) - basic_machine=elxsi-elxsi - os=-bsd + dpx2*) + cpu=m68k + vendor=bull + basic_os=sysv3 ;; encore | umax | mmax) - basic_machine=ns32k-encore + cpu=ns32k + vendor=encore ;; - es1800 | OSE68k | ose68k | ose | OSE) - basic_machine=m68k-ericsson - os=-ose + elxsi) + cpu=elxsi + vendor=elxsi + basic_os=${basic_os:-bsd} ;; fx2800) - basic_machine=i860-alliant + cpu=i860 + vendor=alliant ;; genix) - basic_machine=ns32k-ns - ;; - gmicro) - basic_machine=tron-gmicro - os=-sysv - ;; - go32) - basic_machine=i386-pc - os=-go32 + cpu=ns32k + vendor=ns ;; h3050r* | hiux*) - basic_machine=hppa1.1-hitachi - os=-hiuxwe2 - ;; - h8300hms) - basic_machine=h8300-hitachi - os=-hms - ;; - h8300xray) - basic_machine=h8300-hitachi - os=-xray - ;; - h8500hms) - basic_machine=h8500-hitachi - os=-hms - ;; - harris) - basic_machine=m88k-harris - os=-sysv3 - ;; - hp300-*) - basic_machine=m68k-hp - ;; - hp300bsd) - basic_machine=m68k-hp - os=-bsd - ;; - hp300hpux) - basic_machine=m68k-hp - os=-hpux + cpu=hppa1.1 + vendor=hitachi + basic_os=hiuxwe2 ;; hp3k9[0-9][0-9] | hp9[0-9][0-9]) - basic_machine=hppa1.0-hp + cpu=hppa1.0 + vendor=hp ;; hp9k2[0-9][0-9] | hp9k31[0-9]) - basic_machine=m68000-hp + cpu=m68000 + vendor=hp ;; hp9k3[2-9][0-9]) - basic_machine=m68k-hp + cpu=m68k + vendor=hp ;; hp9k6[0-9][0-9] | hp6[0-9][0-9]) - basic_machine=hppa1.0-hp + cpu=hppa1.0 + vendor=hp ;; hp9k7[0-79][0-9] | hp7[0-79][0-9]) - basic_machine=hppa1.1-hp + cpu=hppa1.1 + vendor=hp ;; hp9k78[0-9] | hp78[0-9]) # FIXME: really hppa2.0-hp - basic_machine=hppa1.1-hp + cpu=hppa1.1 + vendor=hp ;; hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893) # FIXME: really hppa2.0-hp - basic_machine=hppa1.1-hp + cpu=hppa1.1 + vendor=hp ;; hp9k8[0-9][13679] | hp8[0-9][13679]) - basic_machine=hppa1.1-hp + cpu=hppa1.1 + vendor=hp ;; hp9k8[0-9][0-9] | hp8[0-9][0-9]) - basic_machine=hppa1.0-hp - ;; - hppa-next) - os=-nextstep3 - ;; - hppaosf) - basic_machine=hppa1.1-hp - os=-osf - ;; - hppro) - basic_machine=hppa1.1-hp - os=-proelf - ;; - i370-ibm* | ibm*) - basic_machine=i370-ibm + cpu=hppa1.0 + vendor=hp ;; i*86v32) - basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` - os=-sysv32 + cpu=`echo "$1" | sed -e 's/86.*/86/'` + vendor=pc + basic_os=sysv32 ;; i*86v4*) - basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` - os=-sysv4 + cpu=`echo "$1" | sed -e 's/86.*/86/'` + vendor=pc + basic_os=sysv4 ;; i*86v) - basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` - os=-sysv + cpu=`echo "$1" | sed -e 's/86.*/86/'` + vendor=pc + basic_os=sysv ;; i*86sol2) - basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` - os=-solaris2 - ;; - i386mach) - basic_machine=i386-mach - os=-mach + cpu=`echo "$1" | sed -e 's/86.*/86/'` + vendor=pc + basic_os=solaris2 ;; - i386-vsta | vsta) - basic_machine=i386-unknown - os=-vsta + j90 | j90-cray) + cpu=j90 + vendor=cray + basic_os=${basic_os:-unicos} ;; iris | iris4d) - basic_machine=mips-sgi - case $os in - -irix*) + cpu=mips + vendor=sgi + case $basic_os in + irix*) ;; *) - os=-irix4 + basic_os=irix4 ;; esac ;; - isi68 | isi) - basic_machine=m68k-isi - os=-sysv - ;; - leon-*|leon[3-9]-*) - basic_machine=sparc-`echo $basic_machine | sed 's/-.*//'` - ;; - m68knommu) - basic_machine=m68k-unknown - os=-linux - ;; - m68knommu-*) - basic_machine=m68k-`echo $basic_machine | sed 's/^[^-]*-//'` - os=-linux - ;; - m88k-omron*) - basic_machine=m88k-omron - ;; - magnum | m3230) - basic_machine=mips-mips - os=-sysv - ;; - merlin) - basic_machine=ns32k-utek - os=-sysv - ;; - microblaze*) - basic_machine=microblaze-xilinx - ;; - mingw64) - basic_machine=x86_64-pc - os=-mingw64 - ;; - mingw32) - basic_machine=i686-pc - os=-mingw32 - ;; - mingw32ce) - basic_machine=arm-unknown - os=-mingw32ce - ;; miniframe) - basic_machine=m68000-convergent - ;; - *mint | -mint[0-9]* | *MiNT | *MiNT[0-9]*) - basic_machine=m68k-atari - os=-mint - ;; - mips3*-*) - basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'` + cpu=m68000 + vendor=convergent ;; - mips3*) - basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown - ;; - monitor) - basic_machine=m68k-rom68k - os=-coff - ;; - morphos) - basic_machine=powerpc-unknown - os=-morphos - ;; - moxiebox) - basic_machine=moxie-unknown - os=-moxiebox - ;; - msdos) - basic_machine=i386-pc - os=-msdos - ;; - ms1-*) - basic_machine=`echo $basic_machine | sed -e 's/ms1-/mt-/'` - ;; - msys) - basic_machine=i686-pc - os=-msys - ;; - mvs) - basic_machine=i370-ibm - os=-mvs - ;; - nacl) - basic_machine=le32-unknown - os=-nacl - ;; - ncr3000) - basic_machine=i486-ncr - os=-sysv4 - ;; - netbsd386) - basic_machine=i386-unknown - os=-netbsd - ;; - netwinder) - basic_machine=armv4l-rebel - os=-linux - ;; - news | news700 | news800 | news900) - basic_machine=m68k-sony - os=-newsos - ;; - news1000) - basic_machine=m68030-sony - os=-newsos + *mint | mint[0-9]* | *MiNT | *MiNT[0-9]*) + cpu=m68k + vendor=atari + basic_os=mint ;; news-3600 | risc-news) - basic_machine=mips-sony - os=-newsos - ;; - necv70) - basic_machine=v70-nec - os=-sysv - ;; - next | m*-next ) - basic_machine=m68k-next - case $os in - -nextstep* ) + cpu=mips + vendor=sony + basic_os=newsos + ;; + next | m*-next) + cpu=m68k + vendor=next + case $basic_os in + openstep*) + ;; + nextstep*) ;; - -ns2*) - os=-nextstep2 + ns2*) + basic_os=nextstep2 ;; *) - os=-nextstep3 + basic_os=nextstep3 ;; esac ;; - nh3000) - basic_machine=m68k-harris - os=-cxux - ;; - nh[45]000) - basic_machine=m88k-harris - os=-cxux - ;; - nindy960) - basic_machine=i960-intel - os=-nindy - ;; - mon960) - basic_machine=i960-intel - os=-mon960 - ;; - nonstopux) - basic_machine=mips-compaq - os=-nonstopux - ;; np1) - basic_machine=np1-gould - ;; - neo-tandem) - basic_machine=neo-tandem - ;; - nse-tandem) - basic_machine=nse-tandem - ;; - nsr-tandem) - basic_machine=nsr-tandem + cpu=np1 + vendor=gould ;; op50n-* | op60c-*) - basic_machine=hppa1.1-oki - os=-proelf - ;; - openrisc | openrisc-*) - basic_machine=or32-unknown - ;; - os400) - basic_machine=powerpc-ibm - os=-os400 - ;; - OSE68000 | ose68000) - basic_machine=m68000-ericsson - os=-ose - ;; - os68k) - basic_machine=m68k-none - os=-os68k + cpu=hppa1.1 + vendor=oki + basic_os=proelf ;; pa-hitachi) - basic_machine=hppa1.1-hitachi - os=-hiuxwe2 - ;; - paragon) - basic_machine=i860-intel - os=-osf - ;; - parisc) - basic_machine=hppa-unknown - os=-linux - ;; - parisc-*) - basic_machine=hppa-`echo $basic_machine | sed 's/^[^-]*-//'` - os=-linux + cpu=hppa1.1 + vendor=hitachi + basic_os=hiuxwe2 ;; pbd) - basic_machine=sparc-tti + cpu=sparc + vendor=tti ;; pbb) - basic_machine=m68k-tti - ;; - pc532 | pc532-*) - basic_machine=ns32k-pc532 - ;; - pc98) - basic_machine=i386-pc - ;; - pc98-*) - basic_machine=i386-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - pentium | p5 | k5 | k6 | nexgen | viac3) - basic_machine=i586-pc - ;; - pentiumpro | p6 | 6x86 | athlon | athlon_*) - basic_machine=i686-pc - ;; - pentiumii | pentium2 | pentiumiii | pentium3) - basic_machine=i686-pc + cpu=m68k + vendor=tti ;; - pentium4) - basic_machine=i786-pc - ;; - pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*) - basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - pentiumpro-* | p6-* | 6x86-* | athlon-*) - basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*) - basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - pentium4-*) - basic_machine=i786-`echo $basic_machine | sed 's/^[^-]*-//'` + pc532) + cpu=ns32k + vendor=pc532 ;; pn) - basic_machine=pn-gould - ;; - power) basic_machine=power-ibm - ;; - ppc | ppcbe) basic_machine=powerpc-unknown - ;; - ppc-* | ppcbe-*) - basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - ppcle | powerpclittle) - basic_machine=powerpcle-unknown - ;; - ppcle-* | powerpclittle-*) - basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'` + cpu=pn + vendor=gould ;; - ppc64) basic_machine=powerpc64-unknown - ;; - ppc64-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - ppc64le | powerpc64little) - basic_machine=powerpc64le-unknown - ;; - ppc64le-* | powerpc64little-*) - basic_machine=powerpc64le-`echo $basic_machine | sed 's/^[^-]*-//'` + power) + cpu=power + vendor=ibm ;; ps2) - basic_machine=i386-ibm - ;; - pw32) - basic_machine=i586-unknown - os=-pw32 - ;; - rdos | rdos64) - basic_machine=x86_64-pc - os=-rdos - ;; - rdos32) - basic_machine=i386-pc - os=-rdos - ;; - rom68k) - basic_machine=m68k-rom68k - os=-coff + cpu=i386 + vendor=ibm ;; rm[46]00) - basic_machine=mips-siemens + cpu=mips + vendor=siemens ;; rtpc | rtpc-*) - basic_machine=romp-ibm - ;; - s390 | s390-*) - basic_machine=s390-ibm - ;; - s390x | s390x-*) - basic_machine=s390x-ibm - ;; - sa29200) - basic_machine=a29k-amd - os=-udi + cpu=romp + vendor=ibm ;; - sb1) - basic_machine=mipsisa64sb1-unknown + sde) + cpu=mipsisa32 + vendor=sde + basic_os=${basic_os:-elf} ;; - sb1el) - basic_machine=mipsisa64sb1el-unknown + simso-wrs) + cpu=sparclite + vendor=wrs + basic_os=vxworks ;; - sde) - basic_machine=mipsisa32-sde - os=-elf + tower | tower-32) + cpu=m68k + vendor=ncr ;; - sei) - basic_machine=mips-sei - os=-seiux + vpp*|vx|vx-*) + cpu=f301 + vendor=fujitsu ;; - sequent) - basic_machine=i386-sequent + w65) + cpu=w65 + vendor=wdc ;; - sh) - basic_machine=sh-hitachi - os=-hms + w89k-*) + cpu=hppa1.1 + vendor=winbond + basic_os=proelf ;; - sh5el) - basic_machine=sh5le-unknown + none) + cpu=none + vendor=none ;; - sh64) - basic_machine=sh64-unknown + leon|leon[3-9]) + cpu=sparc + vendor=$basic_machine ;; - sparclite-wrs | simso-wrs) - basic_machine=sparclite-wrs - os=-vxworks + leon-*|leon[3-9]-*) + cpu=sparc + vendor=`echo "$basic_machine" | sed 's/-.*//'` ;; - sps7) - basic_machine=m68k-bull - os=-sysv2 + + *-*) + # shellcheck disable=SC2162 + IFS="-" read cpu vendor <<EOF +$basic_machine +EOF ;; - spur) - basic_machine=spur-unknown + # We use `pc' rather than `unknown' + # because (1) that's what they normally are, and + # (2) the word "unknown" tends to confuse beginning users. + i*86 | x86_64) + cpu=$basic_machine + vendor=pc ;; - st2000) - basic_machine=m68k-tandem + # These rules are duplicated from below for sake of the special case above; + # i.e. things that normalized to x86 arches should also default to "pc" + pc98) + cpu=i386 + vendor=pc ;; - stratus) - basic_machine=i860-stratus - os=-sysv4 + x64 | amd64) + cpu=x86_64 + vendor=pc ;; - strongarm-* | thumb-*) - basic_machine=arm-`echo $basic_machine | sed 's/^[^-]*-//'` + # Recognize the basic CPU types without company name. + *) + cpu=$basic_machine + vendor=unknown ;; - sun2) - basic_machine=m68000-sun +esac + +unset -v basic_machine + +# Decode basic machines in the full and proper CPU-Company form. +case $cpu-$vendor in + # Here we handle the default manufacturer of certain CPU types in canonical form. It is in + # some cases the only manufacturer, in others, it is the most popular. + craynv-unknown) + vendor=cray + basic_os=${basic_os:-unicosmp} ;; - sun2os3) - basic_machine=m68000-sun - os=-sunos3 + c90-unknown | c90-cray) + vendor=cray + basic_os=${Basic_os:-unicos} ;; - sun2os4) - basic_machine=m68000-sun - os=-sunos4 + fx80-unknown) + vendor=alliant ;; - sun3os3) - basic_machine=m68k-sun - os=-sunos3 + romp-unknown) + vendor=ibm ;; - sun3os4) - basic_machine=m68k-sun - os=-sunos4 + mmix-unknown) + vendor=knuth ;; - sun4os3) - basic_machine=sparc-sun - os=-sunos3 + microblaze-unknown | microblazeel-unknown) + vendor=xilinx ;; - sun4os4) - basic_machine=sparc-sun - os=-sunos4 + rs6000-unknown) + vendor=ibm ;; - sun4sol2) - basic_machine=sparc-sun - os=-solaris2 + vax-unknown) + vendor=dec ;; - sun3 | sun3-*) - basic_machine=m68k-sun + pdp11-unknown) + vendor=dec ;; - sun4) - basic_machine=sparc-sun + we32k-unknown) + vendor=att ;; - sun386 | sun386i | roadrunner) - basic_machine=i386-sun + cydra-unknown) + vendor=cydrome ;; - sv1) - basic_machine=sv1-cray - os=-unicos + i370-ibm*) + vendor=ibm ;; - symmetry) - basic_machine=i386-sequent - os=-dynix + orion-unknown) + vendor=highlevel ;; - t3e) - basic_machine=alphaev5-cray - os=-unicos + xps-unknown | xps100-unknown) + cpu=xps100 + vendor=honeywell ;; - t90) - basic_machine=t90-cray - os=-unicos + + # Here we normalize CPU types with a missing or matching vendor + dpx20-unknown | dpx20-bull) + cpu=rs6000 + vendor=bull + basic_os=${basic_os:-bosx} ;; - tile*) - basic_machine=$basic_machine-unknown - os=-linux-gnu + + # Here we normalize CPU types irrespective of the vendor + amd64-*) + cpu=x86_64 ;; - tx39) - basic_machine=mipstx39-unknown + blackfin-*) + cpu=bfin + basic_os=linux ;; - tx39el) - basic_machine=mipstx39el-unknown + c54x-*) + cpu=tic54x ;; - toad1) - basic_machine=pdp10-xkl - os=-tops20 + c55x-*) + cpu=tic55x ;; - tower | tower-32) - basic_machine=m68k-ncr + c6x-*) + cpu=tic6x ;; - tpf) - basic_machine=s390x-ibm - os=-tpf + e500v[12]-*) + cpu=powerpc + basic_os=${basic_os}"spe" ;; - udi29k) - basic_machine=a29k-amd - os=-udi + mips3*-*) + cpu=mips64 ;; - ultra3) - basic_machine=a29k-nyu - os=-sym1 + ms1-*) + cpu=mt ;; - v810 | necv810) - basic_machine=v810-nec - os=-none + m68knommu-*) + cpu=m68k + basic_os=linux ;; - vaxv) - basic_machine=vax-dec - os=-sysv + m9s12z-* | m68hcs12z-* | hcs12z-* | s12z-*) + cpu=s12z ;; - vms) - basic_machine=vax-dec - os=-vms + openrisc-*) + cpu=or32 ;; - vpp*|vx|vx-*) - basic_machine=f301-fujitsu + parisc-*) + cpu=hppa + basic_os=linux ;; - vxworks960) - basic_machine=i960-wrs - os=-vxworks + pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*) + cpu=i586 ;; - vxworks68) - basic_machine=m68k-wrs - os=-vxworks + pentiumpro-* | p6-* | 6x86-* | athlon-* | athalon_*-*) + cpu=i686 ;; - vxworks29k) - basic_machine=a29k-wrs - os=-vxworks + pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*) + cpu=i686 ;; - w65*) - basic_machine=w65-wdc - os=-none + pentium4-*) + cpu=i786 ;; - w89k-*) - basic_machine=hppa1.1-winbond - os=-proelf + pc98-*) + cpu=i386 ;; - xbox) - basic_machine=i686-pc - os=-mingw32 + ppc-* | ppcbe-*) + cpu=powerpc ;; - xps | xps100) - basic_machine=xps100-honeywell + ppcle-* | powerpclittle-*) + cpu=powerpcle ;; - xscale-* | xscalee[bl]-*) - basic_machine=`echo $basic_machine | sed 's/^xscale/arm/'` + ppc64-*) + cpu=powerpc64 ;; - ymp) - basic_machine=ymp-cray - os=-unicos + ppc64le-* | powerpc64little-*) + cpu=powerpc64le ;; - z8k-*-coff) - basic_machine=z8k-unknown - os=-sim + sb1-*) + cpu=mipsisa64sb1 ;; - z80-*-coff) - basic_machine=z80-unknown - os=-sim + sb1el-*) + cpu=mipsisa64sb1el ;; - none) - basic_machine=none-none - os=-none + sh5e[lb]-*) + cpu=`echo "$cpu" | sed 's/^\(sh.\)e\(.\)$/\1\2e/'` ;; - -# Here we handle the default manufacturer of certain CPU types. It is in -# some cases the only manufacturer, in others, it is the most popular. - w89k) - basic_machine=hppa1.1-winbond + spur-*) + cpu=spur ;; - op50n) - basic_machine=hppa1.1-oki + strongarm-* | thumb-*) + cpu=arm ;; - op60c) - basic_machine=hppa1.1-oki + tx39-*) + cpu=mipstx39 ;; - romp) - basic_machine=romp-ibm + tx39el-*) + cpu=mipstx39el ;; - mmix) - basic_machine=mmix-knuth + x64-*) + cpu=x86_64 ;; - rs6000) - basic_machine=rs6000-ibm + xscale-* | xscalee[bl]-*) + cpu=`echo "$cpu" | sed 's/^xscale/arm/'` ;; - vax) - basic_machine=vax-dec + arm64-*) + cpu=aarch64 ;; - pdp10) - # there are many clones, so DEC is not a safe bet - basic_machine=pdp10-unknown + + # Recognize the canonical CPU Types that limit and/or modify the + # company names they are paired with. + cr16-*) + basic_os=${basic_os:-elf} ;; - pdp11) - basic_machine=pdp11-dec + crisv32-* | etraxfs*-*) + cpu=crisv32 + vendor=axis ;; - we32k) - basic_machine=we32k-att + cris-* | etrax*-*) + cpu=cris + vendor=axis ;; - sh[1234] | sh[24]a | sh[24]aeb | sh[34]eb | sh[1234]le | sh[23]ele) - basic_machine=sh-unknown + crx-*) + basic_os=${basic_os:-elf} ;; - sparc | sparcv8 | sparcv9 | sparcv9b | sparcv9v) - basic_machine=sparc-sun + neo-tandem) + cpu=neo + vendor=tandem ;; - cydra) - basic_machine=cydra-cydrome + nse-tandem) + cpu=nse + vendor=tandem ;; - orion) - basic_machine=orion-highlevel + nsr-tandem) + cpu=nsr + vendor=tandem ;; - orion105) - basic_machine=clipper-highlevel + nsv-tandem) + cpu=nsv + vendor=tandem ;; - mac | mpw | mac-mpw) - basic_machine=m68k-apple + nsx-tandem) + cpu=nsx + vendor=tandem ;; - pmac | pmac-mpw) - basic_machine=powerpc-apple + mipsallegrexel-sony) + cpu=mipsallegrexel + vendor=sony ;; - *-unknown) - # Make sure to match an already-canonicalized machine name. + tile*-*) + basic_os=${basic_os:-linux-gnu} ;; + *) - echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 - exit 1 + # Recognize the canonical CPU types that are allowed with any + # company name. + case $cpu in + 1750a | 580 \ + | a29k \ + | aarch64 | aarch64_be \ + | abacus \ + | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] \ + | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] \ + | alphapca5[67] | alpha64pca5[67] \ + | am33_2.0 \ + | amdgcn \ + | arc | arceb \ + | arm | arm[lb]e | arme[lb] | armv* \ + | avr | avr32 \ + | asmjs \ + | ba \ + | be32 | be64 \ + | bfin | bpf | bs2000 \ + | c[123]* | c30 | [cjt]90 | c4x \ + | c8051 | clipper | craynv | csky | cydra \ + | d10v | d30v | dlx | dsp16xx \ + | e2k | elxsi | epiphany \ + | f30[01] | f700 | fido | fr30 | frv | ft32 | fx80 \ + | h8300 | h8500 \ + | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ + | hexagon \ + | i370 | i*86 | i860 | i960 | ia16 | ia64 \ + | ip2k | iq2000 \ + | k1om \ + | le32 | le64 \ + | lm32 \ + | m32c | m32r | m32rle \ + | m5200 | m68000 | m680[012346]0 | m68360 | m683?2 | m68k \ + | m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x \ + | m88110 | m88k | maxq | mb | mcore | mep | metag \ + | microblaze | microblazeel \ + | mips | mipsbe | mipseb | mipsel | mipsle \ + | mips16 \ + | mips64 | mips64eb | mips64el \ + | mips64octeon | mips64octeonel \ + | mips64orion | mips64orionel \ + | mips64r5900 | mips64r5900el \ + | mips64vr | mips64vrel \ + | mips64vr4100 | mips64vr4100el \ + | mips64vr4300 | mips64vr4300el \ + | mips64vr5000 | mips64vr5000el \ + | mips64vr5900 | mips64vr5900el \ + | mipsisa32 | mipsisa32el \ + | mipsisa32r2 | mipsisa32r2el \ + | mipsisa32r6 | mipsisa32r6el \ + | mipsisa64 | mipsisa64el \ + | mipsisa64r2 | mipsisa64r2el \ + | mipsisa64r6 | mipsisa64r6el \ + | mipsisa64sb1 | mipsisa64sb1el \ + | mipsisa64sr71k | mipsisa64sr71kel \ + | mipsr5900 | mipsr5900el \ + | mipstx39 | mipstx39el \ + | mmix \ + | mn10200 | mn10300 \ + | moxie \ + | mt \ + | msp430 \ + | nds32 | nds32le | nds32be \ + | nfp \ + | nios | nios2 | nios2eb | nios2el \ + | none | np1 | ns16k | ns32k | nvptx \ + | open8 \ + | or1k* \ + | or32 \ + | orion \ + | picochip \ + | pdp10 | pdp11 | pj | pjl | pn | power \ + | powerpc | powerpc64 | powerpc64le | powerpcle | powerpcspe \ + | pru \ + | pyramid \ + | riscv | riscv32 | riscv64 \ + | rl78 | romp | rs6000 | rx \ + | s390 | s390x \ + | score \ + | sh | shl \ + | sh[1234] | sh[24]a | sh[24]ae[lb] | sh[23]e | she[lb] | sh[lb]e \ + | sh[1234]e[lb] | sh[12345][lb]e | sh[23]ele | sh64 | sh64le \ + | sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet \ + | sparclite \ + | sparcv8 | sparcv9 | sparcv9b | sparcv9v | sv1 | sx* \ + | spu \ + | tahoe \ + | tic30 | tic4x | tic54x | tic55x | tic6x | tic80 \ + | tron \ + | ubicom32 \ + | v70 | v850 | v850e | v850e1 | v850es | v850e2 | v850e2v3 \ + | vax \ + | visium \ + | w65 \ + | wasm32 | wasm64 \ + | we32k \ + | x86 | x86_64 | xc16x | xgate | xps100 \ + | xstormy16 | xtensa* \ + | ymp \ + | z8k | z80) + ;; + + *) + echo Invalid configuration \`"$1"\': machine \`"$cpu-$vendor"\' not recognized 1>&2 + exit 1 + ;; + esac ;; esac # Here we canonicalize certain aliases for manufacturers. -case $basic_machine in - *-digital*) - basic_machine=`echo $basic_machine | sed 's/digital.*/dec/'` +case $vendor in + digital*) + vendor=dec ;; - *-commodore*) - basic_machine=`echo $basic_machine | sed 's/commodore.*/cbm/'` + commodore*) + vendor=cbm ;; *) ;; @@ -1353,203 +1278,215 @@ esac # Decode manufacturer-specific aliases for certain operating systems. -if [ x"$os" != x"" ] +if [ x$basic_os != x ] then -case $os in - # First match some system type aliases - # that might get confused with valid system types. - # -solaris* is a basic system type, with this one exception. - -auroraux) - os=-auroraux + +# First recognize some ad-hoc caes, or perhaps split kernel-os, or else just +# set os. +case $basic_os in + gnu/linux*) + kernel=linux + os=`echo $basic_os | sed -e 's|gnu/linux|gnu|'` + ;; + nto-qnx*) + kernel=nto + os=`echo $basic_os | sed -e 's|nto-qnx|qnx|'` + ;; + *-*) + # shellcheck disable=SC2162 + IFS="-" read kernel os <<EOF +$basic_os +EOF + ;; + # Default OS when just kernel was specified + nto*) + kernel=nto + os=`echo $basic_os | sed -e 's|nto|qnx|'` + ;; + linux*) + kernel=linux + os=`echo $basic_os | sed -e 's|linux|gnu|'` ;; - -solaris1 | -solaris1.*) - os=`echo $os | sed -e 's|solaris1|sunos4|'` + *) + kernel= + os=$basic_os ;; - -solaris) - os=-solaris2 +esac + +# Now, normalize the OS (knowing we just have one component, it's not a kernel, +# etc.) +case $os in + # First match some system type aliases that might get confused + # with valid system types. + # solaris* is a basic system type, with this one exception. + auroraux) + os=auroraux ;; - -svr4*) - os=-sysv4 + bluegene*) + os=cnk ;; - -unixware*) - os=-sysv4.2uw + solaris1 | solaris1.*) + os=`echo $os | sed -e 's|solaris1|sunos4|'` ;; - -gnu/linux*) - os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'` + solaris) + os=solaris2 ;; - # First accept the basic system types. - # The portable systems comes first. - # Each alternative MUST END IN A *, to match a version number. - # -sysv* is not here because it comes later, after sysvr4. - -gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \ - | -*vms* | -sco* | -esix* | -isc* | -aix* | -cnk* | -sunos | -sunos[34]*\ - | -hpux* | -unos* | -osf* | -luna* | -dgux* | -auroraux* | -solaris* \ - | -sym* | -kopensolaris* | -plan9* \ - | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \ - | -aos* | -aros* | -cloudabi* | -sortix* \ - | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ - | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \ - | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \ - | -bitrig* | -openbsd* | -solidbsd* | -libertybsd* \ - | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \ - | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \ - | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \ - | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \ - | -chorusos* | -chorusrdb* | -cegcc* \ - | -cygwin* | -msys* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ - | -midipix* | -mingw32* | -mingw64* | -linux-gnu* | -linux-android* \ - | -linux-newlib* | -linux-musl* | -linux-uclibc* \ - | -uxpv* | -beos* | -mpeix* | -udk* | -moxiebox* \ - | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \ - | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \ - | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \ - | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \ - | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \ - | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \ - | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es* \ - | -onefs* | -tirtos* | -phoenix*) - # Remember, each alternative MUST END IN *, to match a version number. - ;; - -qnx*) - case $basic_machine in - x86-* | i*86-*) - ;; - *) - os=-nto$os - ;; - esac + unixware*) + os=sysv4.2uw ;; - -nto-qnx*) + # es1800 is here to avoid being matched by es* (a different OS) + es1800*) + os=ose ;; - -nto*) - os=`echo $os | sed -e 's|nto|nto-qnx|'` + # Some version numbers need modification + chorusos*) + os=chorusos ;; - -sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \ - | -windows* | -osx | -abug | -netware* | -os9* | -beos* | -haiku* \ - | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*) + isc) + os=isc2.2 ;; - -mac*) - os=`echo $os | sed -e 's|mac|macos|'` + sco6) + os=sco5v6 ;; - -linux-dietlibc) - os=-linux-dietlibc + sco5) + os=sco3.2v5 ;; - -linux*) - os=`echo $os | sed -e 's|linux|linux-gnu|'` + sco4) + os=sco3.2v4 ;; - -sunos5*) - os=`echo $os | sed -e 's|sunos5|solaris2|'` + sco3.2.[4-9]*) + os=`echo $os | sed -e 's/sco3.2./sco3.2v/'` ;; - -sunos6*) - os=`echo $os | sed -e 's|sunos6|solaris3|'` + sco*v* | scout) + # Don't match below ;; - -opened*) - os=-openedition + sco*) + os=sco3.2v2 ;; - -os400*) - os=-os400 + psos*) + os=psos ;; - -wince*) - os=-wince + qnx*) + case $cpu in + x86 | i*86) + ;; + *) + os=nto-$os + ;; + esac ;; - -osfrose*) - os=-osfrose + hiux*) + os=hiuxwe2 ;; - -osf*) - os=-osf + lynx*178) + os=lynxos178 ;; - -utek*) - os=-bsd + lynx*5) + os=lynxos5 ;; - -dynix*) - os=-bsd + lynxos*) + # don't get caught up in next wildcard ;; - -acis*) - os=-aos + lynx*) + os=lynxos ;; - -atheos*) - os=-atheos + mac[0-9]*) + os=`echo "$os" | sed -e 's|mac|macos|'` ;; - -syllable*) - os=-syllable + opened*) + os=openedition ;; - -386bsd) - os=-bsd + os400*) + os=os400 ;; - -ctix* | -uts*) - os=-sysv + sunos5*) + os=`echo "$os" | sed -e 's|sunos5|solaris2|'` ;; - -nova*) - os=-rtmk-nova + sunos6*) + os=`echo "$os" | sed -e 's|sunos6|solaris3|'` ;; - -ns2 ) - os=-nextstep2 + wince*) + os=wince ;; - -nsk*) - os=-nsk + utek*) + os=bsd ;; - # Preserve the version number of sinix5. - -sinix5.*) - os=`echo $os | sed -e 's|sinix|sysv|'` + dynix*) + os=bsd ;; - -sinix*) - os=-sysv4 + acis*) + os=aos ;; - -tpf*) - os=-tpf + atheos*) + os=atheos ;; - -triton*) - os=-sysv3 + syllable*) + os=syllable ;; - -oss*) - os=-sysv3 + 386bsd) + os=bsd ;; - -svr4) - os=-sysv4 + ctix* | uts*) + os=sysv ;; - -svr3) - os=-sysv3 + nova*) + os=rtmk-nova ;; - -sysvr4) - os=-sysv4 + ns2) + os=nextstep2 ;; - # This must come after -sysvr4. - -sysv*) + # Preserve the version number of sinix5. + sinix5.*) + os=`echo $os | sed -e 's|sinix|sysv|'` ;; - -ose*) - os=-ose + sinix*) + os=sysv4 ;; - -es1800*) - os=-ose + tpf*) + os=tpf ;; - -xenix) - os=-xenix + triton*) + os=sysv3 ;; - -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) - os=-mint + oss*) + os=sysv3 ;; - -aros*) - os=-aros + svr4*) + os=sysv4 ;; - -zvmoe) - os=-zvmoe + svr3) + os=sysv3 ;; - -dicos*) - os=-dicos + sysvr4) + os=sysv4 ;; - -nacl*) + ose*) + os=ose ;; - -ios) + *mint | mint[0-9]* | *MiNT | MiNT[0-9]*) + os=mint ;; - -none) + dicos*) + os=dicos + ;; + pikeos*) + # Until real need of OS specific support for + # particular features comes up, bare metal + # configurations are quite functional. + case $cpu in + arm*) + os=eabi + ;; + *) + os=elf + ;; + esac ;; *) - # Get rid of the `-' at the beginning of $os. - os=`echo $os | sed 's/[^-]*-//'` - echo Invalid configuration \`$1\': system \`$os\' not recognized 1>&2 - exit 1 + # No normalization, but not necessarily accepted, that comes below. ;; esac + else # Here we handle the default operating systems that come with various machines. @@ -1562,261 +1499,352 @@ else # will signal an error saying that MANUFACTURER isn't an operating # system, and we'll never get to this point. -case $basic_machine in +kernel= +case $cpu-$vendor in score-*) - os=-elf + os=elf ;; spu-*) - os=-elf + os=elf ;; *-acorn) - os=-riscix1.2 + os=riscix1.2 ;; arm*-rebel) - os=-linux + kernel=linux + os=gnu ;; arm*-semi) - os=-aout + os=aout ;; c4x-* | tic4x-*) - os=-coff + os=coff ;; c8051-*) - os=-elf + os=elf + ;; + clipper-intergraph) + os=clix ;; hexagon-*) - os=-elf + os=elf ;; tic54x-*) - os=-coff + os=coff ;; tic55x-*) - os=-coff + os=coff ;; tic6x-*) - os=-coff + os=coff ;; # This must come before the *-dec entry. pdp10-*) - os=-tops20 + os=tops20 ;; pdp11-*) - os=-none + os=none ;; *-dec | vax-*) - os=-ultrix4.2 + os=ultrix4.2 ;; m68*-apollo) - os=-domain + os=domain ;; i386-sun) - os=-sunos4.0.2 + os=sunos4.0.2 ;; m68000-sun) - os=-sunos3 + os=sunos3 ;; m68*-cisco) - os=-aout + os=aout ;; mep-*) - os=-elf + os=elf ;; mips*-cisco) - os=-elf + os=elf ;; mips*-*) - os=-elf + os=elf ;; or32-*) - os=-coff + os=coff ;; *-tti) # must be before sparc entry or we get the wrong os. - os=-sysv3 + os=sysv3 ;; sparc-* | *-sun) - os=-sunos4.1.1 + os=sunos4.1.1 ;; - *-be) - os=-beos + pru-*) + os=elf ;; - *-haiku) - os=-haiku + *-be) + os=beos ;; *-ibm) - os=-aix + os=aix ;; *-knuth) - os=-mmixware + os=mmixware ;; *-wec) - os=-proelf + os=proelf ;; *-winbond) - os=-proelf + os=proelf ;; *-oki) - os=-proelf + os=proelf ;; *-hp) - os=-hpux + os=hpux ;; *-hitachi) - os=-hiux + os=hiux ;; i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent) - os=-sysv + os=sysv ;; *-cbm) - os=-amigaos + os=amigaos ;; *-dg) - os=-dgux + os=dgux ;; *-dolphin) - os=-sysv3 + os=sysv3 ;; m68k-ccur) - os=-rtu + os=rtu ;; m88k-omron*) - os=-luna + os=luna ;; - *-next ) - os=-nextstep + *-next) + os=nextstep ;; *-sequent) - os=-ptx + os=ptx ;; *-crds) - os=-unos + os=unos ;; *-ns) - os=-genix + os=genix ;; i370-*) - os=-mvs - ;; - *-next) - os=-nextstep3 + os=mvs ;; *-gould) - os=-sysv + os=sysv ;; *-highlevel) - os=-bsd + os=bsd ;; *-encore) - os=-bsd + os=bsd ;; *-sgi) - os=-irix + os=irix ;; *-siemens) - os=-sysv4 + os=sysv4 ;; *-masscomp) - os=-rtu + os=rtu ;; f30[01]-fujitsu | f700-fujitsu) - os=-uxpv + os=uxpv ;; *-rom68k) - os=-coff + os=coff ;; *-*bug) - os=-coff + os=coff ;; *-apple) - os=-macos + os=macos ;; *-atari*) - os=-mint + os=mint + ;; + *-wrs) + os=vxworks ;; *) - os=-none + os=none ;; esac + fi +# Now, validate our (potentially fixed-up) OS. +case $os in + # Sometimes we do "kernel-abi", so those need to count as OSes. + musl* | newlib* | uclibc*) + ;; + # Likewise for "kernel-libc" + eabi | eabihf | gnueabi | gnueabihf) + ;; + # Now accept the basic system types. + # The portable systems comes first. + # Each alternative MUST end in a * to match a version number. + gnu* | android* | bsd* | mach* | minix* | genix* | ultrix* | irix* \ + | *vms* | esix* | aix* | cnk* | sunos | sunos[34]* \ + | hpux* | unos* | osf* | luna* | dgux* | auroraux* | solaris* \ + | sym* | plan9* | psp* | sim* | xray* | os68k* | v88r* \ + | hiux* | abug | nacl* | netware* | windows* \ + | os9* | macos* | osx* | ios* \ + | mpw* | magic* | mmixware* | mon960* | lnews* \ + | amigaos* | amigados* | msdos* | newsos* | unicos* | aof* \ + | aos* | aros* | cloudabi* | sortix* | twizzler* \ + | nindy* | vxsim* | vxworks* | ebmon* | hms* | mvs* \ + | clix* | riscos* | uniplus* | iris* | isc* | rtu* | xenix* \ + | mirbsd* | netbsd* | dicos* | openedition* | ose* \ + | bitrig* | openbsd* | solidbsd* | libertybsd* | os108* \ + | ekkobsd* | freebsd* | riscix* | lynxos* | os400* \ + | bosx* | nextstep* | cxux* | aout* | elf* | oabi* \ + | ptx* | coff* | ecoff* | winnt* | domain* | vsta* \ + | udi* | lites* | ieee* | go32* | aux* | hcos* \ + | chorusrdb* | cegcc* | glidix* \ + | cygwin* | msys* | pe* | moss* | proelf* | rtems* \ + | midipix* | mingw32* | mingw64* | mint* \ + | uxpv* | beos* | mpeix* | udk* | moxiebox* \ + | interix* | uwin* | mks* | rhapsody* | darwin* \ + | openstep* | oskit* | conix* | pw32* | nonstopux* \ + | storm-chaos* | tops10* | tenex* | tops20* | its* \ + | os2* | vos* | palmos* | uclinux* | nucleus* | morphos* \ + | scout* | superux* | sysv* | rtmk* | tpf* | windiss* \ + | powermax* | dnix* | nx6 | nx7 | sei* | dragonfly* \ + | skyos* | haiku* | rdos* | toppers* | drops* | es* \ + | onefs* | tirtos* | phoenix* | fuchsia* | redox* | bme* \ + | midnightbsd* | amdhsa* | unleashed* | emscripten* | wasi* \ + | nsk* | powerunix* | genode* | zvmoe* ) + ;; + # This one is extra strict with allowed versions + sco3.2v2 | sco3.2v[4-9]* | sco5v6*) + # Don't forget version if it is 3.2v4 or newer. + ;; + none) + ;; + *) + echo Invalid configuration \`"$1"\': OS \`"$os"\' not recognized 1>&2 + exit 1 + ;; +esac + +# As a final step for OS-related things, validate the OS-kernel combination +# (given a valid OS), if there is a kernel. +case $kernel-$os in + linux-gnu* | linux-dietlibc* | linux-android* | linux-newlib* | linux-musl* | linux-uclibc* ) + ;; + -dietlibc* | -newlib* | -musl* | -uclibc* ) + # These are just libc implementations, not actual OSes, and thus + # require a kernel. + echo "Invalid configuration \`$1': libc \`$os' needs explicit kernel." 1>&2 + exit 1 + ;; + kfreebsd*-gnu* | kopensolaris*-gnu*) + ;; + nto-qnx*) + ;; + *-eabi* | *-gnueabi*) + ;; + -*) + # Blank kernel with real OS is always fine. + ;; + *-*) + echo "Invalid configuration \`$1': Kernel \`$kernel' not known to work with OS \`$os'." 1>&2 + exit 1 + ;; +esac + # Here we handle the case where we know the os, and the CPU type, but not the # manufacturer. We pick the logical manufacturer. -vendor=unknown -case $basic_machine in - *-unknown) - case $os in - -riscix*) +case $vendor in + unknown) + case $cpu-$os in + *-riscix*) vendor=acorn ;; - -sunos*) + *-sunos*) vendor=sun ;; - -cnk*|-aix*) + *-cnk* | *-aix*) vendor=ibm ;; - -beos*) + *-beos*) vendor=be ;; - -hpux*) + *-hpux*) vendor=hp ;; - -mpeix*) + *-mpeix*) vendor=hp ;; - -hiux*) + *-hiux*) vendor=hitachi ;; - -unos*) + *-unos*) vendor=crds ;; - -dgux*) + *-dgux*) vendor=dg ;; - -luna*) + *-luna*) vendor=omron ;; - -genix*) + *-genix*) vendor=ns ;; - -mvs* | -opened*) + *-clix*) + vendor=intergraph + ;; + *-mvs* | *-opened*) + vendor=ibm + ;; + *-os400*) vendor=ibm ;; - -os400*) + s390-* | s390x-*) vendor=ibm ;; - -ptx*) + *-ptx*) vendor=sequent ;; - -tpf*) + *-tpf*) vendor=ibm ;; - -vxsim* | -vxworks* | -windiss*) + *-vxsim* | *-vxworks* | *-windiss*) vendor=wrs ;; - -aux*) + *-aux*) vendor=apple ;; - -hms*) + *-hms*) vendor=hitachi ;; - -mpw* | -macos*) + *-mpw* | *-macos*) vendor=apple ;; - -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) + *-*mint | *-mint[0-9]* | *-*MiNT | *-MiNT[0-9]*) vendor=atari ;; - -vos*) + *-vos*) vendor=stratus ;; esac - basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"` ;; esac -echo $basic_machine$os +echo "$cpu-$vendor-${kernel:+$kernel-}$os" exit # Local variables: -# eval: (add-hook 'write-file-hooks 'time-stamp) +# eval: (add-hook 'before-save-hook 'time-stamp) # time-stamp-start: "timestamp='" # time-stamp-format: "%:y-%02m-%02d" # time-stamp-end: "'" diff --git a/configure b/configure index bdec1f0024c7..ed66e853047d 100755 --- a/configure +++ b/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for unbound 1.10.1. +# Generated by GNU Autoconf 2.69 for unbound 1.11.0. # # Report bugs to <unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues>. # @@ -591,8 +591,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='unbound' PACKAGE_TARNAME='unbound' -PACKAGE_VERSION='1.10.1' -PACKAGE_STRING='unbound 1.10.1' +PACKAGE_VERSION='1.11.0' +PACKAGE_STRING='unbound 1.11.0' PACKAGE_BUGREPORT='unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues' PACKAGE_URL='' @@ -649,6 +649,7 @@ ENABLE_DNSCRYPT ENABLE_DNSCRYPT_XCHACHA20 DNSTAP_OBJ DNSTAP_SRC +DNSTAP_SOCKET_PATH opt_dnstap_socket_path ENABLE_DNSTAP PROTOC_C @@ -699,6 +700,10 @@ PYTHON_LDFLAGS PYTHON_CPPFLAGS PYTHON PYTHON_VERSION +DYNLIBMOD_EXTRALIBS +DYNLIBMOD_HEADER +DYNLIBMOD_OBJ +WITH_DYNLIBMODULE PTHREAD_CFLAGS_ONLY PTHREAD_CFLAGS PTHREAD_LIBS @@ -855,6 +860,7 @@ enable_alloc_nonregional with_pthreads with_solaris_threads with_syslog_facility +with_dynlibmodule with_pyunbound with_pythonmodule enable_swig_version_check @@ -883,13 +889,13 @@ enable_allsymbols enable_dnstap with_dnstap_socket_path with_protobuf_c -with_libfstrm enable_dnscrypt with_libsodium enable_cachedb enable_ipsecmod enable_ipset with_libmnl +enable_explicit_port_randomisation with_libunbound_only ' ac_precious_vars='build_alias @@ -1452,7 +1458,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures unbound 1.10.1 to adapt to many kinds of systems. +\`configure' configures unbound 1.11.0 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1517,7 +1523,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of unbound 1.10.1:";; + short | recursive ) echo "Configuration of unbound 1.11.0:";; esac cat <<\_ACEOF @@ -1572,13 +1578,16 @@ Optional Features: --enable-allsymbols export all symbols from libunbound and link binaries to it, smaller install size but libunbound export table is polluted by internal symbols - --enable-dnstap Enable dnstap support (requires fstrm, protobuf-c) + --enable-dnstap Enable dnstap support (requires protobuf-c) --enable-dnscrypt Enable dnscrypt support (requires libsodium) --enable-cachedb enable cachedb module that can use external cache storage --enable-ipsecmod Enable ipsecmod module that facilitates opportunistic IPsec --enable-ipset enable ipset module + --disable-explicit-port-randomisation + disable explicit source port randomisation and rely + on the kernel to provide random source ports Optional Packages: --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] @@ -1614,6 +1623,8 @@ Optional Packages: --with-solaris-threads use solaris native thread library. --with-syslog-facility=LOCAL0 - LOCAL7 set SYSLOG_FACILITY, default DAEMON + --with-dynlibmodule build dynamic library module, or + --without-dynlibmodule to disable it. (default=no) --with-pyunbound build PyUnbound, or --without-pyunbound to skip it. (default=no) --with-pythonmodule build Python module, or --without-pythonmodule to @@ -1634,7 +1645,6 @@ Optional Packages: --with-dnstap-socket-path=pathname set default dnstap socket path --with-protobuf-c=path Path where protobuf-c is installed, for dnstap - --with-libfstrm=path Path where libfstrm is installed, for dnstap --with-libsodium=path Path where libsodium is installed, for dnscrypt --with-libmnl=path specify explicit path for libmnl. --with-libunbound-only do not build daemon and tool programs @@ -1740,7 +1750,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -unbound configure 1.10.1 +unbound configure 1.11.0 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2449,7 +2459,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by unbound $as_me 1.10.1, which was +It was created by unbound $as_me 1.11.0, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -2799,13 +2809,13 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu UNBOUND_VERSION_MAJOR=1 -UNBOUND_VERSION_MINOR=10 +UNBOUND_VERSION_MINOR=11 -UNBOUND_VERSION_MICRO=1 +UNBOUND_VERSION_MICRO=0 LIBUNBOUND_CURRENT=9 -LIBUNBOUND_REVISION=8 +LIBUNBOUND_REVISION=9 LIBUNBOUND_AGE=1 # 1.0.0 had 0:12:0 # 1.0.1 had 0:13:0 @@ -2881,6 +2891,7 @@ LIBUNBOUND_AGE=1 # 1.9.6 had 9:6:1 # 1.10.0 had 9:7:1 # 1.10.1 had 9:8:1 +# 1.11.0 had 9:9:1 # Current -- the number of the binary API that we're implementing # Revision -- which iteration of the implementation of the binary @@ -14729,6 +14740,20 @@ fi done +# Check for Apple header. This uncovers TARGET_OS_IPHONE, TARGET_OS_TV or TARGET_OS_WATCH +for ac_header in TargetConditionals.h +do : + ac_fn_c_check_header_mongrel "$LINENO" "TargetConditionals.h" "ac_cv_header_TargetConditionals_h" "$ac_includes_default" +if test "x$ac_cv_header_TargetConditionals_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_TARGETCONDITIONALS_H 1 +_ACEOF + +fi + +done + + # check for types. # Using own tests for int64* because autoconf builtin only give 32bit. ac_fn_c_check_type "$LINENO" "int8_t" "ac_cv_type_int8_t" "$ac_includes_default" @@ -17171,6 +17196,34 @@ cat >>confdefs.h <<_ACEOF _ACEOF +# Check for dynamic library module + +# Check whether --with-dynlibmodule was given. +if test "${with_dynlibmodule+set}" = set; then : + withval=$with_dynlibmodule; +else + withval="no" +fi + + +if test x_$withval != x_no; then + +$as_echo "#define WITH_DYNLIBMODULE 1" >>confdefs.h + + WITH_DYNLIBMODULE=yes + + DYNLIBMOD_OBJ="dynlibmod.lo" + + DYNLIBMOD_HEADER='$(srcdir)/dynlibmod/dynlibmod.h' + + if test $on_mingw = "no"; then + DYNLIBMOD_EXTRALIBS="-ldl -export-dynamic" + else + DYNLIBMOD_EXTRALIBS="-Wl,--export-all-symbols,--out-implib,libunbound.a" + fi + +fi + # Check for PyUnbound # Check whether --with-pyunbound was given. @@ -17312,6 +17365,11 @@ $as_echo_n "checking for Python library path... " >&6; } $as_echo "$PYTHON_LDFLAGS" >&6; } + if test -z "$PYTHON_LIBDIR"; then + PYTHON_LIBDIR=`$PYTHON -c "from distutils.sysconfig import *; \ + print(get_config_var('LIBDIR'));"` + fi + # # Check for site packages # @@ -17417,6 +17475,15 @@ $as_echo "#define HAVE_PYTHON 1" >>confdefs.h else CPPFLAGS="$PYTHON_CPPFLAGS" fi + if test "$PYTHON_LIBDIR" != "/usr/lib" -a "$PYTHON_LIBDIR" != "" -a "$PYTHON_LIBDIR" != "/usr/lib64"; then + + if test "x$enable_rpath" = xyes; then + if echo "$PYTHON_LIBDIR" | grep "^/" >/dev/null; then + RUNTIME_PATH="$RUNTIME_PATH -R$PYTHON_LIBDIR" + fi + fi + + fi ub_have_python=yes if test -n "$PKG_CONFIG" && \ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"\"python\${PY_MAJOR_VERSION}\"\""; } >&5 @@ -18259,7 +18326,7 @@ else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi -for ac_header in openssl/conf.h openssl/engine.h openssl/bn.h openssl/dh.h openssl/dsa.h openssl/rsa.h +for ac_header in openssl/conf.h openssl/engine.h openssl/bn.h openssl/dh.h openssl/dsa.h openssl/rsa.h openssl/core_names.h do : as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default @@ -18273,7 +18340,7 @@ fi done -for ac_func in OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode EVP_MD_CTX_new OpenSSL_add_all_digests OPENSSL_init_crypto EVP_cleanup ERR_load_crypto_strings CRYPTO_cleanup_all_ex_data ERR_free_strings RAND_cleanup DSA_SIG_set0 EVP_dss1 EVP_DigestVerify SSL_CTX_set_tlsext_ticket_key_cb EVP_aes_256_cbc EVP_EncryptInit_ex HMAC_Init_ex CRYPTO_THREADID_set_callback +for ac_func in OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode EVP_MD_CTX_new OpenSSL_add_all_digests OPENSSL_init_crypto EVP_cleanup ENGINE_cleanup ERR_load_crypto_strings CRYPTO_cleanup_all_ex_data ERR_free_strings RAND_cleanup DSA_SIG_set0 EVP_dss1 EVP_DigestVerify EVP_aes_256_cbc EVP_EncryptInit_ex HMAC_Init_ex CRYPTO_THREADID_set_callback do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" @@ -18289,7 +18356,7 @@ done # these check_funcs need -lssl BAKLIBS="$LIBS" LIBS="-lssl $LIBS" -for ac_func in OPENSSL_init_ssl SSL_CTX_set_security_level SSL_set1_host SSL_get0_peername X509_VERIFY_PARAM_set1_host SSL_CTX_set_ciphersuites +for ac_func in OPENSSL_init_ssl SSL_CTX_set_security_level SSL_set1_host SSL_get0_peername X509_VERIFY_PARAM_set1_host SSL_CTX_set_ciphersuites SSL_CTX_set_tlsext_ticket_key_evp_cb do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" @@ -19107,31 +19174,34 @@ esac if test "${with_libevent+set}" = set; then : withval=$with_libevent; else - withval="no" + with_libevent="no" fi -if test x_$withval = x_yes -o x_$withval != x_no; then +if test "x_$with_libevent" != x_no; then + +$as_echo "#define USE_LIBEVENT 1" >>confdefs.h + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for libevent" >&5 $as_echo_n "checking for libevent... " >&6; } - if test x_$withval = x_ -o x_$withval = x_yes; then - withval="/usr/local /opt/local /usr/lib /usr/pkg /usr/sfw /usr" + if test "x_$with_libevent" = x_ -o "x_$with_libevent" = x_yes; then + with_libevent="/usr/local /opt/local /usr/lib /usr/pkg /usr/sfw /usr" fi - for dir in $withval; do + for dir in $with_libevent; do thedir="$dir" if test -f "$dir/include/event.h" -o -f "$dir/include/event2/event.h"; then found_libevent="yes" - if test "$thedir" != "/usr"; then - CPPFLAGS="$CPPFLAGS -I$thedir/include" - fi - break; - fi + if test "$thedir" != "/usr"; then + CPPFLAGS="$CPPFLAGS -I$thedir/include" + fi + break; + fi done if test x_$found_libevent != x_yes; then if test -f "$dir/event.h" -a \( -f "$dir/libevent.la" -o -f "$dir/libev.la" \) ; then # libevent source directory - { $as_echo "$as_me:${as_lineno-$LINENO}: result: found in $thedir" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: found in $thedir" >&5 $as_echo "found in $thedir" >&6; } - CPPFLAGS="$CPPFLAGS -I$thedir -I$thedir/include" + CPPFLAGS="$CPPFLAGS -I$thedir -I$thedir/include" BAK_LDFLAGS_SET="1" BAK_LDFLAGS="$LDFLAGS" # remove evdns from linking @@ -19144,10 +19214,10 @@ $as_echo "found in $thedir" >&6; } cp $ev_files_o build/libevent cp $ev_files_lo build/libevent cp $ev_files_libso build/libevent/.libs - LATE_LDFLAGS="build/libevent/*.lo -lm" + LATE_LDFLAGS="build/libevent/*.lo -lm" LDFLAGS="build/libevent/*.o $LDFLAGS -lm" else - as_fn_error $? "Cannot find the libevent library in $withval + as_fn_error $? "Cannot find the libevent library in $with_libevent You can restart ./configure --with-libevent=no to use a builtin alternative. Please note that this alternative is not as capable as libevent when using large outgoing port ranges. " "$LINENO" 5 @@ -20968,73 +21038,6 @@ else fi - -# Check whether --with-libfstrm was given. -if test "${with_libfstrm+set}" = set; then : - withval=$with_libfstrm; - CFLAGS="$CFLAGS -I$withval/include" - LDFLAGS="$LDFLAGS -L$withval/lib" - -fi - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing fstrm_iothr_init" >&5 -$as_echo_n "checking for library containing fstrm_iothr_init... " >&6; } -if ${ac_cv_search_fstrm_iothr_init+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_func_search_save_LIBS=$LIBS -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char fstrm_iothr_init (); -int -main () -{ -return fstrm_iothr_init (); - ; - return 0; -} -_ACEOF -for ac_lib in '' fstrm; do - if test -z "$ac_lib"; then - ac_res="none required" - else - ac_res=-l$ac_lib - LIBS="-l$ac_lib $ac_func_search_save_LIBS" - fi - if ac_fn_c_try_link "$LINENO"; then : - ac_cv_search_fstrm_iothr_init=$ac_res -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext - if ${ac_cv_search_fstrm_iothr_init+:} false; then : - break -fi -done -if ${ac_cv_search_fstrm_iothr_init+:} false; then : - -else - ac_cv_search_fstrm_iothr_init=no -fi -rm conftest.$ac_ext -LIBS=$ac_func_search_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_fstrm_iothr_init" >&5 -$as_echo "$ac_cv_search_fstrm_iothr_init" >&6; } -ac_res=$ac_cv_search_fstrm_iothr_init -if test "$ac_res" != no; then : - test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" - -else - as_fn_error $? "The fstrm library was not found. Please install fstrm!" "$LINENO" 5 -fi - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing protobuf_c_message_pack" >&5 $as_echo_n "checking for library containing protobuf_c_message_pack... " >&6; } if ${ac_cv_search_protobuf_c_message_pack+:} false; then : @@ -21108,10 +21111,12 @@ cat >>confdefs.h <<_ACEOF #define DNSTAP_SOCKET_PATH "$hdr_dnstap_socket_path" _ACEOF + DNSTAP_SOCKET_PATH="$hdr_dnstap_socket_path" - DNSTAP_SRC="dnstap/dnstap.c dnstap/dnstap.pb-c.c" - DNSTAP_OBJ="dnstap.lo dnstap.pb-c.lo" + DNSTAP_SRC="dnstap/dnstap.c dnstap/dnstap.pb-c.c dnstap/dnstap_fstrm.c dnstap/dtstream.c" + + DNSTAP_OBJ="dnstap.lo dnstap.pb-c.lo dnstap_fstrm.lo dtstream.lo" else @@ -21443,6 +21448,21 @@ $as_echo "found in $dir" >&6; } # nothing ;; esac +# Check whether --enable-explicit-port-randomisation was given. +if test "${enable_explicit_port_randomisation+set}" = set; then : + enableval=$enable_explicit_port_randomisation; +fi + +case "$enable_explicit_port_randomisation" in + no) + +$as_echo "#define DISABLE_EXPLICIT_PORT_RANDOMISATION 1" >>confdefs.h + + ;; + yes|*) + ;; +esac + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if ${MAKE:-make} supports $< with implicit rule in scope" >&5 $as_echo_n "checking if ${MAKE:-make} supports $< with implicit rule in scope... " >&6; } @@ -21599,7 +21619,7 @@ _ACEOF -version=1.10.1 +version=1.11.0 date=`date +'%b %e, %Y'` @@ -22118,7 +22138,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by unbound $as_me 1.10.1, which was +This file was extended by unbound $as_me 1.11.0, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -22184,7 +22204,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -unbound config.status 1.10.1 +unbound config.status 1.11.0 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff --git a/configure.ac b/configure.ac index 3e00c999c803..1d16dce72bf8 100644 --- a/configure.ac +++ b/configure.ac @@ -10,15 +10,15 @@ sinclude(dnscrypt/dnscrypt.m4) # must be numbers. ac_defun because of later processing m4_define([VERSION_MAJOR],[1]) -m4_define([VERSION_MINOR],[10]) -m4_define([VERSION_MICRO],[1]) +m4_define([VERSION_MINOR],[11]) +m4_define([VERSION_MICRO],[0]) AC_INIT(unbound, m4_defn([VERSION_MAJOR]).m4_defn([VERSION_MINOR]).m4_defn([VERSION_MICRO]), unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues, unbound) AC_SUBST(UNBOUND_VERSION_MAJOR, [VERSION_MAJOR]) AC_SUBST(UNBOUND_VERSION_MINOR, [VERSION_MINOR]) AC_SUBST(UNBOUND_VERSION_MICRO, [VERSION_MICRO]) LIBUNBOUND_CURRENT=9 -LIBUNBOUND_REVISION=8 +LIBUNBOUND_REVISION=9 LIBUNBOUND_AGE=1 # 1.0.0 had 0:12:0 # 1.0.1 had 0:13:0 @@ -94,6 +94,7 @@ LIBUNBOUND_AGE=1 # 1.9.6 had 9:6:1 # 1.10.0 had 9:7:1 # 1.10.1 had 9:8:1 +# 1.11.0 had 9:9:1 # Current -- the number of the binary API that we're implementing # Revision -- which iteration of the implementation of the binary @@ -399,6 +400,9 @@ PKG_PROG_PKG_CONFIG # Checks for header files. AC_CHECK_HEADERS([stdarg.h stdbool.h netinet/in.h netinet/tcp.h sys/param.h sys/socket.h sys/un.h sys/uio.h sys/resource.h arpa/inet.h syslog.h netdb.h sys/wait.h pwd.h glob.h grp.h login_cap.h winsock2.h ws2tcpip.h endian.h sys/endian.h libkern/OSByteOrder.h sys/ipc.h sys/shm.h],,, [AC_INCLUDES_DEFAULT]) +# Check for Apple header. This uncovers TARGET_OS_IPHONE, TARGET_OS_TV or TARGET_OS_WATCH +AC_CHECK_HEADERS([TargetConditionals.h]) + # check for types. # Using own tests for int64* because autoconf builtin only give 32bit. AC_CHECK_TYPE(int8_t, signed char) @@ -624,6 +628,28 @@ case "${UNBOUND_SYSLOG_FACILITY}" in esac AC_DEFINE_UNQUOTED(UB_SYSLOG_FACILITY,${UNBOUND_SYSLOG_FACILITY},[the SYSLOG_FACILITY to use, default LOG_DAEMON]) +# Check for dynamic library module +AC_ARG_WITH(dynlibmodule, + AC_HELP_STRING([--with-dynlibmodule], + [build dynamic library module, or --without-dynlibmodule to disable it. (default=no)]), + [], [ withval="no" ]) + +if test x_$withval != x_no; then + AC_DEFINE(WITH_DYNLIBMODULE, 1, [Define if you want dynlib module.]) + WITH_DYNLIBMODULE=yes + AC_SUBST(WITH_DYNLIBMODULE) + DYNLIBMOD_OBJ="dynlibmod.lo" + AC_SUBST(DYNLIBMOD_OBJ) + DYNLIBMOD_HEADER='$(srcdir)/dynlibmod/dynlibmod.h' + AC_SUBST(DYNLIBMOD_HEADER) + if test $on_mingw = "no"; then + DYNLIBMOD_EXTRALIBS="-ldl -export-dynamic" + else + DYNLIBMOD_EXTRALIBS="-Wl,--export-all-symbols,--out-implib,libunbound.a" + fi + AC_SUBST(DYNLIBMOD_EXTRALIBS) +fi + # Check for PyUnbound AC_ARG_WITH(pyunbound, AC_HELP_STRING([--with-pyunbound], @@ -675,6 +701,9 @@ if test x_$ub_test_python != x_no; then else CPPFLAGS="$PYTHON_CPPFLAGS" fi + if test "$PYTHON_LIBDIR" != "/usr/lib" -a "$PYTHON_LIBDIR" != "" -a "$PYTHON_LIBDIR" != "/usr/lib64"; then + ACX_RUNTIME_PATH_ADD([$PYTHON_LIBDIR]) + fi ub_have_python=yes PKG_CHECK_EXISTS(["python${PY_MAJOR_VERSION}"], [PC_PY_DEPENDENCY="python${PY_MAJOR_VERSION}"], @@ -821,13 +850,13 @@ if grep VERSION_TEXT $ssldir/include/openssl/opensslv.h | grep "LibreSSL" >/dev/ else AC_MSG_RESULT([no]) fi -AC_CHECK_HEADERS([openssl/conf.h openssl/engine.h openssl/bn.h openssl/dh.h openssl/dsa.h openssl/rsa.h],,, [AC_INCLUDES_DEFAULT]) -AC_CHECK_FUNCS([OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode EVP_MD_CTX_new OpenSSL_add_all_digests OPENSSL_init_crypto EVP_cleanup ERR_load_crypto_strings CRYPTO_cleanup_all_ex_data ERR_free_strings RAND_cleanup DSA_SIG_set0 EVP_dss1 EVP_DigestVerify SSL_CTX_set_tlsext_ticket_key_cb EVP_aes_256_cbc EVP_EncryptInit_ex HMAC_Init_ex CRYPTO_THREADID_set_callback]) +AC_CHECK_HEADERS([openssl/conf.h openssl/engine.h openssl/bn.h openssl/dh.h openssl/dsa.h openssl/rsa.h openssl/core_names.h],,, [AC_INCLUDES_DEFAULT]) +AC_CHECK_FUNCS([OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode EVP_MD_CTX_new OpenSSL_add_all_digests OPENSSL_init_crypto EVP_cleanup ENGINE_cleanup ERR_load_crypto_strings CRYPTO_cleanup_all_ex_data ERR_free_strings RAND_cleanup DSA_SIG_set0 EVP_dss1 EVP_DigestVerify EVP_aes_256_cbc EVP_EncryptInit_ex HMAC_Init_ex CRYPTO_THREADID_set_callback]) # these check_funcs need -lssl BAKLIBS="$LIBS" LIBS="-lssl $LIBS" -AC_CHECK_FUNCS([OPENSSL_init_ssl SSL_CTX_set_security_level SSL_set1_host SSL_get0_peername X509_VERIFY_PARAM_set1_host SSL_CTX_set_ciphersuites]) +AC_CHECK_FUNCS([OPENSSL_init_ssl SSL_CTX_set_security_level SSL_set1_host SSL_get0_peername X509_VERIFY_PARAM_set1_host SSL_CTX_set_ciphersuites SSL_CTX_set_tlsext_ticket_key_evp_cb]) LIBS="$BAKLIBS" AC_CHECK_DECLS([SSL_COMP_get_compression_methods,sk_SSL_COMP_pop_free,SSL_CTX_set_ecdh_auto], [], [], [ @@ -1215,28 +1244,29 @@ esac # check for libevent AC_ARG_WITH(libevent, AC_HELP_STRING([--with-libevent=pathname], [use libevent (will check /usr/local /opt/local /usr/lib /usr/pkg /usr/sfw /usr or you can specify an explicit path). Slower, but allows use of large outgoing port ranges.]), - [ ],[ withval="no" ]) -if test x_$withval = x_yes -o x_$withval != x_no; then + [ ],[ with_libevent="no" ]) +if test "x_$with_libevent" != x_no; then + AC_DEFINE([USE_LIBEVENT], [1], [Define if you enable libevent]) AC_MSG_CHECKING(for libevent) - if test x_$withval = x_ -o x_$withval = x_yes; then - withval="/usr/local /opt/local /usr/lib /usr/pkg /usr/sfw /usr" + if test "x_$with_libevent" = x_ -o "x_$with_libevent" = x_yes; then + with_libevent="/usr/local /opt/local /usr/lib /usr/pkg /usr/sfw /usr" fi - for dir in $withval; do + for dir in $with_libevent; do thedir="$dir" if test -f "$dir/include/event.h" -o -f "$dir/include/event2/event.h"; then found_libevent="yes" - dnl assume /usr is in default path. - if test "$thedir" != "/usr"; then - CPPFLAGS="$CPPFLAGS -I$thedir/include" - fi - break; - fi + dnl assume /usr is in default path. + if test "$thedir" != "/usr"; then + CPPFLAGS="$CPPFLAGS -I$thedir/include" + fi + break; + fi done if test x_$found_libevent != x_yes; then if test -f "$dir/event.h" -a \( -f "$dir/libevent.la" -o -f "$dir/libev.la" \) ; then # libevent source directory - AC_MSG_RESULT(found in $thedir) - CPPFLAGS="$CPPFLAGS -I$thedir -I$thedir/include" + AC_MSG_RESULT(found in $thedir) + CPPFLAGS="$CPPFLAGS -I$thedir -I$thedir/include" BAK_LDFLAGS_SET="1" BAK_LDFLAGS="$LDFLAGS" # remove evdns from linking @@ -1249,10 +1279,10 @@ if test x_$withval = x_yes -o x_$withval != x_no; then cp $ev_files_o build/libevent cp $ev_files_lo build/libevent cp $ev_files_libso build/libevent/.libs - LATE_LDFLAGS="build/libevent/*.lo -lm" + LATE_LDFLAGS="build/libevent/*.lo -lm" LDFLAGS="build/libevent/*.o $LDFLAGS -lm" else - AC_MSG_ERROR([Cannot find the libevent library in $withval + AC_MSG_ERROR([Cannot find the libevent library in $with_libevent You can restart ./configure --with-libevent=no to use a builtin alternative. Please note that this alternative is not as capable as libevent when using large outgoing port ranges. ]) @@ -1688,9 +1718,10 @@ dt_DNSTAP([$UNBOUND_RUN_DIR/dnstap.sock], ACX_ESCAPE_BACKSLASH($opt_dnstap_socket_path, hdr_dnstap_socket_path) AC_DEFINE_UNQUOTED(DNSTAP_SOCKET_PATH, ["$hdr_dnstap_socket_path"], [default dnstap socket path]) + AC_SUBST(DNSTAP_SOCKET_PATH,["$hdr_dnstap_socket_path"]) - AC_SUBST([DNSTAP_SRC], ["dnstap/dnstap.c dnstap/dnstap.pb-c.c"]) - AC_SUBST([DNSTAP_OBJ], ["dnstap.lo dnstap.pb-c.lo"]) + AC_SUBST([DNSTAP_SRC], ["dnstap/dnstap.c dnstap/dnstap.pb-c.c dnstap/dnstap_fstrm.c dnstap/dtstream.c"]) + AC_SUBST([DNSTAP_OBJ], ["dnstap.lo dnstap.pb-c.lo dnstap_fstrm.lo dtstream.lo"]) ], [ AC_SUBST([ENABLE_DNSTAP], [0]) @@ -1778,6 +1809,15 @@ case "$enable_ipset" in # nothing ;; esac +AC_ARG_ENABLE(explicit-port-randomisation, AC_HELP_STRING([--disable-explicit-port-randomisation], [disable explicit source port randomisation and rely on the kernel to provide random source ports])) +case "$enable_explicit_port_randomisation" in + no) + AC_DEFINE([DISABLE_EXPLICIT_PORT_RANDOMISATION], [1], [Define this to enable kernel based UDP source port randomization.]) + ;; + yes|*) + ;; +esac + AC_MSG_CHECKING([if ${MAKE:-make} supports $< with implicit rule in scope]) # on openBSD, the implicit rule make $< work. diff --git a/contrib/aaaa-filter-iterator.patch b/contrib/aaaa-filter-iterator.patch index b5c5268223d1..9881bde892ad 100644 --- a/contrib/aaaa-filter-iterator.patch +++ b/contrib/aaaa-filter-iterator.patch @@ -13,9 +13,9 @@ Index: trunk/doc/unbound.conf.5.in +This also causes an additional A query to be sent for each AAAA query. +This breaks DNSSEC! +.TP - .B private\-address: \fI<IP address or subnet> - Give IPv4 of IPv6 addresses or classless subnets. These are addresses - on your private network, and are not allowed to be returned for + .B aggressive\-nsec: \fI<yes or no> + Aggressive NSEC uses the DNSSEC NSEC chain to synthesize NXDOMAIN + and other denials, using information from previous NXDOMAINs answers. Index: trunk/iterator/iter_scrub.c =================================================================== --- trunk/iterator/iter_scrub.c (revision 4357) @@ -125,7 +125,7 @@ Index: trunk/iterator/iterator.c + * ASN: This event state was added as an intermediary step between + * QUERYTARGETS_STATE and the next step, in order to cast a subquery for the + * purpose of caching A records for the queried name. -+ * ++ * + * @param qstate: query state. + * @param iq: iterator query state. + * @param ie: iterator shared global environment. @@ -147,9 +147,9 @@ Index: trunk/iterator/iterator.c + + /* re-throw same query, but with a different type */ + if(!generate_sub_request(iq->qchase.qname, -+ iq->qchase.qname_len, LDNS_RR_TYPE_A, ++ iq->qchase.qname_len, LDNS_RR_TYPE_A, + iq->qchase.qclass, qstate, id, iq, -+ INIT_REQUEST_STATE, FINISHED_STATE, &subq, 1)) { ++ INIT_REQUEST_STATE, FINISHED_STATE, &subq, 1, 0)) { + log_nametypeclass(VERB_ALGO, "ASN-AAAA-filter: failed " + "preloading of A record for", + iq->qchase.qname, LDNS_RR_TYPE_A, @@ -188,7 +188,7 @@ Index: trunk/iterator/iterator.c return 0; } -+/** ++/** + * ASN: Do final processing on responses to A queries originated from AAAA + * queries. Events reach this state after the iterative resolution algorithm + * terminates. diff --git a/contrib/android/15-android.conf b/contrib/android/15-android.conf new file mode 100644 index 000000000000..e1fc91e703f2 --- /dev/null +++ b/contrib/android/15-android.conf @@ -0,0 +1,37 @@ +#### Android... +# +# Heavily hacked 15-android.conf based on OpenSSL's config file of the same name. +# This 15-android.conf avoids compiler errors using NDK-r20. This 15-android.conf +# requires an environment set (sourced) using setenv-android.sh. + +my %targets = ( + "android" => { + inherit_from => [ "linux-generic32" ], + template => 1, + bin_cflags => add("-fPIE"), + bin_lflags => add("-pie"), + enable => [ ], + }, + + "android-arm" => { + inherit_from => [ "android", asm("armv4_asm") ], + bn_ops => [ "BN_LLONG", "RC4_CHAR" ], + }, + "android-arm64" => { + inherit_from => [ "android", asm("aarch64_asm") ], + bn_ops => [ "SIXTY_FOUR_BIT_LONG", "RC4_CHAR" ], + perlasm_scheme => "linux64", + }, + + "android-x86" => { + inherit_from => [ "android", asm("x86_asm") ], + cflags => add(picker(release => "-fomit-frame-pointer")), + bn_ops => [ "BN_LLONG", "RC4_INT" ], + perlasm_scheme => "android", + }, + "android-x86_64" => { + inherit_from => [ "android", asm("x86_64_asm") ], + bn_ops => [ "SIXTY_FOUR_BIT_LONG", "RC4_INT" ], + perlasm_scheme => "elf", + }, +); diff --git a/contrib/android/install_expat.sh b/contrib/android/install_expat.sh new file mode 100755 index 000000000000..ffb22322c803 --- /dev/null +++ b/contrib/android/install_expat.sh @@ -0,0 +1,51 @@ +#!/usr/bin/env bash + +echo "Downloading Expat" +if ! curl -L -k -s -o expat-2.2.9.tar.gz https://github.com/libexpat/libexpat/releases/download/R_2_2_9/expat-2.2.9.tar.gz; +then + echo "Failed to download Expat" + exit 1 +fi + +echo "Unpacking Expat" +rm -rf ./expat-2.2.9 +if ! tar -xf expat-2.2.9.tar.gz; +then + echo "Failed to unpack Expat" + exit 1 +fi + +cd expat-2.2.9 || exit 1 + +echo "Configuring Expat" +if ! ./configure --build="$AUTOTOOLS_BUILD" --host="$AUTOTOOLS_HOST" --prefix="$ANDROID_PREFIX"; then + echo "Error: Failed to configure Expat" + exit 1 +fi + +# Cleanup warnings, https://github.com/libexpat/libexpat/issues/383 +echo "Fixing Makefiles" +(IFS="" find "$PWD" -name 'Makefile' -print | while read -r file +do + cp -p "$file" "$file.fixed" + sed 's|-Wduplicated-cond ||g; s|-Wduplicated-branches ||g; s|-Wlogical-op ||g' "$file" > "$file.fixed" + mv "$file.fixed" "$file" + + cp -p "$file" "$file.fixed" + sed 's|-Wrestrict ||g; s|-Wjump-misses-init ||g; s|-Wmisleading-indentation ||g' "$file" > "$file.fixed" + mv "$file.fixed" "$file" +done) + +echo "Building Expat" +if ! make; then + echo "Failed to build Expat" + exit 1 +fi + +echo "Installing Expat" +if ! make install; then + echo "Failed to install Expat" + exit 1 +fi + +exit 0 diff --git a/contrib/android/install_ndk.sh b/contrib/android/install_ndk.sh new file mode 100755 index 000000000000..6e07b5d6cbfd --- /dev/null +++ b/contrib/android/install_ndk.sh @@ -0,0 +1,60 @@ +#!/usr/bin/env bash + +if [ -z "$ANDROID_SDK_ROOT" ]; then + echo "ERROR: ANDROID_SDK_ROOT is not a valid path. Please set it." + echo "SDK root is $ANDROID_SDK_ROOT" + exit 1 +fi + +if [ -z "$ANDROID_NDK_ROOT" ]; then + echo "ERROR: ANDROID_NDK_ROOT is not a valid path. Please set it." + echo "NDK root is $ANDROID_NDK_ROOT" + exit 1 +fi + +echo "Using ANDROID_SDK_ROOT: $ANDROID_SDK_ROOT" +echo "Using ANDROID_NDK_ROOT: $ANDROID_NDK_ROOT" + +echo "Downloading SDK" +if ! curl -L -k -s -o "$HOME/android-sdk.zip" https://dl.google.com/android/repository/commandlinetools-linux-6200805_latest.zip; +then + echo "Failed to download SDK" + exit 1 +fi + +echo "Downloading NDK" +if ! curl -L -k -s -o "$HOME/android-ndk.zip" https://dl.google.com/android/repository/android-ndk-r20b-linux-x86_64.zip; +then + echo "Failed to download NDK" + exit 1 +fi + +echo "Unpacking SDK to $ANDROID_SDK_ROOT" +if ! unzip -qq "$HOME/android-sdk.zip" -d "$ANDROID_SDK_ROOT"; +then + echo "Failed to unpack SDK" + exit 1 +fi + +echo "Unpacking NDK to $ANDROID_NDK_ROOT" +if ! unzip -qq "$HOME/android-ndk.zip" -d "$HOME"; +then + echo "Failed to unpack NDK" + exit 1 +fi + +if ! mv "$HOME/android-ndk-r20b" "$ANDROID_NDK_ROOT"; +then + echo "Failed to move $HOME/android-ndk-r20b to $ANDROID_NDK_ROOT" + exit 1 +fi + +rm -f "$HOME/android-sdk.zip" +rm -f "$HOME/android-ndk.zip" + +# https://stackoverflow.com/a/47028911/608639 +touch "$ANDROID_SDK_ROOT/repositories.cfg" + +echo "Finished installing SDK and NDK" + +exit 0 diff --git a/contrib/android/install_openssl.sh b/contrib/android/install_openssl.sh new file mode 100755 index 000000000000..e4fb87266e2e --- /dev/null +++ b/contrib/android/install_openssl.sh @@ -0,0 +1,44 @@ +#!/usr/bin/env bash + +echo "Downloading OpenSSL" +if ! curl -L -k -s -o openssl-1.1.1d.tar.gz https://www.openssl.org/source/openssl-1.1.1d.tar.gz; +then + echo "Failed to download OpenSSL" + exit 1 +fi + +echo "Unpacking OpenSSL" +rm -rf ./openssl-1.1.1d +if ! tar -xf openssl-1.1.1d.tar.gz; +then + echo "Failed to unpack OpenSSL" + exit 1 +fi + +cd openssl-1.1.1d || exit 1 + +if ! cp ../contrib/android/15-android.conf Configurations/; then + echo "Failed to copy OpenSSL Android config" + exit 1 +fi + +echo "Configuring OpenSSL" +if ! ./Configure "$OPENSSL_HOST" no-comp no-asm no-hw no-engine shared \ + --prefix="$ANDROID_PREFIX" --openssldir="$ANDROID_PREFIX"; then + echo "Failed to configure OpenSSL" + exit 1 +fi + +echo "Building OpenSSL" +if ! make; then + echo "Failed to build OpenSSL" + exit 1 +fi + +echo "Installing OpenSSL" +if ! make install_sw; then + echo "Failed to install OpenSSL" + exit 1 +fi + +exit 0 diff --git a/contrib/android/install_tools.sh b/contrib/android/install_tools.sh new file mode 100755 index 000000000000..0f595a0bcb12 --- /dev/null +++ b/contrib/android/install_tools.sh @@ -0,0 +1,6 @@ +#!/usr/bin/env bash + +# This step should install tools needed for all packages - OpenSSL, Expat and Unbound +echo "Updating tools" +sudo apt-get -qq update +sudo apt-get -qq install --no-install-recommends curl tar zip unzip perl openjdk-8-jdk autoconf automake libtool pkg-config diff --git a/contrib/android/setenv_android.sh b/contrib/android/setenv_android.sh new file mode 100755 index 000000000000..fe7f6503c6d6 --- /dev/null +++ b/contrib/android/setenv_android.sh @@ -0,0 +1,203 @@ +#!/usr/bin/env bash + +# ==================================================================== +# Sets the cross compile environment for Android +# +# Based upon OpenSSL's setenv-android.sh by TH, JW, and SM. +# Heavily modified by JWW for Crypto++. +# Updated by Skycoder42 for current recommendations for Android. +# Modified by JWW for Unbound. +# ==================================================================== + +######################################### +##### Some validation ##### +######################################### + +if [ -z "$ANDROID_API" ]; then + echo "ANDROID_API is not set. Please set it" + [[ "$0" = "${BASH_SOURCE[0]}" ]] && exit 1 || return 1 +fi + +if [ -z "$ANDROID_CPU" ]; then + echo "ANDROID_CPU is not set. Please set it" + [[ "$0" = "${BASH_SOURCE[0]}" ]] && exit 1 || return 1 +fi + +if [ ! -d "$ANDROID_NDK_ROOT" ]; then + echo "ERROR: ANDROID_NDK_ROOT is not a valid path. Please set it." + echo "NDK root is $ANDROID_NDK_ROOT" + [ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1 +fi + +# cryptest-android.sh may run this script without sourcing. +if [ "$0" = "${BASH_SOURCE[0]}" ]; then + echo "setenv-android.sh is usually sourced, but not this time." +fi + +##################################################################### + +# Need to set THIS_HOST to darwin-x86_64, linux-x86_64, +# windows, or windows-x86_64 + +if [[ "$(uname -s | grep -i -c darwin)" -ne 0 ]]; then + THIS_HOST=darwin-x86_64 +elif [[ "$(uname -s | grep -i -c linux)" -ne 0 ]]; then + THIS_HOST=linux-x86_64 +else + echo "ERROR: Unknown host" + [ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1 +fi + +ANDROID_TOOLCHAIN="$ANDROID_NDK_ROOT/toolchains/llvm/prebuilt/$THIS_HOST/bin" +ANDROID_SYSROOT="$ANDROID_NDK_ROOT/toolchains/llvm/prebuilt/$THIS_HOST/sysroot" + +# Error checking +if [ ! -d "$ANDROID_TOOLCHAIN" ]; then + echo "ERROR: ANDROID_TOOLCHAIN is not a valid path. Please set it." + echo "Path is $ANDROID_TOOLCHAIN" + [ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1 +fi + +# Error checking +if [ ! -d "$ANDROID_SYSROOT" ]; then + echo "ERROR: ANDROID_SYSROOT is not a valid path. Please set it." + echo "Path is $ANDROID_SYSROOT" + [ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1 +fi + +##################################################################### + +THE_ARCH=$(tr '[:upper:]' '[:lower:]' <<< "$ANDROID_CPU") + +# https://developer.android.com/ndk/guides/abis.html +case "$THE_ARCH" in + armv7*|armeabi*) + CC="armv7a-linux-androideabi$ANDROID_API-clang" + CXX="armv7a-linux-androideabi$ANDROID_API-clang++" + LD="arm-linux-androideabi-ld" + AS="arm-linux-androideabi-as" + AR="arm-linux-androideabi-ar" + RANLIB="arm-linux-androideabi-ranlib" + STRIP="arm-linux-androideabi-strip" + + CFLAGS="-march=armv7-a -mthumb -mfloat-abi=softfp -funwind-tables -fexceptions" + CXXFLAGS="-march=armv7-a -mthumb -mfloat-abi=softfp -funwind-tables -fexceptions -frtti" + ;; + + armv8*|aarch64|arm64*) + CC="aarch64-linux-android$ANDROID_API-clang" + CXX="aarch64-linux-android$ANDROID_API-clang++" + LD="aarch64-linux-android-ld" + AS="aarch64-linux-android-as" + AR="aarch64-linux-android-ar" + RANLIB="aarch64-linux-android-ranlib" + STRIP="aarch64-linux-android-strip" + + CFLAGS="-funwind-tables -fexceptions" + CXXFLAGS="-funwind-tables -fexceptions -frtti" + ;; + + x86) + CC="i686-linux-android$ANDROID_API-clang" + CXX="i686-linux-android$ANDROID_API-clang++" + LD="i686-linux-android-ld" + AS="i686-linux-android-as" + AR="i686-linux-android-ar" + RANLIB="i686-linux-android-ranlib" + STRIP="i686-linux-android-strip" + + CFLAGS="-mtune=intel -mssse3 -mfpmath=sse -funwind-tables -fexceptions" + CXXFLAGS="-mtune=intel -mssse3 -mfpmath=sse -funwind-tables -fexceptions -frtti" + ;; + + x86_64|x64) + CC="x86_64-linux-android$ANDROID_API-clang" + CXX="x86_64-linux-android$ANDROID_API-clang++" + LD="x86_64-linux-android-ld" + AS="x86_64-linux-android-as" + AR="x86_64-linux-android-ar" + RANLIB="x86_64-linux-android-ranlib" + STRIP="x86_64-linux-android-strip" + + CFLAGS="-march=x86-64 -msse4.2 -mpopcnt -mtune=intel -funwind-tables -fexceptions" + CXXFLAGS="-march=x86-64 -msse4.2 -mpopcnt -mtune=intel -funwind-tables -fexceptions -frtti" + ;; + + *) + echo "ERROR: Unknown architecture $ANDROID_CPU" + [ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1 + ;; +esac + +##################################################################### + +# Error checking +if [ ! -e "$ANDROID_TOOLCHAIN/$CC" ]; then + echo "ERROR: Failed to find Android clang. Please edit this script." + [ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1 +fi + +# Error checking +if [ ! -e "$ANDROID_TOOLCHAIN/$CXX" ]; then + echo "ERROR: Failed to find Android clang++. Please edit this script." + [ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1 +fi + +# Error checking +if [ ! -e "$ANDROID_TOOLCHAIN/$RANLIB" ]; then + echo "ERROR: Failed to find Android ranlib. Please edit this script." + [ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1 +fi + +# Error checking +if [ ! -e "$ANDROID_TOOLCHAIN/$AR" ]; then + echo "ERROR: Failed to find Android ar. Please edit this script." + [ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1 +fi + +# Error checking +if [ ! -e "$ANDROID_TOOLCHAIN/$AS" ]; then + echo "ERROR: Failed to find Android as. Please edit this script." + [ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1 +fi + +# Error checking +if [ ! -e "$ANDROID_TOOLCHAIN/$LD" ]; then + echo "ERROR: Failed to find Android ld. Please edit this script." + [ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1 +fi + +##################################################################### + +LENGTH=${#ANDROID_TOOLCHAIN} +SUBSTR=${PATH:0:$LENGTH} +if [ "$SUBSTR" != "$ANDROID_TOOLCHAIN" ]; then + export PATH="$ANDROID_TOOLCHAIN:$PATH" +fi + +##################################################################### + +export CPP CC CXX LD AS AR RANLIB STRIP +export ANDROID_SYSROOT="$AOSP_SYSROOT" +export CPPFLAGS="-D__ANDROID_API__=$ANDROID_API" +export CFLAGS="$CFLAGS --sysroot=$AOSP_SYSROOT" +export CXXFLAGS="$CXXFLAGS -stdlib=libc++ --sysroot=$AOSP_SYSROOT" + +##################################################################### + +echo "ANDROID_TOOLCHAIN: $ANDROID_TOOLCHAIN" + +echo "CPP: $(command -v "$CPP")" +echo "CC: $(command -v "$CC")" +echo "CXX: $(command -v "$CXX")" +echo "LD: $(command -v "$LD")" +echo "AS: $(command -v "$AS")" +echo "AR: $(command -v "$AR")" + +echo "ANDROID_SYSROOT: $ANDROID_SYSROOT" + +echo "CPPFLAGS: $CPPFLAGS" +echo "CFLAGS: $CFLAGS" +echo "CXXFLAGS: $CXXFLAGS" + +[ "$0" = "${BASH_SOURCE[0]}" ] && exit 0 || return 0 diff --git a/contrib/fastrpz.patch b/contrib/fastrpz.patch index aacd5ab826b8..5b3c18a7cdd7 100644 --- a/contrib/fastrpz.patch +++ b/contrib/fastrpz.patch @@ -2,7 +2,7 @@ Description: based on the included patch contrib/fastrpz.patch Author: fastrpz@farsightsecurity.com --- diff --git a/Makefile.in b/Makefile.in -index a20058cc..495779cc 100644 +index bac212df..4824927f 100644 --- a/Makefile.in +++ b/Makefile.in @@ -23,6 +23,8 @@ CHECKLOCK_SRC=testcode/checklocks.c @@ -13,8 +13,8 @@ index a20058cc..495779cc 100644 +FASTRPZ_OBJ=@FASTRPZ_OBJ@ DNSCRYPT_SRC=@DNSCRYPT_SRC@ DNSCRYPT_OBJ=@DNSCRYPT_OBJ@ - WITH_PYTHONMODULE=@WITH_PYTHONMODULE@ -@@ -127,7 +129,7 @@ validator/val_sigcrypt.c validator/val_utils.c dns64/dns64.c \ + WITH_DYNLIBMODULE=@WITH_DYNLIBMODULE@ +@@ -134,7 +136,7 @@ validator/val_sigcrypt.c validator/val_utils.c dns64/dns64.c \ edns-subnet/edns-subnet.c edns-subnet/subnetmod.c \ edns-subnet/addrtree.c edns-subnet/subnet-whitelist.c \ cachedb/cachedb.c cachedb/redis.c respip/respip.c $(CHECKLOCK_SRC) \ @@ -23,16 +23,16 @@ index a20058cc..495779cc 100644 COMMON_OBJ_WITHOUT_NETCALL=dns.lo infra.lo rrset.lo dname.lo msgencode.lo \ as112.lo msgparse.lo msgreply.lo packed_rrset.lo iterator.lo iter_delegpt.lo \ iter_donotq.lo iter_fwd.lo iter_hints.lo iter_priv.lo iter_resptype.lo \ -@@ -140,7 +142,7 @@ autotrust.lo val_anchor.lo rpz.lo \ +@@ -147,7 +149,7 @@ autotrust.lo val_anchor.lo rpz.lo \ validator.lo val_kcache.lo val_kentry.lo val_neg.lo val_nsec3.lo val_nsec.lo \ val_secalgo.lo val_sigcrypt.lo val_utils.lo dns64.lo cachedb.lo redis.lo authzone.lo \ $(SUBNET_OBJ) $(PYTHONMOD_OBJ) $(CHECKLOCK_OBJ) $(DNSTAP_OBJ) $(DNSCRYPT_OBJ) \ --$(IPSECMOD_OBJ) $(IPSET_OBJ) respip.lo -+$(FASTRPZ_OBJ) $(IPSECMOD_OBJ) $(IPSET_OBJ) respip.lo +-$(IPSECMOD_OBJ) $(IPSET_OBJ) $(DYNLIBMOD_OBJ) respip.lo ++$(FASTRPZ_OBJ) $(IPSECMOD_OBJ) $(IPSET_OBJ) $(DYNLIBMOD_OBJ) respip.lo COMMON_OBJ_WITHOUT_UB_EVENT=$(COMMON_OBJ_WITHOUT_NETCALL) netevent.lo listen_dnsport.lo \ outside_network.lo COMMON_OBJ=$(COMMON_OBJ_WITHOUT_UB_EVENT) ub_event.lo -@@ -410,6 +412,11 @@ dnscrypt.lo dnscrypt.o: $(srcdir)/dnscrypt/dnscrypt.c config.h \ +@@ -428,6 +430,11 @@ dnscrypt.lo dnscrypt.o: $(srcdir)/dnscrypt/dnscrypt.c config.h \ $(srcdir)/util/config_file.h $(srcdir)/util/log.h \ $(srcdir)/util/netevent.h @@ -45,10 +45,10 @@ index a20058cc..495779cc 100644 pythonmod.lo pythonmod.o: $(srcdir)/pythonmod/pythonmod.c config.h \ pythonmod/interface.h \ diff --git a/config.h.in b/config.h.in -index 78d47fed..e33073e4 100644 +index f7a4095e..d5a4fa01 100644 --- a/config.h.in +++ b/config.h.in -@@ -1345,4 +1345,11 @@ void *unbound_stat_realloc_log(void *ptr, size_t size, const char* file, +@@ -1364,4 +1364,11 @@ void *unbound_stat_realloc_log(void *ptr, size_t size, const char* file, /** the version of unbound-control that this software implements */ #define UNBOUND_CONTROL_VERSION 1 @@ -62,7 +62,7 @@ index 78d47fed..e33073e4 100644 +/** turn on fastrpz response policy zones */ +#undef ENABLE_FASTRPZ diff --git a/configure.ac b/configure.ac -index 2b91dd3c..e6063d17 100644 +index 5c373d9d..e45abd89 100644 --- a/configure.ac +++ b/configure.ac @@ -6,6 +6,7 @@ sinclude(ax_pthread.m4) @@ -73,10 +73,10 @@ index 2b91dd3c..e6063d17 100644 sinclude(dnscrypt/dnscrypt.m4) # must be numbers. ac_defun because of later processing -@@ -1778,6 +1779,9 @@ case "$enable_ipset" in - ;; +@@ -1819,6 +1820,9 @@ case "$enable_explicit_port_randomisation" in esac + +# check for Fastrpz with fastrpz/rpz.m4 +ck_FASTRPZ + @@ -84,7 +84,7 @@ index 2b91dd3c..e6063d17 100644 # on openBSD, the implicit rule make $< work. # on Solaris, it does not work ($? is changed sources, $^ lists dependencies). diff --git a/daemon/daemon.c b/daemon/daemon.c -index 8b0fc348..7ffb9221 100644 +index 5d427925..f89f1437 100644 --- a/daemon/daemon.c +++ b/daemon/daemon.c @@ -91,6 +91,9 @@ @@ -97,8 +97,8 @@ index 8b0fc348..7ffb9221 100644 #ifdef HAVE_SYSTEMD #include <systemd/sd-daemon.h> -@@ -458,6 +461,14 @@ daemon_create_workers(struct daemon* daemon) - dt_apply_cfg(daemon->dtenv, daemon->cfg); +@@ -456,6 +459,14 @@ daemon_create_workers(struct daemon* daemon) + fatal_exit("dt_create failed"); #else fatal_exit("dnstap enabled in config but not built with dnstap support"); +#endif @@ -112,7 +112,7 @@ index 8b0fc348..7ffb9221 100644 #endif } for(i=0; i<daemon->num; i++) { -@@ -731,6 +742,9 @@ daemon_cleanup(struct daemon* daemon) +@@ -729,6 +740,9 @@ daemon_cleanup(struct daemon* daemon) #ifdef USE_DNSCRYPT dnsc_delete(daemon->dnscenv); daemon->dnscenv = NULL; @@ -139,7 +139,7 @@ index 3effbafb..4d4c34da 100644 /** diff --git a/daemon/worker.c b/daemon/worker.c -index eb7fdf2f..1982228d 100644 +index 23e3244c..b63d49b7 100644 --- a/daemon/worker.c +++ b/daemon/worker.c @@ -76,6 +76,9 @@ @@ -152,7 +152,7 @@ index eb7fdf2f..1982228d 100644 #include "sldns/wire2str.h" #include "util/shm_side/shm_main.h" #include "dnscrypt/dnscrypt.h" -@@ -534,8 +537,27 @@ answer_norec_from_cache(struct worker* worker, struct query_info* qinfo, +@@ -535,8 +538,27 @@ answer_norec_from_cache(struct worker* worker, struct query_info* qinfo, /* not secure */ secure = 0; break; @@ -180,7 +180,7 @@ index eb7fdf2f..1982228d 100644 /* return this delegation from the cache */ edns_bak = *edns; edns->edns_version = EDNS_ADVERTISED_VERSION; -@@ -710,6 +732,23 @@ answer_from_cache(struct worker* worker, struct query_info* qinfo, +@@ -711,6 +733,23 @@ answer_from_cache(struct worker* worker, struct query_info* qinfo, *is_secure_answer = 0; } } else *is_secure_answer = 0; @@ -204,7 +204,7 @@ index eb7fdf2f..1982228d 100644 edns_bak = *edns; edns->edns_version = EDNS_ADVERTISED_VERSION; -@@ -1435,6 +1474,15 @@ worker_handle_request(struct comm_point* c, void* arg, int error, +@@ -1436,6 +1475,15 @@ worker_handle_request(struct comm_point* c, void* arg, int error, log_addr(VERB_ALGO, "refused nonrec (cache snoop) query from", &repinfo->addr, repinfo->addrlen); goto send_reply; @@ -220,7 +220,7 @@ index eb7fdf2f..1982228d 100644 } /* If we've found a local alias, replace the qname with the alias -@@ -1485,12 +1533,21 @@ lookup_cache: +@@ -1486,12 +1534,21 @@ lookup_cache: h = query_info_hash(lookup_qinfo, sldns_buffer_read_u16_at(c->buffer, 2)); if((e=slabhash_lookup(worker->env.msg_cache, h, lookup_qinfo, 0))) { /* answer from cache - we have acquired a readlock on it */ @@ -244,7 +244,7 @@ index eb7fdf2f..1982228d 100644 /* prefetch it if the prefetch TTL expired. * Note that if there is more than one pass * its qname must be that used for cache -@@ -1547,11 +1604,19 @@ lookup_cache: +@@ -1548,11 +1605,19 @@ lookup_cache: lock_rw_unlock(&e->lock); } if(!LDNS_RD_WIRE(sldns_buffer_begin(c->buffer))) { @@ -267,10 +267,10 @@ index eb7fdf2f..1982228d 100644 } verbose(VERB_ALGO, "answer norec from cache -- " diff --git a/doc/unbound.conf.5.in b/doc/unbound.conf.5.in -index 38c2d298..3b07f392 100644 +index cd43f04e..b92a1af8 100644 --- a/doc/unbound.conf.5.in +++ b/doc/unbound.conf.5.in -@@ -1828,6 +1828,81 @@ List domain for which the AAAA records are ignored and the A record is +@@ -1878,6 +1878,81 @@ List domain for which the AAAA records are ignored and the A record is used by dns64 processing instead. Can be entered multiple times, list a new domain for which it applies, one per line. Applies also to names underneath the name given. @@ -2888,7 +2888,7 @@ index 00000000..21235355 + fi +]) diff --git a/iterator/iterator.c b/iterator/iterator.c -index 1e0113a8..2fcbf547 100644 +index 23b07ea9..c3d31a33 100644 --- a/iterator/iterator.c +++ b/iterator/iterator.c @@ -68,6 +68,9 @@ @@ -2901,7 +2901,7 @@ index 1e0113a8..2fcbf547 100644 /* in msec */ int UNKNOWN_SERVER_NICENESS = 376; -@@ -555,6 +558,23 @@ handle_cname_response(struct module_qstate* qstate, struct iter_qstate* iq, +@@ -563,6 +566,23 @@ handle_cname_response(struct module_qstate* qstate, struct iter_qstate* iq, if(ntohs(r->rk.type) == LDNS_RR_TYPE_CNAME && query_dname_compare(*mname, r->rk.dname) == 0 && !iter_find_rrset_in_prepend_answer(iq, r)) { @@ -2925,7 +2925,7 @@ index 1e0113a8..2fcbf547 100644 /* Add this relevant CNAME rrset to the prepend list.*/ if(!iter_add_prepend_answer(qstate, iq, r)) return 0; -@@ -563,6 +583,9 @@ handle_cname_response(struct module_qstate* qstate, struct iter_qstate* iq, +@@ -571,6 +591,9 @@ handle_cname_response(struct module_qstate* qstate, struct iter_qstate* iq, /* Other rrsets in the section are ignored. */ } @@ -2935,7 +2935,7 @@ index 1e0113a8..2fcbf547 100644 /* add authority rrsets to authority prepend, for wildcarded CNAMEs */ for(i=msg->rep->an_numrrsets; i<msg->rep->an_numrrsets + msg->rep->ns_numrrsets; i++) { -@@ -1199,6 +1222,7 @@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq, +@@ -1231,6 +1254,7 @@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq, uint8_t* delname; size_t delnamelen; struct dns_msg* msg = NULL; @@ -2943,7 +2943,7 @@ index 1e0113a8..2fcbf547 100644 log_query_info(VERB_DETAIL, "resolving", &qstate->qinfo); /* check effort */ -@@ -1285,8 +1309,7 @@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq, +@@ -1317,8 +1341,7 @@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq, } if(msg) { /* handle positive cache response */ @@ -2953,7 +2953,7 @@ index 1e0113a8..2fcbf547 100644 if(verbosity >= VERB_ALGO) { log_dns_msg("msg from cache lookup", &msg->qinfo, msg->rep); -@@ -1294,7 +1317,22 @@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq, +@@ -1326,7 +1349,22 @@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq, (int)msg->rep->ttl, (int)msg->rep->prefetch_ttl); } @@ -2976,7 +2976,7 @@ index 1e0113a8..2fcbf547 100644 if(type == RESPONSE_TYPE_CNAME) { uint8_t* sname = 0; size_t slen = 0; -@@ -2718,6 +2756,62 @@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq, +@@ -2801,6 +2839,62 @@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq, sock_list_insert(&qstate->reply_origin, &qstate->reply->addr, qstate->reply->addrlen, qstate->region); @@ -3039,7 +3039,7 @@ index 1e0113a8..2fcbf547 100644 if(iq->minimisation_state != DONOT_MINIMISE_STATE && !(iq->chase_flags & BIT_RD)) { if(FLAGS_GET_RCODE(iq->response->rep->flags) != -@@ -3471,12 +3565,44 @@ processFinished(struct module_qstate* qstate, struct iter_qstate* iq, +@@ -3563,12 +3657,44 @@ processFinished(struct module_qstate* qstate, struct iter_qstate* iq, * but only if we did recursion. The nonrecursion referral * from cache does not need to be stored in the msg cache. */ if(!qstate->no_cache_store && qstate->query_flags&BIT_RD) { @@ -3085,10 +3085,10 @@ index 1e0113a8..2fcbf547 100644 qstate->return_msg = iq->response; return 0; diff --git a/iterator/iterator.h b/iterator/iterator.h -index a2f1b570..e1e4a738 100644 +index 342ac207..49b0ecdd 100644 --- a/iterator/iterator.h +++ b/iterator/iterator.h -@@ -386,6 +386,16 @@ struct iter_qstate { +@@ -396,6 +396,16 @@ struct iter_qstate { */ int minimise_count; @@ -3104,12 +3104,12 @@ index a2f1b570..e1e4a738 100644 + /** * Count number of time-outs. Used to prevent resolving failures when - * the QNAME minimisation QTYPE is blocked. */ + * the QNAME minimisation QTYPE is blocked. Used to determine if diff --git a/services/cache/dns.c b/services/cache/dns.c -index 2a5bca4a..6de8863a 100644 +index 7b6e142c..6d7449f5 100644 --- a/services/cache/dns.c +++ b/services/cache/dns.c -@@ -967,6 +967,14 @@ dns_cache_store(struct module_env* env, struct query_info* msgqinf, +@@ -969,6 +969,14 @@ dns_cache_store(struct module_env* env, struct query_info* msgqinf, struct regional* region, uint32_t flags) { struct reply_info* rep = NULL; @@ -3125,7 +3125,7 @@ index 2a5bca4a..6de8863a 100644 rep = reply_info_copy(msgrep, env->alloc, NULL); if(!rep) diff --git a/services/mesh.c b/services/mesh.c -index 9114ef4c..3dc518e5 100644 +index 4b0c5db4..eb9cfa5b 100644 --- a/services/mesh.c +++ b/services/mesh.c @@ -61,6 +61,9 @@ @@ -3138,7 +3138,7 @@ index 9114ef4c..3dc518e5 100644 #include "respip/respip.h" #include "services/listen_dnsport.h" -@@ -1195,6 +1198,13 @@ mesh_send_reply(struct mesh_state* m, int rcode, struct reply_info* rep, +@@ -1207,6 +1210,13 @@ mesh_send_reply(struct mesh_state* m, int rcode, struct reply_info* rep, else secure = 0; if(!rep && rcode == LDNS_RCODE_NOERROR) rcode = LDNS_RCODE_SERVFAIL; @@ -3152,7 +3152,7 @@ index 9114ef4c..3dc518e5 100644 /* send the reply */ /* We don't reuse the encoded answer if either the previous or current * response has a local alias. We could compare the alias records -@@ -1415,6 +1425,7 @@ struct mesh_state* mesh_area_find(struct mesh_area* mesh, +@@ -1434,6 +1444,7 @@ struct mesh_state* mesh_area_find(struct mesh_area* mesh, key.s.is_valrec = valrec; key.s.qinfo = *qinfo; key.s.query_flags = qflags; @@ -3160,7 +3160,7 @@ index 9114ef4c..3dc518e5 100644 /* We are searching for a similar mesh state when we DO want to * aggregate the state. Thus unique is set to NULL. (default when we * desire aggregation).*/ -@@ -1461,6 +1472,10 @@ int mesh_state_add_reply(struct mesh_state* s, struct edns_data* edns, +@@ -1480,6 +1491,10 @@ int mesh_state_add_reply(struct mesh_state* s, struct edns_data* edns, if(!r) return 0; r->query_reply = *rep; @@ -3172,11 +3172,11 @@ index 9114ef4c..3dc518e5 100644 if(edns->opt_list) { r->edns.opt_list = edns_opt_copy_region(edns->opt_list, diff --git a/util/config_file.c b/util/config_file.c -index 52ca5a18..0660248f 100644 +index 0e9ee471..a5fd72e0 100644 --- a/util/config_file.c +++ b/util/config_file.c -@@ -1460,6 +1460,8 @@ config_delete(struct config_file* cfg) - free(cfg->dnstap_socket_path); +@@ -1495,6 +1495,8 @@ config_delete(struct config_file* cfg) + free(cfg->dnstap_tls_client_cert_file); free(cfg->dnstap_identity); free(cfg->dnstap_version); + if (cfg->rpz_cstr) @@ -3185,10 +3185,10 @@ index 52ca5a18..0660248f 100644 config_deldblstrlist(cfg->ratelimit_below_domain); config_delstrlist(cfg->python_script); diff --git a/util/config_file.h b/util/config_file.h -index 8739ca2a..a2dcf215 100644 +index 66e5025d..504f4f92 100644 --- a/util/config_file.h +++ b/util/config_file.h -@@ -499,6 +499,11 @@ struct config_file { +@@ -522,6 +522,11 @@ struct config_file { /** true to disable DNSSEC lameness check in iterator */ int disable_dnssec_lame_check; @@ -3201,10 +3201,10 @@ index 8739ca2a..a2dcf215 100644 int ip_ratelimit; /** number of slabs for ip_ratelimit cache */ diff --git a/util/configlexer.lex b/util/configlexer.lex -index deedffa5..301458a3 100644 +index 83cea4b9..9a7feea4 100644 --- a/util/configlexer.lex +++ b/util/configlexer.lex -@@ -446,6 +446,10 @@ dnstap-log-forwarder-query-messages{COLON} { +@@ -467,6 +467,10 @@ dnstap-log-forwarder-query-messages{COLON} { YDVAR(1, VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES) } dnstap-log-forwarder-response-messages{COLON} { YDVAR(1, VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES) } @@ -3216,18 +3216,18 @@ index deedffa5..301458a3 100644 ip-ratelimit{COLON} { YDVAR(1, VAR_IP_RATELIMIT) } ratelimit{COLON} { YDVAR(1, VAR_RATELIMIT) } diff --git a/util/configparser.y b/util/configparser.y -index d471babe..cb6b1d63 100644 +index fe600a99..ce43390f 100644 --- a/util/configparser.y +++ b/util/configparser.y -@@ -125,6 +125,7 @@ extern struct config_parser_state* cfg_parser; +@@ -128,6 +128,7 @@ extern struct config_parser_state* cfg_parser; %token VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES %token VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES %token VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES +%token VAR_RPZ VAR_RPZ_ENABLE VAR_RPZ_ZONE VAR_RPZ_OPTION %token VAR_RESPONSE_IP_TAG VAR_RESPONSE_IP VAR_RESPONSE_IP_DATA %token VAR_HARDEN_ALGO_DOWNGRADE VAR_IP_TRANSPARENT - %token VAR_DISABLE_DNSSEC_LAME_CHECK -@@ -173,7 +174,7 @@ extern struct config_parser_state* cfg_parser; + %token VAR_IP_DSCP +@@ -179,7 +180,7 @@ extern struct config_parser_state* cfg_parser; %% toplevelvars: /* empty */ | toplevelvars toplevelvar ; @@ -3236,7 +3236,7 @@ index d471babe..cb6b1d63 100644 forwardstart contents_forward | pythonstart contents_py | rcstart contents_rc | dtstart contents_dt | viewstart contents_view | dnscstart contents_dnsc | cachedbstart contents_cachedb | -@@ -2837,6 +2838,50 @@ dt_dnstap_log_forwarder_response_messages: VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MES +@@ -2939,6 +2940,50 @@ dt_dnstap_log_forwarder_response_messages: VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MES free($2); } ; @@ -3384,7 +3384,7 @@ index 729877ba..ccd1a0c2 100644 /** diff --git a/util/netevent.c b/util/netevent.c -index 9fe5da2d..037e70d1 100644 +index 3e7a433e..f20d806f 100644 --- a/util/netevent.c +++ b/util/netevent.c @@ -57,6 +57,9 @@ @@ -3397,7 +3397,7 @@ index 9fe5da2d..037e70d1 100644 /* -------- Start of local definitions -------- */ /** if CMSG_ALIGN is not defined on this platform, a workaround */ -@@ -590,6 +593,9 @@ comm_point_udp_ancil_callback(int fd, short event, void* arg) +@@ -596,6 +599,9 @@ comm_point_udp_ancil_callback(int fd, short event, void* arg) struct cmsghdr* cmsg; #endif /* S_SPLINT_S */ @@ -3407,7 +3407,7 @@ index 9fe5da2d..037e70d1 100644 rep.c = (struct comm_point*)arg; log_assert(rep.c->type == comm_udp); -@@ -679,6 +685,9 @@ comm_point_udp_callback(int fd, short event, void* arg) +@@ -685,6 +691,9 @@ comm_point_udp_callback(int fd, short event, void* arg) int i; struct sldns_buffer *buffer; @@ -3417,7 +3417,7 @@ index 9fe5da2d..037e70d1 100644 rep.c = (struct comm_point*)arg; log_assert(rep.c->type == comm_udp); -@@ -722,6 +731,9 @@ comm_point_udp_callback(int fd, short event, void* arg) +@@ -728,6 +737,9 @@ comm_point_udp_callback(int fd, short event, void* arg) (void)comm_point_send_udp_msg(rep.c, buffer, (struct sockaddr*)&rep.addr, rep.addrlen); } @@ -3427,7 +3427,7 @@ index 9fe5da2d..037e70d1 100644 if(!rep.c || rep.c->fd != fd) /* commpoint closed to -1 or reused for another UDP port. Note rep.c cannot be reused with TCP fd. */ break; -@@ -3192,6 +3204,9 @@ comm_point_send_reply(struct comm_reply *repinfo) +@@ -3175,6 +3187,9 @@ comm_point_send_reply(struct comm_reply *repinfo) repinfo->c->tcp_timeout_msec); } } @@ -3437,7 +3437,7 @@ index 9fe5da2d..037e70d1 100644 } void -@@ -3201,6 +3216,9 @@ comm_point_drop_reply(struct comm_reply* repinfo) +@@ -3184,6 +3199,9 @@ comm_point_drop_reply(struct comm_reply* repinfo) return; log_assert(repinfo->c); log_assert(repinfo->c->type != comm_tcp_accept); @@ -3447,7 +3447,7 @@ index 9fe5da2d..037e70d1 100644 if(repinfo->c->type == comm_udp) return; if(repinfo->c->tcp_req_info) -@@ -3222,6 +3240,9 @@ comm_point_start_listening(struct comm_point* c, int newfd, int msec) +@@ -3205,6 +3223,9 @@ comm_point_start_listening(struct comm_point* c, int newfd, int msec) { verbose(VERB_ALGO, "comm point start listening %d (%d msec)", c->fd==-1?newfd:c->fd, msec); @@ -3458,7 +3458,7 @@ index 9fe5da2d..037e70d1 100644 /* no use to start listening no free slots. */ return; diff --git a/util/netevent.h b/util/netevent.h -index d80c72b3..0233292f 100644 +index bb2cd1e5..666067e8 100644 --- a/util/netevent.h +++ b/util/netevent.h @@ -120,6 +120,10 @@ struct comm_reply { diff --git a/contrib/ios/15-ios.conf b/contrib/ios/15-ios.conf new file mode 100644 index 000000000000..364ed6ebfd29 --- /dev/null +++ b/contrib/ios/15-ios.conf @@ -0,0 +1,41 @@ +#### iPhoneOS/iOS +# +# It takes recent enough Xcode to use following two targets. It shouldn't +# be a problem by now, but if they don't work, original targets below +# that depend on manual definition of environment variables should still +# work... +# +my %targets = ( + "ios-common" => { + template => 1, + inherit_from => [ "darwin-common" ], + sys_id => "iOS", + disable => [ "engine", "async" ], + }, + "ios-xcrun" => { + inherit_from => [ "ios-common", asm("armv4_asm") ], + bn_ops => [ "BN_LLONG", "RC4_CHAR" ], + perlasm_scheme => "ios32", + }, + "ios64-xcrun" => { + inherit_from => [ "ios-common", asm("aarch64_asm") ], + bn_ops => [ "SIXTY_FOUR_BIT_LONG", "RC4_CHAR" ], + perlasm_scheme => "ios64", + }, + "iossimulator-xcrun" => { + inherit_from => [ "ios-common" ], + }, + + "iphoneos-cross" => { + inherit_from => [ "ios-common" ], + cflags => add("-Wall -fno-common"), + }, + "ios-cross" => { + inherit_from => [ "ios-xcrun" ], + cflags => add("-Wall -fno-common"), + }, + "ios64-cross" => { + inherit_from => [ "ios64-xcrun" ], + cflags => add("-Wall -fno-common"), + }, +); diff --git a/contrib/ios/install_expat.sh b/contrib/ios/install_expat.sh new file mode 100755 index 000000000000..9471b5aff2dd --- /dev/null +++ b/contrib/ios/install_expat.sh @@ -0,0 +1,56 @@ +#!/usr/bin/env bash + +echo "Downloading Expat" +if ! curl -L -k -s -o expat-2.2.9.tar.gz https://github.com/libexpat/libexpat/releases/download/R_2_2_9/expat-2.2.9.tar.gz; +then + echo "Failed to download Expat" + exit 1 +fi + +echo "Unpacking Expat" +rm -rf ./expat-2.2.9 +if ! tar -xf expat-2.2.9.tar.gz; +then + echo "Failed to unpack Expat" + exit 1 +fi + +cd expat-2.2.9 || exit 1 + +export PKG_CONFIG_PATH="$IOS_PREFIX/lib/pkgconfig" + +echo "Configuring Expat" +if ! ./configure \ + --build="$AUTOTOOLS_BUILD" --host="$AUTOTOOLS_HOST" \ + --prefix="$IOS_PREFIX" ; then + echo "Error: Failed to configure Expat" + cat config.log + exit 1 +fi + +# Cleanup warnings, https://github.com/libexpat/libexpat/issues/383 +echo "Fixing Makefiles" +(IFS="" find "$PWD" -name 'Makefile' -print | while read -r file +do + cp -p "$file" "$file.fixed" + sed 's|-Wduplicated-cond ||g; s|-Wduplicated-branches ||g; s|-Wlogical-op ||g' "$file" > "$file.fixed" + mv "$file.fixed" "$file" + + cp -p "$file" "$file.fixed" + sed 's|-Wrestrict ||g; s|-Wjump-misses-init ||g; s|-Wmisleading-indentation ||g' "$file" > "$file.fixed" + mv "$file.fixed" "$file" +done) + +echo "Building Expat" +if ! make; then + echo "Failed to build Expat" + exit 1 +fi + +echo "Installing Expat" +if ! make install; then + echo "Failed to install Expat" + exit 1 +fi + +exit 0 diff --git a/contrib/ios/install_openssl.sh b/contrib/ios/install_openssl.sh new file mode 100755 index 000000000000..31e65d64e353 --- /dev/null +++ b/contrib/ios/install_openssl.sh @@ -0,0 +1,52 @@ +#!/usr/bin/env bash + +echo "Downloading OpenSSL" +if ! curl -L -k -s -o openssl-1.1.1d.tar.gz https://www.openssl.org/source/openssl-1.1.1d.tar.gz; +then + echo "Failed to download OpenSSL" + exit 1 +fi + +echo "Unpacking OpenSSL" +rm -rf ./openssl-1.1.1d +if ! tar -xf openssl-1.1.1d.tar.gz; +then + echo "Failed to unpack OpenSSL" + exit 1 +fi + +cd openssl-1.1.1d || exit 1 + +if ! cp ../contrib/ios/15-ios.conf Configurations/; then + echo "Failed to copy OpenSSL ios config" + exit 1 +fi + +# OpenSSL 1.1.1d patch. OK to remove once OpenSSL version is bumped. +# ocsp.c:947:23: error: 'fork' is unavailable: not available on tvOS and watchOS. +# Also see https://github.com/openssl/openssl/issues/7607. +if ! patch -u -p0 < ../contrib/ios/openssl.patch; then + echo "Failed to patch OpenSSL" + exit 1 +fi + +echo "Configuring OpenSSL" +if ! ./Configure "$OPENSSL_HOST" -DNO_FORK no-comp no-asm no-hw no-engine no-tests no-unit-test \ + --prefix="$IOS_PREFIX" --openssldir="$IOS_PREFIX"; then + echo "Failed to configure OpenSSL" + exit 1 +fi + +echo "Building OpenSSL" +if ! make; then + echo "Failed to build OpenSSL" + exit 1 +fi + +echo "Installing OpenSSL" +if ! make install_sw; then + echo "Failed to install OpenSSL" + exit 1 +fi + +exit 0 diff --git a/contrib/ios/install_tools.sh b/contrib/ios/install_tools.sh new file mode 100755 index 000000000000..55fef454e852 --- /dev/null +++ b/contrib/ios/install_tools.sh @@ -0,0 +1,8 @@ +#!/usr/bin/env bash + +# This step should install tools needed for all packages - OpenSSL, Expat and Unbound +echo "Updating tools" +brew update 1>/dev/null +echo "Installing tools" +# already installed are: autoconf automake libtool pkg-config +brew install curl perl 1>/dev/null diff --git a/contrib/ios/openssl.patch b/contrib/ios/openssl.patch new file mode 100644 index 000000000000..58cef232c9e9 --- /dev/null +++ b/contrib/ios/openssl.patch @@ -0,0 +1,48 @@ +--- apps/speed.c ++++ apps/speed.c +@@ -99,6 +99,13 @@ + #endif + #include <openssl/modes.h> + ++/* fork() breaks AppleTVOS, WatchOS, AppleTVSimulator and WatchSimulator */ ++/* Users should configure with -DNO_FORK */ ++#if defined(NO_FORK) ++# undef HAVE_FORK ++# define HAVE_FORK 0 ++#endif ++ + #ifndef HAVE_FORK + # if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_VXWORKS) + # define HAVE_FORK 0 +@@ -110,6 +117,7 @@ + #if HAVE_FORK + # undef NO_FORK + #else ++# undef NO_FORK + # define NO_FORK + #endif + +--- apps/ocsp.c ++++ apps/ocsp.c +@@ -36,6 +36,13 @@ + # include <openssl/x509v3.h> + # include <openssl/rand.h> + ++/* fork() breaks AppleTVOS, WatchOS, AppleTVSimulator and WatchSimulator */ ++/* Users should configure with -DNO_FORK */ ++#if defined(NO_FORK) ++# undef HAVE_FORK ++# define HAVE_FORK 0 ++#endif ++ + #ifndef HAVE_FORK + # if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_WINDOWS) + # define HAVE_FORK 0 +@@ -47,6 +54,7 @@ + #if HAVE_FORK + # undef NO_FORK + #else ++# undef NO_FORK + # define NO_FORK + #endif + diff --git a/contrib/ios/setenv_ios.sh b/contrib/ios/setenv_ios.sh new file mode 100755 index 000000000000..df433d17c2d3 --- /dev/null +++ b/contrib/ios/setenv_ios.sh @@ -0,0 +1,274 @@ +#!/usr/bin/env bash + +# ==================================================================== +# Sets the cross compile environment for Xcode/iOS +# +# Based upon OpenSSL's setenv-ios.sh by TH, JW, and SM. +# Heavily modified by JWW for Crypto++. +# Modified by JWW for Unbound. +# ==================================================================== + +######################################### +##### Some validation ##### +######################################### + +# In the past we could mostly infer arch or cpu from the SDK (and +# mostly vice-versa). Nowadays we need it set for us because Apple +# platforms can be either 32-bit or 64-bit. + +if [ -z "$IOS_SDK" ]; then + echo "IOS_SDK is not set. Please set it" + [[ "$0" = "${BASH_SOURCE[0]}" ]] && exit 1 || return 1 +fi + +if [ -z "$IOS_CPU" ]; then + echo "IOS_CPU is not set. Please set it" + [[ "$0" = "${BASH_SOURCE[0]}" ]] && exit 1 || return 1 +fi + +# cryptest-ios.sh may run this script without sourcing. +if [ "$0" = "${BASH_SOURCE[0]}" ]; then + echo "setenv-ios.sh is usually sourced, but not this time." +fi + +######################################### +##### Small Fixups, if needed ##### +######################################### + +if [[ "$IOS_SDK" == "iPhone" ]]; then + IOS_SDK=iPhoneOS +fi + +if [[ "$IOS_SDK" == "iPhoneOSSimulator" ]]; then + IOS_SDK=iPhoneSimulator +fi + +if [[ "$IOS_SDK" == "TV" || "$IOS_SDK" == "AppleTV" ]]; then + IOS_SDK=AppleTVOS +fi + +if [[ "$IOS_SDK" == "Watch" || "$IOS_SDK" == "AppleWatch" ]]; then + IOS_SDK=WatchOS +fi + +if [[ "$IOS_CPU" == "aarch64" || "$IOS_CPU" == "armv8"* ]] ; then + IOS_CPU=arm64 +fi + +######################################## +##### Environment ##### +######################################## + +# The flags below were tested with Xcode 8 on Travis. If +# you use downlevel versions of Xcode, then you can push +# xxx-version-min=n lower. For example, Xcode 6 can use +# -miphoneos-version-min=5. + +# iPhones can be either 32-bit or 64-bit +if [[ "$IOS_SDK" == "iPhoneOS" && "$IOS_CPU" == "armv7"* ]]; then + MIN_VER=-miphoneos-version-min=6 +elif [[ "$IOS_SDK" == "iPhoneOS" && "$IOS_CPU" == "arm64" ]]; then + MIN_VER=-miphoneos-version-min=6 + +# Fixups for convenience +elif [[ "$IOS_SDK" == "iPhoneOS" && "$IOS_CPU" == "i386" ]]; then + IOS_SDK=iPhoneSimulator + # MIN_VER=-miphoneos-version-min=6 + MIN_VER=-miphonesimulator-version-min=6 +elif [[ "$IOS_SDK" == "iPhoneOS" && "$IOS_CPU" == "x86_64" ]]; then + IOS_SDK=iPhoneSimulator + # MIN_VER=-miphoneos-version-min=6 + MIN_VER=-miphonesimulator-version-min=6 + +# Simulator builds +elif [[ "$IOS_SDK" == "iPhoneSimulator" && "$IOS_CPU" == "i386" ]]; then + MIN_VER=-miphonesimulator-version-min=6 +elif [[ "$IOS_SDK" == "iPhoneSimulator" && "$IOS_CPU" == "x86_64" ]]; then + MIN_VER=-miphonesimulator-version-min=6 + +# Apple TV can be 32-bit Intel (1st gen), 32-bit ARM (2nd, 3rd gen) or 64-bit ARM (4th gen) +elif [[ "$IOS_SDK" == "AppleTVOS" && "$IOS_CPU" == "i386" ]]; then + MIN_VER=-mappletvos-version-min=6 +elif [[ "$IOS_SDK" == "AppleTVOS" && "$IOS_CPU" == "armv7"* ]]; then + MIN_VER=-mappletvos-version-min=6 +elif [[ "$IOS_SDK" == "AppleTVOS" && "$IOS_CPU" == "arm64" ]]; then + MIN_VER=-mappletvos-version-min=6 + +# Simulator builds +elif [[ "$IOS_SDK" == "AppleTVSimulator" && "$IOS_CPU" == "i386" ]]; then + MIN_VER=-mappletvsimulator-version-min=6 +elif [[ "$IOS_SDK" == "AppleTVSimulator" && "$IOS_CPU" == "x86_64" ]]; then + MIN_VER=-mappletvsimulator-version-min=6 + +# Watch can be either 32-bit or 64-bit ARM. TODO: figure out which +# -mwatchos-version-min=n is needed for arm64. 9 is not enough. +elif [[ "$IOS_SDK" == "WatchOS" && "$IOS_CPU" == "armv7"* ]]; then + MIN_VER=-mwatchos-version-min=6 +elif [[ "$IOS_SDK" == "WatchOS" && "$IOS_CPU" == "arm64" ]]; then + MIN_VER=-mwatchos-version-min=10 + +# Simulator builds. TODO: figure out which -watchos-version-min=n +# is needed for arm64. 6 compiles and links, but is it correct? +elif [[ "$IOS_SDK" == "WatchSimulator" && "$IOS_CPU" == "i386" ]]; then + MIN_VER=-mwatchsimulator-version-min=6 +elif [[ "$IOS_SDK" == "WatchSimulator" && "$IOS_CPU" == "x86_64" ]]; then + MIN_VER=-mwatchsimulator-version-min=6 + +# And the final catch-all +else + echo "IOS_SDK and IOS_CPU are not valid. Please fix them" + [[ "$0" = "${BASH_SOURCE[0]}" ]] && exit 1 || return 1 +fi + +##################################################################### + +# Xcode 6 and below cannot handle -miphonesimulator-version-min +# Fix it so the simulator will compile as expected. This trick +# may work on other SDKs, but it was not tested. + +if [ -n "$(command -v xcodebuild 2>/dev/null)" ]; then + # Output of xcodebuild is similar to "Xcode 6.2". The first cut gets + # the dotted decimal value. The second cut gets the major version. + XCODE_VERSION=$(xcodebuild -version 2>/dev/null | head -n 1 | cut -f2 -d" " | cut -f1 -d".") + if [ -z "$XCODE_VERSION" ]; then XCODE_VERSION=100; fi + + if [ "$XCODE_VERSION" -le 6 ]; then + MIN_VER="${MIN_VER//iphonesimulator/iphoneos}" + fi +fi + +##################################################################### + +# Allow a user override? I think we should be doing this. The use case is, +# move /Applications/Xcode somewhere else for a side-by-side installation. +if [ -z "${XCODE_DEVELOPER-}" ]; then + XCODE_DEVELOPER=$(xcode-select -print-path 2>/dev/null) +fi + +if [ ! -d "$XCODE_DEVELOPER" ]; then + echo "ERROR: unable to find XCODE_DEVELOPER directory." + [ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1 +fi + +# XCODE_DEVELOPER_SDK is the SDK location. +XCODE_DEVELOPER_SDK="$XCODE_DEVELOPER/Platforms/$IOS_SDK.platform" + +if [ ! -d "$XCODE_DEVELOPER_SDK" ]; then + echo "ERROR: unable to find XCODE_DEVELOPER_SDK directory." + echo " Is the SDK supported by Xcode and installed?" + [ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1 +fi + +# XCODE_TOOLCHAIN is the location of the actual compiler tools. +if [ -d "$XCODE_DEVELOPER/Toolchains/XcodeDefault.xctoolchain/usr/bin/" ]; then + XCODE_TOOLCHAIN="$XCODE_DEVELOPER/Toolchains/XcodeDefault.xctoolchain/usr/bin/" +elif [ -d "$XCODE_DEVELOPER_SDK/Developer/usr/bin/" ]; then + XCODE_TOOLCHAIN="$XCODE_DEVELOPER_SDK/Developer/usr/bin/" +fi + +if [ -z "$XCODE_TOOLCHAIN" ] || [ ! -d "$XCODE_TOOLCHAIN" ]; then + echo "ERROR: unable to find Xcode cross-compiler tools." + [ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1 +fi + +# XCODE_SDK is the SDK name/version being used - adjust the list as appropriate. +# For example, remove 4.3, 6.2, and 6.1 if they are not installed. We go back to +# the 1.0 SDKs because Apple WatchOS uses low numbers, like 2.0 and 2.1. +XCODE_SDK= +for i in $(seq -f "%.1f" 30.0 -0.1 1.0) +do + if [ -d "$XCODE_DEVELOPER_SDK/Developer/SDKs/$IOS_SDK$i.sdk" ]; then + XCODE_SDK="$IOS_SDK$i.sdk" + break + fi +done + +# Error checking +if [ -z "$XCODE_SDK" ]; then + echo "ERROR: unable to find a SDK." + [ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1 +fi + +IOS_SYSROOT="$XCODE_DEVELOPER_SDK/Developer/SDKs/$XCODE_SDK" + +if [ -z "$IOS_SYSROOT" ] || [ ! -d "$IOS_SYSROOT" ]; then + echo "ERROR: unable to find IOS_SYSROOT directory." + [ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1 +fi + +##################################################################### + +# We want to set AR=libtool and ARFLAGS="-static -o", +# but I am not sure Autotools can handle it. +CPP=cpp; CC=clang; CXX=clang++; LD=ld +AS=as; AR=ar; RANLIB=ranlib; STRIP=strip + +# Error checking +if [ ! -e "$XCODE_TOOLCHAIN/$CC" ]; then + echo "ERROR: Failed to find iOS clang. Please edit this script." + [ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1 +fi + +# Error checking +if [ ! -e "$XCODE_TOOLCHAIN/$CXX" ]; then + echo "ERROR: Failed to find iOS clang++. Please edit this script." + [ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1 +fi + +# Error checking +if [ ! -e "$XCODE_TOOLCHAIN/$RANLIB" ]; then + echo "ERROR: Failed to find iOS ranlib. Please edit this script." + [ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1 +fi + +# Error checking +if [ ! -e "$XCODE_TOOLCHAIN/$AR" ]; then + echo "ERROR: Failed to find iOS ar. Please edit this script." + [ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1 +fi + +# Error checking +if [ ! -e "$XCODE_TOOLCHAIN/$AS" ]; then + echo "ERROR: Failed to find iOS as. Please edit this script." + [ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1 +fi + +# Error checking +if [ ! -e "$XCODE_TOOLCHAIN/$LD" ]; then + echo "ERROR: Failed to find iOS ld. Please edit this script." + [ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1 +fi + +##################################################################### + +LENGTH=${#XCODE_TOOLCHAIN} +SUBSTR=${PATH:0:$LENGTH} +if [ "$SUBSTR" != "$XCODE_TOOLCHAIN" ]; then + export PATH="$XCODE_TOOLCHAIN":"$PATH" +fi + +##################################################################### + +export CPP CC CXX LD AS AR RANLIB STRIP +export IOS_SYSROOT +export CFLAGS="-arch $IOS_CPU $MIN_VER --sysroot=$IOS_SYSROOT" +export CXXFLAGS="-arch $IOS_CPU $MIN_VER -stdlib-libc++ --sysroot=$IOS_SYSROOT" + +##################################################################### + +echo "XCODE_TOOLCHAIN: $XCODE_TOOLCHAIN" + +echo "CPP: $(command -v "$CPP")" +echo "CC: $(command -v "$CC")" +echo "CXX: $(command -v "$CXX")" +echo "LD: $(command -v "$LD")" +echo "AS: $(command -v "$AS")" +echo "AR: $(command -v "$AR")" + +echo "IOS_SYSROOT: $IOS_SYSROOT" + +echo "CPPFLAGS: $CPPFLAGS" +echo "CFLAGS: $CFLAGS" +echo "CXXFLAGS: $CXXFLAGS" + +[ "$0" = "${BASH_SOURCE[0]}" ] && exit 0 || return 0 diff --git a/contrib/libunbound.pc.in b/contrib/libunbound.pc.in index 1442ed523adc..453bf7d4f8b1 100644 --- a/contrib/libunbound.pc.in +++ b/contrib/libunbound.pc.in @@ -7,8 +7,7 @@ Name: unbound Description: Library with validating, recursive, and caching DNS resolver URL: http://www.unbound.net Version: @PACKAGE_VERSION@ -Requires: @PC_CRYPTO_DEPENDENCY@ @PC_LIBEVENT_DEPENDENCY@ -Requires.private: @PC_PY_DEPENDENCY@ @PC_LIBBSD_DEPENDENCY@ +Requires.private: @PC_PY_DEPENDENCY@ @PC_LIBBSD_DEPENDENCY@ @PC_CRYPTO_DEPENDENCY@ @PC_LIBEVENT_DEPENDENCY@ Libs: -L${libdir} -lunbound Libs.private: @SSLLIB@ @LIBS@ Cflags: -I${includedir} diff --git a/contrib/unbound.service.in b/contrib/unbound.service.in index 8c51bcbbef78..8ebe529c9ab6 100644 --- a/contrib/unbound.service.in +++ b/contrib/unbound.service.in @@ -76,7 +76,7 @@ RestrictSUIDSGID=yes ReadWritePaths=@UNBOUND_RUN_DIR@ @UNBOUND_CHROOT_DIR@ # Below rules are needed when chroot is enabled (usually it's enabled by default). -# If chroot is disabled like chrooot: "" then they may be safely removed. +# If chroot is disabled like chroot: "" then they may be safely removed. TemporaryFileSystem=@UNBOUND_CHROOT_DIR@/dev:ro TemporaryFileSystem=@UNBOUND_CHROOT_DIR@/run:ro BindReadOnlyPaths=-/run/systemd/notify:@UNBOUND_CHROOT_DIR@/run/systemd/notify diff --git a/daemon/acl_list.c b/daemon/acl_list.c index c16a920d99ee..84324575e718 100644 --- a/daemon/acl_list.c +++ b/daemon/acl_list.c @@ -273,7 +273,7 @@ check_data(const char* data, const struct config_strlist* head) if(res == 0) return 1; log_err("rr data [char %d] parse error %s", - (int)LDNS_WIREPARSE_OFFSET(res)-13, + (int)LDNS_WIREPARSE_OFFSET(res)-2, sldns_get_errorstr_parse(res)); return 0; } diff --git a/daemon/daemon.c b/daemon/daemon.c index 8b0fc3483ab7..5d4279259ed6 100644 --- a/daemon/daemon.c +++ b/daemon/daemon.c @@ -451,11 +451,9 @@ daemon_create_workers(struct daemon* daemon) fatal_exit("out of memory during daemon init"); if(daemon->cfg->dnstap) { #ifdef USE_DNSTAP - daemon->dtenv = dt_create(daemon->cfg->dnstap_socket_path, - (unsigned int)daemon->num); + daemon->dtenv = dt_create(daemon->cfg); if (!daemon->dtenv) fatal_exit("dt_create failed"); - dt_apply_cfg(daemon->dtenv, daemon->cfg); #else fatal_exit("dnstap enabled in config but not built with dnstap support"); #endif @@ -783,7 +781,7 @@ daemon_delete(struct daemon* daemon) # endif # ifdef HAVE_OPENSSL_CONFIG EVP_cleanup(); -# if (OPENSSL_VERSION_NUMBER < 0x10100000) && !defined(OPENSSL_NO_ENGINE) +# if (OPENSSL_VERSION_NUMBER < 0x10100000) && !defined(OPENSSL_NO_ENGINE) && defined(HAVE_ENGINE_CLEANUP) ENGINE_cleanup(); # endif CONF_modules_free(); diff --git a/daemon/remote.c b/daemon/remote.c index 1782a39cad7c..aa263d074c64 100644 --- a/daemon/remote.c +++ b/daemon/remote.c @@ -329,7 +329,7 @@ add_open(const char* ip, int nr, struct listen_port** list, int noproto_is_err, /* open fd */ fd = create_tcp_accept_sock(res, 1, &noproto, 0, - cfg->ip_transparent, 0, cfg->ip_freebind, cfg->use_systemd); + cfg->ip_transparent, 0, cfg->ip_freebind, cfg->use_systemd, cfg->ip_dscp); freeaddrinfo(res); } @@ -804,6 +804,9 @@ print_mem(RES* ssl, struct worker* worker, struct daemon* daemon, size_t dnscrypt_shared_secret = 0; size_t dnscrypt_nonce = 0; #endif /* USE_DNSCRYPT */ +#ifdef WITH_DYNLIBMODULE + size_t dynlib = 0; +#endif /* WITH_DYNLIBMODULE */ msg = slabhash_get_mem(daemon->env->msg_cache); rrset = slabhash_get_mem(&daemon->env->rrset_cache->table); val = mod_get_mem(&worker->env, "validator"); @@ -822,6 +825,9 @@ print_mem(RES* ssl, struct worker* worker, struct daemon* daemon, dnscrypt_nonce = slabhash_get_mem(daemon->dnscenv->nonces_cache); } #endif /* USE_DNSCRYPT */ +#ifdef WITH_DYNLIBMODULE + dynlib = mod_get_mem(&worker->env, "dynlib"); +#endif /* WITH_DYNLIBMODULE */ if(!print_longnum(ssl, "mem.cache.rrset"SQ, rrset)) return 0; @@ -849,6 +855,10 @@ print_mem(RES* ssl, struct worker* worker, struct daemon* daemon, dnscrypt_nonce)) return 0; #endif /* USE_DNSCRYPT */ +#ifdef WITH_DYNLIBMODULE + if(!print_longnum(ssl, "mem.mod.dynlibmod"SQ, dynlib)) + return 0; +#endif /* WITH_DYNLIBMODULE */ if(!print_longnum(ssl, "mem.streamwait"SQ, (size_t)s->svr.mem_stream_wait)) return 0; @@ -907,7 +917,7 @@ static int print_ext(RES* ssl, struct ub_stats_info* s) { int i; - char nm[16]; + char nm[32]; const sldns_rr_descriptor* desc; const sldns_lookup_table* lt; /* TYPE */ @@ -1124,6 +1134,10 @@ parse_arg_name(RES* ssl, char* str, uint8_t** res, size_t* len, int* labs) *res = NULL; *len = 0; *labs = 0; + if(str[0] == '\0') { + ssl_printf(ssl, "error: this option requires a domain name\n"); + return 0; + } status = sldns_str2wire_dname_buf(str, nm, &nmlen); if(status != 0) { ssl_printf(ssl, "error cannot parse name %s at %d: %s\n", str, diff --git a/daemon/unbound.c b/daemon/unbound.c index af76fc84fe51..3f96603c4307 100644 --- a/daemon/unbound.c +++ b/daemon/unbound.c @@ -88,6 +88,14 @@ # include "nss.h" #endif +#ifdef HAVE_TARGETCONDITIONALS_H +#include <TargetConditionals.h> +#endif + +#if defined(TARGET_OS_TV) || defined(TARGET_OS_WATCH) +#undef HAVE_FORK +#endif + /** print build options. */ static void print_build_options(void) @@ -526,6 +534,8 @@ perform_setup(struct daemon* daemon, struct config_file* cfg, int debug_mode, LOGIN_SETALL & ~LOGIN_SETUSER & ~LOGIN_SETGROUP) != 0) log_warn("unable to setusercontext %s: %s", cfg->username, strerror(errno)); +#else + (void)pwd; #endif /* HAVE_SETUSERCONTEXT */ } #endif /* HAVE_GETPWNAM */ diff --git a/daemon/worker.c b/daemon/worker.c index eb7fdf2f576d..23e3244c5041 100644 --- a/daemon/worker.c +++ b/daemon/worker.c @@ -79,6 +79,7 @@ #include "sldns/wire2str.h" #include "util/shm_side/shm_main.h" #include "dnscrypt/dnscrypt.h" +#include "dnstap/dtstream.h" #ifdef HAVE_SYS_TYPES_H # include <sys/types.h> @@ -1807,14 +1808,14 @@ worker_init(struct worker* worker, struct config_file *cfg, worker->back = outside_network_create(worker->base, cfg->msg_buffer_size, (size_t)cfg->outgoing_num_ports, cfg->out_ifs, cfg->num_out_ifs, cfg->do_ip4, cfg->do_ip6, - cfg->do_tcp?cfg->outgoing_num_tcp:0, + cfg->do_tcp?cfg->outgoing_num_tcp:0, cfg->ip_dscp, worker->daemon->env->infra_cache, worker->rndstate, cfg->use_caps_bits_for_id, worker->ports, worker->numports, cfg->unwanted_threshold, cfg->outgoing_tcp_mss, &worker_alloc_cleanup, worker, cfg->do_udp || cfg->udp_upstream_without_downstream, worker->daemon->connect_sslctx, cfg->delay_close, - dtenv); + cfg->tls_use_sni, dtenv); if(!worker->back) { log_err("could not create outgoing sockets"); worker_delete(worker); @@ -1914,6 +1915,20 @@ worker_init(struct worker* worker, struct config_file *cfg, ) { auth_xfer_pickup_initial(worker->env.auth_zones, &worker->env); } +#ifdef USE_DNSTAP + if(worker->daemon->cfg->dnstap +#ifndef THREADS_DISABLED + && worker->thread_num == 0 +#endif + ) { + if(!dt_io_thread_start(dtenv->dtio, comm_base_internal( + worker->base), worker->daemon->num)) { + log_err("could not start dnstap io thread"); + worker_delete(worker); + return 0; + } + } +#endif /* USE_DNSTAP */ if(!worker->env.mesh || !worker->env.scratch_buffer) { worker_delete(worker); return 0; @@ -1961,6 +1976,16 @@ worker_delete(struct worker* worker) wsvc_desetup_worker(worker); #endif /* UB_ON_WINDOWS */ } +#ifdef USE_DNSTAP + if(worker->daemon->cfg->dnstap +#ifndef THREADS_DISABLED + && worker->thread_num == 0 +#endif + ) { + dt_io_thread_stop(worker->dtenv.dtio); + } + dt_deinit(&worker->dtenv); +#endif /* USE_DNSTAP */ comm_base_delete(worker->base); ub_randfree(worker->rndstate); alloc_clear(&worker->alloc); @@ -2099,3 +2124,18 @@ int codeline_cmp(const void* ATTR_UNUSED(a), const void* ATTR_UNUSED(b)) return 0; } +#ifdef USE_DNSTAP +void dtio_tap_callback(int ATTR_UNUSED(fd), short ATTR_UNUSED(ev), + void* ATTR_UNUSED(arg)) +{ + log_assert(0); +} +#endif + +#ifdef USE_DNSTAP +void dtio_mainfdcallback(int ATTR_UNUSED(fd), short ATTR_UNUSED(ev), + void* ATTR_UNUSED(arg)) +{ + log_assert(0); +} +#endif diff --git a/dns64/dns64.c b/dns64/dns64.c index 1a569059aff4..5c70119a54de 100644 --- a/dns64/dns64.c +++ b/dns64/dns64.c @@ -227,7 +227,7 @@ ipv4_to_ptr(uint32_t ipv4, char ptr[], size_t nm_len) static const char IPV4_PTR_SUFFIX[] = "\07in-addr\04arpa"; int i; char* c = ptr; - log_assert(nm_len == MAX_PTR_QNAME_IPV4); + log_assert(nm_len == MAX_PTR_QNAME_IPV4); (void)nm_len; for (i = 0; i < 4; ++i) { *c = uitoa((unsigned int)(ipv4 % 256), c + 1); diff --git a/dnstap/dnstap.c b/dnstap/dnstap.c index aabf8eec9071..cc5449dff4a1 100644 --- a/dnstap/dnstap.c +++ b/dnstap/dnstap.c @@ -49,13 +49,12 @@ #include "util/netevent.h" #include "util/log.h" -#include <fstrm.h> #include <protobuf-c/protobuf-c.h> #include "dnstap/dnstap.h" +#include "dnstap/dtstream.h" #include "dnstap/dnstap.pb-c.h" -#define DNSTAP_CONTENT_TYPE "protobuf:dnstap.Dnstap" #define DNSTAP_INITIAL_BUF_SIZE 256 struct dt_msg { @@ -90,13 +89,7 @@ dt_pack(const Dnstap__Dnstap *d, void **buf, size_t *sz) static void dt_send(const struct dt_env *env, void *buf, size_t len_buf) { - fstrm_res res; - if (!buf) - return; - res = fstrm_iothr_submit(env->iothr, env->ioq, buf, len_buf, - fstrm_free_wrapper, NULL); - if (res != fstrm_res_success) - free(buf); + dt_msg_queue_submit(env->msgqueue, buf, len_buf); } static void @@ -135,56 +128,33 @@ check_socket_file(const char* socket_path) } struct dt_env * -dt_create(const char *socket_path, unsigned num_workers) +dt_create(struct config_file* cfg) { -#ifdef UNBOUND_DEBUG - fstrm_res res; -#endif struct dt_env *env; - struct fstrm_iothr_options *fopt; - struct fstrm_unix_writer_options *fuwopt; - struct fstrm_writer *fw; - struct fstrm_writer_options *fwopt; - verbose(VERB_OPS, "attempting to connect to dnstap socket %s", - socket_path); - log_assert(socket_path != NULL); - log_assert(num_workers > 0); - check_socket_file(socket_path); + if(cfg->dnstap && cfg->dnstap_socket_path && cfg->dnstap_socket_path[0] && + (cfg->dnstap_ip==NULL || cfg->dnstap_ip[0]==0)) { + verbose(VERB_OPS, "attempting to connect to dnstap socket %s", + cfg->dnstap_socket_path); + check_socket_file(cfg->dnstap_socket_path); + } env = (struct dt_env *) calloc(1, sizeof(struct dt_env)); if (!env) return NULL; - fwopt = fstrm_writer_options_init(); -#ifdef UNBOUND_DEBUG - res = -#else - (void) -#endif - fstrm_writer_options_add_content_type(fwopt, - DNSTAP_CONTENT_TYPE, sizeof(DNSTAP_CONTENT_TYPE) - 1); - log_assert(res == fstrm_res_success); - - fuwopt = fstrm_unix_writer_options_init(); - fstrm_unix_writer_options_set_socket_path(fuwopt, socket_path); - - fw = fstrm_unix_writer_init(fuwopt, fwopt); - log_assert(fw != NULL); - - fopt = fstrm_iothr_options_init(); - fstrm_iothr_options_set_num_input_queues(fopt, num_workers); - env->iothr = fstrm_iothr_init(fopt, &fw); - if (env->iothr == NULL) { - verbose(VERB_DETAIL, "dt_create: fstrm_iothr_init() failed"); - fstrm_writer_destroy(&fw); + env->dtio = dt_io_thread_create(); + if(!env->dtio) { + log_err("malloc failure"); free(env); - env = NULL; + return NULL; } - fstrm_iothr_options_destroy(&fopt); - fstrm_unix_writer_options_destroy(&fuwopt); - fstrm_writer_options_destroy(&fwopt); - + if(!dt_io_thread_apply_cfg(env->dtio, cfg)) { + dt_io_thread_delete(env->dtio); + free(env); + return NULL; + } + dt_apply_cfg(env, cfg); return env; } @@ -272,19 +242,33 @@ dt_apply_cfg(struct dt_env *env, struct config_file *cfg) int dt_init(struct dt_env *env) { - env->ioq = fstrm_iothr_get_input_queue(env->iothr); - if (env->ioq == NULL) + env->msgqueue = dt_msg_queue_create(); + if(!env->msgqueue) { + log_err("malloc failure"); + return 0; + } + if(!dt_io_thread_register_queue(env->dtio, env->msgqueue)) { + log_err("malloc failure"); + dt_msg_queue_delete(env->msgqueue); + env->msgqueue = NULL; return 0; + } return 1; } void +dt_deinit(struct dt_env* env) +{ + dt_io_thread_unregister_queue(env->dtio, env->msgqueue); + dt_msg_queue_delete(env->msgqueue); +} + +void dt_delete(struct dt_env *env) { if (!env) return; - verbose(VERB_OPS, "closing dnstap socket"); - fstrm_iothr_destroy(&env->iothr); + dt_io_thread_delete(env->dtio); free(env->identity); free(env->version); free(env); diff --git a/dnstap/dnstap.h b/dnstap/dnstap.h index 0103c1c0e201..cfef6fc420b9 100644 --- a/dnstap/dnstap.h +++ b/dnstap/dnstap.h @@ -40,16 +40,16 @@ #ifdef USE_DNSTAP struct config_file; -struct fstrm_io; -struct fstrm_queue; struct sldns_buffer; +struct dt_msg_queue; struct dt_env { - /** dnstap I/O thread */ - struct fstrm_iothr *iothr; + /** the io thread (made by the struct daemon) */ + struct dt_io_thread* dtio; - /** dnstap I/O thread input queue */ - struct fstrm_iothr_queue *ioq; + /** valid in worker struct, not in daemon struct, the per-worker + * message list */ + struct dt_msg_queue* msgqueue; /** dnstap "identity" field, NULL if disabled */ char *identity; @@ -84,12 +84,11 @@ struct dt_env { * of the structure) to ensure lock-free access to its own per-worker circular * queue. Duplicate the environment object if more than one worker needs to * share access to the dnstap I/O socket. - * @param socket_path: path to dnstap logging socket, must be non-NULL. - * @param num_workers: number of worker threads, must be > 0. + * @param cfg: with config settings. * @return dt_env object, NULL on failure. */ struct dt_env * -dt_create(const char *socket_path, unsigned num_workers); +dt_create(struct config_file* cfg); /** * Apply config settings. @@ -108,6 +107,11 @@ int dt_init(struct dt_env *env); /** + * Deletes the per-worker state created by dt_init + */ +void dt_deinit(struct dt_env *env); + +/** * Delete dnstap environment object. Closes dnstap I/O socket and deletes all * per-worker I/O queues. */ diff --git a/dnstap/dnstap.m4 b/dnstap/dnstap.m4 index 5b78b3e267c3..ba723e0becec 100644 --- a/dnstap/dnstap.m4 +++ b/dnstap/dnstap.m4 @@ -7,7 +7,7 @@ AC_DEFUN([dt_DNSTAP], [ AC_ARG_ENABLE([dnstap], AS_HELP_STRING([--enable-dnstap], - [Enable dnstap support (requires fstrm, protobuf-c)]), + [Enable dnstap support (requires protobuf-c)]), [opt_dnstap=$enableval], [opt_dnstap=no]) AC_ARG_WITH([dnstap-socket-path], @@ -40,13 +40,6 @@ AC_DEFUN([dt_DNSTAP], fi fi ]) - AC_ARG_WITH([libfstrm], AC_HELP_STRING([--with-libfstrm=path], - [Path where libfstrm is installed, for dnstap]), [ - CFLAGS="$CFLAGS -I$withval/include" - LDFLAGS="$LDFLAGS -L$withval/lib" - ]) - AC_SEARCH_LIBS([fstrm_iothr_init], [fstrm], [], - AC_MSG_ERROR([The fstrm library was not found. Please install fstrm!])) AC_SEARCH_LIBS([protobuf_c_message_pack], [protobuf-c], [], AC_MSG_ERROR([The protobuf-c library was not found. Please install protobuf-c!])) $2 diff --git a/dnstap/dnstap_fstrm.c b/dnstap/dnstap_fstrm.c new file mode 100644 index 000000000000..289e78bdf0f4 --- /dev/null +++ b/dnstap/dnstap_fstrm.c @@ -0,0 +1,236 @@ +/* + * dnstap/dnstap_fstrm.c - Frame Streams protocol for dnstap + * + * Copyright (c) 2020, NLnet Labs. All rights reserved. + * + * This software is open source. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * Neither the name of the NLNET LABS nor the names of its contributors may + * be used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +/** + * \file + * + * Definitions for the Frame Streams data transport protocol for + * dnstap message logs. + */ + +#include "config.h" +#include "dnstap/dnstap_fstrm.h" +#include "sldns/sbuffer.h" +#include "sldns/wire2str.h" + +void* fstrm_create_control_frame_start(char* contenttype, size_t* len) +{ + uint32_t* control; + size_t n; + /* start framestream message: + * 4byte 0: control indicator. + * 4byte bigendian: length of control frame + * 4byte bigendian: type START + * 4byte bigendian: option: content-type + * 4byte bigendian: length of string + * string of content type (dnstap) + */ + n = 4+4+4+4+4+strlen(contenttype); + control = malloc(n); + if(!control) + return NULL; + control[0] = 0; + control[1] = htonl(4+4+4+strlen(contenttype)); + control[2] = htonl(FSTRM_CONTROL_FRAME_START); + control[3] = htonl(FSTRM_CONTROL_FIELD_TYPE_CONTENT_TYPE); + control[4] = htonl(strlen(contenttype)); + memmove(&control[5], contenttype, strlen(contenttype)); + *len = n; + return control; +} + +void* fstrm_create_control_frame_stop(size_t* len) +{ + uint32_t* control; + size_t n; + /* stop framestream message: + * 4byte 0: control indicator. + * 4byte bigendian: length of control frame + * 4byte bigendian: type STOP + */ + n = 4+4+4; + control = malloc(n); + if(!control) + return NULL; + control[0] = 0; + control[1] = htonl(4); + control[2] = htonl(FSTRM_CONTROL_FRAME_STOP); + *len = n; + return control; +} + +void* fstrm_create_control_frame_ready(char* contenttype, size_t* len) +{ + uint32_t* control; + size_t n; + /* start bidirectional stream: + * 4 bytes 0 escape + * 4 bytes bigendian length of frame + * 4 bytes bigendian type READY + * 4 bytes bigendian frame option content type + * 4 bytes bigendian length of string + * string of content type. + */ + /* len includes the escape and framelength */ + n = 4+4+4+4+4+strlen(contenttype); + control = malloc(n); + if(!control) { + return NULL; + } + control[0] = 0; + control[1] = htonl(4+4+4+strlen(contenttype)); + control[2] = htonl(FSTRM_CONTROL_FRAME_READY); + control[3] = htonl(FSTRM_CONTROL_FIELD_TYPE_CONTENT_TYPE); + control[4] = htonl(strlen(contenttype)); + memmove(&control[5], contenttype, strlen(contenttype)); + *len = n; + return control; +} + +void* fstrm_create_control_frame_accept(char* contenttype, size_t* len) +{ + uint32_t* control; + size_t n; + /* control frame on reply: + * 4 bytes 0 escape + * 4 bytes bigendian length of frame + * 4 bytes bigendian type ACCEPT + * 4 bytes bigendian frame option content type + * 4 bytes bigendian length of string + * string of content type. + */ + /* len includes the escape and framelength */ + n = 4+4+4+4+4+strlen(contenttype); + control = malloc(n); + if(!control) { + return NULL; + } + control[0] = 0; + control[1] = htonl(4+4+4+strlen(contenttype)); + control[2] = htonl(FSTRM_CONTROL_FRAME_ACCEPT); + control[3] = htonl(FSTRM_CONTROL_FIELD_TYPE_CONTENT_TYPE); + control[4] = htonl(strlen(contenttype)); + memmove(&control[5], contenttype, strlen(contenttype)); + *len = n; + return control; +} + +void* fstrm_create_control_frame_finish(size_t* len) +{ + uint32_t* control; + size_t n; + /* control frame on reply: + * 4 bytes 0 escape + * 4 bytes bigendian length of frame + * 4 bytes bigendian type FINISH + */ + /* len includes the escape and framelength */ + n = 4+4+4; + control = malloc(n); + if(!control) { + return NULL; + } + control[0] = 0; + control[1] = htonl(4); + control[2] = htonl(FSTRM_CONTROL_FRAME_FINISH); + *len = n; + return control; +} + +char* fstrm_describe_control(void* pkt, size_t len) +{ + uint32_t frametype = 0; + char buf[512]; + char* str = buf; + size_t remain, slen = sizeof(buf); + uint8_t* pos; + + buf[0]=0; + if(len < 4) { + snprintf(buf, sizeof(buf), "malformed control frame, " + "too short, len=%u", (unsigned int)len); + return strdup(buf); + } + frametype = sldns_read_uint32(pkt); + if(frametype == FSTRM_CONTROL_FRAME_ACCEPT) { + (void)sldns_str_print(&str, &slen, "accept"); + } else if(frametype == FSTRM_CONTROL_FRAME_START) { + (void)sldns_str_print(&str, &slen, "start"); + } else if(frametype == FSTRM_CONTROL_FRAME_STOP) { + (void)sldns_str_print(&str, &slen, "stop"); + } else if(frametype == FSTRM_CONTROL_FRAME_READY) { + (void)sldns_str_print(&str, &slen, "ready"); + } else if(frametype == FSTRM_CONTROL_FRAME_FINISH) { + (void)sldns_str_print(&str, &slen, "finish"); + } else { + (void)sldns_str_print(&str, &slen, "type%d", (int)frametype); + } + + /* show the content type options */ + pos = pkt + 4; + remain = len - 4; + while(remain >= 8) { + uint32_t field_type = sldns_read_uint32(pos); + uint32_t field_len = sldns_read_uint32(pos+4); + if(remain < field_len) { + (void)sldns_str_print(&str, &slen, "malformed_field"); + break; + } + if(field_type == FSTRM_CONTROL_FIELD_TYPE_CONTENT_TYPE) { + char tempf[512]; + (void)sldns_str_print(&str, &slen, " content-type("); + if(field_len < sizeof(tempf)-1) { + memmove(tempf, pos+8, field_len); + tempf[field_len] = 0; + (void)sldns_str_print(&str, &slen, "%s", tempf); + } else { + (void)sldns_str_print(&str, &slen, "<error-too-long>"); + } + (void)sldns_str_print(&str, &slen, ")"); + } else { + (void)sldns_str_print(&str, &slen, + " field(type %u, length %u)", + (unsigned int)field_type, + (unsigned int)field_len); + } + pos += 8 + field_len; + remain -= (8 + field_len); + } + if(remain > 0) + (void)sldns_str_print(&str, &slen, " trailing-bytes" + "(length %u)", (unsigned int)remain); + return strdup(buf); +} diff --git a/dnstap/dnstap_fstrm.h b/dnstap/dnstap_fstrm.h new file mode 100644 index 000000000000..8b37d5f9e2d8 --- /dev/null +++ b/dnstap/dnstap_fstrm.h @@ -0,0 +1,194 @@ +/* + * dnstap/dnstap_fstrm.h - Frame Streams protocol for dnstap + * + * Copyright (c) 2020, NLnet Labs. All rights reserved. + * + * This software is open source. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * Neither the name of the NLNET LABS nor the names of its contributors may + * be used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +/** + * \file + * + * Definitions for the Frame Streams data transport protocol for + * dnstap message logs. + */ + +#ifndef DNSTAP_FSTRM_H +#define DNSTAP_FSTRM_H + +/* Frame Streams data transfer protocol encode for DNSTAP messages. + * The protocol looks to be specified in the libfstrm library. + * + * Quick writeup for DNSTAP usage, from reading fstrm/control.h eloquent + * comments and fstrm/control.c for some bytesize details (the content type + * length). + * + * The Frame Streams can be unidirectional or bi-directional. + * bi-directional streams use control frame types READY, ACCEPT and FINISH. + * uni-directional streams use control frame types START and STOP. + * unknown control frame types should be ignored by the receiver, they + * do not change the data frame encoding. + * + * bi-directional control frames implement a simple handshake protocol + * between sender and receiver. + * + * The uni-directional control frames have one start and one stop frame, + * before and after the data. The start frame can have a content type. + * The start and stop frames are not optional. + * + * data frames are preceded by 4byte length, bigendian. + * zero length data frames are not possible, they are an escape that + * signals the presence of a control frame. + * + * a control frame consists of 0 value in 4byte bigendian, this is really + * the data frame length, with 0 the escape sequence that indicates one + * control frame follows. + * Then, 4byte bigendian, length of the control frame message. + * Then, the control frame payload (of that length). with in it: + * 4byte bigendian, control type (eg. START, STOP, READY, ACCEPT, FINISH). + * perhaps nothing more (STOP, FINISH), but for other types maybe + * control fields + * 4byte bigendian, the control-field-type, currently only content-type. + * 4byte bigendian, length of the string for this option. + * .. bytes of that string. + * + * The START type can have only one field. Field max len 256. + * control frame max frame length 512 (excludes the 0-escape and control + * frame length bytes). + * + * the bidirectional type of transmission is like this: + * client sends READY (with content type included), + * client waits for ACCEPT (with content type included), + * client sends START (with matched content type from ACCEPT) + * .. data frames + * client sends STOP. + * client waits for FINISH frame. + * + */ + +/** max length of Frame Streams content type field string */ +#define FSTRM_CONTENT_TYPE_LENGTH_MAX 256 +/** control frame value to denote the control frame ACCEPT */ +#define FSTRM_CONTROL_FRAME_ACCEPT 0x01 +/** control frame value to denote the control frame START */ +#define FSTRM_CONTROL_FRAME_START 0x02 +/** control frame value to denote the control frame STOP */ +#define FSTRM_CONTROL_FRAME_STOP 0x03 +/** control frame value to denote the control frame READY */ +#define FSTRM_CONTROL_FRAME_READY 0x04 +/** control frame value to denote the control frame FINISH */ +#define FSTRM_CONTROL_FRAME_FINISH 0x05 +/** the constant that denotes the control field type that is the + * string for the content type of the stream. */ +#define FSTRM_CONTROL_FIELD_TYPE_CONTENT_TYPE 0x01 +/** the content type for DNSTAP frame streams */ +#define DNSTAP_CONTENT_TYPE "protobuf:dnstap.Dnstap" + +/** + * This creates an FSTRM control frame of type START. + * @param contenttype: a zero delimited string with the content type. + * eg. use the constant DNSTAP_CONTENT_TYPE, which is defined as + * "protobuf:dnstap.Dnstap", for a dnstap frame stream. + * @param len: if a buffer is returned this is the length of that buffer. + * @return NULL on malloc failure. Returns a malloced buffer with the + * protocol message. The buffer starts with the 4 bytes of 0 that indicate + * a control frame. The buffer should be sent without preceding it with + * the 'len' variable (like data frames are), but straight the content of the + * buffer, because the lengths are included in the buffer. This is so that + * the zero control indicator can be included before the control frame length. + */ +void* fstrm_create_control_frame_start(char* contenttype, size_t* len); + +/** + * This creates an FSTRM control frame of type READY. + * @param contenttype: a zero delimited string with the content type. + * eg. use the constant DNSTAP_CONTENT_TYPE, which is defined as + * "protobuf:dnstap.Dnstap", for a dnstap frame stream. + * @param len: if a buffer is returned this is the length of that buffer. + * @return NULL on malloc failure. Returns a malloced buffer with the + * protocol message. The buffer starts with the 4 bytes of 0 that indicate + * a control frame. The buffer should be sent without preceding it with + * the 'len' variable (like data frames are), but straight the content of the + * buffer, because the lengths are included in the buffer. This is so that + * the zero control indicator can be included before the control frame length. + */ +void* fstrm_create_control_frame_ready(char* contenttype, size_t* len); + +/** + * This creates an FSTRM control frame of type STOP. + * @param len: if a buffer is returned this is the length of that buffer. + * @return NULL on malloc failure. Returns a malloced buffer with the + * protocol message. The buffer starts with the 4 bytes of 0 that indicate + * a control frame. The buffer should be sent without preceding it with + * the 'len' variable (like data frames are), but straight the content of the + * buffer, because the lengths are included in the buffer. This is so that + * the zero control indicator can be included before the control frame length. + */ +void* fstrm_create_control_frame_stop(size_t* len); + +/** + * This creates an FSTRM control frame of type ACCEPT. + * @param contenttype: a zero delimited string with the content type. + * for dnstap streams use DNSTAP_CONTENT_TYPE. + * @param len: if a buffer is returned this is the length of that buffer. + * @return NULL on malloc failure. Returns a malloced buffer with the + * protocol message. The buffer starts with the 4 bytes of 0 that indicate + * a control frame. The buffer should be sent without preceding it with + * the 'len' variable (like data frames are), but straight the content of the + * buffer, because the lengths are included in the buffer. This is so that + * the zero control indicator can be included before the control frame length. + */ +void* fstrm_create_control_frame_accept(char* contenttype, size_t* len); + +/** + * This creates an FSTRM control frame of type FINISH. + * @param len: if a buffer is returned this is the length of that buffer. + * @return NULL on malloc failure. Returns a malloced buffer with the + * protocol message. The buffer starts with the 4 bytes of 0 that indicate + * a control frame. The buffer should be sent without preceding it with + * the 'len' variable (like data frames are), but straight the content of the + * buffer, because the lengths are included in the buffer. This is so that + * the zero control indicator can be included before the control frame length. + */ +void* fstrm_create_control_frame_finish(size_t* len); + +/** + * Return string that describes a control packet. For debug, logs. + * Like 'start content-type(protobuf:dnstap.Dnstap)' or 'stop'. + * @param pkt: the packet data, that is the data after the 4 zero start + * bytes and 4 length bytes. + * @param len: the length of the control packet data, in pkt. This is the + * ntohl of the 4 bytes length preceding the data. + * @return zero delimited string, malloced. Or NULL on malloc failure. + */ +char* fstrm_describe_control(void* pkt, size_t len); + +#endif /* DNSTAP_FSTRM_H */ diff --git a/dnstap/dtstream.c b/dnstap/dtstream.c new file mode 100644 index 000000000000..dda3ef1ff485 --- /dev/null +++ b/dnstap/dtstream.c @@ -0,0 +1,2128 @@ +/* + * dnstap/dtstream.c - Frame Streams thread for unbound DNSTAP + * + * Copyright (c) 2020, NLnet Labs. All rights reserved. + * + * This software is open source. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * Neither the name of the NLNET LABS nor the names of its contributors may + * be used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +/** + * \file + * + * An implementation of the Frame Streams data transport protocol for + * the Unbound DNSTAP message logging facility. + */ + +#include "config.h" +#include "dnstap/dtstream.h" +#include "dnstap/dnstap_fstrm.h" +#include "util/config_file.h" +#include "util/ub_event.h" +#include "util/net_help.h" +#include "services/outside_network.h" +#include "sldns/sbuffer.h" +#ifdef HAVE_SYS_UN_H +#include <sys/un.h> +#endif +#include <fcntl.h> +#ifdef HAVE_OPENSSL_SSL_H +#include <openssl/ssl.h> +#endif +#ifdef HAVE_OPENSSL_ERR_H +#include <openssl/err.h> +#endif + +/** number of messages to process in one output callback */ +#define DTIO_MESSAGES_PER_CALLBACK 100 +/** the msec to wait for reconnect (if not immediate, the first attempt) */ +#define DTIO_RECONNECT_TIMEOUT_MIN 10 +/** the msec to wait for reconnect max after backoff */ +#define DTIO_RECONNECT_TIMEOUT_MAX 1000 +/** the msec to wait for reconnect slow, to stop busy spinning on reconnect */ +#define DTIO_RECONNECT_TIMEOUT_SLOW 1000 + +/** maximum length of received frame */ +#define DTIO_RECV_FRAME_MAX_LEN 1000 + +struct stop_flush_info; +/** DTIO command channel commands */ +enum { + /** DTIO command channel stop */ + DTIO_COMMAND_STOP = 0, + /** DTIO command channel wakeup */ + DTIO_COMMAND_WAKEUP = 1 +} dtio_channel_command; + +/** open the output channel */ +static void dtio_open_output(struct dt_io_thread* dtio); +/** add output event for read and write */ +static int dtio_add_output_event_write(struct dt_io_thread* dtio); +/** start reconnection attempts */ +static void dtio_reconnect_enable(struct dt_io_thread* dtio); +/** stop from stop_flush event loop */ +static void dtio_stop_flush_exit(struct stop_flush_info* info); +/** setup a start control message */ +static int dtio_control_start_send(struct dt_io_thread* dtio); +#ifdef HAVE_SSL +/** enable briefly waiting for a read event, for SSL negotiation */ +static int dtio_enable_brief_read(struct dt_io_thread* dtio); +/** enable briefly waiting for a write event, for SSL negotiation */ +static int dtio_enable_brief_write(struct dt_io_thread* dtio); +#endif + +struct dt_msg_queue* +dt_msg_queue_create(void) +{ + struct dt_msg_queue* mq = calloc(1, sizeof(*mq)); + if(!mq) return NULL; + mq->maxsize = 1*1024*1024; /* set max size of buffer, per worker, + about 1 M should contain 64K messages with some overhead, + or a whole bunch smaller ones */ + lock_basic_init(&mq->lock); + lock_protect(&mq->lock, mq, sizeof(*mq)); + return mq; +} + +/** clear the message list, caller must hold the lock */ +static void +dt_msg_queue_clear(struct dt_msg_queue* mq) +{ + struct dt_msg_entry* e = mq->first, *next=NULL; + while(e) { + next = e->next; + free(e->buf); + free(e); + e = next; + } + mq->first = NULL; + mq->last = NULL; + mq->cursize = 0; +} + +void +dt_msg_queue_delete(struct dt_msg_queue* mq) +{ + if(!mq) return; + lock_basic_destroy(&mq->lock); + dt_msg_queue_clear(mq); + free(mq); +} + +/** make the dtio wake up by sending a wakeup command */ +static void dtio_wakeup(struct dt_io_thread* dtio) +{ + uint8_t cmd = DTIO_COMMAND_WAKEUP; + if(!dtio) return; + if(!dtio->started) return; + + while(1) { + ssize_t r = write(dtio->commandpipe[1], &cmd, sizeof(cmd)); + if(r == -1) { +#ifndef USE_WINSOCK + if(errno == EINTR || errno == EAGAIN) + continue; + log_err("dnstap io wakeup: write: %s", strerror(errno)); +#else + if(WSAGetLastError() == WSAEINPROGRESS) + continue; + if(WSAGetLastError() == WSAEWOULDBLOCK) + continue; + log_err("dnstap io stop: write: %s", + wsa_strerror(WSAGetLastError())); +#endif + break; + } + break; + } +} + +void +dt_msg_queue_submit(struct dt_msg_queue* mq, void* buf, size_t len) +{ + int wakeup = 0; + struct dt_msg_entry* entry; + + /* check conditions */ + if(!buf) return; + if(len == 0) { + /* it is not possible to log entries with zero length, + * because the framestream protocol does not carry it. + * However the protobuf serialization does not create zero + * length datagrams for dnstap, so this should not happen. */ + free(buf); + return; + } + if(!mq) { + free(buf); + return; + } + + /* allocate memory for queue entry */ + entry = malloc(sizeof(*entry)); + if(!entry) { + log_err("out of memory logging dnstap"); + free(buf); + return; + } + entry->next = NULL; + entry->buf = buf; + entry->len = len; + + /* aqcuire lock */ + lock_basic_lock(&mq->lock); + /* list was empty, wakeup dtio */ + if(mq->first == NULL) + wakeup = 1; + /* see if it is going to fit */ + if(mq->cursize + len > mq->maxsize) { + /* buffer full, or congested. */ + /* drop */ + lock_basic_unlock(&mq->lock); + free(buf); + free(entry); + return; + } + mq->cursize += len; + /* append to list */ + if(mq->last) { + mq->last->next = entry; + } else { + mq->first = entry; + } + mq->last = entry; + /* release lock */ + lock_basic_unlock(&mq->lock); + + if(wakeup) + dtio_wakeup(mq->dtio); +} + +struct dt_io_thread* dt_io_thread_create(void) +{ + struct dt_io_thread* dtio = calloc(1, sizeof(*dtio)); + return dtio; +} + +void dt_io_thread_delete(struct dt_io_thread* dtio) +{ + struct dt_io_list_item* item, *nextitem; + if(!dtio) return; + item=dtio->io_list; + while(item) { + nextitem = item->next; + free(item); + item = nextitem; + } + free(dtio->socket_path); + free(dtio->ip_str); + free(dtio->tls_server_name); + free(dtio->client_key_file); + free(dtio->client_cert_file); + if(dtio->ssl_ctx) { +#ifdef HAVE_SSL + SSL_CTX_free(dtio->ssl_ctx); +#endif + } + free(dtio); +} + +int dt_io_thread_apply_cfg(struct dt_io_thread* dtio, struct config_file *cfg) +{ + if(!cfg->dnstap) { + log_warn("cannot setup dnstap because dnstap-enable is no"); + return 0; + } + + /* what type of connectivity do we have */ + if(cfg->dnstap_ip && cfg->dnstap_ip[0]) { + if(cfg->dnstap_tls) + dtio->upstream_is_tls = 1; + else dtio->upstream_is_tcp = 1; + } else { + dtio->upstream_is_unix = 1; + } + dtio->is_bidirectional = cfg->dnstap_bidirectional; + + if(dtio->upstream_is_unix) { + if(!cfg->dnstap_socket_path || + cfg->dnstap_socket_path[0]==0) { + log_err("dnstap setup: no dnstap-socket-path for " + "socket connect"); + return 0; + } + free(dtio->socket_path); + dtio->socket_path = strdup(cfg->dnstap_socket_path); + if(!dtio->socket_path) { + log_err("dnstap setup: malloc failure"); + return 0; + } + } + + if(dtio->upstream_is_tcp || dtio->upstream_is_tls) { + if(!cfg->dnstap_ip || cfg->dnstap_ip[0] == 0) { + log_err("dnstap setup: no dnstap-ip for TCP connect"); + return 0; + } + free(dtio->ip_str); + dtio->ip_str = strdup(cfg->dnstap_ip); + if(!dtio->ip_str) { + log_err("dnstap setup: malloc failure"); + return 0; + } + } + + if(dtio->upstream_is_tls) { +#ifdef HAVE_SSL + if(cfg->dnstap_tls_server_name && + cfg->dnstap_tls_server_name[0]) { + free(dtio->tls_server_name); + dtio->tls_server_name = strdup( + cfg->dnstap_tls_server_name); + if(!dtio->tls_server_name) { + log_err("dnstap setup: malloc failure"); + return 0; + } + if(!check_auth_name_for_ssl(dtio->tls_server_name)) + return 0; + } + if(cfg->dnstap_tls_client_key_file && + cfg->dnstap_tls_client_key_file[0]) { + dtio->use_client_certs = 1; + free(dtio->client_key_file); + dtio->client_key_file = strdup( + cfg->dnstap_tls_client_key_file); + if(!dtio->client_key_file) { + log_err("dnstap setup: malloc failure"); + return 0; + } + if(!cfg->dnstap_tls_client_cert_file || + cfg->dnstap_tls_client_cert_file[0]==0) { + log_err("dnstap setup: client key " + "authentication enabled with " + "dnstap-tls-client-key-file, but " + "no dnstap-tls-client-cert-file " + "is given"); + return 0; + } + free(dtio->client_cert_file); + dtio->client_cert_file = strdup( + cfg->dnstap_tls_client_cert_file); + if(!dtio->client_cert_file) { + log_err("dnstap setup: malloc failure"); + return 0; + } + } else { + dtio->use_client_certs = 0; + dtio->client_key_file = NULL; + dtio->client_cert_file = NULL; + } + + if(cfg->dnstap_tls_cert_bundle) { + dtio->ssl_ctx = connect_sslctx_create( + dtio->client_key_file, + dtio->client_cert_file, + cfg->dnstap_tls_cert_bundle, 0); + } else { + dtio->ssl_ctx = connect_sslctx_create( + dtio->client_key_file, + dtio->client_cert_file, + cfg->tls_cert_bundle, cfg->tls_win_cert); + } + if(!dtio->ssl_ctx) { + log_err("could not setup SSL CTX"); + return 0; + } + dtio->tls_use_sni = cfg->tls_use_sni; +#endif /* HAVE_SSL */ + } + return 1; +} + +int dt_io_thread_register_queue(struct dt_io_thread* dtio, + struct dt_msg_queue* mq) +{ + struct dt_io_list_item* item = malloc(sizeof(*item)); + if(!item) return 0; + lock_basic_lock(&mq->lock); + mq->dtio = dtio; + lock_basic_unlock(&mq->lock); + item->queue = mq; + item->next = dtio->io_list; + dtio->io_list = item; + dtio->io_list_iter = NULL; + return 1; +} + +void dt_io_thread_unregister_queue(struct dt_io_thread* dtio, + struct dt_msg_queue* mq) +{ + struct dt_io_list_item* item, *prev=NULL; + if(!dtio) return; + item = dtio->io_list; + while(item) { + if(item->queue == mq) { + /* found it */ + if(prev) prev->next = item->next; + else dtio->io_list = item->next; + /* the queue itself only registered, not deleted */ + lock_basic_lock(&item->queue->lock); + item->queue->dtio = NULL; + lock_basic_unlock(&item->queue->lock); + free(item); + dtio->io_list_iter = NULL; + return; + } + prev = item; + item = item->next; + } +} + +/** pick a message from the queue, the routine locks and unlocks, + * returns true if there is a message */ +static int dt_msg_queue_pop(struct dt_msg_queue* mq, void** buf, + size_t* len) +{ + lock_basic_lock(&mq->lock); + if(mq->first) { + struct dt_msg_entry* entry = mq->first; + mq->first = entry->next; + if(!entry->next) mq->last = NULL; + mq->cursize -= entry->len; + lock_basic_unlock(&mq->lock); + + *buf = entry->buf; + *len = entry->len; + free(entry); + return 1; + } + lock_basic_unlock(&mq->lock); + return 0; +} + +/** find message in queue, false if no message, true if message to send */ +static int dtio_find_in_queue(struct dt_io_thread* dtio, + struct dt_msg_queue* mq) +{ + void* buf=NULL; + size_t len=0; + if(dt_msg_queue_pop(mq, &buf, &len)) { + dtio->cur_msg = buf; + dtio->cur_msg_len = len; + dtio->cur_msg_done = 0; + dtio->cur_msg_len_done = 0; + return 1; + } + return 0; +} + +/** find a new message to write, search message queues, false if none */ +static int dtio_find_msg(struct dt_io_thread* dtio) +{ + struct dt_io_list_item *spot, *item; + + spot = dtio->io_list_iter; + /* use the next queue for the next message lookup, + * if we hit the end(NULL) the NULL restarts the iter at start. */ + if(spot) + dtio->io_list_iter = spot->next; + else if(dtio->io_list) + dtio->io_list_iter = dtio->io_list->next; + + /* scan from spot to end-of-io_list */ + item = spot; + while(item) { + if(dtio_find_in_queue(dtio, item->queue)) + return 1; + item = item->next; + } + /* scan starting at the start-of-list (to wrap around the end) */ + item = dtio->io_list; + while(item) { + if(dtio_find_in_queue(dtio, item->queue)) + return 1; + item = item->next; + } + return 0; +} + +/** callback for the dnstap reconnect, to start reconnecting to output */ +void dtio_reconnect_timeout_cb(int ATTR_UNUSED(fd), + short ATTR_UNUSED(bits), void* arg) +{ + struct dt_io_thread* dtio = (struct dt_io_thread*)arg; + dtio->reconnect_is_added = 0; + verbose(VERB_ALGO, "dnstap io: reconnect timer"); + + dtio_open_output(dtio); + if(dtio->event) { + if(!dtio_add_output_event_write(dtio)) + return; + /* nothing wrong so far, wait on the output event */ + return; + } + /* exponential backoff and retry on timer */ + dtio_reconnect_enable(dtio); +} + +/** attempt to reconnect to the output, after a timeout */ +static void dtio_reconnect_enable(struct dt_io_thread* dtio) +{ + struct timeval tv; + int msec; + if(dtio->want_to_exit) return; + if(dtio->reconnect_is_added) + return; /* already done */ + + /* exponential backoff, store the value for next timeout */ + msec = dtio->reconnect_timeout; + if(msec == 0) { + dtio->reconnect_timeout = DTIO_RECONNECT_TIMEOUT_MIN; + } else { + dtio->reconnect_timeout = msec*2; + if(dtio->reconnect_timeout > DTIO_RECONNECT_TIMEOUT_MAX) + dtio->reconnect_timeout = DTIO_RECONNECT_TIMEOUT_MAX; + } + verbose(VERB_ALGO, "dnstap io: set reconnect attempt after %d msec", + msec); + + /* setup wait timer */ + memset(&tv, 0, sizeof(tv)); + tv.tv_sec = msec/1000; + tv.tv_usec = (msec%1000)*1000; + if(ub_timer_add(dtio->reconnect_timer, dtio->event_base, + &dtio_reconnect_timeout_cb, dtio, &tv) != 0) { + log_err("dnstap io: could not reconnect ev timer add"); + return; + } + dtio->reconnect_is_added = 1; +} + +/** remove dtio reconnect timer */ +static void dtio_reconnect_del(struct dt_io_thread* dtio) +{ + if(!dtio->reconnect_is_added) + return; + ub_timer_del(dtio->reconnect_timer); + dtio->reconnect_is_added = 0; +} + +/** clear the reconnect exponential backoff timer. + * We have successfully connected so we can try again with short timeouts. */ +static void dtio_reconnect_clear(struct dt_io_thread* dtio) +{ + dtio->reconnect_timeout = 0; + dtio_reconnect_del(dtio); +} + +/** reconnect slowly, because we already know we have to wait for a bit */ +static void dtio_reconnect_slow(struct dt_io_thread* dtio, int msec) +{ + dtio_reconnect_del(dtio); + dtio->reconnect_timeout = msec; + dtio_reconnect_enable(dtio); +} + +/** delete the current message in the dtio, and reset counters */ +static void dtio_cur_msg_free(struct dt_io_thread* dtio) +{ + free(dtio->cur_msg); + dtio->cur_msg = NULL; + dtio->cur_msg_len = 0; + dtio->cur_msg_done = 0; + dtio->cur_msg_len_done = 0; +} + +/** delete the buffer and counters used to read frame */ +static void dtio_read_frame_free(struct dt_frame_read_buf* rb) +{ + if(rb->buf) { + free(rb->buf); + rb->buf = NULL; + } + rb->buf_count = 0; + rb->buf_cap = 0; + rb->frame_len = 0; + rb->frame_len_done = 0; + rb->control_frame = 0; +} + +/** del the output file descriptor event for listening */ +static void dtio_del_output_event(struct dt_io_thread* dtio) +{ + if(!dtio->event_added) + return; + ub_event_del(dtio->event); + dtio->event_added = 0; + dtio->event_added_is_write = 0; +} + +/** close dtio socket and set it to -1 */ +static void dtio_close_fd(struct dt_io_thread* dtio) +{ +#ifndef USE_WINSOCK + close(dtio->fd); +#else + closesocket(dtio->fd); +#endif + dtio->fd = -1; +} + +/** close and stop the output file descriptor event */ +static void dtio_close_output(struct dt_io_thread* dtio) +{ + if(!dtio->event) + return; + ub_event_free(dtio->event); + dtio->event = NULL; + if(dtio->ssl) { +#ifdef HAVE_SSL + SSL_shutdown(dtio->ssl); + SSL_free(dtio->ssl); + dtio->ssl = NULL; +#endif + } + dtio_close_fd(dtio); + + /* if there is a (partial) message, discard it + * we cannot send (the remainder of) it, and a new + * connection needs to start with a control frame. */ + if(dtio->cur_msg) { + dtio_cur_msg_free(dtio); + } + + dtio->ready_frame_sent = 0; + dtio->accept_frame_received = 0; + dtio_read_frame_free(&dtio->read_frame); + + dtio_reconnect_enable(dtio); +} + +/** check for pending nonblocking connect errors, + * returns 1 if it is okay. -1 on error (close it), 0 to try later */ +static int dtio_check_nb_connect(struct dt_io_thread* dtio) +{ + int error = 0; + socklen_t len = (socklen_t)sizeof(error); + if(!dtio->check_nb_connect) + return 1; /* everything okay */ + if(getsockopt(dtio->fd, SOL_SOCKET, SO_ERROR, (void*)&error, + &len) < 0) { +#ifndef USE_WINSOCK + error = errno; /* on solaris errno is error */ +#else + error = WSAGetLastError(); +#endif + } +#ifndef USE_WINSOCK +#if defined(EINPROGRESS) && defined(EWOULDBLOCK) + if(error == EINPROGRESS || error == EWOULDBLOCK) + return 0; /* try again later */ +#endif +#else + if(error == WSAEINPROGRESS) { + return 0; /* try again later */ + } else if(error == WSAEWOULDBLOCK) { + ub_winsock_tcp_wouldblock((dtio->stop_flush_event? + dtio->stop_flush_event:dtio->event), UB_EV_WRITE); + return 0; /* try again later */ + } +#endif + if(error != 0) { + char* to = dtio->socket_path; + if(!to) to = dtio->ip_str; + if(!to) to = ""; +#ifndef USE_WINSOCK + log_err("dnstap io: failed to connect to \"%s\": %s", + to, strerror(error)); +#else + log_err("dnstap io: failed to connect to \"%s\": %s", + to, wsa_strerror(error)); +#endif + return -1; /* error, close it */ + } + + if(dtio->ip_str) + verbose(VERB_DETAIL, "dnstap io: connected to %s", + dtio->ip_str); + else if(dtio->socket_path) + verbose(VERB_DETAIL, "dnstap io: connected to \"%s\"", + dtio->socket_path); + dtio_reconnect_clear(dtio); + dtio->check_nb_connect = 0; + return 1; /* everything okay */ +} + +#ifdef HAVE_SSL +/** write to ssl output + * returns number of bytes written, 0 if nothing happened, + * try again later, or -1 if the channel is to be closed. */ +static int dtio_write_ssl(struct dt_io_thread* dtio, uint8_t* buf, + size_t len) +{ + int r; + ERR_clear_error(); + r = SSL_write(dtio->ssl, buf, len); + if(r <= 0) { + int want = SSL_get_error(dtio->ssl, r); + if(want == SSL_ERROR_ZERO_RETURN) { + /* closed */ + return -1; + } else if(want == SSL_ERROR_WANT_READ) { + /* we want a brief read event */ + dtio_enable_brief_read(dtio); + return 0; + } else if(want == SSL_ERROR_WANT_WRITE) { + /* write again later */ + return 0; + } else if(want == SSL_ERROR_SYSCALL) { +#ifdef EPIPE + if(errno == EPIPE && verbosity < 2) + return -1; /* silence 'broken pipe' */ +#endif +#ifdef ECONNRESET + if(errno == ECONNRESET && verbosity < 2) + return -1; /* silence reset by peer */ +#endif + if(errno != 0) { + log_err("dnstap io, SSL_write syscall: %s", + strerror(errno)); + } + return -1; + } + log_crypto_err("dnstap io, could not SSL_write"); + return -1; + } + return r; +} +#endif /* HAVE_SSL */ + +/** write buffer to output. + * returns number of bytes written, 0 if nothing happened, + * try again later, or -1 if the channel is to be closed. */ +static int dtio_write_buf(struct dt_io_thread* dtio, uint8_t* buf, + size_t len) +{ + ssize_t ret; + if(dtio->fd == -1) + return -1; +#ifdef HAVE_SSL + if(dtio->ssl) + return dtio_write_ssl(dtio, buf, len); +#endif + ret = send(dtio->fd, (void*)buf, len, 0); + if(ret == -1) { +#ifndef USE_WINSOCK + if(errno == EINTR || errno == EAGAIN) + return 0; + log_err("dnstap io: failed send: %s", strerror(errno)); +#else + if(WSAGetLastError() == WSAEINPROGRESS) + return 0; + if(WSAGetLastError() == WSAEWOULDBLOCK) { + ub_winsock_tcp_wouldblock((dtio->stop_flush_event? + dtio->stop_flush_event:dtio->event), + UB_EV_WRITE); + return 0; + } + log_err("dnstap io: failed send: %s", + wsa_strerror(WSAGetLastError())); +#endif + return -1; + } + return ret; +} + +#ifdef HAVE_WRITEV +/** write with writev, len and message, in one write, if possible. + * return true if message is done, false if incomplete */ +static int dtio_write_with_writev(struct dt_io_thread* dtio) +{ + uint32_t sendlen = htonl(dtio->cur_msg_len); + struct iovec iov[2]; + ssize_t r; + iov[0].iov_base = ((uint8_t*)&sendlen)+dtio->cur_msg_len_done; + iov[0].iov_len = sizeof(sendlen)-dtio->cur_msg_len_done; + iov[1].iov_base = dtio->cur_msg; + iov[1].iov_len = dtio->cur_msg_len; + log_assert(iov[0].iov_len > 0); + r = writev(dtio->fd, iov, 2); + if(r == -1) { +#ifndef USE_WINSOCK + if(errno == EINTR || errno == EAGAIN) + return 0; + log_err("dnstap io: failed writev: %s", strerror(errno)); +#else + if(WSAGetLastError() == WSAEINPROGRESS) + return 0; + if(WSAGetLastError() == WSAEWOULDBLOCK) { + ub_winsock_tcp_wouldblock((dtio->stop_flush_event? + dtio->stop_flush_event:dtio->event), + UB_EV_WRITE); + return 0; + } + log_err("dnstap io: failed writev: %s", + wsa_strerror(WSAGetLastError())); +#endif + /* close the channel */ + dtio_del_output_event(dtio); + dtio_close_output(dtio); + return 0; + } + /* written r bytes */ + dtio->cur_msg_len_done += r; + if(dtio->cur_msg_len_done < 4) + return 0; + if(dtio->cur_msg_len_done > 4) { + dtio->cur_msg_done = dtio->cur_msg_len_done-4; + dtio->cur_msg_len_done = 4; + } + if(dtio->cur_msg_done < dtio->cur_msg_len) + return 0; + return 1; +} +#endif /* HAVE_WRITEV */ + +/** write more of the length, preceding the data frame. + * return true if message is done, false if incomplete. */ +static int dtio_write_more_of_len(struct dt_io_thread* dtio) +{ + uint32_t sendlen; + int r; + if(dtio->cur_msg_len_done >= 4) + return 1; +#ifdef HAVE_WRITEV + if(!dtio->ssl) { + /* we try writev for everything.*/ + return dtio_write_with_writev(dtio); + } +#endif /* HAVE_WRITEV */ + sendlen = htonl(dtio->cur_msg_len); + r = dtio_write_buf(dtio, + ((uint8_t*)&sendlen)+dtio->cur_msg_len_done, + sizeof(sendlen)-dtio->cur_msg_len_done); + if(r == -1) { + /* close the channel */ + dtio_del_output_event(dtio); + dtio_close_output(dtio); + return 0; + } else if(r == 0) { + /* try again later */ + return 0; + } + dtio->cur_msg_len_done += r; + if(dtio->cur_msg_len_done < 4) + return 0; + return 1; +} + +/** write more of the data frame. + * return true if message is done, false if incomplete. */ +static int dtio_write_more_of_data(struct dt_io_thread* dtio) +{ + int r; + if(dtio->cur_msg_done >= dtio->cur_msg_len) + return 1; + r = dtio_write_buf(dtio, + ((uint8_t*)dtio->cur_msg)+dtio->cur_msg_done, + dtio->cur_msg_len - dtio->cur_msg_done); + if(r == -1) { + /* close the channel */ + dtio_del_output_event(dtio); + dtio_close_output(dtio); + return 0; + } else if(r == 0) { + /* try again later */ + return 0; + } + dtio->cur_msg_done += r; + if(dtio->cur_msg_done < dtio->cur_msg_len) + return 0; + return 1; +} + +/** write more of the current messsage. false if incomplete, true if + * the message is done */ +static int dtio_write_more(struct dt_io_thread* dtio) +{ + if(dtio->cur_msg_len_done < 4) { + if(!dtio_write_more_of_len(dtio)) + return 0; + } + if(dtio->cur_msg_done < dtio->cur_msg_len) { + if(!dtio_write_more_of_data(dtio)) + return 0; + } + return 1; +} + +/** Receive bytes from dtio->fd, store in buffer. Returns 0: closed, + * -1: continue, >0: number of bytes read into buffer */ +static ssize_t receive_bytes(struct dt_io_thread* dtio, void* buf, size_t len) { + ssize_t r; + r = recv(dtio->fd, (void*)buf, len, 0); + if(r == -1) { + char* to = dtio->socket_path; + if(!to) to = dtio->ip_str; + if(!to) to = ""; +#ifndef USE_WINSOCK + if(errno == EINTR || errno == EAGAIN) + return -1; /* try later */ +#else + if(WSAGetLastError() == WSAEINPROGRESS) { + return -1; /* try later */ + } else if(WSAGetLastError() == WSAEWOULDBLOCK) { + ub_winsock_tcp_wouldblock( + (dtio->stop_flush_event? + dtio->stop_flush_event:dtio->event), + UB_EV_READ); + return -1; /* try later */ + } +#endif + if(dtio->reconnect_timeout > DTIO_RECONNECT_TIMEOUT_MIN && + verbosity < 4) + return 0; /* no log retries on low verbosity */ + log_err("dnstap io: output closed, recv %s: %s", to, + strerror(errno)); + /* and close below */ + return 0; + } + if(r == 0) { + if(dtio->reconnect_timeout > DTIO_RECONNECT_TIMEOUT_MIN && + verbosity < 4) + return 0; /* no log retries on low verbosity */ + verbose(VERB_DETAIL, "dnstap io: output closed by the other side"); + /* and close below */ + return 0; + } + /* something was received */ + return r; +} + +#ifdef HAVE_SSL +/** Receive bytes over TLS from dtio->fd, store in buffer. Returns 0: closed, + * -1: continue, >0: number of bytes read into buffer */ +static int ssl_read_bytes(struct dt_io_thread* dtio, void* buf, size_t len) +{ + int r; + ERR_clear_error(); + r = SSL_read(dtio->ssl, buf, len); + if(r <= 0) { + int want = SSL_get_error(dtio->ssl, r); + if(want == SSL_ERROR_ZERO_RETURN) { + if(dtio->reconnect_timeout > DTIO_RECONNECT_TIMEOUT_MIN && + verbosity < 4) + return 0; /* no log retries on low verbosity */ + verbose(VERB_DETAIL, "dnstap io: output closed by the " + "other side"); + return 0; + } else if(want == SSL_ERROR_WANT_READ) { + /* continue later */ + return -1; + } else if(want == SSL_ERROR_WANT_WRITE) { + (void)dtio_enable_brief_write(dtio); + return -1; + } else if(want == SSL_ERROR_SYSCALL) { +#ifdef ECONNRESET + if(dtio->reconnect_timeout > DTIO_RECONNECT_TIMEOUT_MIN && + errno == ECONNRESET && verbosity < 4) + return 0; /* silence reset by peer */ +#endif + if(errno != 0) + log_err("SSL_read syscall: %s", + strerror(errno)); + verbose(VERB_DETAIL, "dnstap io: output closed by the " + "other side"); + return 0; + } + log_crypto_err("could not SSL_read"); + verbose(VERB_DETAIL, "dnstap io: output closed by the " + "other side"); + return 0; + } + return r; +} +#endif /* HAVE_SSL */ + +/** check if the output fd has been closed, + * it returns false if the stream is closed. */ +static int dtio_check_close(struct dt_io_thread* dtio) +{ + /* we don't want to read any packets, but if there are we can + * discard the input (ignore it). Ignore of unknown (control) + * packets is okay for the framestream protocol. And also, the + * read call can return that the stream has been closed by the + * other side. */ + uint8_t buf[1024]; + int r = -1; + + + if(dtio->fd == -1) return 0; + + while(r != 0) { + /* not interested in buffer content, overwrite */ + r = receive_bytes(dtio, (void*)buf, sizeof(buf)); + if(r == -1) + return 1; + } + /* the other end has been closed */ + /* close the channel */ + dtio_del_output_event(dtio); + dtio_close_output(dtio); + return 0; +} + +/** Read accept frame. Returns -1: continue reading, 0: closed, + * 1: valid accept received. */ +static int dtio_read_accept_frame(struct dt_io_thread* dtio) +{ + int r; + size_t read_frame_done; + while(dtio->read_frame.frame_len_done < 4) { +#ifdef HAVE_SSL + if(dtio->ssl) { + r = ssl_read_bytes(dtio, + (uint8_t*)&dtio->read_frame.frame_len+ + dtio->read_frame.frame_len_done, + 4-dtio->read_frame.frame_len_done); + } else { +#endif + r = receive_bytes(dtio, + (uint8_t*)&dtio->read_frame.frame_len+ + dtio->read_frame.frame_len_done, + 4-dtio->read_frame.frame_len_done); +#ifdef HAVE_SSL + } +#endif + if(r == -1) + return -1; /* continue reading */ + if(r == 0) { + /* connection closed */ + goto close_connection; + } + dtio->read_frame.frame_len_done += r; + if(dtio->read_frame.frame_len_done < 4) + return -1; /* continue reading */ + + if(dtio->read_frame.frame_len == 0) { + dtio->read_frame.frame_len_done = 0; + dtio->read_frame.control_frame = 1; + continue; + } + dtio->read_frame.frame_len = ntohl(dtio->read_frame.frame_len); + if(dtio->read_frame.frame_len > DTIO_RECV_FRAME_MAX_LEN) { + verbose(VERB_OPS, "dnstap: received frame exceeds max " + "length of %d bytes, closing connection", + DTIO_RECV_FRAME_MAX_LEN); + goto close_connection; + } + dtio->read_frame.buf = calloc(1, dtio->read_frame.frame_len); + dtio->read_frame.buf_cap = dtio->read_frame.frame_len; + if(!dtio->read_frame.buf) { + log_err("dnstap io: out of memory (creating read " + "buffer)"); + goto close_connection; + } + } + if(dtio->read_frame.buf_count < dtio->read_frame.frame_len) { +#ifdef HAVE_SSL + if(dtio->ssl) { + r = ssl_read_bytes(dtio, dtio->read_frame.buf+ + dtio->read_frame.buf_count, + dtio->read_frame.buf_cap- + dtio->read_frame.buf_count); + } else { +#endif + r = receive_bytes(dtio, dtio->read_frame.buf+ + dtio->read_frame.buf_count, + dtio->read_frame.buf_cap- + dtio->read_frame.buf_count); +#ifdef HAVE_SSL + } +#endif + if(r == -1) + return -1; /* continue reading */ + if(r == 0) { + /* connection closed */ + goto close_connection; + } + dtio->read_frame.buf_count += r; + if(dtio->read_frame.buf_count < dtio->read_frame.frame_len) + return -1; /* continue reading */ + } + + /* Complete frame received, check if this is a valid ACCEPT control + * frame. */ + if(dtio->read_frame.frame_len < 4) { + verbose(VERB_OPS, "dnstap: invalid data received"); + goto close_connection; + } + if(sldns_read_uint32(dtio->read_frame.buf) != + FSTRM_CONTROL_FRAME_ACCEPT) { + verbose(VERB_ALGO, "dnstap: invalid control type received, " + "ignored"); + dtio->ready_frame_sent = 0; + dtio->accept_frame_received = 0; + dtio_read_frame_free(&dtio->read_frame); + return -1; + } + read_frame_done = 4; /* control frame type */ + + /* Iterate over control fields, ignore unknown types. + * Need to be able to read at least 8 bytes (control field type + + * length). */ + while(read_frame_done+8 < dtio->read_frame.frame_len) { + uint32_t type = sldns_read_uint32(dtio->read_frame.buf + + read_frame_done); + uint32_t len = sldns_read_uint32(dtio->read_frame.buf + + read_frame_done + 4); + if(type == FSTRM_CONTROL_FIELD_TYPE_CONTENT_TYPE) { + if(len == strlen(DNSTAP_CONTENT_TYPE) && + read_frame_done+8+len <= + dtio->read_frame.frame_len && + memcmp(dtio->read_frame.buf + read_frame_done + + + 8, DNSTAP_CONTENT_TYPE, len) == 0) { + if(!dtio_control_start_send(dtio)) { + verbose(VERB_OPS, "dnstap io: out of " + "memory while sending START frame"); + goto close_connection; + } + dtio->accept_frame_received = 1; + return 1; + } else { + /* unknow content type */ + verbose(VERB_ALGO, "dnstap: ACCEPT frame " + "contains unknown content type, " + "closing connection"); + goto close_connection; + } + } + /* unknown option, try next */ + read_frame_done += 8+len; + } + + +close_connection: + dtio_del_output_event(dtio); + dtio_reconnect_slow(dtio, DTIO_RECONNECT_TIMEOUT_SLOW); + dtio_close_output(dtio); + return 0; +} + +/** add the output file descriptor event for listening, read only */ +static int dtio_add_output_event_read(struct dt_io_thread* dtio) +{ + if(!dtio->event) + return 0; + if(dtio->event_added && !dtio->event_added_is_write) + return 1; + /* we have to (re-)register the event */ + if(dtio->event_added) + ub_event_del(dtio->event); + ub_event_del_bits(dtio->event, UB_EV_WRITE); + if(ub_event_add(dtio->event, NULL) != 0) { + log_err("dnstap io: out of memory (adding event)"); + dtio->event_added = 0; + dtio->event_added_is_write = 0; + /* close output and start reattempts to open it */ + dtio_close_output(dtio); + return 0; + } + dtio->event_added = 1; + dtio->event_added_is_write = 0; + return 1; +} + +/** add the output file descriptor event for listening, read and write */ +static int dtio_add_output_event_write(struct dt_io_thread* dtio) +{ + if(!dtio->event) + return 0; + if(dtio->event_added && dtio->event_added_is_write) + return 1; + /* we have to (re-)register the event */ + if(dtio->event_added) + ub_event_del(dtio->event); + ub_event_add_bits(dtio->event, UB_EV_WRITE); + if(ub_event_add(dtio->event, NULL) != 0) { + log_err("dnstap io: out of memory (adding event)"); + dtio->event_added = 0; + dtio->event_added_is_write = 0; + /* close output and start reattempts to open it */ + dtio_close_output(dtio); + return 0; + } + dtio->event_added = 1; + dtio->event_added_is_write = 1; + return 1; +} + +/** put the dtio thread to sleep */ +static void dtio_sleep(struct dt_io_thread* dtio) +{ + /* unregister the event polling for write, because there is + * nothing to be written */ + (void)dtio_add_output_event_read(dtio); +} + +#ifdef HAVE_SSL +/** enable the brief read condition */ +static int dtio_enable_brief_read(struct dt_io_thread* dtio) +{ + dtio->ssl_brief_read = 1; + if(dtio->stop_flush_event) { + ub_event_del(dtio->stop_flush_event); + ub_event_del_bits(dtio->stop_flush_event, UB_EV_WRITE); + if(ub_event_add(dtio->stop_flush_event, NULL) != 0) { + log_err("dnstap io, stop flush, could not ub_event_add"); + return 0; + } + return 1; + } + return dtio_add_output_event_read(dtio); +} +#endif /* HAVE_SSL */ + +#ifdef HAVE_SSL +/** disable the brief read condition */ +static int dtio_disable_brief_read(struct dt_io_thread* dtio) +{ + dtio->ssl_brief_read = 0; + if(dtio->stop_flush_event) { + ub_event_del(dtio->stop_flush_event); + ub_event_add_bits(dtio->stop_flush_event, UB_EV_WRITE); + if(ub_event_add(dtio->stop_flush_event, NULL) != 0) { + log_err("dnstap io, stop flush, could not ub_event_add"); + return 0; + } + return 1; + } + return dtio_add_output_event_write(dtio); +} +#endif /* HAVE_SSL */ + +#ifdef HAVE_SSL +/** enable the brief write condition */ +static int dtio_enable_brief_write(struct dt_io_thread* dtio) +{ + dtio->ssl_brief_write = 1; + return dtio_add_output_event_write(dtio); +} +#endif /* HAVE_SSL */ + +#ifdef HAVE_SSL +/** disable the brief write condition */ +static int dtio_disable_brief_write(struct dt_io_thread* dtio) +{ + dtio->ssl_brief_write = 0; + return dtio_add_output_event_read(dtio); +} +#endif /* HAVE_SSL */ + +#ifdef HAVE_SSL +/** check peer verification after ssl handshake connection, false if closed*/ +static int dtio_ssl_check_peer(struct dt_io_thread* dtio) +{ + if((SSL_get_verify_mode(dtio->ssl)&SSL_VERIFY_PEER)) { + /* verification */ + if(SSL_get_verify_result(dtio->ssl) == X509_V_OK) { + X509* x = SSL_get_peer_certificate(dtio->ssl); + if(!x) { + verbose(VERB_ALGO, "dnstap io, %s, SSL " + "connection failed no certificate", + dtio->ip_str); + return 0; + } + log_cert(VERB_ALGO, "dnstap io, peer certificate", + x); +#ifdef HAVE_SSL_GET0_PEERNAME + if(SSL_get0_peername(dtio->ssl)) { + verbose(VERB_ALGO, "dnstap io, %s, SSL " + "connection to %s authenticated", + dtio->ip_str, + SSL_get0_peername(dtio->ssl)); + } else { +#endif + verbose(VERB_ALGO, "dnstap io, %s, SSL " + "connection authenticated", + dtio->ip_str); +#ifdef HAVE_SSL_GET0_PEERNAME + } +#endif + X509_free(x); + } else { + X509* x = SSL_get_peer_certificate(dtio->ssl); + if(x) { + log_cert(VERB_ALGO, "dnstap io, peer " + "certificate", x); + X509_free(x); + } + verbose(VERB_ALGO, "dnstap io, %s, SSL connection " + "failed: failed to authenticate", + dtio->ip_str); + return 0; + } + } else { + /* unauthenticated, the verify peer flag was not set + * in ssl when the ssl object was created from ssl_ctx */ + verbose(VERB_ALGO, "dnstap io, %s, SSL connection", + dtio->ip_str); + } + return 1; +} +#endif /* HAVE_SSL */ + +#ifdef HAVE_SSL +/** perform ssl handshake, returns 1 if okay, 0 to stop */ +static int dtio_ssl_handshake(struct dt_io_thread* dtio, + struct stop_flush_info* info) +{ + int r; + if(dtio->ssl_brief_read) { + /* assume the brief read condition is satisfied, + * if we need more or again, we can set it again */ + if(!dtio_disable_brief_read(dtio)) { + if(info) dtio_stop_flush_exit(info); + return 0; + } + } + if(dtio->ssl_handshake_done) + return 1; + + ERR_clear_error(); + r = SSL_do_handshake(dtio->ssl); + if(r != 1) { + int want = SSL_get_error(dtio->ssl, r); + if(want == SSL_ERROR_WANT_READ) { + /* we want to read on the connection */ + if(!dtio_enable_brief_read(dtio)) { + if(info) dtio_stop_flush_exit(info); + return 0; + } + return 0; + } else if(want == SSL_ERROR_WANT_WRITE) { + /* we want to write on the connection */ + return 0; + } else if(r == 0) { + /* closed */ + if(info) dtio_stop_flush_exit(info); + dtio_del_output_event(dtio); + dtio_reconnect_slow(dtio, DTIO_RECONNECT_TIMEOUT_SLOW); + dtio_close_output(dtio); + return 0; + } else if(want == SSL_ERROR_SYSCALL) { + /* SYSCALL and errno==0 means closed uncleanly */ + int silent = 0; +#ifdef EPIPE + if(errno == EPIPE && verbosity < 2) + silent = 1; /* silence 'broken pipe' */ +#endif +#ifdef ECONNRESET + if(errno == ECONNRESET && verbosity < 2) + silent = 1; /* silence reset by peer */ +#endif + if(errno == 0) + silent = 1; + if(!silent) + log_err("dnstap io, SSL_handshake syscall: %s", + strerror(errno)); + /* closed */ + if(info) dtio_stop_flush_exit(info); + dtio_del_output_event(dtio); + dtio_reconnect_slow(dtio, DTIO_RECONNECT_TIMEOUT_SLOW); + dtio_close_output(dtio); + return 0; + } else { + unsigned long err = ERR_get_error(); + if(!squelch_err_ssl_handshake(err)) { + log_crypto_err_code("dnstap io, ssl handshake failed", + err); + verbose(VERB_OPS, "dnstap io, ssl handshake failed " + "from %s", dtio->ip_str); + } + /* closed */ + if(info) dtio_stop_flush_exit(info); + dtio_del_output_event(dtio); + dtio_reconnect_slow(dtio, DTIO_RECONNECT_TIMEOUT_SLOW); + dtio_close_output(dtio); + return 0; + } + + } + /* check peer verification */ + dtio->ssl_handshake_done = 1; + + if(!dtio_ssl_check_peer(dtio)) { + /* closed */ + if(info) dtio_stop_flush_exit(info); + dtio_del_output_event(dtio); + dtio_reconnect_slow(dtio, DTIO_RECONNECT_TIMEOUT_SLOW); + dtio_close_output(dtio); + return 0; + } + return 1; +} +#endif /* HAVE_SSL */ + +/** callback for the dnstap events, to write to the output */ +void dtio_output_cb(int ATTR_UNUSED(fd), short bits, void* arg) +{ + struct dt_io_thread* dtio = (struct dt_io_thread*)arg; + int i; + + if(dtio->check_nb_connect) { + int connect_err = dtio_check_nb_connect(dtio); + if(connect_err == -1) { + /* close the channel */ + dtio_del_output_event(dtio); + dtio_close_output(dtio); + return; + } else if(connect_err == 0) { + /* try again later */ + return; + } + /* nonblocking connect check passed, continue */ + } + +#ifdef HAVE_SSL + if(dtio->ssl && + (!dtio->ssl_handshake_done || dtio->ssl_brief_read)) { + if(!dtio_ssl_handshake(dtio, NULL)) + return; + } +#endif + + if((bits&UB_EV_READ || dtio->ssl_brief_write)) { + if(dtio->ssl_brief_write) + (void)dtio_disable_brief_write(dtio); + if(dtio->ready_frame_sent && !dtio->accept_frame_received) { + if(dtio_read_accept_frame(dtio) <= 0) + return; + } else if(!dtio_check_close(dtio)) + return; + } + + /* loop to process a number of messages. This improves throughput, + * because selecting on write-event if not needed for busy messages + * (dnstap log) generation and if they need to all be written back. + * The write event is usually not blocked up. But not forever, + * because the event loop needs to stay responsive for other events. + * If there are no (more) messages, or if the output buffers get + * full, it returns out of the loop. */ + for(i=0; i<DTIO_MESSAGES_PER_CALLBACK; i++) { + /* see if there are messages that need writing */ + if(!dtio->cur_msg) { + if(!dtio_find_msg(dtio)) { + if(i == 0) { + /* no messages on the first iteration, + * the queues are all empty */ + dtio_sleep(dtio); + } + return; /* nothing to do */ + } + } + + /* write it */ + if(dtio->cur_msg_done < dtio->cur_msg_len) { + if(!dtio_write_more(dtio)) + return; + } + + /* done with the current message */ + dtio_cur_msg_free(dtio); + + /* If this is a bidirectional stream the first message will be + * the READY control frame. We can only continue writing after + * receiving an ACCEPT control frame. */ + if(dtio->is_bidirectional && !dtio->ready_frame_sent) { + dtio->ready_frame_sent = 1; + (void)dtio_add_output_event_read(dtio); + break; + } + } +} + +/** callback for the dnstap commandpipe, to stop the dnstap IO */ +void dtio_cmd_cb(int fd, short ATTR_UNUSED(bits), void* arg) +{ + struct dt_io_thread* dtio = (struct dt_io_thread*)arg; + uint8_t cmd; + ssize_t r; + if(dtio->want_to_exit) + return; + r = read(fd, &cmd, sizeof(cmd)); + if(r == -1) { +#ifndef USE_WINSOCK + if(errno == EINTR || errno == EAGAIN) + return; /* ignore this */ + log_err("dnstap io: failed to read: %s", strerror(errno)); +#else + if(WSAGetLastError() == WSAEINPROGRESS) + return; + if(WSAGetLastError() == WSAEWOULDBLOCK) + return; + log_err("dnstap io: failed to read: %s", + wsa_strerror(WSAGetLastError())); +#endif + /* and then fall through to quit the thread */ + } else if(r == 0) { + verbose(VERB_ALGO, "dnstap io: cmd channel closed"); + } else if(r == 1 && cmd == DTIO_COMMAND_STOP) { + verbose(VERB_ALGO, "dnstap io: cmd channel cmd quit"); + } else if(r == 1 && cmd == DTIO_COMMAND_WAKEUP) { + verbose(VERB_ALGO, "dnstap io: cmd channel cmd wakeup"); + + if(dtio->is_bidirectional && !dtio->accept_frame_received) { + verbose(VERB_ALGO, "dnstap io: cmd wakeup ignored, " + "waiting for ACCEPT control frame"); + return; + } + + /* reregister event */ + if(!dtio_add_output_event_write(dtio)) + return; + return; + } else if(r == 1) { + verbose(VERB_ALGO, "dnstap io: cmd channel unknown command"); + } + dtio->want_to_exit = 1; + if(ub_event_base_loopexit((struct ub_event_base*)dtio->event_base) + != 0) { + log_err("dnstap io: could not loopexit"); + } +} + +#ifndef THREADS_DISABLED +/** setup the event base for the dnstap io thread */ +static void dtio_setup_base(struct dt_io_thread* dtio, time_t* secs, + struct timeval* now) +{ + memset(now, 0, sizeof(*now)); + dtio->event_base = ub_default_event_base(0, secs, now); + if(!dtio->event_base) { + fatal_exit("dnstap io: could not create event_base"); + } +} +#endif /* THREADS_DISABLED */ + +/** setup the cmd event for dnstap io */ +static void dtio_setup_cmd(struct dt_io_thread* dtio) +{ + struct ub_event* cmdev; + fd_set_nonblock(dtio->commandpipe[0]); + cmdev = ub_event_new(dtio->event_base, dtio->commandpipe[0], + UB_EV_READ | UB_EV_PERSIST, &dtio_cmd_cb, dtio); + if(!cmdev) { + fatal_exit("dnstap io: out of memory"); + } + dtio->command_event = cmdev; + if(ub_event_add(cmdev, NULL) != 0) { + fatal_exit("dnstap io: out of memory (adding event)"); + } +} + +/** setup the reconnect event for dnstap io */ +static void dtio_setup_reconnect(struct dt_io_thread* dtio) +{ + dtio_reconnect_clear(dtio); + dtio->reconnect_timer = ub_event_new(dtio->event_base, -1, + UB_EV_TIMEOUT, &dtio_reconnect_timeout_cb, dtio); + if(!dtio->reconnect_timer) { + fatal_exit("dnstap io: out of memory"); + } +} + +/** + * structure to keep track of information during stop flush + */ +struct stop_flush_info { + /** the event base during stop flush */ + struct ub_event_base* base; + /** did we already want to exit this stop-flush event base */ + int want_to_exit_flush; + /** has the timer fired */ + int timer_done; + /** the dtio */ + struct dt_io_thread* dtio; + /** the stop control frame */ + void* stop_frame; + /** length of the stop frame */ + size_t stop_frame_len; + /** how much we have done of the stop frame */ + size_t stop_frame_done; +}; + +/** exit the stop flush base */ +static void dtio_stop_flush_exit(struct stop_flush_info* info) +{ + if(info->want_to_exit_flush) + return; + info->want_to_exit_flush = 1; + if(ub_event_base_loopexit(info->base) != 0) { + log_err("dnstap io: could not loopexit"); + } +} + +/** send the stop control, + * return true if completed the frame. */ +static int dtio_control_stop_send(struct stop_flush_info* info) +{ + struct dt_io_thread* dtio = info->dtio; + int r; + if(info->stop_frame_done >= info->stop_frame_len) + return 1; + r = dtio_write_buf(dtio, ((uint8_t*)info->stop_frame) + + info->stop_frame_done, info->stop_frame_len - + info->stop_frame_done); + if(r == -1) { + verbose(VERB_ALGO, "dnstap io: stop flush: output closed"); + dtio_stop_flush_exit(info); + return 0; + } + if(r == 0) { + /* try again later, or timeout */ + return 0; + } + info->stop_frame_done += r; + if(info->stop_frame_done < info->stop_frame_len) + return 0; /* not done yet */ + return 1; +} + +void dtio_stop_timer_cb(int ATTR_UNUSED(fd), short ATTR_UNUSED(bits), + void* arg) +{ + struct stop_flush_info* info = (struct stop_flush_info*)arg; + if(info->want_to_exit_flush) + return; + verbose(VERB_ALGO, "dnstap io: stop flush timer expired, stop flush"); + info->timer_done = 1; + dtio_stop_flush_exit(info); +} + +void dtio_stop_ev_cb(int ATTR_UNUSED(fd), short bits, void* arg) +{ + struct stop_flush_info* info = (struct stop_flush_info*)arg; + struct dt_io_thread* dtio = info->dtio; + if(info->want_to_exit_flush) + return; + if(dtio->check_nb_connect) { + /* we don't start the stop_flush if connect still + * in progress, but the check code is here, just in case */ + int connect_err = dtio_check_nb_connect(dtio); + if(connect_err == -1) { + /* close the channel, exit the stop flush */ + dtio_stop_flush_exit(info); + dtio_del_output_event(dtio); + dtio_close_output(dtio); + return; + } else if(connect_err == 0) { + /* try again later */ + return; + } + /* nonblocking connect check passed, continue */ + } +#ifdef HAVE_SSL + if(dtio->ssl && + (!dtio->ssl_handshake_done || dtio->ssl_brief_read)) { + if(!dtio_ssl_handshake(dtio, info)) + return; + } +#endif + + if((bits&UB_EV_READ)) { + if(!dtio_check_close(dtio)) { + if(dtio->fd == -1) { + verbose(VERB_ALGO, "dnstap io: " + "stop flush: output closed"); + dtio_stop_flush_exit(info); + } + return; + } + } + /* write remainder of last frame */ + if(dtio->cur_msg) { + if(dtio->cur_msg_done < dtio->cur_msg_len) { + if(!dtio_write_more(dtio)) { + if(dtio->fd == -1) { + verbose(VERB_ALGO, "dnstap io: " + "stop flush: output closed"); + dtio_stop_flush_exit(info); + } + return; + } + } + verbose(VERB_ALGO, "dnstap io: stop flush completed " + "last frame"); + dtio_cur_msg_free(dtio); + } + /* write stop frame */ + if(info->stop_frame_done < info->stop_frame_len) { + if(!dtio_control_stop_send(info)) + return; + verbose(VERB_ALGO, "dnstap io: stop flush completed " + "stop control frame"); + } + /* when last frame and stop frame are sent, exit */ + dtio_stop_flush_exit(info); +} + +/** flush at end, last packet and stop control */ +static void dtio_control_stop_flush(struct dt_io_thread* dtio) +{ + /* briefly attempt to flush the previous packet to the output, + * this could be a partial packet, or even the start control frame */ + time_t secs = 0; + struct timeval now; + struct stop_flush_info info; + struct timeval tv; + struct ub_event* timer, *stopev; + + if(dtio->fd == -1 || dtio->check_nb_connect) { + /* no connection or we have just connected, so nothing is + * sent yet, so nothing to stop or flush */ + return; + } + if(dtio->ssl && !dtio->ssl_handshake_done) { + /* no SSL connection has been established yet */ + return; + } + + memset(&info, 0, sizeof(info)); + memset(&now, 0, sizeof(now)); + info.dtio = dtio; + info.base = ub_default_event_base(0, &secs, &now); + if(!info.base) { + log_err("dnstap io: malloc failure"); + return; + } + timer = ub_event_new(info.base, -1, UB_EV_TIMEOUT, + &dtio_stop_timer_cb, &info); + if(!timer) { + log_err("dnstap io: malloc failure"); + ub_event_base_free(info.base); + return; + } + memset(&tv, 0, sizeof(tv)); + tv.tv_sec = 2; + if(ub_timer_add(timer, info.base, &dtio_stop_timer_cb, &info, + &tv) != 0) { + log_err("dnstap io: cannot event_timer_add"); + ub_event_free(timer); + ub_event_base_free(info.base); + return; + } + stopev = ub_event_new(info.base, dtio->fd, UB_EV_READ | + UB_EV_WRITE | UB_EV_PERSIST, &dtio_stop_ev_cb, &info); + if(!stopev) { + log_err("dnstap io: malloc failure"); + ub_timer_del(timer); + ub_event_free(timer); + ub_event_base_free(info.base); + return; + } + if(ub_event_add(stopev, NULL) != 0) { + log_err("dnstap io: cannot event_add"); + ub_event_free(stopev); + ub_timer_del(timer); + ub_event_free(timer); + ub_event_base_free(info.base); + return; + } + info.stop_frame = fstrm_create_control_frame_stop( + &info.stop_frame_len); + if(!info.stop_frame) { + log_err("dnstap io: malloc failure"); + ub_event_del(stopev); + ub_event_free(stopev); + ub_timer_del(timer); + ub_event_free(timer); + ub_event_base_free(info.base); + return; + } + dtio->stop_flush_event = stopev; + + /* wait briefly, or until finished */ + verbose(VERB_ALGO, "dnstap io: stop flush started"); + if(ub_event_base_dispatch(info.base) < 0) { + log_err("dnstap io: dispatch flush failed, errno is %s", + strerror(errno)); + } + verbose(VERB_ALGO, "dnstap io: stop flush ended"); + free(info.stop_frame); + dtio->stop_flush_event = NULL; + ub_event_del(stopev); + ub_event_free(stopev); + ub_timer_del(timer); + ub_event_free(timer); + ub_event_base_free(info.base); +} + +/** perform desetup and free stuff when the dnstap io thread exits */ +static void dtio_desetup(struct dt_io_thread* dtio) +{ + dtio_control_stop_flush(dtio); + dtio_del_output_event(dtio); + dtio_close_output(dtio); + ub_event_del(dtio->command_event); + ub_event_free(dtio->command_event); +#ifndef USE_WINSOCK + close(dtio->commandpipe[0]); +#else + _close(dtio->commandpipe[0]); +#endif + dtio->commandpipe[0] = -1; + dtio_reconnect_del(dtio); + ub_event_free(dtio->reconnect_timer); + dtio_cur_msg_free(dtio); +#ifndef THREADS_DISABLED + ub_event_base_free(dtio->event_base); +#endif +} + +/** setup a start control message */ +static int dtio_control_start_send(struct dt_io_thread* dtio) +{ + log_assert(dtio->cur_msg == NULL && dtio->cur_msg_len == 0); + dtio->cur_msg = fstrm_create_control_frame_start(DNSTAP_CONTENT_TYPE, + &dtio->cur_msg_len); + if(!dtio->cur_msg) { + return 0; + } + /* setup to send the control message */ + /* set that the buffer needs to be sent, but the length + * of that buffer is already written, that way the buffer can + * start with 0 length and then the length of the control frame + * in it */ + dtio->cur_msg_done = 0; + dtio->cur_msg_len_done = 4; + return 1; +} + +/** setup a ready control message */ +static int dtio_control_ready_send(struct dt_io_thread* dtio) +{ + log_assert(dtio->cur_msg == NULL && dtio->cur_msg_len == 0); + dtio->cur_msg = fstrm_create_control_frame_ready(DNSTAP_CONTENT_TYPE, + &dtio->cur_msg_len); + if(!dtio->cur_msg) { + return 0; + } + /* setup to send the control message */ + /* set that the buffer needs to be sent, but the length + * of that buffer is already written, that way the buffer can + * start with 0 length and then the length of the control frame + * in it */ + dtio->cur_msg_done = 0; + dtio->cur_msg_len_done = 4; + return 1; +} + +/** open the output file descriptor for af_local */ +static int dtio_open_output_local(struct dt_io_thread* dtio) +{ +#ifdef HAVE_SYS_UN_H + struct sockaddr_un s; + dtio->fd = socket(AF_LOCAL, SOCK_STREAM, 0); + if(dtio->fd == -1) { +#ifndef USE_WINSOCK + log_err("dnstap io: failed to create socket: %s", + strerror(errno)); +#else + log_err("dnstap io: failed to create socket: %s", + wsa_strerror(WSAGetLastError())); +#endif + return 0; + } + memset(&s, 0, sizeof(s)); +#ifdef HAVE_STRUCT_SOCKADDR_UN_SUN_LEN + /* this member exists on BSDs, not Linux */ + s.sun_len = (unsigned)sizeof(s); +#endif + s.sun_family = AF_LOCAL; + /* length is 92-108, 104 on FreeBSD */ + (void)strlcpy(s.sun_path, dtio->socket_path, sizeof(s.sun_path)); + fd_set_nonblock(dtio->fd); + if(connect(dtio->fd, (struct sockaddr*)&s, (socklen_t)sizeof(s)) + == -1) { + char* to = dtio->socket_path; +#ifndef USE_WINSOCK + log_err("dnstap io: failed to connect to \"%s\": %s", + to, strerror(errno)); +#else + log_err("dnstap io: failed to connect to \"%s\": %s", + to, wsa_strerror(WSAGetLastError())); +#endif + dtio_close_fd(dtio); + return 0; + } + return 1; +#else + log_err("cannot create af_local socket"); + return 0; +#endif /* HAVE_SYS_UN_H */ +} + +/** open the output file descriptor for af_inet and af_inet6 */ +static int dtio_open_output_tcp(struct dt_io_thread* dtio) +{ + struct sockaddr_storage addr; + socklen_t addrlen; + memset(&addr, 0, sizeof(addr)); + addrlen = (socklen_t)sizeof(addr); + + if(!extstrtoaddr(dtio->ip_str, &addr, &addrlen)) { + log_err("could not parse IP '%s'", dtio->ip_str); + return 0; + } + dtio->fd = socket(addr.ss_family, SOCK_STREAM, 0); + if(dtio->fd == -1) { +#ifndef USE_WINSOCK + log_err("can't create socket: %s", strerror(errno)); +#else + log_err("can't create socket: %s", + wsa_strerror(WSAGetLastError())); +#endif + return 0; + } + fd_set_nonblock(dtio->fd); + if(connect(dtio->fd, (struct sockaddr*)&addr, addrlen) == -1) { + if(errno == EINPROGRESS) + return 1; /* wait until connect done*/ +#ifndef USE_WINSOCK + if(tcp_connect_errno_needs_log( + (struct sockaddr *)&addr, addrlen)) { + log_err("dnstap io: failed to connect to %s: %s", + dtio->ip_str, strerror(errno)); + } +#else + if(WSAGetLastError() == WSAEINPROGRESS || + WSAGetLastError() == WSAEWOULDBLOCK) + return 1; /* wait until connect done*/ + if(tcp_connect_errno_needs_log( + (struct sockaddr *)&addr, addrlen)) { + log_err("dnstap io: failed to connect to %s: %s", + dtio->ip_str, wsa_strerror(WSAGetLastError())); + } +#endif + dtio_close_fd(dtio); + return 0; + } + return 1; +} + +/** setup the SSL structure for new connection */ +static int dtio_setup_ssl(struct dt_io_thread* dtio) +{ + dtio->ssl = outgoing_ssl_fd(dtio->ssl_ctx, dtio->fd); + if(!dtio->ssl) return 0; + dtio->ssl_handshake_done = 0; + dtio->ssl_brief_read = 0; + + if(!set_auth_name_on_ssl(dtio->ssl, dtio->tls_server_name, + dtio->tls_use_sni)) { + return 0; + } + return 1; +} + +/** open the output file descriptor */ +static void dtio_open_output(struct dt_io_thread* dtio) +{ + struct ub_event* ev; + if(dtio->upstream_is_unix) { + if(!dtio_open_output_local(dtio)) { + dtio_reconnect_enable(dtio); + return; + } + } else if(dtio->upstream_is_tcp || dtio->upstream_is_tls) { + if(!dtio_open_output_tcp(dtio)) { + dtio_reconnect_enable(dtio); + return; + } + if(dtio->upstream_is_tls) { + if(!dtio_setup_ssl(dtio)) { + dtio_close_fd(dtio); + dtio_reconnect_enable(dtio); + return; + } + } + } + dtio->check_nb_connect = 1; + + /* the EV_READ is to read ACCEPT control messages, and catch channel + * close. EV_WRITE is to write packets */ + ev = ub_event_new(dtio->event_base, dtio->fd, + UB_EV_READ | UB_EV_WRITE | UB_EV_PERSIST, &dtio_output_cb, + dtio); + if(!ev) { + log_err("dnstap io: out of memory"); + if(dtio->ssl) { +#ifdef HAVE_SSL + SSL_free(dtio->ssl); + dtio->ssl = NULL; +#endif + } + dtio_close_fd(dtio); + dtio_reconnect_enable(dtio); + return; + } + dtio->event = ev; + + /* setup protocol control message to start */ + if((!dtio->is_bidirectional && !dtio_control_start_send(dtio)) || + (dtio->is_bidirectional && !dtio_control_ready_send(dtio)) ) { + log_err("dnstap io: out of memory"); + ub_event_free(dtio->event); + dtio->event = NULL; + if(dtio->ssl) { +#ifdef HAVE_SSL + SSL_free(dtio->ssl); + dtio->ssl = NULL; +#endif + } + dtio_close_fd(dtio); + dtio_reconnect_enable(dtio); + return; + } +} + +/** perform the setup of the writer thread on the established event_base */ +static void dtio_setup_on_base(struct dt_io_thread* dtio) +{ + dtio_setup_cmd(dtio); + dtio_setup_reconnect(dtio); + dtio_open_output(dtio); + if(!dtio_add_output_event_write(dtio)) + return; +} + +#ifndef THREADS_DISABLED +/** the IO thread function for the DNSTAP IO */ +static void* dnstap_io(void* arg) +{ + struct dt_io_thread* dtio = (struct dt_io_thread*)arg; + time_t secs = 0; + struct timeval now; + log_thread_set(&dtio->threadnum); + + /* setup */ + verbose(VERB_ALGO, "start dnstap io thread"); + dtio_setup_base(dtio, &secs, &now); + dtio_setup_on_base(dtio); + + /* run */ + if(ub_event_base_dispatch(dtio->event_base) < 0) { + log_err("dnstap io: dispatch failed, errno is %s", + strerror(errno)); + } + + /* cleanup */ + verbose(VERB_ALGO, "stop dnstap io thread"); + dtio_desetup(dtio); + return NULL; +} +#endif /* THREADS_DISABLED */ + +int dt_io_thread_start(struct dt_io_thread* dtio, void* event_base_nothr, + int numworkers) +{ + /* set up the thread, can fail */ +#ifndef USE_WINSOCK + if(pipe(dtio->commandpipe) == -1) { + log_err("failed to create pipe: %s", strerror(errno)); + return 0; + } +#else + if(_pipe(dtio->commandpipe, 4096, _O_BINARY) == -1) { + log_err("failed to create _pipe: %s", + wsa_strerror(WSAGetLastError())); + return 0; + } +#endif + + /* start the thread */ + dtio->threadnum = numworkers+1; + dtio->started = 1; +#ifndef THREADS_DISABLED + ub_thread_create(&dtio->tid, dnstap_io, dtio); + (void)event_base_nothr; +#else + dtio->event_base = event_base_nothr; + dtio_setup_on_base(dtio); +#endif + return 1; +} + +void dt_io_thread_stop(struct dt_io_thread* dtio) +{ +#ifndef THREADS_DISABLED + uint8_t cmd = DTIO_COMMAND_STOP; +#endif + if(!dtio) return; + if(!dtio->started) return; + verbose(VERB_ALGO, "dnstap io: send stop cmd"); + +#ifndef THREADS_DISABLED + while(1) { + ssize_t r = write(dtio->commandpipe[1], &cmd, sizeof(cmd)); + if(r == -1) { +#ifndef USE_WINSOCK + if(errno == EINTR || errno == EAGAIN) + continue; + log_err("dnstap io stop: write: %s", strerror(errno)); +#else + if(WSAGetLastError() == WSAEINPROGRESS) + continue; + if(WSAGetLastError() == WSAEWOULDBLOCK) + continue; + log_err("dnstap io stop: write: %s", + wsa_strerror(WSAGetLastError())); +#endif + break; + } + break; + } + dtio->started = 0; +#endif /* THREADS_DISABLED */ + +#ifndef USE_WINSOCK + close(dtio->commandpipe[1]); +#else + _close(dtio->commandpipe[1]); +#endif + dtio->commandpipe[1] = -1; +#ifndef THREADS_DISABLED + ub_thread_join(dtio->tid); +#else + dtio->want_to_exit = 1; + dtio_desetup(dtio); +#endif +} diff --git a/dnstap/dtstream.h b/dnstap/dtstream.h new file mode 100644 index 000000000000..ede491f30d3e --- /dev/null +++ b/dnstap/dtstream.h @@ -0,0 +1,341 @@ +/* + * dnstap/dtstream.h - Frame Streams thread for unbound DNSTAP + * + * Copyright (c) 2020, NLnet Labs. All rights reserved. + * + * This software is open source. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * Neither the name of the NLNET LABS nor the names of its contributors may + * be used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +/** + * \file + * + * An implementation of the Frame Streams data transport protocol for + * the Unbound DNSTAP message logging facility. + */ + +#ifndef DTSTREAM_H +#define DTSTREAM_H + +#include "util/locks.h" +struct dt_msg_entry; +struct dt_io_list_item; +struct dt_io_thread; +struct config_file; + +/** + * A message buffer with dnstap messages queued up. It is per-worker. + * It has locks to synchronize. If the buffer is full, a new message + * cannot be added and is discarded. A thread reads the messages and sends + * them. + */ +struct dt_msg_queue { + /** lock of the buffer structure. Hold this lock to add or remove + * entries to the buffer. Release it so that other threads can also + * put messages to log, or a message can be taken out to send away + * by the writer thread. + */ + lock_basic_type lock; + /** the maximum size of the buffer, in bytes */ + size_t maxsize; + /** current size of the buffer, in bytes. data bytes of messages. + * If a new message make it more than maxsize, the buffer is full */ + size_t cursize; + /** list of messages. The messages are added to the back and taken + * out from the front. */ + struct dt_msg_entry* first, *last; + /** reference to the io thread to wakeup */ + struct dt_io_thread* dtio; +}; + +/** + * An entry in the dt_msg_queue. contains one DNSTAP message. + * It is malloced. + */ +struct dt_msg_entry { + /** next in the list. */ + struct dt_msg_entry* next; + /** the buffer with the data to send, an encoded DNSTAP message */ + void* buf; + /** the length to send. */ + size_t len; +}; + +/** + * Containing buffer and counter for reading DNSTAP frames. + */ +struct dt_frame_read_buf { + /** Buffer containing frame, except length counter(s). */ + void* buf; + /** Number of bytes written to buffer. */ + size_t buf_count; + /** Capacity of the buffer. */ + size_t buf_cap; + + /** Frame length field. Will contain the 2nd length field for control + * frames. */ + uint32_t frame_len; + /** Number of bytes that have been written to the frame_length field. */ + size_t frame_len_done; + + /** Set to 1 if this is a control frame, 0 otherwise (ie data frame). */ + int control_frame; +}; + +/** + * IO thread that reads from the queues and writes them. + */ +struct dt_io_thread { + /** the thread number for the dtio thread, + * must be first to cast thread arg to int* in checklock code. */ + int threadnum; + /** event base, for event handling */ + void* event_base; + /** list of queues that is registered to get written */ + struct dt_io_list_item* io_list; + /** iterator point in the io_list, to pick from them in a + * round-robin fashion, instead of only from the first when busy. + * if NULL it means start at the start of the list. */ + struct dt_io_list_item* io_list_iter; + /** thread id, of the io thread */ + ub_thread_type tid; + /** if the io processing has started */ + int started; + /** ssl context for the io thread, for tls connections. type SSL_CTX* */ + void* ssl_ctx; + /** if SNI will be used for TLS connections. */ + int tls_use_sni; + + /** file descriptor that the thread writes to */ + int fd; + /** event structure that the thread uses */ + void* event; + /** the event is added */ + int event_added; + /** event added is a write event */ + int event_added_is_write; + /** check for nonblocking connect errors on fd */ + int check_nb_connect; + /** ssl for current connection, type SSL* */ + void* ssl; + /** true if the handshake for SSL is done, 0 if not */ + int ssl_handshake_done; + /** true if briefly the SSL wants a read event, 0 if not. + * This happens during negotiation, we then do not want to write, + * but wait for a read event. */ + int ssl_brief_read; + /** true if SSL_read is waiting for a write event. Set back to 0 after + * single write event is handled. */ + int ssl_brief_write; + + /** the buffer that currently getting written, or NULL if no + * (partial) message written now */ + void* cur_msg; + /** length of the current message */ + size_t cur_msg_len; + /** number of bytes written for the current message */ + size_t cur_msg_done; + /** number of bytes of the length that have been written, + * for the current message length that precedes the frame */ + size_t cur_msg_len_done; + + /** command pipe that stops the pipe if closed. Used to quit + * the program. [0] is read, [1] is written to. */ + int commandpipe[2]; + /** the event to listen to the commandpipe */ + void* command_event; + /** the io thread wants to exit */ + int want_to_exit; + + /** in stop flush, this is nonNULL and references the stop_ev */ + void* stop_flush_event; + + /** the timer event for connection retries */ + void* reconnect_timer; + /** if the reconnect timer is added to the event base */ + int reconnect_is_added; + /** the current reconnection timeout, it is increased with + * exponential backoff, in msec */ + int reconnect_timeout; + + /** If the log server is connected to over unix domain sockets, + * eg. a file is named that is created to log onto. */ + int upstream_is_unix; + /** if the log server is connected to over TCP. The ip address and + * port are used */ + int upstream_is_tcp; + /** if the log server is connected to over TLS. ip address, port, + * and client certificates can be used for authentication. */ + int upstream_is_tls; + + /** Perform bidirectional Frame Streams handshake before sending + * messages. */ + int is_bidirectional; + /** Set if the READY control frame has been sent. */ + int ready_frame_sent; + /** Set if valid ACCEPT frame is received. */ + int accept_frame_received; + /** (partially) read frame */ + struct dt_frame_read_buf read_frame; + + /** the file path for unix socket (or NULL) */ + char* socket_path; + /** the ip address and port number (or NULL) */ + char* ip_str; + /** is the TLS upstream authenticated by name, if nonNULL, + * we use the same cert bundle as used by other TLS streams. */ + char* tls_server_name; + /** are client certificates in use */ + int use_client_certs; + /** client cert files: the .key file */ + char* client_key_file; + /** client cert files: the .pem file */ + char* client_cert_file; +}; + +/** + * IO thread list of queues list item + * lists a worker queue that should be looked at and sent to the log server. + */ +struct dt_io_list_item { + /** next in the list of buffers to inspect */ + struct dt_io_list_item* next; + /** buffer of this worker */ + struct dt_msg_queue* queue; +}; + +/** + * Create new (empty) worker message queue. Limit set to default on max. + * @return NULL on malloc failure or a new queue (not locked). + */ +struct dt_msg_queue* dt_msg_queue_create(void); + +/** + * Delete a worker message queue. It has to be unlinked from access, + * so it can be deleted without lock worries. The queue is emptied (deleted). + * @param mq: message queue. + */ +void dt_msg_queue_delete(struct dt_msg_queue* mq); + +/** + * Submit a message to the queue. The queue is locked by the routine, + * the message is inserted, and then the queue is unlocked so the + * message can be picked up by the writer thread. + * @param mq: message queue. + * @param buf: buffer with message (dnstap contents). + * The buffer must have been malloced by caller. It is linked in + * the queue, and is free()d after use. If the routine fails + * the buffer is freed as well (and nothing happens, the item + * could not be logged). + * @param len: length of buffer. + */ +void dt_msg_queue_submit(struct dt_msg_queue* mq, void* buf, size_t len); + +/** + * Create IO thread. + * @return new io thread object. not yet started. or NULL malloc failure. + */ +struct dt_io_thread* dt_io_thread_create(void); + +/** + * Delete the IO thread structure. + * @param dtio: the io thread that is deleted. It must not be running. + */ +void dt_io_thread_delete(struct dt_io_thread* dtio); + +/** + * Apply config to the dtio thread + * @param dtio: io thread, not yet started. + * @param cfg: config file struct. + * @return false on malloc failure. + */ +int dt_io_thread_apply_cfg(struct dt_io_thread* dtio, + struct config_file *cfg); + +/** + * Register a msg queue to the io thread. It will be polled to see if + * there are messages and those then get removed and sent, when the thread + * is running. + * @param dtio: the io thread. + * @param mq: message queue to register. + * @return false on failure (malloc failure). + */ +int dt_io_thread_register_queue(struct dt_io_thread* dtio, + struct dt_msg_queue* mq); + +/** + * Unregister queue from io thread. + * @param dtio: the io thread. + * @param mq: message queue. + */ +void dt_io_thread_unregister_queue(struct dt_io_thread* dtio, + struct dt_msg_queue* mq); + +/** + * Start the io thread + * @param dtio: the io thread. + * @param event_base_nothr: the event base to attach the events to, in case + * we are running without threads. With threads, this is ignored + * and a thread is started to process the dnstap log messages. + * @param numworkers: number of worker threads. The dnstap io thread is + * that number +1 as the threadnumber (in logs). + * @return false on failure. + */ +int dt_io_thread_start(struct dt_io_thread* dtio, void* event_base_nothr, + int numworkers); + +/** + * Stop the io thread + * @param dtio: the io thread. + */ +void dt_io_thread_stop(struct dt_io_thread* dtio); + +/** callback for the dnstap reconnect, to start reconnecting to output */ +void dtio_reconnect_timeout_cb(int fd, short bits, void* arg); + +/** callback for the dnstap events, to write to the output */ +void dtio_output_cb(int fd, short bits, void* arg); + +/** callback for the dnstap commandpipe, to stop the dnstap IO */ +void dtio_cmd_cb(int fd, short bits, void* arg); + +/** callback for the timer when the thread stops and wants to finish up */ +void dtio_stop_timer_cb(int fd, short bits, void* arg); + +/** callback for the output when the thread stops and wants to finish up */ +void dtio_stop_ev_cb(int fd, short bits, void* arg); + +/** callback for unbound-dnstap-socket */ +void dtio_tap_callback(int fd, short bits, void* arg); + +/** callback for unbound-dnstap-socket */ +void dtio_mainfdcallback(int fd, short bits, void* arg); + +#endif /* DTSTREAM_H */ diff --git a/dnstap/unbound-dnstap-socket.c b/dnstap/unbound-dnstap-socket.c new file mode 100644 index 000000000000..44a0eda95994 --- /dev/null +++ b/dnstap/unbound-dnstap-socket.c @@ -0,0 +1,1594 @@ +/* + * dnstap/unbound-dnstap-socket.c - debug program that listens for DNSTAP logs. + * + * Copyright (c) 2020, NLnet Labs. All rights reserved. + * + * This software is open source. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * Neither the name of the NLNET LABS nor the names of its contributors may + * be used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/** + * \file + * + * This program listens on a DNSTAP socket for logged messages. + */ +#include "config.h" +#ifdef HAVE_GETOPT_H +#include <getopt.h> +#endif +#include <signal.h> +#include <stdlib.h> +#include <unistd.h> +#include <signal.h> +#include <ctype.h> +#ifdef HAVE_SYS_UN_H +#include <sys/un.h> +#endif +#include <openssl/ssl.h> +#include <openssl/rand.h> +#include <openssl/err.h> +#include "dnstap/dtstream.h" +#include "dnstap/dnstap_fstrm.h" +#include "util/log.h" +#include "util/ub_event.h" +#include "util/net_help.h" +#include "services/listen_dnsport.h" +#include "sldns/sbuffer.h" +#include "sldns/wire2str.h" +#ifdef USE_DNSTAP +#include <protobuf-c/protobuf-c.h> +#include "dnstap/dnstap.pb-c.h" +#endif /* USE_DNSTAP */ +#include "util/config_file.h" + +/** listen backlog on TCP connections for dnstap logs */ +#define LISTEN_BACKLOG 16 + +/** usage information for streamtcp */ +static void usage(char* argv[]) +{ + printf("usage: %s [options]\n", argv[0]); + printf(" Listen to dnstap messages\n"); + printf("stdout has dnstap log, stderr has verbose server log\n"); + printf("-u <socketpath> listen to unix socket with this file name\n"); + printf("-s <serverip[@port]> listen for TCP on the IP and port\n"); + printf("-t <serverip[@port]> listen for TLS on IP and port\n"); + printf("-x <server.key> server key file for TLS service\n"); + printf("-y <server.pem> server cert file for TLS service\n"); + printf("-z <verify.pem> cert file to verify client connections\n"); + printf("-l long format for DNS printout\n"); + printf("-v more verbose log output\n"); + printf("-h this help text\n"); + exit(1); +} + +/** long format option, for multiline printout per message */ +static int longformat = 0; + +struct tap_socket_list; +struct tap_socket; +/** main tap callback data */ +struct main_tap_data { + /** the event base (to loopexit) */ + struct ub_event_base* base; + /** the list of accept sockets */ + struct tap_socket_list* acceptlist; +}; + +/** tap callback variables */ +struct tap_data { + /** the fd */ + int fd; + /** the ub event */ + struct ub_event* ev; + /** the SSL for TLS streams */ + SSL* ssl; + /** is the ssl handshake done */ + int ssl_handshake_done; + /** we are briefly waiting to write (in the struct event) */ + int ssl_brief_write; + /** string that identifies the socket (or NULL), like IP address */ + char* id; + /** have we read the length, and how many bytes of it */ + int len_done; + /** have we read the data, and how many bytes of it */ + size_t data_done; + /** are we reading a control frame */ + int control_frame; + /** are we bi-directional (if false, uni-directional) */ + int is_bidirectional; + /** data of the frame */ + uint8_t* frame; + /** length of this frame */ + size_t len; +}; + +/** list of sockets */ +struct tap_socket_list { + /** next in list */ + struct tap_socket_list* next; + /** the socket */ + struct tap_socket* s; +}; + +/** tap socket */ +struct tap_socket { + /** fd of socket */ + int fd; + /** the event for it */ + struct ub_event *ev; + /** has the event been added */ + int ev_added; + /** the callback, for the event, ev_cb(fd, bits, arg) */ + void (*ev_cb)(int, short, void*); + /** data element, (arg for the tap_socket struct) */ + void* data; + /** socketpath, if this is an AF_LOCAL socket */ + char* socketpath; + /** IP, if this is a TCP socket */ + char* ip; + /** for a TLS socket, the tls context */ + SSL_CTX* sslctx; +}; + +/** del the tap event */ +static void tap_socket_delev(struct tap_socket* s) +{ + if(!s) return; + if(!s->ev) return; + if(!s->ev_added) return; + ub_event_del(s->ev); + s->ev_added = 0; +} + +/** close the tap socket */ +static void tap_socket_close(struct tap_socket* s) +{ + if(!s) return; + if(s->fd == -1) return; + close(s->fd); + s->fd = -1; +} + +/** delete tap socket */ +static void tap_socket_delete(struct tap_socket* s) +{ + if(!s) return; +#ifdef HAVE_SSL + SSL_CTX_free(s->sslctx); +#endif + ub_event_free(s->ev); + free(s->socketpath); + free(s->ip); + free(s); +} + +/** create new socket (unconnected, not base-added), or NULL malloc fail */ +static struct tap_socket* tap_socket_new_local(char* socketpath, + void (*ev_cb)(int, short, void*), void* data) +{ + struct tap_socket* s = calloc(1, sizeof(*s)); + if(!s) { + log_err("malloc failure"); + return NULL; + } + s->socketpath = strdup(socketpath); + if(!s->socketpath) { + free(s); + log_err("malloc failure"); + return NULL; + } + s->fd = -1; + s->ev_cb = ev_cb; + s->data = data; + return s; +} + +/** create new socket (unconnected, not base-added), or NULL malloc fail */ +static struct tap_socket* tap_socket_new_tcpaccept(char* ip, + void (*ev_cb)(int, short, void*), void* data) +{ + struct tap_socket* s = calloc(1, sizeof(*s)); + if(!s) { + log_err("malloc failure"); + return NULL; + } + s->ip = strdup(ip); + if(!s->ip) { + free(s); + log_err("malloc failure"); + return NULL; + } + s->fd = -1; + s->ev_cb = ev_cb; + s->data = data; + return s; +} + +/** create new socket (unconnected, not base-added), or NULL malloc fail */ +static struct tap_socket* tap_socket_new_tlsaccept(char* ip, + void (*ev_cb)(int, short, void*), void* data, char* server_key, + char* server_cert, char* verifypem) +{ + struct tap_socket* s = calloc(1, sizeof(*s)); + if(!s) { + log_err("malloc failure"); + return NULL; + } + s->ip = strdup(ip); + if(!s->ip) { + free(s); + log_err("malloc failure"); + return NULL; + } + s->fd = -1; + s->ev_cb = ev_cb; + s->data = data; + s->sslctx = listen_sslctx_create(server_key, server_cert, verifypem); + if(!s->sslctx) { + log_err("could not create ssl context"); + free(s->ip); + free(s); + return NULL; + } + return s; +} + +/** setup tcp accept socket on IP string */ +static int make_tcp_accept(char* ip) +{ +#ifdef SO_REUSEADDR + int on = 1; +#endif + struct sockaddr_storage addr; + socklen_t len; + int s; + + memset(&addr, 0, sizeof(addr)); + len = (socklen_t)sizeof(addr); + if(!extstrtoaddr(ip, &addr, &len)) { + log_err("could not parse IP '%s'", ip); + return -1; + } + + if((s = socket(addr.ss_family, SOCK_STREAM, 0)) == -1) { +#ifndef USE_WINSOCK + log_err("can't create socket: %s", strerror(errno)); +#else + log_err("can't create socket: %s", + wsa_strerror(WSAGetLastError())); +#endif + return -1; + } +#ifdef SO_REUSEADDR + if(setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void*)&on, + (socklen_t)sizeof(on)) < 0) { +#ifndef USE_WINSOCK + log_err("setsockopt(.. SO_REUSEADDR ..) failed: %s", + strerror(errno)); + close(s); +#else + log_err("setsockopt(.. SO_REUSEADDR ..) failed: %s", + wsa_strerror(WSAGetLastError())); + closesocket(s); +#endif + return -1; + } +#endif /* SO_REUSEADDR */ + if(bind(s, (struct sockaddr*)&addr, len) != 0) { +#ifndef USE_WINSOCK + log_err_addr("can't bind socket", strerror(errno), + &addr, len); + close(s); +#else + log_err_addr("can't bind socket", + wsa_strerror(WSAGetLastError()), &addr, len); + closesocket(s); +#endif + return -1; + } + if(!fd_set_nonblock(s)) { +#ifndef USE_WINSOCK + close(s); +#else + closesocket(s); +#endif + return -1; + } + if(listen(s, LISTEN_BACKLOG) == -1) { +#ifndef USE_WINSOCK + log_err("can't listen: %s", strerror(errno)); + close(s); +#else + log_err("can't listen: %s", wsa_strerror(WSAGetLastError())); + closesocket(s); +#endif + return -1; + } + return s; +} + +/** setup socket on event base */ +static int tap_socket_setup(struct tap_socket* s, struct ub_event_base* base) +{ + if(s->socketpath) { + /* AF_LOCAL accept socket */ + s->fd = create_local_accept_sock(s->socketpath, NULL, 0); + if(s->fd == -1) { + log_err("could not create local socket"); + return 0; + } + } else if(s->ip || s->sslctx) { + /* TCP accept socket */ + s->fd = make_tcp_accept(s->ip); + if(s->fd == -1) { + log_err("could not create tcp socket"); + return 0; + } + } + s->ev = ub_event_new(base, s->fd, UB_EV_READ | UB_EV_PERSIST, + s->ev_cb, s); + if(!s->ev) { + log_err("could not ub_event_new"); + return 0; + } + if(ub_event_add(s->ev, NULL) != 0) { + log_err("could not ub_event_add"); + return 0; + } + s->ev_added = 1; + return 1; +} + +/** add tap socket to list */ +static int tap_socket_list_insert(struct tap_socket_list** liststart, + struct tap_socket* s) +{ + struct tap_socket_list* entry = (struct tap_socket_list*) + malloc(sizeof(*entry)); + if(!entry) + return 0; + entry->next = *liststart; + entry->s = s; + *liststart = entry; + return 1; +} + +/** delete the list */ +static void tap_socket_list_delete(struct tap_socket_list* list) +{ + struct tap_socket_list* e = list, *next; + while(e) { + next = e->next; + tap_socket_delev(e->s); + tap_socket_close(e->s); + tap_socket_delete(e->s); + free(e); + e = next; + } +} + +/** setup accept events */ +static int tap_socket_list_addevs(struct tap_socket_list* list, + struct ub_event_base* base) +{ + struct tap_socket_list* entry; + for(entry = list; entry; entry = entry->next) { + if(!tap_socket_setup(entry->s, base)) { + log_err("could not setup socket"); + return 0; + } + } + return 1; +} + +#ifdef USE_DNSTAP +/** log control frame contents */ +static void log_control_frame(uint8_t* pkt, size_t len) +{ + char* desc; + if(verbosity == 0) return; + desc = fstrm_describe_control(pkt, len); + if(!desc) { + log_err("out of memory"); + return; + } + log_info("control frame %s", desc); + free(desc); +} + +/** convert mtype to string */ +static const char* mtype_to_str(enum _Dnstap__Message__Type mtype) +{ + switch(mtype) { + case DNSTAP__MESSAGE__TYPE__AUTH_QUERY: + return "AUTH_QUERY"; + case DNSTAP__MESSAGE__TYPE__AUTH_RESPONSE: + return "AUTH_RESPONSE"; + case DNSTAP__MESSAGE__TYPE__RESOLVER_QUERY: + return "RESOLVER_QUERY"; + case DNSTAP__MESSAGE__TYPE__RESOLVER_RESPONSE: + return "RESOLVER_RESPONSE"; + case DNSTAP__MESSAGE__TYPE__CLIENT_QUERY: + return "CLIENT_QUERY"; + case DNSTAP__MESSAGE__TYPE__CLIENT_RESPONSE: + return "CLIENT_RESPONSE"; + case DNSTAP__MESSAGE__TYPE__FORWARDER_QUERY: + return "FORWARDER_QUERY"; + case DNSTAP__MESSAGE__TYPE__FORWARDER_RESPONSE: + return "FORWARDER_RESPONSE"; + case DNSTAP__MESSAGE__TYPE__STUB_QUERY: + return "STUB_QUERY"; + case DNSTAP__MESSAGE__TYPE__STUB_RESPONSE: + return "STUB_RESPONSE"; + default: break; + } + return "unknown_message_type"; +} + +/** convert type address to a string ip4 or ip6, malloced or NULL on fail */ +static char* str_of_addr(ProtobufCBinaryData address) +{ + char buf[64]; + socklen_t len = sizeof(buf); + if(address.len == 4) { + if(inet_ntop(AF_INET, address.data, buf, len)!=0) + return strdup(buf); + } else if(address.len == 16) { + if(inet_ntop(AF_INET6, address.data, buf, len)!=0) + return strdup(buf); + } + return NULL; +} + +/** convert message buffer (of dns bytes) to the first qname, type, class, + * malloced or NULL on fail */ +static char* q_of_msg(ProtobufCBinaryData message) +{ + char buf[300]; + /* header, name, type, class minimum to get the query tuple */ + if(message.len < 12 + 1 + 4 + 4) return NULL; + if(sldns_wire2str_rrquestion_buf(message.data+12, message.len-12, + buf, sizeof(buf)) != 0) { + /* remove trailing newline, tabs to spaces */ + /* remove the newline: */ + if(buf[0] != 0) buf[strlen(buf)-1]=0; + /* remove first tab (before type) */ + if(strrchr(buf, '\t')) *strrchr(buf, '\t')=' '; + /* remove second tab (before class) */ + if(strrchr(buf, '\t')) *strrchr(buf, '\t')=' '; + return strdup(buf); + } + return NULL; +} + +/** convert possible string or hex data to string. malloced or NULL */ +static char* possible_str(ProtobufCBinaryData str) +{ + int is_str = 1; + size_t i; + for(i=0; i<str.len; i++) { + if(!isprint((unsigned char)str.data[i])) + is_str = 0; + } + if(is_str) { + char* res = malloc(str.len+1); + if(res) { + memmove(res, str.data, str.len); + res[str.len] = 0; + return res; + } + } else { + const char* hex = "0123456789ABCDEF"; + char* res = malloc(str.len*2+1); + if(res) { + for(i=0; i<str.len; i++) { + res[i*2] = hex[(str.data[i]&0xf0)>>4]; + res[i*2+1] = hex[str.data[i]&0x0f]; + } + res[str.len*2] = 0; + return res; + } + } + return NULL; +} + +/** convert timeval to string, malloced or NULL */ +static char* tv_to_str(protobuf_c_boolean has_time_sec, uint64_t time_sec, + protobuf_c_boolean has_time_nsec, uint32_t time_nsec) +{ + char buf[64], buf2[256]; + struct timeval tv; + time_t time_t_sec; + memset(&tv, 0, sizeof(tv)); + if(has_time_sec) tv.tv_sec = time_sec; + if(has_time_nsec) tv.tv_usec = time_nsec; + + buf[0]=0; + time_t_sec = tv.tv_sec; + (void)ctime_r(&time_t_sec, buf); + snprintf(buf2, sizeof(buf2), "%u.%9.9u %s", + (unsigned)time_sec, (unsigned)time_nsec, buf); + return strdup(buf2); +} + +/** log data frame contents */ +static void log_data_frame(uint8_t* pkt, size_t len) +{ + Dnstap__Dnstap* d = dnstap__dnstap__unpack(NULL, len, pkt); + const char* mtype = NULL; + char* maddr=NULL, *qinf=NULL; + if(!d) { + log_err("could not unpack"); + return; + } + if(d->base.descriptor != &dnstap__dnstap__descriptor) { + log_err("wrong base descriptor"); + dnstap__dnstap__free_unpacked(d, NULL); + return; + } + if(d->type != DNSTAP__DNSTAP__TYPE__MESSAGE) { + log_err("dnstap type not type_message"); + dnstap__dnstap__free_unpacked(d, NULL); + return; + } + if(d->message) { + mtype = mtype_to_str(d->message->type); + if(d->message->has_query_address) + maddr = str_of_addr(d->message->query_address); + else if(d->message->has_response_address) + maddr = str_of_addr(d->message->response_address); + if(d->message->has_query_message) + qinf = q_of_msg(d->message->query_message); + else if(d->message->has_response_message) + qinf = q_of_msg(d->message->response_message); + + } else { + mtype = "nomessage"; + } + + printf("%s%s%s%s%s\n", mtype, (maddr?" ":""), (maddr?maddr:""), + (qinf?" ":""), (qinf?qinf:"")); + free(maddr); + free(qinf); + + if(longformat) { + char* id=NULL, *vs=NULL; + if(d->has_identity) { + id=possible_str(d->identity); + } + if(d->has_version) { + vs=possible_str(d->version); + } + if(id || vs) + printf("identity: %s%s%s\n", (id?id:""), + (id&&vs?" ":""), (vs?vs:"")); + free(id); + free(vs); + + if(d->message && d->message->has_query_message && + d->message->query_message.data) { + char* qmsg = sldns_wire2str_pkt( + d->message->query_message.data, + d->message->query_message.len); + if(qmsg) { + printf("query_message:\n%s", qmsg); + free(qmsg); + } + } + if(d->message && d->message->has_query_time_sec) { + char* qtv = tv_to_str(d->message->has_query_time_sec, + d->message->query_time_sec, + d->message->has_query_time_nsec, + d->message->query_time_nsec); + if(qtv) { + printf("query_time: %s\n", qtv); + free(qtv); + } + } + if(d->message && d->message->has_response_message && + d->message->response_message.data) { + char* rmsg = sldns_wire2str_pkt( + d->message->response_message.data, + d->message->response_message.len); + if(rmsg) { + printf("response_message:\n%s", rmsg); + free(rmsg); + } + } + if(d->message && d->message->has_response_time_sec) { + char* rtv = tv_to_str(d->message->has_response_time_sec, + d->message->response_time_sec, + d->message->has_response_time_nsec, + d->message->response_time_nsec); + if(rtv) { + printf("response_time: %s\n", rtv); + free(rtv); + } + } + } + fflush(stdout); + dnstap__dnstap__free_unpacked(d, NULL); +} +#endif /* USE_DNSTAP */ + +/** receive bytes from fd, prints errors if bad, + * returns 0: closed/error, -1: continue, >0 number of bytes */ +static ssize_t receive_bytes(struct tap_data* data, int fd, void* buf, + size_t len) +{ + ssize_t ret = recv(fd, buf, len, 0); + if(ret == 0) { + /* closed */ + if(verbosity) log_info("dnstap client stream closed from %s", + (data->id?data->id:"")); + return 0; + } else if(ret == -1) { + /* error */ +#ifndef USE_WINSOCK + if(errno == EINTR || errno == EAGAIN) + return -1; + log_err("could not recv: %s", strerror(errno)); +#else /* USE_WINSOCK */ + if(WSAGetLastError() == WSAEINPROGRESS) + return -1; + if(WSAGetLastError() == WSAEWOULDBLOCK) { + ub_winsock_tcp_wouldblock(data->ev, UB_EV_READ); + return -1; + } + log_err("could not recv: %s", + wsa_strerror(WSAGetLastError())); +#endif + if(verbosity) log_info("dnstap client stream closed from %s", + (data->id?data->id:"")); + return 0; + } + return ret; +} + +/* define routine for have_ssl only to avoid unused function warning */ +#ifdef HAVE_SSL +/** set to wait briefly for a write event, for one event call */ +static void tap_enable_brief_write(struct tap_data* data) +{ + ub_event_del(data->ev); + ub_event_del_bits(data->ev, UB_EV_READ); + ub_event_add_bits(data->ev, UB_EV_WRITE); + if(ub_event_add(data->ev, NULL) != 0) + log_err("could not ub_event_add in tap_enable_brief_write"); + data->ssl_brief_write = 1; +} +#endif /* HAVE_SSL */ + +/* define routine for have_ssl only to avoid unused function warning */ +#ifdef HAVE_SSL +/** stop the brief wait for a write event. back to reading. */ +static void tap_disable_brief_write(struct tap_data* data) +{ + ub_event_del(data->ev); + ub_event_del_bits(data->ev, UB_EV_WRITE); + ub_event_add_bits(data->ev, UB_EV_READ); + if(ub_event_add(data->ev, NULL) != 0) + log_err("could not ub_event_add in tap_disable_brief_write"); + data->ssl_brief_write = 0; +} +#endif /* HAVE_SSL */ + +#ifdef HAVE_SSL +/** receive bytes over ssl stream, prints errors if bad, + * returns 0: closed/error, -1: continue, >0 number of bytes */ +static ssize_t ssl_read_bytes(struct tap_data* data, void* buf, size_t len) +{ + int r; + ERR_clear_error(); + r = SSL_read(data->ssl, buf, len); + if(r <= 0) { + int want = SSL_get_error(data->ssl, r); + if(want == SSL_ERROR_ZERO_RETURN) { + /* closed */ + if(verbosity) log_info("dnstap client stream closed from %s", + (data->id?data->id:"")); + return 0; + } else if(want == SSL_ERROR_WANT_READ) { + /* continue later */ + return -1; + } else if(want == SSL_ERROR_WANT_WRITE) { + /* set to briefly write */ + tap_enable_brief_write(data); + return -1; + } else if(want == SSL_ERROR_SYSCALL) { +#ifdef ECONNRESET + if(errno == ECONNRESET && verbosity < 2) + return 0; /* silence reset by peer */ +#endif + if(errno != 0) + log_err("SSL_read syscall: %s", + strerror(errno)); + if(verbosity) log_info("dnstap client stream closed from %s", + (data->id?data->id:"")); + return 0; + } + log_crypto_err("could not SSL_read"); + if(verbosity) log_info("dnstap client stream closed from %s", + (data->id?data->id:"")); + return 0; + } + return r; +} +#endif /* HAVE_SSL */ + +/** receive bytes on the tap connection, prints errors if bad, + * returns 0: closed/error, -1: continue, >0 number of bytes */ +static ssize_t tap_receive(struct tap_data* data, void* buf, size_t len) +{ +#ifdef HAVE_SSL + if(data->ssl) + return ssl_read_bytes(data, buf, len); +#endif + return receive_bytes(data, data->fd, buf, len); +} + +/** delete the tap structure */ +void tap_data_free(struct tap_data* data) +{ + ub_event_del(data->ev); + ub_event_free(data->ev); +#ifdef HAVE_SSL + SSL_free(data->ssl); +#endif + close(data->fd); + free(data->id); + free(data->frame); + free(data); +} + +/** reply with ACCEPT control frame to bidirectional client, + * returns 0 on error */ +static int reply_with_accept(struct tap_data* data) +{ +#ifdef USE_DNSTAP + /* len includes the escape and framelength */ + int r; + size_t len = 0; + void* acceptframe = fstrm_create_control_frame_accept( + DNSTAP_CONTENT_TYPE, &len); + if(!acceptframe) { + log_err("out of memory"); + return 0; + } + + fd_set_block(data->fd); + if(data->ssl) { + if((r=SSL_write(data->ssl, acceptframe, len)) <= 0) { + if(SSL_get_error(data->ssl, r) == SSL_ERROR_ZERO_RETURN) + log_err("SSL_write, peer closed connection"); + else + log_err("could not SSL_write"); + fd_set_nonblock(data->fd); + free(acceptframe); + return 0; + } + } else { + if(send(data->fd, acceptframe, len, 0) == -1) { +#ifndef USE_WINSOCK + log_err("send failed: %s", strerror(errno)); +#else + log_err("send failed: %s", + wsa_strerror(WSAGetLastError())); +#endif + fd_set_nonblock(data->fd); + free(acceptframe); + return 0; + } + } + if(verbosity) log_info("sent control frame(accept) content-type:(%s)", + DNSTAP_CONTENT_TYPE); + + fd_set_nonblock(data->fd); + free(acceptframe); + return 1; +#else + log_err("no dnstap compiled, no reply"); + (void)data; + return 0; +#endif +} + +/** reply with FINISH control frame to bidirectional client, + * returns 0 on error */ +static int reply_with_finish(int fd) +{ +#ifdef USE_DNSTAP + size_t len = 0; + void* finishframe = fstrm_create_control_frame_finish(&len); + if(!finishframe) { + log_err("out of memory"); + return 0; + } + + fd_set_block(fd); + if(send(fd, finishframe, len, 0) == -1) { +#ifndef USE_WINSOCK + log_err("send failed: %s", strerror(errno)); +#else + log_err("send failed: %s", wsa_strerror(WSAGetLastError())); +#endif + fd_set_nonblock(fd); + free(finishframe); + return 0; + } + if(verbosity) log_info("sent control frame(finish)"); + + fd_set_nonblock(fd); + free(finishframe); + return 1; +#else + log_err("no dnstap compiled, no reply"); + (void)fd; + return 0; +#endif +} + +#ifdef HAVE_SSL +/** check SSL peer certificate, return 0 on fail */ +static int tap_check_peer(struct tap_data* data) +{ + if((SSL_get_verify_mode(data->ssl)&SSL_VERIFY_PEER)) { + /* verification */ + if(SSL_get_verify_result(data->ssl) == X509_V_OK) { + X509* x = SSL_get_peer_certificate(data->ssl); + if(!x) { + if(verbosity) log_info("SSL connection %s" + " failed no certificate", data->id); + return 0; + } + if(verbosity) + log_cert(VERB_ALGO, "peer certificate", x); +#ifdef HAVE_SSL_GET0_PEERNAME + if(SSL_get0_peername(data->ssl)) { + if(verbosity) log_info("SSL connection %s " + "to %s authenticated", data->id, + SSL_get0_peername(data->ssl)); + } else { +#endif + if(verbosity) log_info("SSL connection %s " + "authenticated", data->id); +#ifdef HAVE_SSL_GET0_PEERNAME + } +#endif + X509_free(x); + } else { + X509* x = SSL_get_peer_certificate(data->ssl); + if(x) { + if(verbosity) + log_cert(VERB_ALGO, "peer certificate", x); + X509_free(x); + } + if(verbosity) log_info("SSL connection %s failed: " + "failed to authenticate", data->id); + return 0; + } + } else { + /* unauthenticated, the verify peer flag was not set + * in ssl when the ssl object was created from ssl_ctx */ + if(verbosity) log_info("SSL connection %s", data->id); + } + return 1; +} +#endif /* HAVE_SSL */ + +#ifdef HAVE_SSL +/** perform SSL handshake, return 0 to wait for events, 1 if done */ +static int tap_handshake(struct tap_data* data) +{ + int r; + if(data->ssl_brief_write) { + /* write condition has been satisfied, back to reading */ + tap_disable_brief_write(data); + } + if(data->ssl_handshake_done) + return 1; + + ERR_clear_error(); + r = SSL_do_handshake(data->ssl); + if(r != 1) { + int want = SSL_get_error(data->ssl, r); + if(want == SSL_ERROR_WANT_READ) { + return 0; + } else if(want == SSL_ERROR_WANT_WRITE) { + tap_enable_brief_write(data); + return 0; + } else if(r == 0) { + /* closed */ + tap_data_free(data); + return 0; + } else if(want == SSL_ERROR_SYSCALL) { + /* SYSCALL and errno==0 means closed uncleanly */ + int silent = 0; +#ifdef EPIPE + if(errno == EPIPE && verbosity < 2) + silent = 1; /* silence 'broken pipe' */ +#endif +#ifdef ECONNRESET + if(errno == ECONNRESET && verbosity < 2) + silent = 1; /* silence reset by peer */ +#endif + if(errno == 0) + silent = 1; + if(!silent) + log_err("SSL_handshake syscall: %s", + strerror(errno)); + tap_data_free(data); + return 0; + } else { + unsigned long err = ERR_get_error(); + if(!squelch_err_ssl_handshake(err)) { + log_crypto_err_code("ssl handshake failed", + err); + verbose(VERB_OPS, "ssl handshake failed " + "from %s", data->id); + } + tap_data_free(data); + return 0; + } + } + /* check peer verification */ + data->ssl_handshake_done = 1; + if(!tap_check_peer(data)) { + /* closed */ + tap_data_free(data); + return 0; + } + return 1; +} +#endif /* HAVE_SSL */ + +/** callback for dnstap listener */ +void dtio_tap_callback(int fd, short ATTR_UNUSED(bits), void* arg) +{ + struct tap_data* data = (struct tap_data*)arg; + if(verbosity>=3) log_info("tap callback"); +#ifdef HAVE_SSL + if(data->ssl && (!data->ssl_handshake_done || + data->ssl_brief_write)) { + if(!tap_handshake(data)) + return; + } +#endif + while(data->len_done < 4) { + uint32_t l = (uint32_t)data->len; + ssize_t ret = tap_receive(data, + ((uint8_t*)&l)+data->len_done, 4-data->len_done); + if(verbosity>=4) log_info("s recv %d", (int)ret); + if(ret == 0) { + /* closed or error */ + tap_data_free(data); + return; + } else if(ret == -1) { + /* continue later */ + return; + } + data->len_done += ret; + data->len = (size_t)l; + if(data->len_done < 4) + return; /* continue later */ + data->len = (size_t)(ntohl(l)); + if(verbosity>=3) log_info("length is %d", (int)data->len); + if(data->len == 0) { + /* it is a control frame */ + data->control_frame = 1; + /* read controlframelen */ + data->len_done = 0; + } else { + /* allocate frame size */ + data->frame = calloc(1, data->len); + if(!data->frame) { + log_err("out of memory"); + tap_data_free(data); + return; + } + } + } + + /* we want to read the full length now */ + if(data->data_done < data->len) { + ssize_t r = tap_receive(data, data->frame + data->data_done, + data->len - data->data_done); + if(verbosity>=4) log_info("f recv %d", (int)r); + if(r == 0) { + /* closed or error */ + tap_data_free(data); + return; + } else if(r == -1) { + /* continue later */ + return; + } + data->data_done += r; + if(data->data_done < data->len) + return; /* continue later */ + } + + /* we are done with a frame */ + if(verbosity>=3) log_info("received %sframe len %d", + (data->control_frame?"control ":""), (int)data->len); +#ifdef USE_DNSTAP + if(data->control_frame) + log_control_frame(data->frame, data->len); + else log_data_frame(data->frame, data->len); +#endif + + if(data->len >= 4 && sldns_read_uint32(data->frame) == + FSTRM_CONTROL_FRAME_READY) { + data->is_bidirectional = 1; + if(verbosity) log_info("bidirectional stream"); + if(!reply_with_accept(data)) { + tap_data_free(data); + } + } else if(data->len >= 4 && sldns_read_uint32(data->frame) == + FSTRM_CONTROL_FRAME_STOP && data->is_bidirectional) { + if(!reply_with_finish(fd)) { + tap_data_free(data); + return; + } + } + + /* prepare for next frame */ + free(data->frame); + data->frame = NULL; + data->control_frame = 0; + data->len = 0; + data->len_done = 0; + data->data_done = 0; + +} + +/** callback for main listening file descriptor */ +void dtio_mainfdcallback(int fd, short ATTR_UNUSED(bits), void* arg) +{ + struct tap_socket* tap_sock = (struct tap_socket*)arg; + struct main_tap_data* maindata = (struct main_tap_data*) + tap_sock->data; + struct tap_data* data; + char* id = NULL; + struct sockaddr_storage addr; + socklen_t addrlen = (socklen_t)sizeof(addr); + int s = accept(fd, (struct sockaddr*)&addr, &addrlen); + if(s == -1) { +#ifndef USE_WINSOCK + /* EINTR is signal interrupt. others are closed connection. */ + if( errno == EINTR || errno == EAGAIN +#ifdef EWOULDBLOCK + || errno == EWOULDBLOCK +#endif +#ifdef ECONNABORTED + || errno == ECONNABORTED +#endif +#ifdef EPROTO + || errno == EPROTO +#endif /* EPROTO */ + ) + return; + log_err_addr("accept failed", strerror(errno), &addr, addrlen); +#else /* USE_WINSOCK */ + if(WSAGetLastError() == WSAEINPROGRESS || + WSAGetLastError() == WSAECONNRESET) + return; + if(WSAGetLastError() == WSAEWOULDBLOCK) { + ub_winsock_tcp_wouldblock(maindata->ev, UB_EV_READ); + return; + } + log_err_addr("accept failed", wsa_strerror(WSAGetLastError()), + &addr, addrlen); +#endif + return; + } + fd_set_nonblock(s); + if(verbosity) { + if(addr.ss_family == AF_LOCAL) { +#ifdef HAVE_SYS_UN_H + struct sockaddr_un* usock = calloc(1, sizeof(struct sockaddr_un) + 1); + if(usock) { + socklen_t ulen = sizeof(struct sockaddr_un); + if(getsockname(fd, (struct sockaddr*)usock, &ulen) != -1) { + log_info("accepted new dnstap client from %s", usock->sun_path); + id = strdup(usock->sun_path); + } else { + log_info("accepted new dnstap client"); + } + free(usock); + } else { + log_info("accepted new dnstap client"); + } +#endif /* HAVE_SYS_UN_H */ + } else if(addr.ss_family == AF_INET || + addr.ss_family == AF_INET6) { + char ip[256]; + addr_to_str(&addr, addrlen, ip, sizeof(ip)); + log_info("accepted new dnstap client from %s", ip); + id = strdup(ip); + } else { + log_info("accepted new dnstap client"); + } + } + + data = calloc(1, sizeof(*data)); + if(!data) fatal_exit("out of memory"); + data->fd = s; + data->id = id; + if(tap_sock->sslctx) { + data->ssl = incoming_ssl_fd(tap_sock->sslctx, data->fd); + if(!data->ssl) fatal_exit("could not SSL_new"); + } + data->ev = ub_event_new(maindata->base, s, UB_EV_READ | UB_EV_PERSIST, + &dtio_tap_callback, data); + if(!data->ev) fatal_exit("could not ub_event_new"); + if(ub_event_add(data->ev, NULL) != 0) fatal_exit("could not ub_event_add"); +} + +/** setup local accept sockets */ +static void setup_local_list(struct main_tap_data* maindata, + struct config_strlist_head* local_list) +{ + struct config_strlist* item; + for(item = local_list->first; item; item = item->next) { + struct tap_socket* s; + s = tap_socket_new_local(item->str, &dtio_mainfdcallback, + maindata); + if(!s) fatal_exit("out of memory"); + if(!tap_socket_list_insert(&maindata->acceptlist, s)) + fatal_exit("out of memory"); + } +} + +/** setup tcp accept sockets */ +static void setup_tcp_list(struct main_tap_data* maindata, + struct config_strlist_head* tcp_list) +{ + struct config_strlist* item; + for(item = tcp_list->first; item; item = item->next) { + struct tap_socket* s; + s = tap_socket_new_tcpaccept(item->str, &dtio_mainfdcallback, + maindata); + if(!s) fatal_exit("out of memory"); + if(!tap_socket_list_insert(&maindata->acceptlist, s)) + fatal_exit("out of memory"); + } +} + +/** setup tls accept sockets */ +static void setup_tls_list(struct main_tap_data* maindata, + struct config_strlist_head* tls_list, char* server_key, + char* server_cert, char* verifypem) +{ + struct config_strlist* item; + for(item = tls_list->first; item; item = item->next) { + struct tap_socket* s; + s = tap_socket_new_tlsaccept(item->str, &dtio_mainfdcallback, + maindata, server_key, server_cert, verifypem); + if(!s) fatal_exit("out of memory"); + if(!tap_socket_list_insert(&maindata->acceptlist, s)) + fatal_exit("out of memory"); + } +} + +/** signal variable */ +static struct ub_event_base* sig_base = NULL; +/** do we have to quit */ +int sig_quit = 0; +/** signal handler for user quit */ +static RETSIGTYPE main_sigh(int sig) +{ + verbose(VERB_ALGO, "exit on signal %d\n", sig); + if(sig_base) + ub_event_base_loopexit(sig_base); + sig_quit = 1; +} + +/** setup and run the server to listen to DNSTAP messages */ +static void +setup_and_run(struct config_strlist_head* local_list, + struct config_strlist_head* tcp_list, + struct config_strlist_head* tls_list, char* server_key, + char* server_cert, char* verifypem) +{ + time_t secs = 0; + struct timeval now; + struct main_tap_data* maindata; + struct ub_event_base* base; + const char *evnm="event", *evsys="", *evmethod=""; + + maindata = calloc(1, sizeof(*maindata)); + if(!maindata) fatal_exit("out of memory"); + memset(&now, 0, sizeof(now)); + base = ub_default_event_base(1, &secs, &now); + if(!base) fatal_exit("could not create ub_event base"); + maindata->base = base; + sig_base = base; + if(sig_quit) { + ub_event_base_free(base); + free(maindata); + return; + } + ub_get_event_sys(base, &evnm, &evsys, &evmethod); + if(verbosity) log_info("%s %s uses %s method", evnm, evsys, evmethod); + + setup_local_list(maindata, local_list); + setup_tcp_list(maindata, tcp_list); + setup_tls_list(maindata, tls_list, server_key, server_cert, + verifypem); + if(!tap_socket_list_addevs(maindata->acceptlist, base)) + fatal_exit("could not setup accept events"); + if(verbosity) log_info("start of service"); + + ub_event_base_dispatch(base); + + if(verbosity) log_info("end of service"); + sig_base = NULL; + tap_socket_list_delete(maindata->acceptlist); + ub_event_base_free(base); + free(maindata); +} + +/** getopt global, in case header files fail to declare it. */ +extern int optind; +/** getopt global, in case header files fail to declare it. */ +extern char* optarg; + +/** main program for streamtcp */ +int main(int argc, char** argv) +{ + int c; + int usessl = 0; + struct config_strlist_head local_list; + struct config_strlist_head tcp_list; + struct config_strlist_head tls_list; + char* server_key = NULL, *server_cert = NULL, *verifypem = NULL; +#ifdef USE_WINSOCK + WSADATA wsa_data; + if(WSAStartup(MAKEWORD(2,2), &wsa_data) != 0) { + printf("WSAStartup failed\n"); + return 1; + } +#endif + if(signal(SIGINT, main_sigh) == SIG_ERR || +#ifdef SIGQUIT + signal(SIGQUIT, main_sigh) == SIG_ERR || +#endif +#ifdef SIGHUP + signal(SIGHUP, main_sigh) == SIG_ERR || +#endif +#ifdef SIGBREAK + signal(SIGBREAK, main_sigh) == SIG_ERR || +#endif + signal(SIGTERM, main_sigh) == SIG_ERR) + fatal_exit("could not bind to signal"); + memset(&local_list, 0, sizeof(local_list)); + memset(&tcp_list, 0, sizeof(tcp_list)); + memset(&tls_list, 0, sizeof(tls_list)); + + /* lock debug start (if any) */ + log_ident_set("unbound-dnstap-socket"); + log_init(0, 0, 0); + checklock_start(); + +#ifdef SIGPIPE + if(signal(SIGPIPE, SIG_IGN) == SIG_ERR) { + perror("could not install signal handler for SIGPIPE"); + return 1; + } +#endif + + /* command line options */ + while( (c=getopt(argc, argv, "hls:t:u:vx:y:z:")) != -1) { + switch(c) { + case 'u': + if(!cfg_strlist_append(&local_list, + strdup(optarg))) + fatal_exit("out of memory"); + break; + case 's': + if(!cfg_strlist_append(&tcp_list, + strdup(optarg))) + fatal_exit("out of memory"); + break; + case 't': + if(!cfg_strlist_append(&tls_list, + strdup(optarg))) + fatal_exit("out of memory"); + usessl = 1; + break; + case 'x': + server_key = optarg; + usessl = 1; + break; + case 'y': + server_cert = optarg; + usessl = 1; + break; + case 'z': + verifypem = optarg; + usessl = 1; + break; + case 'l': + longformat = 1; + break; + case 'v': + verbosity++; + break; + case 'h': + case '?': + default: + usage(argv); + } + } + argc -= optind; + argv += optind; + + if(usessl) { +#ifdef HAVE_SSL +#if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_SSL) + ERR_load_SSL_strings(); +#endif +#if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_CRYPTO) +# ifndef S_SPLINT_S + OpenSSL_add_all_algorithms(); +# endif +#else + OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS + | OPENSSL_INIT_ADD_ALL_DIGESTS + | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL); +#endif +#if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_SSL) + (void)SSL_library_init(); +#else + (void)OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL); +#endif +#endif /* HAVE_SSL */ + } + setup_and_run(&local_list, &tcp_list, &tls_list, server_key, + server_cert, verifypem); + config_delstrlist(local_list.first); + config_delstrlist(tcp_list.first); + config_delstrlist(tls_list.first); + + checklock_stop(); +#ifdef USE_WINSOCK + WSACleanup(); +#endif + return 0; +} + +/***--- definitions to make fptr_wlist work. ---***/ +/* These are callbacks, similar to smallapp callbacks, except the debug + * tool callbacks are not in it */ +struct tube; +struct query_info; +#include "util/data/packed_rrset.h" + +void worker_handle_control_cmd(struct tube* ATTR_UNUSED(tube), + uint8_t* ATTR_UNUSED(buffer), size_t ATTR_UNUSED(len), + int ATTR_UNUSED(error), void* ATTR_UNUSED(arg)) +{ + log_assert(0); +} + +int worker_handle_request(struct comm_point* ATTR_UNUSED(c), + void* ATTR_UNUSED(arg), int ATTR_UNUSED(error), + struct comm_reply* ATTR_UNUSED(repinfo)) +{ + log_assert(0); + return 0; +} + +int worker_handle_reply(struct comm_point* ATTR_UNUSED(c), + void* ATTR_UNUSED(arg), int ATTR_UNUSED(error), + struct comm_reply* ATTR_UNUSED(reply_info)) +{ + log_assert(0); + return 0; +} + +int worker_handle_service_reply(struct comm_point* ATTR_UNUSED(c), + void* ATTR_UNUSED(arg), int ATTR_UNUSED(error), + struct comm_reply* ATTR_UNUSED(reply_info)) +{ + log_assert(0); + return 0; +} + +int remote_accept_callback(struct comm_point* ATTR_UNUSED(c), + void* ATTR_UNUSED(arg), int ATTR_UNUSED(error), + struct comm_reply* ATTR_UNUSED(repinfo)) +{ + log_assert(0); + return 0; +} + +int remote_control_callback(struct comm_point* ATTR_UNUSED(c), + void* ATTR_UNUSED(arg), int ATTR_UNUSED(error), + struct comm_reply* ATTR_UNUSED(repinfo)) +{ + log_assert(0); + return 0; +} + +void worker_sighandler(int ATTR_UNUSED(sig), void* ATTR_UNUSED(arg)) +{ + log_assert(0); +} + +struct outbound_entry* worker_send_query( + struct query_info* ATTR_UNUSED(qinfo), uint16_t ATTR_UNUSED(flags), + int ATTR_UNUSED(dnssec), int ATTR_UNUSED(want_dnssec), + int ATTR_UNUSED(nocaps), struct sockaddr_storage* ATTR_UNUSED(addr), + socklen_t ATTR_UNUSED(addrlen), uint8_t* ATTR_UNUSED(zone), + size_t ATTR_UNUSED(zonelen), int ATTR_UNUSED(ssl_upstream), + char* ATTR_UNUSED(tls_auth_name), struct module_qstate* ATTR_UNUSED(q)) +{ + log_assert(0); + return 0; +} + +#ifdef UB_ON_WINDOWS +void +worker_win_stop_cb(int ATTR_UNUSED(fd), short ATTR_UNUSED(ev), void* + ATTR_UNUSED(arg)) { + log_assert(0); +} + +void +wsvc_cron_cb(void* ATTR_UNUSED(arg)) +{ + log_assert(0); +} +#endif /* UB_ON_WINDOWS */ + +void +worker_alloc_cleanup(void* ATTR_UNUSED(arg)) +{ + log_assert(0); +} + +struct outbound_entry* libworker_send_query( + struct query_info* ATTR_UNUSED(qinfo), uint16_t ATTR_UNUSED(flags), + int ATTR_UNUSED(dnssec), int ATTR_UNUSED(want_dnssec), + int ATTR_UNUSED(nocaps), struct sockaddr_storage* ATTR_UNUSED(addr), + socklen_t ATTR_UNUSED(addrlen), uint8_t* ATTR_UNUSED(zone), + size_t ATTR_UNUSED(zonelen), int ATTR_UNUSED(ssl_upstream), + char* ATTR_UNUSED(tls_auth_name), struct module_qstate* ATTR_UNUSED(q)) +{ + log_assert(0); + return 0; +} + +int libworker_handle_reply(struct comm_point* ATTR_UNUSED(c), + void* ATTR_UNUSED(arg), int ATTR_UNUSED(error), + struct comm_reply* ATTR_UNUSED(reply_info)) +{ + log_assert(0); + return 0; +} + +int libworker_handle_service_reply(struct comm_point* ATTR_UNUSED(c), + void* ATTR_UNUSED(arg), int ATTR_UNUSED(error), + struct comm_reply* ATTR_UNUSED(reply_info)) +{ + log_assert(0); + return 0; +} + +void libworker_handle_control_cmd(struct tube* ATTR_UNUSED(tube), + uint8_t* ATTR_UNUSED(buffer), size_t ATTR_UNUSED(len), + int ATTR_UNUSED(error), void* ATTR_UNUSED(arg)) +{ + log_assert(0); +} + +void libworker_fg_done_cb(void* ATTR_UNUSED(arg), int ATTR_UNUSED(rcode), + struct sldns_buffer* ATTR_UNUSED(buf), enum sec_status ATTR_UNUSED(s), + char* ATTR_UNUSED(why_bogus), int ATTR_UNUSED(was_ratelimited)) +{ + log_assert(0); +} + +void libworker_bg_done_cb(void* ATTR_UNUSED(arg), int ATTR_UNUSED(rcode), + struct sldns_buffer* ATTR_UNUSED(buf), enum sec_status ATTR_UNUSED(s), + char* ATTR_UNUSED(why_bogus), int ATTR_UNUSED(was_ratelimited)) +{ + log_assert(0); +} + +void libworker_event_done_cb(void* ATTR_UNUSED(arg), int ATTR_UNUSED(rcode), + struct sldns_buffer* ATTR_UNUSED(buf), enum sec_status ATTR_UNUSED(s), + char* ATTR_UNUSED(why_bogus), int ATTR_UNUSED(was_ratelimited)) +{ + log_assert(0); +} + +int context_query_cmp(const void* ATTR_UNUSED(a), const void* ATTR_UNUSED(b)) +{ + log_assert(0); + return 0; +} + +void worker_stat_timer_cb(void* ATTR_UNUSED(arg)) +{ + log_assert(0); +} + +void worker_probe_timer_cb(void* ATTR_UNUSED(arg)) +{ + log_assert(0); +} + +void worker_start_accept(void* ATTR_UNUSED(arg)) +{ + log_assert(0); +} + +void worker_stop_accept(void* ATTR_UNUSED(arg)) +{ + log_assert(0); +} + +/** keep track of lock id in lock-verify application */ +struct order_id { + /** the thread id that created it */ + int thr; + /** the instance number of creation */ + int instance; +}; + +int order_lock_cmp(const void* e1, const void* e2) +{ + const struct order_id* o1 = e1; + const struct order_id* o2 = e2; + if(o1->thr < o2->thr) return -1; + if(o1->thr > o2->thr) return 1; + if(o1->instance < o2->instance) return -1; + if(o1->instance > o2->instance) return 1; + return 0; +} + +int +codeline_cmp(const void* a, const void* b) +{ + return strcmp(a, b); +} + +int replay_var_compare(const void* ATTR_UNUSED(a), const void* ATTR_UNUSED(b)) +{ + log_assert(0); + return 0; +} + +void remote_get_opt_ssl(char* ATTR_UNUSED(str), void* ATTR_UNUSED(arg)) +{ + log_assert(0); +} diff --git a/doc/Changelog b/doc/Changelog index 725b82ac64b4..3339e77b30c6 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,6 +1,330 @@ +20 July 2020: Wouter + - Fix streamtcp to print packet data to stdout. This makes the + stdout and stderr not mix together lines, when parsing its output. + - Fix contrib/fastrpz.patch to apply cleanly. It fixes for changes + due to added libdynmod, but it does not compile, it conflicts with + new rpz code. + - branch now named 1.11.0 and 1.11.0rc1 tag. + +17 July 2020: Wouter + - Fix libnettle compile for session ticket key callback function + changes. + - Fix lock dependency cycle in rpz zone config setup. + +17 July 2020: Ralph + - Merge PR #234 - Ensure proper alignment of cmsg buffers by Jérémie + Courrèges-Anglas. + - Fix PR #234 log_assert sizeof to use union buffer. + +16 July 2020: Wouter + - Fix check conf test for referencing installation paths. + - Fix unused variable warning for clang analyzer. + +16 July 2020: George + - Introduce 'include-toplevel:' configuration option. + +16 July 2020: Ralph + - Add bidirectional frame streams support. + +8 July 2020: Wouter + - Fix add missing DSA header, for compilation without deprecated + OpenSSL APIs. + - Fix to use SSL_CTX_set_tlsext_ticket_key_evp_cb in OpenSSL + 3.0.0-alpha4. + - Longer keys for the test set, this avoids weak crypto errors. + +7 July 2020: Wouter + - Fix #259: Fix unbound-checkconf does not check view existence. + unbound-checkconf checks access-control-view, access-control-tags, + access-control-tag-actions and access-control-tag-datas. + - Fix offset of error printout for access-control-tag-datas. + - Review fixes for checkconf #259 change. + +6 July 2020: Wouter + - run_vm cleanup better and removes trailing slash on single argument. + +29 June 2020: Wouter + - Move reply list clean for serve expired mesh callback to after + the reply is sent, so that script callbacks have reply_info. + - Also move reply list clean for mesh callbacks to the scrip callback + can see the reply_info. + - Fix for mesh accounting if the reply list already empty to begin + with. + - Fix for mesh accounting when rpz decides to drop a reply with a + tcp stream waiting for it. + - Review fix for number of detached states due to use of variable + after end of loop. + - Fix tcp req info drop due to size call into mesh accounting + removal of mesh state during mesh send reply. + +24 June 2020: Wouter + - iana portlist updated. + - doxygen file comments for dynlibmodule. + +17 June 2020: Wouter + - Fix default explanation in man page for qname-minimisation-strict. + - Fix display of event loop method with libev. + +8 June 2020: Wouter + - Mention tls name possible when tls is enabled for stub-addr in the + man page. + +27 May 2020: George + - Merge PR #241 by Robert Edmonds: contrib/libunbound.pc.in: Do not use + "Requires:". + +25 May 2020: George + - Update contrib/aaaa-filter-iterator.patch for the recent + generate_sub_request() change and to apply cleanly. + +21 May 2020: George + - Fix for integer overflow when printing RDF_TYPE_TIME. + +19 May 2020: Wouter + - CVE-2020-12662 Unbound can be tricked into amplifying an incoming + query into a large number of queries directed to a target. + - CVE-2020-12663 Malformed answers from upstream name servers can be + used to make Unbound unresponsive. + - Release 1.10.1 is 1.10.0 with fixes, code repository continues, + including those fixes, towards the next release. Configure has + version 1.10.2 version number in it. + - For PR #93: windows compile warnings removal + - windows compile warnings removal for ip dscp option code. + - For PR #93: unit test for dynlib module. + +18 May 2020: Wouter + - For PR #93: dynlibmod can handle reloads and deinit and inits again, + with dlclose and dlopen of the library again. Also for multiple + modules. Fix memory leak by not closing dlopened content. Fix + to allow one dynlibmod instance by unbound-checkconf. + - For PR #93: checkconf allows multiple dynlib in module-config, for + a couple cases. + - For PR #93: checkconf allows python dynlib in module-config, for + a couple cases. + - For PR #93: man page spelling reference fix. + - For PR #93: fix link of other executables for dynlibmod dependency. + +15 May 2020: Wouter + - Merge PR #93: Add dynamic library support. + - Fixed conflicts for PR #93 and make configure, yacc, lex. + - For PR #93: Fix warnings for dynlibmodule. + +15 May 2020: Ralph + - Cache ECS answers with longest scope of CNAME chain. + +22 April 2020: George + - Explicitly use 'rrset-roundrobin: no' for test cases. + +21 April 2020: Wouter + - Merge #225 from akhait: KSK-2010 has been revoked. It removes the + KSK-2010 from the default list in unbound-anchor, now that the + revocation period is over. KSK-2017 is the only trust anchor in + the shipped default now. + +21 April 2020: George + - Change default value for 'rrset-roundrobin' to yes. + - Fix tests for new rrset-roundrobin default. + +20 April 2020: Wouter + - Fix #222: --enable-rpath, fails to rpath python lib. + - Fix for count of reply states in the mesh. + - Remove unneeded was_mesh_reply check. + +17 April 2020: George + - Add SNI support on more TLS connections (fixes #193). + - Add SNI support to unbound-anchor. + +16 April 2020: George + - Add doxygen documentation for DSCP. + +16 April 2020: Wouter + - Fix help return code in unbound-control-setup script. + - Fix for posix shell syntax for trap in nsd-control-setup. + - Fix for posix shell syntax for trap in run_msg.sh test script. + +15 April 2020: George + - Fix #220: auth-zone section in config may lead to segfault. + +7 April 2020: Wouter + - Merge PR #214 from gearnode: unbound-control-setup recreate + certificates. With the -r option the certificates are created + again, without it, only the files that do not exist are created. + +6 April 2020: Ralph + - Keep track of number of timeouts. Use this counter to determine if + capsforid fallback should be started. + +6 April 2020: George + - More documentation for redis-expire-records option. + +1 April 2020: George + - Merge PR #206: Redis TTL, by Talkabout. + +30 March 2020: Wouter + - Merge PR #207: Clarify if-automatic listens on 0.0.0.0 and :: + - Merge PR #208: Fix uncached CLIENT_RESPONSE'es on stateful + transports. + +27 March 2020: Wouter + - Merge PR #203 from noloader: Update README-Travis.md with current + procedures. + +27 March 2020: Ralph + - Make unbound-control error returned on missing domain name more user + friendly. + +26 March 2020: Ralph + - Fix RPZ concurrency issue when using auth_zone_reload. + +25 March 2020: George + - Merge PR #201 from noloader: Fix OpenSSL cross-compaile warnings. + - Fix on #201. + +24 March 2020: Wouter + - Merge PR #200 from yarikk: add ip-dscp option to specify the DSCP + tag for outgoing packets. + - Fixes on #200. + - Travis fix for ios by omitting tools from install. + +23 March 2020: Wouter + - Fix compile on Solaris for unbound-checkconf. + +20 March 2020: George + - Merge PR #198 from fobser: Declare lz_enter_rr_into_zone() static, it's + only used in this file. + +20 March 2020: Wouter + - Merge PR #197 from fobser: Make log_ident_revert_to_default() a + proper prototype. + +19 March 2020: Ralph + - Merge PR#191: Update iOS testing on Travis, by Jeffrey Walton. + - Fix #158: open tls-session-ticket-keys as binary, for Windows. By + Daisuke HIGASHI. + - Merge PR#134, Allow the kernel to provide random source ports. By + Florian Obser. + - Log warning when using outgoing-port-permit and outgoing-port-avoid + while explicit port randomisation is disabled. + - Merge PR#194: Add libevent testing to Travis, by Jeffrey Walton. + - Fix .travis.yml error, missing 'env' option. + +16 March 2020: Wouter + - Fix #192: In the unbound-checkconf tool, the module config of + dns64 subnetcache respip validator iterator is whitelisted, it was + reported it seems to work. + +12 March 2020: Wouter + - Fix compile of test tools without protobuf. + +11 March 2020: Ralph + - Add check to make sure RPZ records are subdomains of configured + zone origin. + +11 March 2020: George + - Fix #189: mini_event.h:142:17: error: field 'ev_timeout' has incomplete + type, by noloader. + - Changelog entry for (Fix #189, Merge PR #190). + +11 March 2020: Wouter + - Fix #188: unbound-control.c:882:6: error: 'execlp' is + unavailable: not available on tvOS. + +6 March 2020: George + - Merge PR #186, fix #183: Fix unrecognized 'echo -n' option on OS X, by + noloader + +5 March 2020: Wouter + - Fix PR #182 from noloader: Add iOS testing to Travis. + +4 March 2020: Ralph + - Update README-Travis.md (from PR #179), by Jeffrey Walton. + +4 March 2020: George + - Merge PR #181 from noloader: Fix OpenSSL -pie warning on Android. + +4 March 2020: Wouter + - Merge PR #180 from noloader: Avoid calling exit in Travis script. + +3 March 2020: George + - Upgrade config.guess(2020-01-01) and config.sub(2020-01-01). + +2 March 2020: Ralph + - Fix #175, Merge PR #176: fix link error when OpenSSL is configured + with no-engine, thanks noloader. + +2 March 2020: George + - Fix compiler warning in dns64/dns64.c + - Merge PR #174: Add Android to Travis testing, by noloader. + - Move android build scripts to contrib/ and allow android tests to fail. + +2 March 2020: Wouter + - Fix #177: dnstap does not build on macOS. + +28 February 2020: Ralph + - Merge PR #172: Add IBM s390x arch for testing, by noloader. + +28 February 2020: Wouter + - Merge PR #173: updated makedist.sh for config.guess and + config.sub and sha256 digest for gpg, by noloader. + - Merge PR #164: Framestreams, this branch implements dnstap + unidirectional connectivity in unbound. This has a number of + new features. + + The dependency on libfstrm is removed. The fstrm protocol code + resides in dnstap/dnstap_fstrm.h and dnstap/dnstap_fstrm.c. This + contains a brief definition of what unbound needs. + + The make unbound-dnstap-socket builds a debug tool, + unbound-dnstap-socket. It can listen, accept multiple DNSTAP + streams and print information. Commandline options control it. + + Unbound can reconnect if the unix domain socket file socket is + closed. This uses exponential backoff after which it uses a + one second timer to throttle cpu down. There is also support + to use TCP and TLS for connecting to the log server. There + are new config options to turn them on, in the dnstap section + in the man page and example config file. dnstap-ip with IP + address of server for TCP or TLS use. dnstap-tls to turn + on TLS. And dnstap-tls-server-name, dnstap-tls-cert-bundle, + dnstap-tls-client-key-file and dnstap-tls-client-cert-file + to configure the certificates for server authentication and + client authentication, or leave at "" to not use that. + +27 February 2020: George + - Merge PR #171: Add additional compilers and platforms to Travis + testing, by noloader. + +27 February 2020: Wouter + - Fix #169: Fix warning for daemon/remote.c output may be truncated + from snprintf. + - Fix #170: Fix gcc undefined sanitizer signed integer overflow + warning in signature expiry RFC1982 serial number arithmetic. + - Fix more undefined sanitizer issues, in respip copy_rrset null + dname, and in the client_info_compare routine for null memcmp. + +26 February 2020: Wouter + - iana portlist updated. + +25 February 2020: Wouter + - Fix #165: Add prefer-ip4: yesno config option to prefer ipv4 for + using ipv4 filters, because the hosts ip6 netblock /64 is not owned + by one operator, and thus reputation is shared. + +24 February 2020: George + - Merge PR #166: Fix typo in unbound.service.in, by glitsj16. + 20 February 2020: Wouter - Updated contrib/unbound_smf23.tar.gz with Solaris SMF service for Unbound from Yuri Voinov. + - master branch has 1.10.1 version. + +18 February 2020: Wouter + - protect X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS with ifdef for + different openssl versions. + +17 February 2020: Wouter + - changelog point where the tag for 1.10.0rc2 release is. And with + the unbound_smf23 commit added to it, that is the 1.10.0 release. 17 February 2020: Ralph - Add respip to supported module-config options in unbound-checkconf. diff --git a/doc/README b/doc/README index 6bd34bbed956..6bd9a4c5fdae 100644 --- a/doc/README +++ b/doc/README @@ -1,4 +1,4 @@ -README for Unbound 1.10.1 +README for Unbound 1.11.0 Copyright 2007 NLnet Labs http://unbound.net diff --git a/doc/example.conf.in b/doc/example.conf.in index d9fe9c60b3d0..4f6411033e69 100644 --- a/doc/example.conf.in +++ b/doc/example.conf.in @@ -1,13 +1,17 @@ # # Example configuration file. # -# See unbound.conf(5) man page, version 1.10.1. +# See unbound.conf(5) man page, version 1.11.0. # # this is a comment. -#Use this to include other text into the file. +# Use this anywhere in the file to include other text into this file. #include: "otherfile.conf" +# Use this anywhere in the file to include other text, that explicitly starts a +# clause, into this file. Text after this directive needs to start a clause. +#include-toplevel: "otherfile.conf" + # The server clause sets the main parameters. server: # whitespace is not necessary, but looks cleaner. @@ -70,6 +74,9 @@ server: # Set this to yes to prefer ipv6 upstream servers over ipv4. # prefer-ip6: no + # Prefer ipv4 upstream servers, even if ipv6 is available. + # prefer-ip4: no + # number of ports to allocate per thread, determines the size of the # port range that can be open simultaneously. About double the # num-queries-per-thread, or, use as many as the OS will allow you. @@ -116,6 +123,11 @@ server: # Linux only. On Linux you also have ip-transparent that is similar. # ip-freebind: no + # the value of the Differentiated Services Codepoint (DSCP) + # in the differentiated services field (DS) of the outgoing + # IP packets + # ip-dscp: 0 + # EDNS reassembly buffer to advertise to UDP peers (the actual buffer # is set with msg-buffer-size). 1472 can solve fragmentation (timeouts) # edns-buffer-size: 4096 @@ -465,7 +477,7 @@ server: # deny-any: no # if yes, Unbound rotates RRSet order in response. - # rrset-roundrobin: no + # rrset-roundrobin: yes # if yes, Unbound doesn't insert authority/additional sections # into response messages when those sections are not required. @@ -738,6 +750,10 @@ server: # cipher setting for TLSv1.3 # tls-ciphersuites: "TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_8_SHA256:TLS_AES_128_CCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256" + # Use the SNI extension for TLS connections. Default is yes. + # Changing the value requires a reload. + # tls-use-sni: yes + # Add the secret file for TLS Session Ticket. # Secret file must be 80 bytes of random data. # First key use to encrypt and decrypt TLS session tickets. @@ -847,6 +863,17 @@ python: # Script file to load # python-script: "@UNBOUND_SHARE_DIR@/ubmodule-tst.py" +# Dynamic library config section. To enable: +# o use --with-dynlibmodule to configure before compiling. +# o list dynlib in the module-config string (above) to enable. +# It can be placed anywhere, the dynlib module is only a very thin wrapper +# to load modules dynamically. +# o and give a dynlib-file to run. If more than one dynlib entry is listed in +# the module-config then you need one dynlib-file per instance. +dynlib: + # Script file to load + # dynlib-file: "@UNBOUND_SHARE_DIR@/dynlib.so" + # Remote control config section. remote-control: # Enable remote control with unbound-control(8) here. @@ -1005,10 +1032,12 @@ remote-control: # redis-server-port: 6379 # # timeout (in ms) for communication with the redis server # redis-timeout: 100 +# # set timeout on redis records based on DNS response TTL +# redis-expire-records: no # IPSet # Add specify domain into set via ipset. -# Note: To enable ipset needs run unbound as root user. +# Note: To enable ipset unbound needs to run as root user. # ipset: # # set name for ip v4 addresses # name-v4: "list-v4" @@ -1016,6 +1045,40 @@ remote-control: # name-v6: "list-v6" # +# Dnstap logging support, if compiled in. To enable, set the dnstap-enable +# to yes and also some of dnstap-log-..-messages to yes. And select an +# upstream log destination, by socket path, TCP or TLS destination. +# dnstap: +# dnstap-enable: no +# # if set to yes frame streams will be used in bidirectional mode +# dnstap-bidirectional: yes +# dnstap-socket-path: "@DNSTAP_SOCKET_PATH@" +# # if "" use the unix socket in dnstap-socket-path, otherwise, +# # set it to "IPaddress[@port]" of the destination. +# dnstap-ip: "" +# # if set to yes if you want to use TLS to dnstap-ip, no for TCP. +# dnstap-tls: yes +# # name for authenticating the upstream server. or "" disabled. +# dnstap-tls-server-name: "" +# # if "", it uses the cert bundle from the main unbound config. +# dnstap-tls-cert-bundle: "" +# # key file for client authentication, or "" disabled. +# dnstap-tls-client-key-file: "" +# # cert file for client authentication, or "" disabled. +# dnstap-tls-client-cert-file: "" +# dnstap-send-identity: no +# dnstap-send-version: no +# # if "" it uses the hostname. +# dnstap-identity: "" +# # if "" it uses the package version. +# dnstap-version: "" +# dnstap-log-resolver-query-messages: no +# dnstap-log-resolver-response-messages: no +# dnstap-log-client-query-messages: no +# dnstap-log-client-response-messages: no +# dnstap-log-forwarder-query-messages: no +# dnstap-log-forwarder-response-messages: no + # Response Policy Zones # RPZ policies. Applied in order of configuration. QNAME and Response IP # Address trigger are the only supported triggers. Supported actions are: diff --git a/doc/libunbound.3.in b/doc/libunbound.3.in index 69c201116246..10bda1614b26 100644 --- a/doc/libunbound.3.in +++ b/doc/libunbound.3.in @@ -1,4 +1,4 @@ -.TH "libunbound" "3" "May 19, 2020" "NLnet Labs" "unbound 1.10.1" +.TH "libunbound" "3" "Jul 27, 2020" "NLnet Labs" "unbound 1.11.0" .\" .\" libunbound.3 -- unbound library functions manual .\" @@ -44,7 +44,7 @@ .B ub_ctx_zone_remove, .B ub_ctx_data_add, .B ub_ctx_data_remove -\- Unbound DNS validating resolver 1.10.1 functions. +\- Unbound DNS validating resolver 1.11.0 functions. .SH "SYNOPSIS" .B #include <unbound.h> .LP diff --git a/doc/unbound-anchor.8.in b/doc/unbound-anchor.8.in index 680066a75072..1c7799ca11d8 100644 --- a/doc/unbound-anchor.8.in +++ b/doc/unbound-anchor.8.in @@ -1,4 +1,4 @@ -.TH "unbound-anchor" "8" "May 19, 2020" "NLnet Labs" "unbound 1.10.1" +.TH "unbound-anchor" "8" "Jul 27, 2020" "NLnet Labs" "unbound 1.11.0" .\" .\" unbound-anchor.8 -- unbound anchor maintenance utility manual .\" @@ -69,6 +69,9 @@ The server name, it connects to https://name. Specify without https:// prefix. The default is "data.iana.org". It connects to the port specified with \-P. You can pass an IPv4 address or IPv6 address (no brackets) if you want. .TP +.B \-S +Do not use SNI for the HTTPS connection. Default is to use SNI. +.TP .B \-b \fIaddress The source address to bind to for domain resolution and contacting the server on https. May be either an IPv4 address or IPv6 address (no brackets). diff --git a/doc/unbound-checkconf.8.in b/doc/unbound-checkconf.8.in index 8fb18410dfdd..c7a0f9449572 100644 --- a/doc/unbound-checkconf.8.in +++ b/doc/unbound-checkconf.8.in @@ -1,4 +1,4 @@ -.TH "unbound-checkconf" "8" "May 19, 2020" "NLnet Labs" "unbound 1.10.1" +.TH "unbound-checkconf" "8" "Jul 27, 2020" "NLnet Labs" "unbound 1.11.0" .\" .\" unbound-checkconf.8 -- unbound configuration checker manual .\" diff --git a/doc/unbound-control.8.in b/doc/unbound-control.8.in index 3747b1fa670e..154450303366 100644 --- a/doc/unbound-control.8.in +++ b/doc/unbound-control.8.in @@ -1,4 +1,4 @@ -.TH "unbound-control" "8" "May 19, 2020" "NLnet Labs" "unbound 1.10.1" +.TH "unbound-control" "8" "Jul 27, 2020" "NLnet Labs" "unbound 1.11.0" .\" .\" unbound-control.8 -- unbound remote control manual .\" diff --git a/doc/unbound-host.1.in b/doc/unbound-host.1.in index e2dcc4a9b0ee..cae708d66b12 100644 --- a/doc/unbound-host.1.in +++ b/doc/unbound-host.1.in @@ -1,4 +1,4 @@ -.TH "unbound\-host" "1" "May 19, 2020" "NLnet Labs" "unbound 1.10.1" +.TH "unbound\-host" "1" "Jul 27, 2020" "NLnet Labs" "unbound 1.11.0" .\" .\" unbound-host.1 -- unbound DNS lookup utility .\" diff --git a/doc/unbound.8.in b/doc/unbound.8.in index 74c900ebcc0d..fcdb3d833406 100644 --- a/doc/unbound.8.in +++ b/doc/unbound.8.in @@ -1,4 +1,4 @@ -.TH "unbound" "8" "May 19, 2020" "NLnet Labs" "unbound 1.10.1" +.TH "unbound" "8" "Jul 27, 2020" "NLnet Labs" "unbound 1.11.0" .\" .\" unbound.8 -- unbound manual .\" @@ -9,7 +9,7 @@ .\" .SH "NAME" .B unbound -\- Unbound DNS validating resolver 1.10.1. +\- Unbound DNS validating resolver 1.11.0. .SH "SYNOPSIS" .B unbound .RB [ \-h ] diff --git a/doc/unbound.conf.5.in b/doc/unbound.conf.5.in index ffdbf8caa65b..04dca3561ea2 100644 --- a/doc/unbound.conf.5.in +++ b/doc/unbound.conf.5.in @@ -1,4 +1,4 @@ -.TH "unbound.conf" "5" "May 19, 2020" "NLnet Labs" "unbound 1.10.1" +.TH "unbound.conf" "5" "Jul 27, 2020" "NLnet Labs" "unbound 1.11.0" .\" .\" unbound.conf.5 -- unbound.conf manual .\" @@ -77,6 +77,12 @@ for the included files works, relative pathnames for the included names work if the directory where the daemon is started equals its chroot/working directory or is specified before the include statement with directory: dir. Wildcards can be used to include multiple files, see \fIglob\fR(7). +.P +For a more structural include option, the +.B include\-toplevel: +directive can be used. This closes whatever clause is currently active (if any) +and forces the use of clauses in the included files and right after this +directive. .SS "Server Options" These options are part of the .B server: @@ -126,9 +132,12 @@ interface and port number), if not specified the default port (from Same as interface: (for ease of compatibility with nsd.conf). .TP .B interface\-automatic: \fI<yes or no> -Detect source interface on UDP queries and copy them to replies. This -feature is experimental, and needs support in your OS for particular socket -options. Default value is no. +Listen on all addresses on all (current and future) interfaces, detect the +source interface on UDP queries and copy them to replies. This is a lot like +ip\-transparent, but this option services all interfaces whilst with +ip\-transparent you can select which (future) interfaces unbound provides +service on. This feature is experimental, and needs support in your OS for +particular socket options. Default value is no. .TP .B outgoing\-interface: \fI<ip address or ip6 netblock> Interface to use to connect to the network. This interface is used to send @@ -323,6 +332,12 @@ IP addresses that are nonlocal or do not exist, like when the network interface or IP address is down. Exists only on Linux, where the similar ip\-transparent option is also available. .TP +.B ip-dscp: \fI<number> +The value of the Differentiated Services Codepoint (DSCP) in the +differentiated services field (DS) of the outgoing IP packet headers. +The field replaces the outdated IPv4 Type-Of-Service field and the +IPV6 traffic class field. +.TP .B rrset\-cache\-size: \fI<number> Number of bytes size of the RRset cache. Default is 4 megabytes. A plain number is in bytes, append 'k', 'm' or 'g' for kilobytes, megabytes @@ -381,6 +396,13 @@ IPv6 to the internet nameservers. With this option you can disable the ipv6 transport for sending DNS traffic, it does not impact the contents of the DNS traffic, which may have ip4 and ip6 addresses in it. .TP +.B prefer\-ip4: \fI<yes or no> +If enabled, prefer IPv4 transport for sending DNS queries to internet +nameservers. Default is no. Useful if the IPv6 netblock the server has, +the entire /64 of that is not owned by one operator and the reputation of +the netblock /64 is an issue, using IPv4 then uses the IPv4 filters that +the upstream servers have. +.TP .B prefer\-ip6: \fI<yes or no> If enabled, prefer IPv6 transport for sending DNS queries to internet nameservers. Default is no. @@ -530,6 +552,11 @@ and that is the default. Set the list of ciphersuites to allow when serving TLS. This is for newer TLS 1.3 connections. Use "" for defaults, and that is the default. .TP +.B tls\-use\-sni: \fI<yes or no> +Enable or disable sending the SNI extension on TLS connections. +Default is yes. +Changing the value requires a reload. +.TP .B use\-systemd: \fI<yes or no> Enable or disable systemd socket activation. Default is no. @@ -843,7 +870,7 @@ NXDOMAIN from a DNSSEC signed zone. Default is yes. QNAME minimisation in strict mode. Do not fall-back to sending full QNAME to potentially broken nameservers. A lot of domains will not be resolvable when this option in enabled. Only use if you know what you are doing. -This option only has effect when qname-minimisation is enabled. Default is off. +This option only has effect when qname-minimisation is enabled. Default is no. .TP .B aggressive\-nsec: \fI<yes or no> Aggressive NSEC uses the DNSSEC NSEC chain to synthesize NXDOMAIN @@ -911,7 +938,7 @@ are none. .TP .B rrset\-roundrobin: \fI<yes or no> If yes, Unbound rotates RRSet order in response (the random number is taken -from the query ID, for speed and thread safety). Default is no. +from the query ID, for speed and thread safety). Default is yes. .TP .B minimal-responses: \fI<yes or no> If yes, Unbound doesn't insert authority/additional sections into response @@ -942,7 +969,9 @@ EDNS client subnet support the default is "subnetcache validator iterator". Most modules that need to be listed here have to be listed at the beginning of the line. The cachedb module has to be listed just before the iterator. The python module can be listed in different places, it then processes the -output of the module it is just before. +output of the module it is just before. The dynlib module can be listed pretty +much anywhere, it is only a very thin wrapper that allows dynamic libraries to +run in its place. .TP .B trust\-anchor\-file: \fI<filename> File with trusted keys for validation. Both DS and DNSKEY entries can appear @@ -1591,6 +1620,9 @@ Name of stub zone nameserver. Is itself resolved before it is used. .B stub\-addr: \fI<IP address> IP address of stub zone nameserver. Can be IP 4 or IP 6. To use a nondefault port for DNS communication append '@' with the port number. +If tls is enabled, then you can append a '#' and a name, then it'll check +the tls authentication certificates with that name. If you combine +the '@' and '#', the '@' comes first. .TP .B stub\-prime: \fI<yes or no> This option is by default no. If enabled it performs NS set priming, @@ -1809,6 +1841,24 @@ directory. .B python\-script: \fI<python file>\fR The script file to load. Repeat this option for every python module instance added to the \fBmodule\-config:\fR option. +.SS "Dynamic Library Module Options" +.LP +The +.B dynlib: +clause gives the settings for the \fIdynlib\fR module. This module is only +a very small wrapper that allows dynamic modules to be loaded on runtime +instead of being compiled into the application. To enable the dynlib module it +has to be compiled into the daemon, and the word "dynlib" has to be put in the +\fBmodule\-config:\fR option. Multiple instances of dynamic libraries are +supported by adding the word "dynlib" more than once. +.LP +The \fBdynlib\-file:\fR path should be specified as an absolute path relative +to the new path set by \fBchroot:\fR option, or as a relative path to the +working directory. +.TP +.B dynlib\-file: \fI<dynlib file>\fR +The dynamic library file to load. Repeat this option for every dynlib module +instance added to the \fBmodule\-config:\fR option. .SS "DNS64 Module Options" .LP The dns64 module must be configured in the \fBmodule\-config:\fR "dns64 @@ -2060,6 +2110,11 @@ even if some data have expired in terms of DNS TTL or the Redis server has cached too much data; if necessary the Redis server must be configured to limit the cache size, preferably with some kind of least-recently-used eviction policy. +Additionaly, the \fBredis\-expire\-records\fR option can be used in order to +set the relative DNS TTL of the message as timeout to the Redis records; keep +in mind that some additional memory is used per key and that the expire +information is stored as absolute Unix timestamps in Redis (computer time must +be stable). This backend uses synchronous communication with the Redis server based on the assumption that the communication is stable and sufficiently fast. @@ -2114,6 +2169,94 @@ If this timeout expires Unbound closes the connection, treats it as if the Redis server does not have the requested data, and will try to re-establish a new connection later. This option defaults to 100 milliseconds. +.TP +.B redis-expire-records: \fI<yes or no> +If Redis record expiration is enabled. If yes, unbound sets timeout for Redis +records so that Redis can evict keys that have expired automatically. If +unbound is configured with \fBserve-expired\fR and \fBserve-expired-ttl\fR is 0, +this option is internally reverted to "no". Redis SETEX support is required +for this option (Redis >= 2.0.0). +This option defaults to no. +.SS DNSTAP Logging Options +DNSTAP support, when compiled in, is enabled in the \fBdnstap:\fR section. +This starts an extra thread (when compiled with threading) that writes +the log information to the destination. If unbound is compiled without +threading it does not spawn a thread, but connects per-process to the +destination. +.TP +.B dnstap-enable: \fI<yes or no> +If dnstap is enabled. Default no. If yes, it connects to the dnstap server +and if any of the dnstap-log-..-messages options is enabled it sends logs +for those messages to the server. +.TP +.B dnstap-bidirectional: \fI<yes or no> +Use frame streams in bidirectional mode to transfer DNSTAP messages. Default is +yes. +.TP +.B dnstap-socket-path: \fI<file name> +Sets the unix socket file name for connecting to the server that is +listening on that socket. Default is "@DNSTAP_SOCKET_PATH@". +.TP +.B dnstap-ip: \fI<IPaddress[@port]> +If "", the unix socket is used, if set with an IP address (IPv4 or IPv6) +that address is used to connect to the server. +.TP +.B dnstap-tls: \fI<yes or no> +Set this to use TLS to connect to the server specified in \fBdnstap-ip\fR. +The default is yes. If set to no, TCP is used to connect to the server. +.TP +.B dnstap-tls-server-name: \fI<name of TLS authentication> +The TLS server name to authenticate the server with. Used when \fBdnstap-tls\fR is enabled. If "" it is ignored, default "". +.TP +.B dnstap-tls-cert-bundle: \fI<file name of cert bundle> +The pem file with certs to verify the TLS server certificate. If "" the +server default cert bundle is used, or the windows cert bundle on windows. +Default is "". +.TP +.B dnstap-tls-client-key-file: \fI<file name> +The client key file for TLS client authentication. If "" client +authentication is not used. Default is "". +.TP +.B dnstap-tls-client-cert-file: \fI<file name> +The client cert file for TLS client authentication. Default is "". +.TP +.B dnstap-send-identity: \fI<yes or no> +If enabled, the server identity is included in the log messages. +Default is no. +.TP +.B dnstap-send-version: \fI<yes or no> +If enabled, the server version if included in the log messages. +Default is no. +.TP +.B dnstap-identity: \fI<string> +The identity to send with messages, if "" the hostname is used. +Default is "". +.TP +.B dnstap-version: \fI<string> +The version to send with messages, if "" the package version is used. +Default is "". +.TP +.B dnstap-log-resolver-query-messages: \fI<yes or no> +Enable to log resolver query messages. Default is no. +These are messages from unbound to upstream servers. +.TP +.B dnstap-log-resolver-response-messages: \fI<yes or no> +Enable to log resolver response messages. Default is no. +These are replies from upstream servers to unbound. +.TP +.B dnstap-log-client-query-messages: \fI<yes or no> +Enable to log client query messages. Default is no. +These are client queries to unbound. +.TP +.B dnstap-log-client-response-messages: \fI<yes or no> +Enable to log client response messages. Default is no. +These are responses from unbound to clients. +.TP +.B dnstap-log-forwarder-query-messages: \fI<yes or no> +Enable to log forwarder query messages. Default is no. +.TP +.B dnstap-log-forwarder-response-messages: \fI<yes or no> +Enable to log forwarder response messages. Default is no. .SS Response Policy Zone Options .LP Response Policy Zones are configured with \fBrpz:\fR, and each one must have a diff --git a/dynlibmod/dynlibmod.c b/dynlibmod/dynlibmod.c new file mode 100644 index 000000000000..f9751d8c6f73 --- /dev/null +++ b/dynlibmod/dynlibmod.c @@ -0,0 +1,301 @@ +/** + * \file + * This file contains the dynamic library module for Unbound. + * This loads a dynamic library (.dll, .so) and calls that for the + * module actions. + */ +#include "config.h" +#include "util/module.h" +#include "util/config_file.h" +#include "dynlibmod/dynlibmod.h" + +#if HAVE_WINDOWS_H +#include <windows.h> +#define __DYNMOD HMODULE +#define __DYNSYM FARPROC +#define __LOADSYM GetProcAddress +void log_dlerror() { + DWORD dwLastError = GetLastError(); + LPSTR MessageBuffer; + DWORD dwBufferLength; + DWORD dwFormatFlags = FORMAT_MESSAGE_ALLOCATE_BUFFER | + FORMAT_MESSAGE_IGNORE_INSERTS | + FORMAT_MESSAGE_FROM_SYSTEM ; + if((dwBufferLength = FormatMessageA( + dwFormatFlags, + NULL, // module to get message from (NULL == system) + dwLastError, + MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), // default language + (LPSTR) &MessageBuffer, + 0, + NULL + ))) + { + log_err("dynlibmod: %s (%ld)", MessageBuffer, dwLastError); + LocalFree(MessageBuffer); + } + +} + +HMODULE open_library(const char* fname) { + return LoadLibrary(fname); +} + +void close_library(const char* fname, __DYNMOD handle) { + (void)fname; + (void)handle; +} +#else +#include <dlfcn.h> +#define __DYNMOD void* +#define __DYNSYM void* +#define __LOADSYM dlsym +void log_dlerror() { + log_err("dynlibmod: %s", dlerror()); +} + +void* open_library(const char* fname) { + return dlopen(fname, RTLD_LAZY | RTLD_GLOBAL); +} + +void close_library(const char* fname, __DYNMOD handle) { + if(!handle) return; + if(dlclose(handle) != 0) { + log_err("dlclose %s: %s", fname, strerror(errno)); + } +} +#endif + +/** module counter for multiple dynlib modules */ +static int dynlib_mod_count = 0; + +/** dynlib module init */ +int dynlibmod_init(struct module_env* env, int id) { + int dynlib_mod_idx = dynlib_mod_count++; + struct config_strlist* cfg_item = env->cfg->dynlib_file; + struct dynlibmod_env* de = (struct dynlibmod_env*)calloc(1, sizeof(struct dynlibmod_env)); + __DYNMOD dynamic_library; + if (!de) + { + log_err("dynlibmod[%d]: malloc failure", dynlib_mod_idx); + return 0; + } + + env->modinfo[id] = (void*) de; + + de->fname = NULL; + for(int i = dynlib_mod_idx; + i != 0 && cfg_item != NULL; + i--, cfg_item = cfg_item->next) {} + + if (cfg_item == NULL || cfg_item->str == NULL || cfg_item->str[0] == 0) { + log_err("dynlibmod[%d]: no dynamic library given.", dynlib_mod_idx); + return 0; + } else { + de->fname = cfg_item->str; + } + verbose(VERB_ALGO, "dynlibmod[%d]: Trying to load library %s", dynlib_mod_idx, de->fname); + dynamic_library = open_library(de->fname); + de->dynamic_library = (void*)dynamic_library; + if (dynamic_library == NULL) { + log_dlerror(); + log_err("dynlibmod[%d]: unable to load dynamic library \"%s\".", dynlib_mod_idx, de->fname); + return 0; + } else { + __DYNSYM initializer; + __DYNSYM deinitializer; + __DYNSYM operate; + __DYNSYM inform; + __DYNSYM clear; + __DYNSYM get_mem; + initializer = __LOADSYM(dynamic_library,"init"); + if (initializer == NULL) { + log_dlerror(); + log_err("dynlibmod[%d]: unable to load init procedure from dynamic library \"%s\".", dynlib_mod_idx, de->fname); + return 0; + } else { + de->func_init = (func_init_t)(void*)initializer; + } + deinitializer = __LOADSYM(dynamic_library,"deinit"); + if (deinitializer == NULL) { + log_dlerror(); + log_err("dynlibmod[%d]: unable to load deinit procedure from dynamic library \"%s\".", dynlib_mod_idx, de->fname); + return 0; + } else { + de->func_deinit = (func_deinit_t)(void*)deinitializer; + } + operate = __LOADSYM(dynamic_library,"operate"); + if (operate == NULL) { + log_dlerror(); + log_err("dynlibmod[%d]: unable to load operate procedure from dynamic library \"%s\".", dynlib_mod_idx, de->fname); + return 0; + } else { + de->func_operate = (func_operate_t)(void*)operate; + } + inform = __LOADSYM(dynamic_library,"inform_super"); + if (inform == NULL) { + log_dlerror(); + log_err("dynlibmod[%d]: unable to load inform_super procedure from dynamic library \"%s\".", dynlib_mod_idx, de->fname); + return 0; + } else { + de->func_inform = (func_inform_t)(void*)inform; + } + clear = __LOADSYM(dynamic_library,"clear"); + if (clear == NULL) { + log_dlerror(); + log_err("dynlibmod[%d]: unable to load clear procedure from dynamic library \"%s\".", dynlib_mod_idx, de->fname); + return 0; + } else { + de->func_clear = (func_clear_t)(void*)clear; + } + get_mem = __LOADSYM(dynamic_library,"get_mem"); + if (get_mem == NULL) { + log_dlerror(); + log_err("dynlibmod[%d]: unable to load get_mem procedure from dynamic library \"%s\".", dynlib_mod_idx, de->fname); + return 0; + } else { + de->func_get_mem = (func_get_mem_t)(void*)get_mem; + } + } + de->inplace_cb_delete_wrapped = &inplace_cb_delete_wrapped; + de->inplace_cb_register_wrapped = &inplace_cb_register_wrapped; + return de->func_init(env, id); +} + +/** dynlib module deinit */ +void dynlibmod_deinit(struct module_env* env, int id) { + struct dynlibmod_env* de = env->modinfo[id]; + if(de == NULL) + return; + de->func_deinit(env, id); + close_library(de->fname, (__DYNMOD)de->dynamic_library); + dynlib_mod_count--; + de->fname = NULL; + free(de); +} + +/** dynlib module operate on a query */ +void dynlibmod_operate(struct module_qstate* qstate, enum module_ev event, + int id, struct outbound_entry* outbound) { + struct dynlibmod_env* de = qstate->env->modinfo[id]; + + de->func_operate(qstate, event, id, outbound); +} + +/** dynlib module */ +void dynlibmod_inform_super(struct module_qstate* qstate, int id, + struct module_qstate* super) { + struct dynlibmod_env* de = qstate->env->modinfo[id]; + + de->func_inform(qstate, id, super); +} + +/** dynlib module cleanup query state */ +void dynlibmod_clear(struct module_qstate* qstate, int id) { + struct dynlibmod_env* de = qstate->env->modinfo[id]; + + de->func_clear(qstate, id); +} + +/** dynlib module alloc size routine */ +size_t dynlibmod_get_mem(struct module_env* env, int id) { + struct dynlibmod_env* de = (struct dynlibmod_env*)env->modinfo[id]; + size_t size; + verbose(VERB_ALGO, "dynlibmod: get_mem, id: %d, de:%p", id, de); + if(!de) + return 0; + + size = de->func_get_mem(env, id); + return size + sizeof(*de); +} + +int dynlib_inplace_cb_reply_generic(struct query_info* qinfo, + struct module_qstate* qstate, struct reply_info* rep, int rcode, + struct edns_data* edns, struct edns_option** opt_list_out, + struct comm_reply* repinfo, struct regional* region, int id, + void* callback) { + struct cb_pair* cb_pair = (struct cb_pair*) callback; + return ((inplace_cb_reply_func_type*) cb_pair->cb)(qinfo, qstate, rep, rcode, edns, opt_list_out, repinfo, region, id, cb_pair->cb_arg); +} + +int dynlib_inplace_cb_query_generic(struct query_info* qinfo, uint16_t flags, + struct module_qstate* qstate, struct sockaddr_storage* addr, + socklen_t addrlen, uint8_t* zone, size_t zonelen, struct regional* region, + int id, void* callback) { + struct cb_pair* cb_pair = (struct cb_pair*) callback; + return ((inplace_cb_query_func_type*) cb_pair->cb)(qinfo, flags, qstate, addr, addrlen, zone, zonelen, region, id, cb_pair->cb_arg); +} + +int dynlib_inplace_cb_edns_back_parsed(struct module_qstate* qstate, + int id, void* cb_args) { + struct cb_pair* cb_pair = (struct cb_pair*) cb_args; + return ((inplace_cb_edns_back_parsed_func_type*) cb_pair->cb)(qstate, id, cb_pair->cb_arg); +} + +int dynlib_inplace_cb_query_response(struct module_qstate* qstate, + struct dns_msg* response, int id, void* cb_args) { + struct cb_pair* cb_pair = (struct cb_pair*) cb_args; + return ((inplace_cb_query_response_func_type*) cb_pair->cb)(qstate, response, id, cb_pair->cb_arg); +} + +int +inplace_cb_register_wrapped(void* cb, enum inplace_cb_list_type type, void* cbarg, + struct module_env* env, int id) { + struct cb_pair* cb_pair = malloc(sizeof(struct cb_pair)); + cb_pair->cb = cb; + cb_pair->cb_arg = cbarg; + if(type >= inplace_cb_reply && type <= inplace_cb_reply_servfail) { + return inplace_cb_register(&dynlib_inplace_cb_reply_generic, type, (void*) cb_pair, env, id); + } else if(type == inplace_cb_query) { + return inplace_cb_register(&dynlib_inplace_cb_query_generic, type, (void*) cb_pair, env, id); + } else if(type == inplace_cb_query_response) { + return inplace_cb_register(&dynlib_inplace_cb_query_response, type, (void*) cb_pair, env, id); + } else if(type == inplace_cb_edns_back_parsed) { + return inplace_cb_register(&dynlib_inplace_cb_edns_back_parsed, type, (void*) cb_pair, env, id); + } else { + return 0; + } +} + +void +inplace_cb_delete_wrapped(struct module_env* env, enum inplace_cb_list_type type, + int id) { + struct inplace_cb* temp = env->inplace_cb_lists[type]; + struct inplace_cb* prev = NULL; + + while(temp) { + if(temp->id == id) { + if(!prev) { + env->inplace_cb_lists[type] = temp->next; + free(temp->cb_arg); + free(temp); + temp = env->inplace_cb_lists[type]; + } + else { + prev->next = temp->next; + free(temp->cb_arg); + free(temp); + temp = prev->next; + } + } + else { + prev = temp; + temp = temp->next; + } + } +} + + +/** + * The module function block + */ +static struct module_func_block dynlibmod_block = { + "dynlib", + &dynlibmod_init, &dynlibmod_deinit, &dynlibmod_operate, &dynlibmod_inform_super, + &dynlibmod_clear, &dynlibmod_get_mem +}; + +struct module_func_block* dynlibmod_get_funcblock(void) +{ + return &dynlibmod_block; +} diff --git a/dynlibmod/dynlibmod.h b/dynlibmod/dynlibmod.h new file mode 100644 index 000000000000..c34cf0e88d92 --- /dev/null +++ b/dynlibmod/dynlibmod.h @@ -0,0 +1,139 @@ +/* + * dynlibmod.h: module header file + * + * Copyright (c) 2019, Peter Munch-Ellingsen (peterme AT peterme.net) + * + * This software is open source. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * * Neither the name of the organization nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ +/** + * \file + * Dynamic loading module for unbound. Loads dynamic library. + */ +#ifndef DYNLIBMOD_H +#define DYNLIBMOD_H +#include "util/module.h" +#include "services/outbound_list.h" + +/** + * Get the module function block. + * @return: function block with function pointers to module methods. + */ +struct module_func_block* dynlibmod_get_funcblock(void); + +/** dynlib module init */ +int dynlibmod_init(struct module_env* env, int id); + +/** dynlib module deinit */ +void dynlibmod_deinit(struct module_env* env, int id); + +/** dynlib module operate on a query */ +void dynlibmod_operate(struct module_qstate* qstate, enum module_ev event, + int id, struct outbound_entry* outbound); + +/** dynlib module */ +void dynlibmod_inform_super(struct module_qstate* qstate, int id, + struct module_qstate* super); + +/** dynlib module cleanup query state */ +void dynlibmod_clear(struct module_qstate* qstate, int id); + +/** dynlib module alloc size routine */ +size_t dynlibmod_get_mem(struct module_env* env, int id); + +int dynlib_inplace_cb_reply_generic(struct query_info* qinfo, + struct module_qstate* qstate, struct reply_info* rep, int rcode, + struct edns_data* edns, struct edns_option** opt_list_out, + struct comm_reply* repinfo, struct regional* region, int id, + void* callback); + +int dynlib_inplace_cb_query_generic(struct query_info* qinfo, uint16_t flags, + struct module_qstate* qstate, struct sockaddr_storage* addr, + socklen_t addrlen, uint8_t* zone, size_t zonelen, struct regional* region, + int id, void* callback); + +int dynlib_inplace_cb_edns_back_parsed(struct module_qstate* qstate, + int id, void* cb_args); + +int dynlib_inplace_cb_query_response(struct module_qstate* qstate, + struct dns_msg* response, int id, void* cb_args); + +int +inplace_cb_register_wrapped(void* cb, enum inplace_cb_list_type type, void* cbarg, + struct module_env* env, int id); + +void +inplace_cb_delete_wrapped(struct module_env* env, enum inplace_cb_list_type type, + int id); + +struct cb_pair { + void *cb; + void *cb_arg; +}; + +/** + * Global state for the module. + */ + +typedef int (*func_init_t)(struct module_env*, int); +typedef void (*func_deinit_t)(struct module_env*, int); +typedef void (*func_operate_t)(struct module_qstate*, enum module_ev, int, struct outbound_entry*); +typedef void (*func_inform_t)(struct module_qstate*, int, struct module_qstate*); +typedef void (*func_clear_t)(struct module_qstate*, int); +typedef size_t (*func_get_mem_t)(struct module_env*, int); +typedef void (*inplace_cb_delete_wrapped_t)(struct module_env*, enum inplace_cb_list_type, int); +typedef int (*inplace_cb_register_wrapped_t)(void*, enum inplace_cb_list_type, void*, struct module_env*, int); + + +struct dynlibmod_env { + /** Dynamic library filename. */ + const char* fname; + /** dynamic library handle */ + void* dynamic_library; + /** Module init function */ + func_init_t func_init; + /** Module deinit function */ + func_deinit_t func_deinit; + /** Module operate function */ + func_operate_t func_operate; + /** Module super_inform function */ + func_inform_t func_inform; + /** Module clear function */ + func_clear_t func_clear; + /** Module get_mem function */ + func_get_mem_t func_get_mem; + /** Wrapped inplace callback functions to circumvent callback whitelisting */ + inplace_cb_delete_wrapped_t inplace_cb_delete_wrapped; + inplace_cb_register_wrapped_t inplace_cb_register_wrapped; + /** Pointer to any data the dynamic library might want to keep */ + void *dyn_env; +}; + + +#endif /* DYNLIBMOD_H */ diff --git a/dynlibmod/examples/helloworld.c b/dynlibmod/examples/helloworld.c new file mode 100644 index 000000000000..acb6b5d9bda6 --- /dev/null +++ b/dynlibmod/examples/helloworld.c @@ -0,0 +1,130 @@ +/** + * \file + * + * This is an example to show how dynamic libraries can be made to work with + * unbound. To build a .so file simply run: + * gcc -I../.. -shared -Wall -Werror -fpic -o helloworld.so helloworld.c + * And to build for windows, first make unbound with the --with-dynlibmod + * switch, then use this command: + * x86_64-w64-mingw32-gcc -m64 -I../.. -shared -Wall -Werror -fpic + * -o helloworld.dll helloworld.c -L../.. -l:libunbound.a + * to cross-compile a 64-bit Windows DLL. + */ + +#include "../../config.h" +#include "../../util/module.h" +#include "../../sldns/parseutil.h" +#include "../dynlibmod.h" + +/* Declare the EXPORT macro that expands to exporting the symbol for DLLs when + * compiling for Windows. All procedures marked with EXPORT in this example are + * called directly by the dynlib module and must be present for the module to + * load correctly. */ +#ifdef HAVE_WINDOWS_H +#define EXPORT __declspec(dllexport) +#else +#define EXPORT +#endif + +/* Forward declare a callback, implemented at the bottom of this file */ +int reply_callback(struct query_info* qinfo, + struct module_qstate* qstate, struct reply_info* rep, int rcode, + struct edns_data* edns, struct edns_option** opt_list_out, + struct comm_reply* repinfo, struct regional* region, int id, + void* callback); + +/* Init is called when the module is first loaded. It should be used to set up + * the environment for this module and do any other initialisation required. */ +EXPORT int init(struct module_env* env, int id) { + log_info("dynlib: hello world from init"); + struct dynlibmod_env* de = (struct dynlibmod_env*) env->modinfo[id]; + de->inplace_cb_register_wrapped(&reply_callback, + inplace_cb_reply, + NULL, env, id); + struct dynlibmod_env* local_env = env->modinfo[id]; + local_env->dyn_env = NULL; + return 1; +} + +/* Deinit is run as the program is shutting down. It should be used to clean up + * the environment and any left over data. */ +EXPORT void deinit(struct module_env* env, int id) { + log_info("dynlib: hello world from deinit"); + struct dynlibmod_env* de = (struct dynlibmod_env*) env->modinfo[id]; + de->inplace_cb_delete_wrapped(env, inplace_cb_reply, id); + if (de->dyn_env != NULL) free(de->dyn_env); +} + +/* Operate is called every time a query passes by this module. The event can be + * used to determine which direction in the module chain it came from. */ +EXPORT void operate(struct module_qstate* qstate, enum module_ev event, + int id, struct outbound_entry* entry) { + log_info("dynlib: hello world from operate"); + log_info("dynlib: incoming query: %s %s(%d) %s(%d)", + qstate->qinfo.qname, + sldns_lookup_by_id(sldns_rr_classes, qstate->qinfo.qclass)->name, + qstate->qinfo.qclass, + sldns_rr_descript(qstate->qinfo.qtype)->_name, + qstate->qinfo.qtype); + if (event == module_event_new || event == module_event_pass) { + qstate->ext_state[id] = module_wait_module; + struct dynlibmod_env* env = qstate->env->modinfo[id]; + if (env->dyn_env == NULL) { + env->dyn_env = calloc(3, sizeof(int)); + ((int *)env->dyn_env)[0] = 42; + ((int *)env->dyn_env)[1] = 102; + ((int *)env->dyn_env)[2] = 192; + } else { + log_err("dynlib: already has data!"); + qstate->ext_state[id] = module_error; + } + } else if (event == module_event_moddone) { + qstate->ext_state[id] = module_finished; + } else { + qstate->ext_state[id] = module_error; + } +} + +/* Inform super is called when a query is completed or errors out, but only if + * a sub-query has been registered to it by this module. Look at + * mesh_attach_sub in services/mesh.h to see how this is done. */ +EXPORT void inform_super(struct module_qstate* qstate, int id, + struct module_qstate* super) { + log_info("dynlib: hello world from inform_super"); +} + +/* Clear is called once a query is complete and the response has been sent + * back. It is used to clear up any per-query allocations. */ +EXPORT void clear(struct module_qstate* qstate, int id) { + log_info("dynlib: hello world from clear"); + struct dynlibmod_env* env = qstate->env->modinfo[id]; + if (env->dyn_env != NULL) { + free(env->dyn_env); + env->dyn_env = NULL; + } +} + +/* Get mem is called when Unbound is printing performance information. This + * only happens explicitly and is only used to show memory usage to the user. */ +EXPORT size_t get_mem(struct module_env* env, int id) { + log_info("dynlib: hello world from get_mem"); + return 0; +} + +/* The callback that was forward declared earlier. It is registered in the init + * procedure to run when a query is being replied to. */ +int reply_callback(struct query_info* qinfo, + struct module_qstate* qstate, struct reply_info* rep, int rcode, + struct edns_data* edns, struct edns_option** opt_list_out, + struct comm_reply* repinfo, struct regional* region, int id, + void* callback) { + log_info("dynlib: hello world from callback"); + struct dynlibmod_env* env = qstate->env->modinfo[id]; + if (env->dyn_env != NULL) { + log_info("dynlib: numbers gotten from query: %d, %d, and %d", + ((int *)env->dyn_env)[0], + ((int *)env->dyn_env)[1], + ((int *)env->dyn_env)[2]); + } + return 0; +} diff --git a/edns-subnet/subnetmod.c b/edns-subnet/subnetmod.c index 37dc550cd69c..f1b401b9080c 100644 --- a/edns-subnet/subnetmod.c +++ b/edns-subnet/subnetmod.c @@ -386,8 +386,7 @@ update_cache(struct module_qstate *qstate, int id) rep->flags |= (BIT_RA | BIT_QR); /* fix flags to be sensible for */ rep->flags &= ~(BIT_AA | BIT_CD);/* a reply based on the cache */ addrtree_insert(tree, (addrkey_t*)edns->subnet_addr, - edns->subnet_source_mask, - sq->ecs_server_in.subnet_scope_mask, rep, + edns->subnet_source_mask, sq->max_scope, rep, rep->ttl, *qstate->env->now); lock_rw_unlock(&lru_entry->lock); @@ -543,7 +542,7 @@ eval_response(struct module_qstate *qstate, int id, struct subnet_qstate *sq) c_out->subnet_addr_fam = c_in->subnet_addr_fam; c_out->subnet_source_mask = c_in->subnet_source_mask; memcpy(&c_out->subnet_addr, &c_in->subnet_addr, INET6_SIZE); - c_out->subnet_scope_mask = s_in->subnet_scope_mask; + c_out->subnet_scope_mask = sq->max_scope; /* Limit scope returned to client to scope used for caching. */ if(c_out->subnet_addr_fam == EDNSSUBNET_ADDRFAM_IP4) { if(c_out->subnet_scope_mask > @@ -648,6 +647,19 @@ ecs_query_response(struct module_qstate* qstate, struct dns_msg* response, qstate->env->cfg->client_subnet_opcode); sq->subnet_sent = 0; memset(&sq->ecs_server_out, 0, sizeof(sq->ecs_server_out)); + } else if (!sq->track_max_scope && + FLAGS_GET_RCODE(response->rep->flags) == LDNS_RCODE_NOERROR && + response->rep->an_numrrsets > 0 + ) { + struct ub_packed_rrset_key* s = response->rep->rrsets[0]; + if(ntohs(s->rk.type) == LDNS_RR_TYPE_CNAME && + query_dname_compare(qstate->qinfo.qname, + s->rk.dname) == 0) { + /* CNAME response for QNAME. From now on keep track of + * longest received ECS prefix for all queries on this + * qstate. */ + sq->track_max_scope = 1; + } } return 1; } @@ -663,16 +675,19 @@ ecs_edns_back_parsed(struct module_qstate* qstate, int id, return 1; if((ecs_opt = edns_opt_list_find( qstate->edns_opts_back_in, - qstate->env->cfg->client_subnet_opcode))) { - if(parse_subnet_option(ecs_opt, &sq->ecs_server_in) && - sq->subnet_sent && - sq->ecs_server_in.subnet_validdata) + qstate->env->cfg->client_subnet_opcode)) && + parse_subnet_option(ecs_opt, &sq->ecs_server_in) && + sq->subnet_sent && sq->ecs_server_in.subnet_validdata) { /* Only skip global cache store if we sent an ECS option * and received one back. Answers from non-whitelisted * servers will end up in global cache. Answers for * queries with 0 source will not (unless nameserver * does not support ECS). */ qstate->no_cache_store = 1; + if(!sq->track_max_scope || (sq->track_max_scope && + sq->ecs_server_in.subnet_scope_mask > + sq->max_scope)) + sq->max_scope = sq->ecs_server_in.subnet_scope_mask; } return 1; diff --git a/edns-subnet/subnetmod.h b/edns-subnet/subnetmod.h index e408627b0abd..27ba2ee74129 100644 --- a/edns-subnet/subnetmod.h +++ b/edns-subnet/subnetmod.h @@ -45,6 +45,7 @@ #include "util/alloc.h" #include "util/net_help.h" #include "util/storage/slabhash.h" +#include "util/data/dname.h" #include "edns-subnet/addrtree.h" #include "edns-subnet/edns-subnet.h" @@ -83,6 +84,12 @@ struct subnet_qstate { struct ecs_data ecs_server_out; int subnet_downstream; int subnet_sent; + /** keep track of longest received scope, set after receiving CNAME for + * incoming QNAME. */ + int track_max_scope; + /** longest received scope mask since track_max_scope is set. This value + * is used for caching and answereing to client. */ + uint8_t max_scope; /** has the subnet module been started with no_cache_store? */ int started_no_cache_store; }; diff --git a/iterator/iter_utils.c b/iterator/iter_utils.c index 3c14de86e7b4..7bc67da69b2e 100644 --- a/iterator/iter_utils.c +++ b/iterator/iter_utils.c @@ -484,6 +484,63 @@ iter_filter_order(struct iter_env* iter_env, struct module_env* env, got_num = num4ok; *selected_rtt = num4_lowrtt; } + } else if (env->cfg->prefer_ip4) { + int got_num4 = 0; + int low_rtt4 = 0; + int i; + int attempt = -1; /* filter to make sure addresses have + less attempts on them than the first, to force round + robin when all the IPv4 addresses fail */ + int num6ok = 0; /* number ip6 at low attempt count */ + int num6_lowrtt = 0; + prev = NULL; + a = dp->result_list; + for(i = 0; i < got_num; i++) { + swap_to_front = 0; + if(a->addr.ss_family != AF_INET && attempt == -1) { + /* if we only have ip6 at low attempt count, + * then ip4 is failing, and we need to + * select one of the remaining IPv6 addrs */ + attempt = a->attempts; + num6ok++; + num6_lowrtt = a->sel_rtt; + } else if(a->addr.ss_family != AF_INET && attempt == a->attempts) { + num6ok++; + if(num6_lowrtt == 0 || a->sel_rtt < num6_lowrtt) { + num6_lowrtt = a->sel_rtt; + } + } + if(a->addr.ss_family == AF_INET) { + if(attempt == -1) { + attempt = a->attempts; + } else if(a->attempts > attempt) { + break; + } + got_num4++; + swap_to_front = 1; + if(low_rtt4 == 0 || a->sel_rtt < low_rtt4) { + low_rtt4 = a->sel_rtt; + } + } + /* swap to front if IPv4, or move to next result */ + if(swap_to_front && prev) { + n = a->next_result; + prev->next_result = n; + a->next_result = dp->result_list; + dp->result_list = a; + a = n; + } else { + prev = a; + a = a->next_result; + } + } + if(got_num4 > 0) { + got_num = got_num4; + *selected_rtt = low_rtt4; + } else if(num6ok > 0) { + got_num = num6ok; + *selected_rtt = num6_lowrtt; + } } return got_num; } diff --git a/iterator/iterator.c b/iterator/iterator.c index 9d36660c0b18..23b07ea9095b 100644 --- a/iterator/iterator.c +++ b/iterator/iterator.c @@ -162,7 +162,7 @@ iter_new(struct module_qstate* qstate, int id) iq->qchase = qstate->qinfo; outbound_list_init(&iq->outlist); iq->minimise_count = 0; - iq->minimise_timeout_count = 0; + iq->timeout_count = 0; if (qstate->env->cfg->qname_minimisation) iq->minimisation_state = INIT_MINIMISE_STATE; else @@ -2239,7 +2239,7 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq, iq->qinfo_out.qname = iq->qchase.qname; iq->qinfo_out.qname_len = iq->qchase.qname_len; iq->minimise_count++; - iq->minimise_timeout_count = 0; + iq->timeout_count = 0; iter_dec_attempts(iq->dp, 1); @@ -2327,7 +2327,7 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq, } } if(iq->minimisation_state == SKIP_MINIMISE_STATE) { - if(iq->minimise_timeout_count < MAX_MINIMISE_TIMEOUT_COUNT) + if(iq->timeout_count < MAX_MINIMISE_TIMEOUT_COUNT) /* Do not increment qname, continue incrementing next * iteration */ iq->minimisation_state = MINIMISE_STATE; @@ -2668,14 +2668,15 @@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq, if(iq->response == NULL) { /* Don't increment qname when QNAME minimisation is enabled */ if(qstate->env->cfg->qname_minimisation) { - iq->minimise_timeout_count++; iq->minimisation_state = SKIP_MINIMISE_STATE; } + iq->timeout_count++; iq->chase_to_rd = 0; iq->dnssec_lame_query = 0; verbose(VERB_ALGO, "query response was timeout"); return next_state(iq, QUERYTARGETS_STATE); } + iq->timeout_count = 0; type = response_type_from_server( (int)((iq->chase_flags&BIT_RD) || iq->chase_to_rd), iq->response, &iq->qinfo_out, iq->dp); @@ -3690,7 +3691,7 @@ process_response(struct module_qstate* qstate, struct iter_qstate* iq, iq->response = NULL; iq->state = QUERY_RESP_STATE; if(event == module_event_noreply || event == module_event_error) { - if(event == module_event_noreply && iq->sent_count >= 3 && + if(event == module_event_noreply && iq->timeout_count >= 3 && qstate->env->cfg->use_caps_bits_for_id && !iq->caps_fallback && !is_caps_whitelisted(ie, iq)) { /* start fallback */ diff --git a/iterator/iterator.h b/iterator/iterator.h index 53dcab3b18b2..342ac207e826 100644 --- a/iterator/iterator.h +++ b/iterator/iterator.h @@ -398,8 +398,9 @@ struct iter_qstate { /** * Count number of time-outs. Used to prevent resolving failures when - * the QNAME minimisation QTYPE is blocked. */ - int minimise_timeout_count; + * the QNAME minimisation QTYPE is blocked. Used to determine if + * capsforid fallback should be started.*/ + int timeout_count; /** True if the current response is from auth_zone */ int auth_zone_response; diff --git a/libunbound/libworker.c b/libunbound/libworker.c index 6cb97ff1fd4a..44b8d790561f 100644 --- a/libunbound/libworker.c +++ b/libunbound/libworker.c @@ -74,6 +74,14 @@ #include "sldns/sbuffer.h" #include "sldns/str2wire.h" +#ifdef HAVE_TARGETCONDITIONALS_H +#include <TargetConditionals.h> +#endif + +#if defined(TARGET_OS_TV) || defined(TARGET_OS_WATCH) +#undef HAVE_FORK +#endif + /** handle new query command for bg worker */ static void handle_newq(struct libworker* w, uint8_t* buf, uint32_t len); @@ -225,12 +233,12 @@ libworker_setup(struct ub_ctx* ctx, int is_bg, struct ub_event_base* eb) w->back = outside_network_create(w->base, cfg->msg_buffer_size, (size_t)cfg->outgoing_num_ports, cfg->out_ifs, cfg->num_out_ifs, cfg->do_ip4, cfg->do_ip6, - cfg->do_tcp?cfg->outgoing_num_tcp:0, + cfg->do_tcp?cfg->outgoing_num_tcp:0, cfg->ip_dscp, w->env->infra_cache, w->env->rnd, cfg->use_caps_bits_for_id, ports, numports, cfg->unwanted_threshold, cfg->outgoing_tcp_mss, &libworker_alloc_cleanup, w, cfg->do_udp || cfg->udp_upstream_without_downstream, w->sslctx, - cfg->delay_close, NULL); + cfg->delay_close, cfg->tls_use_sni, NULL); w->env->outnet = w->back; if(!w->is_bg || w->is_bg_thread) { lock_basic_unlock(&ctx->cfglock); @@ -1047,3 +1055,19 @@ wsvc_cron_cb(void* ATTR_UNUSED(arg)) log_assert(0); } #endif /* UB_ON_WINDOWS */ + +#ifdef USE_DNSTAP +void dtio_tap_callback(int ATTR_UNUSED(fd), short ATTR_UNUSED(ev), + void* ATTR_UNUSED(arg)) +{ + log_assert(0); +} +#endif + +#ifdef USE_DNSTAP +void dtio_mainfdcallback(int ATTR_UNUSED(fd), short ATTR_UNUSED(ev), + void* ATTR_UNUSED(arg)) +{ + log_assert(0); +} +#endif diff --git a/libunbound/unbound.h b/libunbound/unbound.h index ca9592d62d52..b53426c76d54 100644 --- a/libunbound/unbound.h +++ b/libunbound/unbound.h @@ -642,6 +642,7 @@ struct ub_shm_stat_info { long long respip; long long dnscrypt_shared_secret; long long dnscrypt_nonce; + long long dynlib; } mem; }; diff --git a/respip/respip.c b/respip/respip.c index f504f55791ac..6fa4f18851fd 100644 --- a/respip/respip.c +++ b/respip/respip.c @@ -502,10 +502,16 @@ copy_rrset(const struct ub_packed_rrset_key* key, struct regional* region) ck->entry.hash = key->entry.hash; ck->entry.key = ck; ck->rk = key->rk; - ck->rk.dname = regional_alloc_init(region, key->rk.dname, - key->rk.dname_len); - if(!ck->rk.dname) - return NULL; + if(key->rk.dname) { + ck->rk.dname = regional_alloc_init(region, key->rk.dname, + key->rk.dname_len); + if(!ck->rk.dname) + return NULL; + ck->rk.dname_len = key->rk.dname_len; + } else { + ck->rk.dname = NULL; + ck->rk.dname_len = 0; + } if((unsigned)data->count >= 0xffff00U) return NULL; /* guard against integer overflow in dsize */ @@ -908,6 +914,7 @@ respip_rewrite_reply(const struct query_info* qinfo, int ret = 1; struct ub_packed_rrset_key* redirect_rrset = NULL; struct rpz* r; + struct auth_zone* a; struct ub_packed_rrset_key* data = NULL; int rpz_used = 0; int rpz_log = 0; @@ -949,6 +956,10 @@ respip_rewrite_reply(const struct query_info* qinfo, } if(!raddr && !view->isfirst) goto done; + if(!raddr && view->isfirst) { + lock_rw_unlock(&view->lock); + view = NULL; + } } if(!raddr && (raddr = respip_addr_lookup(rep, ipset, &rrset_id))) { @@ -959,7 +970,9 @@ respip_rewrite_reply(const struct query_info* qinfo, ipset->tagname, ipset->num_tags); } lock_rw_rdlock(&az->rpz_lock); - for(r = az->rpz_first; r && !raddr; r = r->next) { + for(a = az->rpz_first; a && !raddr; a = a->rpz_az_next) { + lock_rw_rdlock(&a->lock); + r = a->rpz; if(!r->taglist || taglist_intersect(r->taglist, r->taglistlen, ctaglist, ctaglen)) { if((raddr = respip_addr_lookup(rep, @@ -969,16 +982,21 @@ respip_rewrite_reply(const struct query_info* qinfo, region, &rpz_used)) { log_err("out of memory"); lock_rw_unlock(&raddr->lock); + lock_rw_unlock(&a->lock); lock_rw_unlock(&az->rpz_lock); return 0; } - if(!rpz_used) { - lock_rw_unlock(&raddr->lock); - raddr = NULL; - actinfo->rpz_disabled++; + if(rpz_used) { + /* break to make sure 'a' stays pointed + * to used auth_zone, and keeps lock */ + break; } + lock_rw_unlock(&raddr->lock); + raddr = NULL; + actinfo->rpz_disabled++; } - } + } + lock_rw_unlock(&a->lock); } lock_rw_unlock(&az->rpz_lock); if(raddr && !search_only) { @@ -1032,6 +1050,9 @@ respip_rewrite_reply(const struct query_info* qinfo, if(raddr) { lock_rw_unlock(&raddr->lock); } + if(rpz_used) { + lock_rw_unlock(&a->lock); + } return ret; } diff --git a/services/authzone.c b/services/authzone.c index 34170abaf4a2..a26d1003abe2 100644 --- a/services/authzone.c +++ b/services/authzone.c @@ -392,12 +392,12 @@ auth_zone_delete(struct auth_zone* z, struct auth_zones* az) if(az && z->rpz) { /* keep RPZ linked list intact */ lock_rw_wrlock(&az->rpz_lock); - if(z->rpz->prev) - z->rpz->prev->next = z->rpz->next; + if(z->rpz_az_prev) + z->rpz_az_prev->rpz_az_next = z->rpz_az_next; else - az->rpz_first = z->rpz->next; - if(z->rpz->next) - z->rpz->next->prev = z->rpz->prev; + az->rpz_first = z->rpz_az_next; + if(z->rpz_az_next) + z->rpz_az_next->rpz_az_prev = z->rpz_az_prev; lock_rw_unlock(&az->rpz_lock); } if(z->rpz) @@ -426,9 +426,11 @@ auth_zone_create(struct auth_zones* az, uint8_t* nm, size_t nmlen, } rbtree_init(&z->data, &auth_data_cmp); lock_rw_init(&z->lock); - lock_protect(&z->lock, &z->name, sizeof(*z)-sizeof(rbnode_type)); + lock_protect(&z->lock, &z->name, sizeof(*z)-sizeof(rbnode_type)- + sizeof(&z->rpz_az_next)-sizeof(&z->rpz_az_prev)); lock_rw_wrlock(&z->lock); - /* z lock protects all, except rbtree itself, which is az->lock */ + /* z lock protects all, except rbtree itself and the rpz linked list + * pointers, which are protected using az->lock */ if(!rbtree_insert(&az->ztree, &z->node)) { lock_rw_unlock(&z->lock); auth_zone_delete(z, NULL); @@ -1178,9 +1180,9 @@ az_insert_rr(struct auth_zone* z, uint8_t* rr, size_t rr_len, return 0; } if(z->rpz) { - if(!(rpz_insert_rr(z->rpz, z->namelen, dname, dname_len, - rr_type, rr_class, rr_ttl, rdata, rdatalen, rr, - rr_len))) + if(!(rpz_insert_rr(z->rpz, z->name, z->namelen, dname, + dname_len, rr_type, rr_class, rr_ttl, rdata, rdatalen, + rr, rr_len))) return 0; } return 1; @@ -1864,15 +1866,26 @@ auth_zones_cfg(struct auth_zones* az, struct config_auth* c) struct auth_xfer* x = NULL; /* create zone */ + if(c->isrpz) { + /* if the rpz lock is needed, grab it before the other + * locks to avoid a lock dependency cycle */ + lock_rw_wrlock(&az->rpz_lock); + } lock_rw_wrlock(&az->lock); if(!(z=auth_zones_find_or_add_zone(az, c->name))) { lock_rw_unlock(&az->lock); + if(c->isrpz) { + lock_rw_unlock(&az->rpz_lock); + } return 0; } if(c->masters || c->urls) { if(!(x=auth_zones_find_or_add_xfer(az, z))) { lock_rw_unlock(&az->lock); lock_rw_unlock(&z->lock); + if(c->isrpz) { + lock_rw_unlock(&az->rpz_lock); + } return 0; } } @@ -1887,6 +1900,9 @@ auth_zones_cfg(struct auth_zones* az, struct config_auth* c) lock_basic_unlock(&x->lock); } lock_rw_unlock(&z->lock); + if(c->isrpz) { + lock_rw_unlock(&az->rpz_lock); + } return 0; } z->for_downstream = c->for_downstream; @@ -1897,11 +1913,14 @@ auth_zones_cfg(struct auth_zones* az, struct config_auth* c) fatal_exit("Could not setup RPZ zones"); return 0; } - lock_rw_wrlock(&az->rpz_lock); - z->rpz->next = az->rpz_first; + lock_protect(&z->lock, &z->rpz->local_zones, sizeof(*z->rpz)); + /* the az->rpz_lock is locked above */ + z->rpz_az_next = az->rpz_first; if(az->rpz_first) - az->rpz_first->prev = z->rpz; - az->rpz_first = z->rpz; + az->rpz_first->rpz_az_prev = z; + az->rpz_first = z; + } + if(c->isrpz) { lock_rw_unlock(&az->rpz_lock); } @@ -5331,7 +5350,7 @@ void auth_xfer_transfer_lookup_callback(void* arg, int rcode, sldns_buffer* buf, log_assert(xfr->task_transfer); lock_basic_lock(&xfr->lock); env = xfr->task_transfer->env; - if(env->outnet->want_to_quit) { + if(!env || env->outnet->want_to_quit) { lock_basic_unlock(&xfr->lock); return; /* stop on quit */ } @@ -5770,7 +5789,7 @@ auth_xfer_transfer_timer_callback(void* arg) log_assert(xfr->task_transfer); lock_basic_lock(&xfr->lock); env = xfr->task_transfer->env; - if(env->outnet->want_to_quit) { + if(!env || env->outnet->want_to_quit) { lock_basic_unlock(&xfr->lock); return; /* stop on quit */ } @@ -5812,7 +5831,7 @@ auth_xfer_transfer_tcp_callback(struct comm_point* c, void* arg, int err, log_assert(xfr->task_transfer); lock_basic_lock(&xfr->lock); env = xfr->task_transfer->env; - if(env->outnet->want_to_quit) { + if(!env || env->outnet->want_to_quit) { lock_basic_unlock(&xfr->lock); return 0; /* stop on quit */ } @@ -5893,7 +5912,7 @@ auth_xfer_transfer_http_callback(struct comm_point* c, void* arg, int err, log_assert(xfr->task_transfer); lock_basic_lock(&xfr->lock); env = xfr->task_transfer->env; - if(env->outnet->want_to_quit) { + if(!env || env->outnet->want_to_quit) { lock_basic_unlock(&xfr->lock); return 0; /* stop on quit */ } @@ -6107,7 +6126,7 @@ auth_xfer_probe_timer_callback(void* arg) log_assert(xfr->task_probe); lock_basic_lock(&xfr->lock); env = xfr->task_probe->env; - if(env->outnet->want_to_quit) { + if(!env || env->outnet->want_to_quit) { lock_basic_unlock(&xfr->lock); return; /* stop on quit */ } @@ -6143,7 +6162,7 @@ auth_xfer_probe_udp_callback(struct comm_point* c, void* arg, int err, log_assert(xfr->task_probe); lock_basic_lock(&xfr->lock); env = xfr->task_probe->env; - if(env->outnet->want_to_quit) { + if(!env || env->outnet->want_to_quit) { lock_basic_unlock(&xfr->lock); return 0; /* stop on quit */ } @@ -6388,7 +6407,7 @@ void auth_xfer_probe_lookup_callback(void* arg, int rcode, sldns_buffer* buf, log_assert(xfr->task_probe); lock_basic_lock(&xfr->lock); env = xfr->task_probe->env; - if(env->outnet->want_to_quit) { + if(!env || env->outnet->want_to_quit) { lock_basic_unlock(&xfr->lock); return; /* stop on quit */ } @@ -6465,7 +6484,7 @@ auth_xfer_timer(void* arg) log_assert(xfr->task_nextprobe); lock_basic_lock(&xfr->lock); env = xfr->task_nextprobe->env; - if(env->outnet->want_to_quit) { + if(!env || env->outnet->want_to_quit) { lock_basic_unlock(&xfr->lock); return; /* stop on quit */ } diff --git a/services/authzone.h b/services/authzone.h index 9bb131ad8b39..3d94f30d6202 100644 --- a/services/authzone.h +++ b/services/authzone.h @@ -82,8 +82,8 @@ struct auth_zones { size_t num_query_up; /** number of queries downstream */ size_t num_query_down; - /** first rpz item in linked list */ - struct rpz* rpz_first; + /** first auth zone containing rpz item in linked list */ + struct auth_zone* rpz_first; /** rw lock for rpz linked list, needed when iterating or editing linked * list. */ lock_rw_type rpz_lock; @@ -138,6 +138,11 @@ struct auth_zone { int zone_deleted; /** deletelist pointer, unused normally except during delete */ struct auth_zone* delete_next; + /* not protected by auth_zone lock, must be last items in struct */ + /** next auth zone containing RPZ data, or NULL */ + struct auth_zone* rpz_az_next; + /** previous auth zone containing RPZ data, or NULL */ + struct auth_zone* rpz_az_prev; }; /** diff --git a/services/listen_dnsport.c b/services/listen_dnsport.c index 7e2afd843be8..cc56d3fd3167 100644 --- a/services/listen_dnsport.c +++ b/services/listen_dnsport.c @@ -179,9 +179,10 @@ int create_udp_sock(int family, int socktype, struct sockaddr* addr, socklen_t addrlen, int v6only, int* inuse, int* noproto, int rcv, int snd, int listen, int* reuseport, int transparent, - int freebind, int use_systemd) + int freebind, int use_systemd, int dscp) { int s; + char* err; #if defined(SO_REUSEADDR) || defined(SO_REUSEPORT) || defined(IPV6_USE_MIN_MTU) || defined(IP_TRANSPARENT) || defined(IP_BINDANY) || defined(IP_FREEBIND) || defined (SO_BINDANY) int on=1; #endif @@ -451,6 +452,9 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr, # endif #endif /* SO_SNDBUF */ } + err = set_ip_dscp(s, family, dscp); + if(err != NULL) + log_warn("error setting IP DiffServ codepoint %d on UDP socket: %s", dscp, err); if(family == AF_INET6) { # if defined(IPV6_V6ONLY) if(v6only) { @@ -638,9 +642,10 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr, int create_tcp_accept_sock(struct addrinfo *addr, int v6only, int* noproto, - int* reuseport, int transparent, int mss, int freebind, int use_systemd) + int* reuseport, int transparent, int mss, int freebind, int use_systemd, int dscp) { int s; + char* err; #if defined(SO_REUSEADDR) || defined(SO_REUSEPORT) || defined(IPV6_V6ONLY) || defined(IP_TRANSPARENT) || defined(IP_BINDANY) || defined(IP_FREEBIND) || defined(SO_BINDANY) int on = 1; #endif @@ -793,6 +798,9 @@ create_tcp_accept_sock(struct addrinfo *addr, int v6only, int* noproto, strerror(errno)); } #endif /* IP_TRANSPARENT || IP_BINDANY || SO_BINDANY */ + err = set_ip_dscp(s, addr->ai_family, dscp); + if(err != NULL) + log_warn("error setting IP DiffServ codepoint %d on TCP socket: %s", dscp, err); if( #ifdef HAVE_SYSTEMD !got_fd_from_systemd && @@ -866,6 +874,55 @@ create_tcp_accept_sock(struct addrinfo *addr, int v6only, int* noproto, return s; } +char* +set_ip_dscp(int socket, int addrfamily, int dscp) +{ + int ds; + + if(dscp == 0) + return NULL; + ds = dscp << 2; + switch(addrfamily) { + case AF_INET6: + if(setsockopt(socket, IPPROTO_IPV6, IPV6_TCLASS, (void*)&ds, sizeof(ds)) < 0) + return sock_strerror(errno); + break; + default: + if(setsockopt(socket, IPPROTO_IP, IP_TOS, (void*)&ds, sizeof(ds)) < 0) + return sock_strerror(errno); + break; + } + return NULL; +} + +# ifndef USE_WINSOCK +char* +sock_strerror(int errn) +{ + return strerror(errn); +} + +void +sock_close(int socket) +{ + close(socket); +} + +# else +char* +sock_strerror(int ATTR_UNUSED(errn)) +{ + return wsa_strerror(WSAGetLastError()); +} + +void +sock_close(int socket) +{ + closesocket(socket); +} + +# endif /* USE_WINSOCK */ + int create_local_accept_sock(const char *path, int* noproto, int use_systemd) { @@ -952,7 +1009,7 @@ err: static int make_sock(int stype, const char* ifname, const char* port, struct addrinfo *hints, int v6only, int* noip6, size_t rcv, size_t snd, - int* reuseport, int transparent, int tcp_mss, int freebind, int use_systemd) + int* reuseport, int transparent, int tcp_mss, int freebind, int use_systemd, int dscp) { struct addrinfo *res = NULL; int r, s, inuse, noproto; @@ -980,7 +1037,7 @@ make_sock(int stype, const char* ifname, const char* port, s = create_udp_sock(res->ai_family, res->ai_socktype, (struct sockaddr*)res->ai_addr, res->ai_addrlen, v6only, &inuse, &noproto, (int)rcv, (int)snd, 1, - reuseport, transparent, freebind, use_systemd); + reuseport, transparent, freebind, use_systemd, dscp); if(s == -1 && inuse) { log_err("bind: address already in use"); } else if(s == -1 && noproto && hints->ai_family == AF_INET6){ @@ -988,7 +1045,7 @@ make_sock(int stype, const char* ifname, const char* port, } } else { s = create_tcp_accept_sock(res, v6only, &noproto, reuseport, - transparent, tcp_mss, freebind, use_systemd); + transparent, tcp_mss, freebind, use_systemd, dscp); if(s == -1 && noproto && hints->ai_family == AF_INET6){ *noip6 = 1; } @@ -1001,7 +1058,7 @@ make_sock(int stype, const char* ifname, const char* port, static int make_sock_port(int stype, const char* ifname, const char* port, struct addrinfo *hints, int v6only, int* noip6, size_t rcv, size_t snd, - int* reuseport, int transparent, int tcp_mss, int freebind, int use_systemd) + int* reuseport, int transparent, int tcp_mss, int freebind, int use_systemd, int dscp) { char* s = strchr(ifname, '@'); if(s) { @@ -1023,10 +1080,10 @@ make_sock_port(int stype, const char* ifname, const char* port, (void)strlcpy(p, s+1, sizeof(p)); p[strlen(s+1)]=0; return make_sock(stype, newif, p, hints, v6only, noip6, - rcv, snd, reuseport, transparent, tcp_mss, freebind, use_systemd); + rcv, snd, reuseport, transparent, tcp_mss, freebind, use_systemd, dscp); } return make_sock(stype, ifname, port, hints, v6only, noip6, rcv, snd, - reuseport, transparent, tcp_mss, freebind, use_systemd); + reuseport, transparent, tcp_mss, freebind, use_systemd, dscp); } /** @@ -1146,6 +1203,7 @@ if_is_ssl(const char* ifname, const char* port, int ssl_port, * @param freebind: set IP_FREEBIND socket option. * @param use_systemd: if true, fetch sockets from systemd. * @param dnscrypt_port: dnscrypt service port number + * @param dscp: DSCP to use. * @return: returns false on error. */ static int @@ -1154,7 +1212,7 @@ ports_create_if(const char* ifname, int do_auto, int do_udp, int do_tcp, size_t rcv, size_t snd, int ssl_port, struct config_strlist* tls_additional_port, int* reuseport, int transparent, int tcp_mss, int freebind, int use_systemd, - int dnscrypt_port) + int dnscrypt_port, int dscp) { int s, noip6=0; #ifdef USE_DNSCRYPT @@ -1171,7 +1229,7 @@ ports_create_if(const char* ifname, int do_auto, int do_udp, int do_tcp, if(do_auto) { if((s = make_sock_port(SOCK_DGRAM, ifname, port, hints, 1, &noip6, rcv, snd, reuseport, transparent, - tcp_mss, freebind, use_systemd)) == -1) { + tcp_mss, freebind, use_systemd, dscp)) == -1) { if(noip6) { log_warn("IPv6 protocol not available"); return 1; @@ -1200,7 +1258,7 @@ ports_create_if(const char* ifname, int do_auto, int do_udp, int do_tcp, /* regular udp socket */ if((s = make_sock_port(SOCK_DGRAM, ifname, port, hints, 1, &noip6, rcv, snd, reuseport, transparent, - tcp_mss, freebind, use_systemd)) == -1) { + tcp_mss, freebind, use_systemd, dscp)) == -1) { if(noip6) { log_warn("IPv6 protocol not available"); return 1; @@ -1222,7 +1280,7 @@ ports_create_if(const char* ifname, int do_auto, int do_udp, int do_tcp, tls_additional_port); if((s = make_sock_port(SOCK_STREAM, ifname, port, hints, 1, &noip6, 0, 0, reuseport, transparent, tcp_mss, - freebind, use_systemd)) == -1) { + freebind, use_systemd, dscp)) == -1) { if(noip6) { /*log_warn("IPv6 protocol not available");*/ return 1; @@ -1421,7 +1479,7 @@ listening_ports_open(struct config_file* cfg, int* reuseport) cfg->ssl_port, cfg->tls_additional_port, reuseport, cfg->ip_transparent, cfg->tcp_mss, cfg->ip_freebind, cfg->use_systemd, - cfg->dnscrypt_port)) { + cfg->dnscrypt_port, cfg->ip_dscp)) { listening_ports_free(list); return NULL; } @@ -1435,7 +1493,7 @@ listening_ports_open(struct config_file* cfg, int* reuseport) cfg->ssl_port, cfg->tls_additional_port, reuseport, cfg->ip_transparent, cfg->tcp_mss, cfg->ip_freebind, cfg->use_systemd, - cfg->dnscrypt_port)) { + cfg->dnscrypt_port, cfg->ip_dscp)) { listening_ports_free(list); return NULL; } @@ -1451,7 +1509,7 @@ listening_ports_open(struct config_file* cfg, int* reuseport) cfg->ssl_port, cfg->tls_additional_port, reuseport, cfg->ip_transparent, cfg->tcp_mss, cfg->ip_freebind, cfg->use_systemd, - cfg->dnscrypt_port)) { + cfg->dnscrypt_port, cfg->ip_dscp)) { listening_ports_free(list); return NULL; } @@ -1465,7 +1523,7 @@ listening_ports_open(struct config_file* cfg, int* reuseport) cfg->ssl_port, cfg->tls_additional_port, reuseport, cfg->ip_transparent, cfg->tcp_mss, cfg->ip_freebind, cfg->use_systemd, - cfg->dnscrypt_port)) { + cfg->dnscrypt_port, cfg->ip_dscp)) { listening_ports_free(list); return NULL; } diff --git a/services/listen_dnsport.h b/services/listen_dnsport.h index ad84d8322643..ddd1b63a4d95 100644 --- a/services/listen_dnsport.h +++ b/services/listen_dnsport.h @@ -205,11 +205,12 @@ void listen_start_accept(struct listen_dnsport* listen); * @param transparent: set IP_TRANSPARENT socket option. * @param freebind: set IP_FREEBIND socket option. * @param use_systemd: if true, fetch sockets from systemd. + * @param dscp: DSCP to use. * @return: the socket. -1 on error. */ int create_udp_sock(int family, int socktype, struct sockaddr* addr, socklen_t addrlen, int v6only, int* inuse, int* noproto, int rcv, - int snd, int listen, int* reuseport, int transparent, int freebind, int use_systemd); + int snd, int listen, int* reuseport, int transparent, int freebind, int use_systemd, int dscp); /** * Create and bind TCP listening socket @@ -222,10 +223,11 @@ int create_udp_sock(int family, int socktype, struct sockaddr* addr, * @param mss: maximum segment size of the socket. if zero, leaves the default. * @param freebind: set IP_FREEBIND socket option. * @param use_systemd: if true, fetch sockets from systemd. + * @param dscp: DSCP to use. * @return: the socket. -1 on error. */ int create_tcp_accept_sock(struct addrinfo *addr, int v6only, int* noproto, - int* reuseport, int transparent, int mss, int freebind, int use_systemd); + int* reuseport, int transparent, int mss, int freebind, int use_systemd, int dscp); /** * Create and bind local listening socket @@ -367,4 +369,7 @@ int tcp_req_info_handle_read_close(struct tcp_req_info* req); /** get the size of currently used tcp stream wait buffers (in bytes) */ size_t tcp_req_info_get_stream_buffer_size(void); +char* set_ip_dscp(int socket, int addrfamily, int ds); +char* sock_strerror(int errn); + #endif /* LISTEN_DNSPORT_H */ diff --git a/services/localzone.c b/services/localzone.c index 18407832ff41..6aaf0c05518c 100644 --- a/services/localzone.c +++ b/services/localzone.c @@ -518,7 +518,7 @@ local_zone_enter_rr(struct local_zone* z, uint8_t* nm, size_t nmlen, } /** enter data RR into auth zone */ -int +static int lz_enter_rr_into_zone(struct local_zone* z, const char* rrstr) { uint8_t* nm; diff --git a/services/mesh.c b/services/mesh.c index 9114ef4c4e2d..4b0c5db418f7 100644 --- a/services/mesh.c +++ b/services/mesh.c @@ -159,16 +159,28 @@ client_info_compare(const struct respip_client_info* ci_a, return 1; if(ci_a->taglen != ci_b->taglen) return (ci_a->taglen < ci_b->taglen) ? -1 : 1; - cmp = memcmp(ci_a->taglist, ci_b->taglist, ci_a->taglen); - if(cmp != 0) - return cmp; + if(ci_a->taglist && !ci_b->taglist) + return -1; + if(!ci_a->taglist && ci_b->taglist) + return 1; + if(ci_a->taglist && ci_b->taglist) { + cmp = memcmp(ci_a->taglist, ci_b->taglist, ci_a->taglen); + if(cmp != 0) + return cmp; + } if(ci_a->tag_actions_size != ci_b->tag_actions_size) return (ci_a->tag_actions_size < ci_b->tag_actions_size) ? -1 : 1; - cmp = memcmp(ci_a->tag_actions, ci_b->tag_actions, - ci_a->tag_actions_size); - if(cmp != 0) - return cmp; + if(ci_a->tag_actions && !ci_b->tag_actions) + return -1; + if(!ci_a->tag_actions && ci_b->tag_actions) + return 1; + if(ci_a->tag_actions && ci_b->tag_actions) { + cmp = memcmp(ci_a->tag_actions, ci_b->tag_actions, + ci_a->tag_actions_size); + if(cmp != 0) + return cmp; + } if(ci_a->tag_datas != ci_b->tag_datas) return ci_a->tag_datas < ci_b->tag_datas ? -1 : 1; if(ci_a->view != ci_b->view) @@ -1284,7 +1296,7 @@ mesh_send_reply(struct mesh_state* m, int rcode, struct reply_info* rep, void mesh_query_done(struct mesh_state* mstate) { - struct mesh_reply* r, *reply_list = NULL; + struct mesh_reply* r; struct mesh_reply* prev = NULL; struct sldns_buffer* prev_buffer = NULL; struct mesh_cb* c; @@ -1308,27 +1320,7 @@ void mesh_query_done(struct mesh_state* mstate) free(err); } } - if(mstate->reply_list) { - /* set the reply_list to NULL during the mesh_query_done - * processing, so that calls back into the mesh from - * tcp_req_info (deciding to drop the reply and thus - * unregister the mesh_reply from the mstate) are stopped - * because the list is empty. - * The mstate is then likely not a reply_state, and maybe - * also a detached_state. - */ - reply_list = mstate->reply_list; - mstate->reply_list = NULL; - if(!mstate->reply_list && !mstate->cb_list) { - /* was a reply state, not anymore */ - log_assert(mstate->s.env->mesh->num_reply_states > 0); - mstate->s.env->mesh->num_reply_states--; - } - if(!mstate->reply_list && !mstate->cb_list && - mstate->super_set.count == 0) - mstate->s.env->mesh->num_detached_states++; - } - for(r = reply_list; r; r = r->next) { + for(r = mstate->reply_list; r; r = r->next) { /* if a response-ip address block has been stored the * information should be logged for each client. */ if(mstate->s.respip_action_info && @@ -1352,15 +1344,31 @@ void mesh_query_done(struct mesh_state* mstate) /* if this query is determined to be dropped during the * mesh processing, this is the point to take that action. */ if(mstate->s.is_drop) { + /* briefly set the reply_list to NULL, so that the + * tcp req info cleanup routine that calls the mesh + * to deregister the meshstate for it is not done + * because the list is NULL and also accounting is not + * done there, but instead we do that here. */ + struct mesh_reply* reply_list = mstate->reply_list; + mstate->reply_list = NULL; comm_point_drop_reply(&r->query_reply); + mstate->reply_list = reply_list; } else { struct sldns_buffer* r_buffer = r->query_reply.c->buffer; + struct mesh_reply* rlist = mstate->reply_list; if(r->query_reply.c->tcp_req_info) { r_buffer = r->query_reply.c->tcp_req_info->spool_buffer; prev_buffer = NULL; } + /* briefly set the replylist to null in case the + * meshsendreply calls tcpreqinfo sendreply that + * comm_point_drops because of size, and then the + * null stops the mesh state remove and thus + * reply_list modification and accounting */ + mstate->reply_list = NULL; mesh_send_reply(mstate, mstate->s.return_rcode, rep, r, r_buffer, prev, prev_buffer); + mstate->reply_list = rlist; if(r->query_reply.c->tcp_req_info) { tcp_req_info_remove_mesh_state(r->query_reply.c->tcp_req_info, mstate); r_buffer = NULL; @@ -1369,6 +1377,17 @@ void mesh_query_done(struct mesh_state* mstate) prev_buffer = r_buffer; } } + if(mstate->reply_list) { + mstate->reply_list = NULL; + if(!mstate->reply_list && !mstate->cb_list) { + /* was a reply state, not anymore */ + log_assert(mstate->s.env->mesh->num_reply_states > 0); + mstate->s.env->mesh->num_reply_states--; + } + if(!mstate->reply_list && !mstate->cb_list && + mstate->super_set.count == 0) + mstate->s.env->mesh->num_detached_states++; + } mstate->replies_sent = 1; while((c = mstate->cb_list) != NULL) { /* take this cb off the list; so that the list can be @@ -1863,7 +1882,7 @@ mesh_serve_expired_callback(void* arg) { struct mesh_state* mstate = (struct mesh_state*) arg; struct module_qstate* qstate = &mstate->s; - struct mesh_reply* r; + struct mesh_reply* r, *rlist; struct mesh_area* mesh = qstate->env->mesh; struct dns_msg* msg; struct mesh_cb* c; @@ -1946,16 +1965,7 @@ mesh_serve_expired_callback(void* arg) if(verbosity >= VERB_ALGO) log_dns_msg("Serve expired lookup", &qstate->qinfo, msg->rep); - r = mstate->reply_list; - mstate->reply_list = NULL; - if(!mstate->reply_list && !mstate->cb_list) { - log_assert(mesh->num_reply_states > 0); - mesh->num_reply_states--; - if(mstate->super_set.count == 0) { - mesh->num_detached_states++; - } - } - for(; r; r = r->next) { + for(r = mstate->reply_list; r; r = r->next) { /* If address info is returned, it means the action should be an * 'inform' variant and the information should be logged. */ if(actinfo.addrinfo) { @@ -1977,8 +1987,15 @@ mesh_serve_expired_callback(void* arg) r_buffer = r->query_reply.c->buffer; if(r->query_reply.c->tcp_req_info) r_buffer = r->query_reply.c->tcp_req_info->spool_buffer; + /* briefly set the replylist to null in case the meshsendreply + * calls tcpreqinfo sendreply that comm_point_drops because + * of size, and then the null stops the mesh state remove and + * thus reply_list modification and accounting */ + rlist = mstate->reply_list; + mstate->reply_list = NULL; mesh_send_reply(mstate, LDNS_RCODE_NOERROR, msg->rep, r, r_buffer, prev, prev_buffer); + mstate->reply_list = rlist; if(r->query_reply.c->tcp_req_info) tcp_req_info_remove_mesh_state(r->query_reply.c->tcp_req_info, mstate); prev = r; @@ -1988,6 +2005,16 @@ mesh_serve_expired_callback(void* arg) mesh->ans_expired++; } + if(mstate->reply_list) { + mstate->reply_list = NULL; + if(!mstate->reply_list && !mstate->cb_list) { + log_assert(mesh->num_reply_states > 0); + mesh->num_reply_states--; + if(mstate->super_set.count == 0) { + mesh->num_detached_states++; + } + } + } while((c = mstate->cb_list) != NULL) { /* take this cb off the list; so that the list can be * changed, eg. by adds from the callback routine */ diff --git a/services/modstack.c b/services/modstack.c index 68e5928146dd..a600549b16c3 100644 --- a/services/modstack.c +++ b/services/modstack.c @@ -51,6 +51,9 @@ #ifdef WITH_PYTHONMODULE #include "pythonmod/pythonmod.h" #endif +#ifdef WITH_DYNLIBMODULE +#include "dynlibmod/dynlibmod.h" +#endif #ifdef USE_CACHEDB #include "cachedb/cachedb.h" #endif @@ -140,6 +143,9 @@ module_list_avail(void) #ifdef WITH_PYTHONMODULE "python", #endif +#ifdef WITH_DYNLIBMODULE + "dynlib", +#endif #ifdef USE_CACHEDB "cachedb", #endif @@ -171,6 +177,9 @@ module_funcs_avail(void) #ifdef WITH_PYTHONMODULE &pythonmod_get_funcblock, #endif +#ifdef WITH_DYNLIBMODULE + &dynlibmod_get_funcblock, +#endif #ifdef USE_CACHEDB &cachedb_get_funcblock, #endif diff --git a/services/outside_network.c b/services/outside_network.c index 80b1f12454d6..44e01d7450cb 100644 --- a/services/outside_network.c +++ b/services/outside_network.c @@ -205,18 +205,25 @@ pick_outgoing_tcp(struct waiting_tcp* w, int s) /** get TCP file descriptor for address, returns -1 on failure, * tcp_mss is 0 or maxseg size to set for TCP packets. */ int -outnet_get_tcp_fd(struct sockaddr_storage* addr, socklen_t addrlen, int tcp_mss) +outnet_get_tcp_fd(struct sockaddr_storage* addr, socklen_t addrlen, int tcp_mss, int dscp) { int s; + int af; + char* err; #ifdef SO_REUSEADDR int on = 1; #endif #ifdef INET6 - if(addr_is_ip6(addr, addrlen)) + if(addr_is_ip6(addr, addrlen)){ s = socket(PF_INET6, SOCK_STREAM, IPPROTO_TCP); - else + af = AF_INET6; + } else { +#else + { #endif + af = AF_INET; s = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP); + } if(s == -1) { #ifndef USE_WINSOCK log_err_addr("outgoing tcp: socket", strerror(errno), @@ -236,6 +243,12 @@ outnet_get_tcp_fd(struct sockaddr_storage* addr, socklen_t addrlen, int tcp_mss) } #endif + err = set_ip_dscp(s, af, dscp); + if(err != NULL) { + verbose(VERB_ALGO, "outgoing tcp:" + "error setting IP DiffServ codepoint on socket"); + } + if(tcp_mss > 0) { #if defined(IPPROTO_TCP) && defined(TCP_MAXSEG) if(setsockopt(s, IPPROTO_TCP, TCP_MAXSEG, @@ -291,7 +304,7 @@ outnet_tcp_take_into_use(struct waiting_tcp* w, uint8_t* pkt, size_t pkt_len) log_assert(pkt); log_assert(w->addrlen > 0); /* open socket */ - s = outnet_get_tcp_fd(&w->addr, w->addrlen, w->outnet->tcp_mss); + s = outnet_get_tcp_fd(&w->addr, w->addrlen, w->outnet->tcp_mss, w->outnet->ip_dscp); if(s == -1) return 0; @@ -373,45 +386,16 @@ outnet_tcp_take_into_use(struct waiting_tcp* w, uint8_t* pkt, size_t pkt_len) comm_point_tcp_win_bio_cb(pend->c, pend->c->ssl); #endif pend->c->ssl_shake_state = comm_ssl_shake_write; - if(w->tls_auth_name) { + if(!set_auth_name_on_ssl(pend->c->ssl, w->tls_auth_name, + w->outnet->tls_use_sni)) { + pend->c->fd = s; #ifdef HAVE_SSL - (void)SSL_set_tlsext_host_name(pend->c->ssl, w->tls_auth_name); + SSL_free(pend->c->ssl); #endif + pend->c->ssl = NULL; + comm_point_close(pend->c); + return 0; } -#ifdef HAVE_SSL_SET1_HOST - if(w->tls_auth_name) { - SSL_set_verify(pend->c->ssl, SSL_VERIFY_PEER, NULL); - /* setting the hostname makes openssl verify the - * host name in the x509 certificate in the - * SSL connection*/ - if(!SSL_set1_host(pend->c->ssl, w->tls_auth_name)) { - log_err("SSL_set1_host failed"); - pend->c->fd = s; - SSL_free(pend->c->ssl); - pend->c->ssl = NULL; - comm_point_close(pend->c); - return 0; - } - } -#elif defined(HAVE_X509_VERIFY_PARAM_SET1_HOST) - /* openssl 1.0.2 has this function that can be used for - * set1_host like verification */ - if(w->tls_auth_name) { - X509_VERIFY_PARAM* param = SSL_get0_param(pend->c->ssl); - X509_VERIFY_PARAM_set_hostflags(param, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS); - if(!X509_VERIFY_PARAM_set1_host(param, w->tls_auth_name, strlen(w->tls_auth_name))) { - log_err("X509_VERIFY_PARAM_set1_host failed"); - pend->c->fd = s; - SSL_free(pend->c->ssl); - pend->c->ssl = NULL; - comm_point_close(pend->c); - return 0; - } - SSL_set_verify(pend->c->ssl, SSL_VERIFY_PEER, NULL); - } -#else - verbose(VERB_ALGO, "the query has an auth_name, but libssl has no call to perform TLS authentication"); -#endif /* HAVE_SSL_SET1_HOST */ } w->pkt = NULL; w->next_waiting = (void*)pend; @@ -512,7 +496,9 @@ portcomm_loweruse(struct outside_network* outnet, struct port_comm* pc) comm_point_close(pc->cp); pif = pc->pif; log_assert(pif->inuse > 0); +#ifndef DISABLE_EXPLICIT_PORT_RANDOMISATION pif->avail_ports[pif->avail_total - pif->inuse] = pc->number; +#endif pif->inuse--; pif->out[pc->index] = pif->out[pif->inuse]; pif->out[pc->index]->index = pc->index; @@ -725,10 +711,12 @@ create_pending_tcp(struct outside_network* outnet, size_t bufsize) static int setup_if(struct port_if* pif, const char* addrstr, int* avail, int numavail, size_t numfd) { +#ifndef DISABLE_EXPLICIT_PORT_RANDOMISATION pif->avail_total = numavail; pif->avail_ports = (int*)memdup(avail, (size_t)numavail*sizeof(int)); if(!pif->avail_ports) return 0; +#endif if(!ipstrtoaddr(addrstr, UNBOUND_DNS_PORT, &pif->addr, &pif->addrlen) && !netblockstrtoaddr(addrstr, UNBOUND_DNS_PORT, &pif->addr, &pif->addrlen, &pif->pfxlen)) @@ -745,11 +733,11 @@ static int setup_if(struct port_if* pif, const char* addrstr, struct outside_network* outside_network_create(struct comm_base *base, size_t bufsize, size_t num_ports, char** ifs, int num_ifs, int do_ip4, - int do_ip6, size_t num_tcp, struct infra_cache* infra, + int do_ip6, size_t num_tcp, int dscp, struct infra_cache* infra, struct ub_randstate* rnd, int use_caps_for_id, int* availports, int numavailports, size_t unwanted_threshold, int tcp_mss, void (*unwanted_action)(void*), void* unwanted_param, int do_udp, - void* sslctx, int delayclose, struct dt_env* dtenv) + void* sslctx, int delayclose, int tls_use_sni, struct dt_env* dtenv) { struct outside_network* outnet = (struct outside_network*) calloc(1, sizeof(struct outside_network)); @@ -765,6 +753,7 @@ outside_network_create(struct comm_base *base, size_t bufsize, outnet->infra = infra; outnet->rnd = rnd; outnet->sslctx = sslctx; + outnet->tls_use_sni = tls_use_sni; #ifdef USE_DNSTAP outnet->dtenv = dtenv; #else @@ -778,6 +767,7 @@ outside_network_create(struct comm_base *base, size_t bufsize, outnet->use_caps_for_id = use_caps_for_id; outnet->do_udp = do_udp; outnet->tcp_mss = tcp_mss; + outnet->ip_dscp = dscp; #ifndef S_SPLINT_S if(delayclose) { outnet->delayclose = 1; @@ -955,7 +945,9 @@ outside_network_delete(struct outside_network* outnet) comm_point_delete(pc->cp); free(pc); } +#ifndef DISABLE_EXPLICIT_PORT_RANDOMISATION free(outnet->ip4_ifs[i].avail_ports); +#endif free(outnet->ip4_ifs[i].out); } free(outnet->ip4_ifs); @@ -969,7 +961,9 @@ outside_network_delete(struct outside_network* outnet) comm_point_delete(pc->cp); free(pc); } +#ifndef DISABLE_EXPLICIT_PORT_RANDOMISATION free(outnet->ip6_ifs[i].avail_ports); +#endif free(outnet->ip6_ifs[i].out); } free(outnet->ip6_ifs); @@ -1059,11 +1053,12 @@ sai6_putrandom(struct sockaddr_in6 *sa, int pfxlen, struct ub_randstate *rnd) * @param port: port override for addr. * @param inuse: if -1 is returned, this bool means the port was in use. * @param rnd: random state (for address randomisation). + * @param dscp: DSCP to use. * @return fd or -1 */ static int udp_sockport(struct sockaddr_storage* addr, socklen_t addrlen, int pfxlen, - int port, int* inuse, struct ub_randstate* rnd) + int port, int* inuse, struct ub_randstate* rnd, int dscp) { int fd, noproto; if(addr_is_ip6(addr, addrlen)) { @@ -1078,13 +1073,13 @@ udp_sockport(struct sockaddr_storage* addr, socklen_t addrlen, int pfxlen, } fd = create_udp_sock(AF_INET6, SOCK_DGRAM, (struct sockaddr*)&sa, addrlen, 1, inuse, &noproto, - 0, 0, 0, NULL, 0, freebind, 0); + 0, 0, 0, NULL, 0, freebind, 0, dscp); } else { struct sockaddr_in* sa = (struct sockaddr_in*)addr; sa->sin_port = (in_port_t)htons((uint16_t)port); fd = create_udp_sock(AF_INET, SOCK_DGRAM, (struct sockaddr*)addr, addrlen, 1, inuse, &noproto, - 0, 0, 0, NULL, 0, 0, 0); + 0, 0, 0, NULL, 0, 0, 0, dscp); } return fd; } @@ -1133,6 +1128,7 @@ select_ifport(struct outside_network* outnet, struct pending* pend, while(1) { my_if = ub_random_max(outnet->rnd, num_if); pif = &ifs[my_if]; +#ifndef DISABLE_EXPLICIT_PORT_RANDOMISATION my_port = ub_random_max(outnet->rnd, pif->avail_total); if(my_port < pif->inuse) { /* port already open */ @@ -1144,8 +1140,11 @@ select_ifport(struct outside_network* outnet, struct pending* pend, /* try to open new port, if fails, loop to try again */ log_assert(pif->inuse < pif->maxout); portno = pif->avail_ports[my_port - pif->inuse]; +#else + my_port = portno = 0; +#endif fd = udp_sockport(&pif->addr, pif->addrlen, pif->pfxlen, - portno, &inuse, outnet->rnd); + portno, &inuse, outnet->rnd, outnet->ip_dscp); if(fd == -1 && !inuse) { /* nonrecoverable error making socket */ return 0; @@ -1167,8 +1166,10 @@ select_ifport(struct outside_network* outnet, struct pending* pend, /* grab port in interface */ pif->out[pif->inuse] = pend->pc; +#ifndef DISABLE_EXPLICIT_PORT_RANDOMISATION pif->avail_ports[my_port - pif->inuse] = pif->avail_ports[pif->avail_total-pif->inuse-1]; +#endif pif->inuse++; break; } @@ -2192,10 +2193,11 @@ fd_for_dest(struct outside_network* outnet, struct sockaddr_storage* to_addr, { struct sockaddr_storage* addr; socklen_t addrlen; - int i, try, pnum; + int i, try, pnum, dscp; struct port_if* pif; /* create fd */ + dscp = outnet->ip_dscp; for(try = 0; try<1000; try++) { int port = 0; int freebind = 0; @@ -2225,6 +2227,7 @@ fd_for_dest(struct outside_network* outnet, struct sockaddr_storage* to_addr, } addr = &pif->addr; addrlen = pif->addrlen; +#ifndef DISABLE_EXPLICIT_PORT_RANDOMISATION pnum = ub_random_max(outnet->rnd, pif->avail_total); if(pnum < pif->inuse) { /* port already open */ @@ -2233,19 +2236,21 @@ fd_for_dest(struct outside_network* outnet, struct sockaddr_storage* to_addr, /* unused ports in start part of array */ port = pif->avail_ports[pnum - pif->inuse]; } - +#else + pnum = port = 0; +#endif if(addr_is_ip6(to_addr, to_addrlen)) { struct sockaddr_in6 sa = *(struct sockaddr_in6*)addr; sa.sin6_port = (in_port_t)htons((uint16_t)port); fd = create_udp_sock(AF_INET6, SOCK_DGRAM, (struct sockaddr*)&sa, addrlen, 1, &inuse, &noproto, - 0, 0, 0, NULL, 0, freebind, 0); + 0, 0, 0, NULL, 0, freebind, 0, dscp); } else { struct sockaddr_in* sa = (struct sockaddr_in*)addr; sa->sin_port = (in_port_t)htons((uint16_t)port); fd = create_udp_sock(AF_INET, SOCK_DGRAM, (struct sockaddr*)addr, addrlen, 1, &inuse, &noproto, - 0, 0, 0, NULL, 0, freebind, 0); + 0, 0, 0, NULL, 0, freebind, 0, dscp); } if(fd != -1) { return fd; @@ -2294,6 +2299,11 @@ setup_comm_ssl(struct comm_point* cp, struct outside_network* outnet, #endif cp->ssl_shake_state = comm_ssl_shake_write; /* https verification */ +#ifdef HAVE_SSL + if(outnet->tls_use_sni) { + (void)SSL_set_tlsext_host_name(cp->ssl, host); + } +#endif #ifdef HAVE_SSL_SET1_HOST if((SSL_CTX_get_verify_mode(outnet->sslctx)&SSL_VERIFY_PEER)) { /* because we set SSL_VERIFY_PEER, in netevent in @@ -2316,7 +2326,9 @@ setup_comm_ssl(struct comm_point* cp, struct outside_network* outnet, * set1_host like verification */ if((SSL_CTX_get_verify_mode(outnet->sslctx)&SSL_VERIFY_PEER)) { X509_VERIFY_PARAM* param = SSL_get0_param(cp->ssl); +# ifdef X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS X509_VERIFY_PARAM_set_hostflags(param, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS); +# endif if(!X509_VERIFY_PARAM_set1_host(param, host, strlen(host))) { log_err("X509_VERIFY_PARAM_set1_host failed"); return 0; @@ -2335,7 +2347,7 @@ outnet_comm_point_for_tcp(struct outside_network* outnet, sldns_buffer* query, int timeout, int ssl, char* host) { struct comm_point* cp; - int fd = outnet_get_tcp_fd(to_addr, to_addrlen, outnet->tcp_mss); + int fd = outnet_get_tcp_fd(to_addr, to_addrlen, outnet->tcp_mss, outnet->ip_dscp); if(fd == -1) { return 0; } @@ -2397,7 +2409,7 @@ outnet_comm_point_for_http(struct outside_network* outnet, { /* cp calls cb with err=NETEVENT_DONE when transfer is done */ struct comm_point* cp; - int fd = outnet_get_tcp_fd(to_addr, to_addrlen, outnet->tcp_mss); + int fd = outnet_get_tcp_fd(to_addr, to_addrlen, outnet->tcp_mss, outnet->ip_dscp); if(fd == -1) { return 0; } @@ -2455,7 +2467,10 @@ if_get_mem(struct port_if* pif) { size_t s; int i; - s = sizeof(*pif) + sizeof(int)*pif->avail_total + + s = sizeof(*pif) + +#ifndef DISABLE_EXPLICIT_PORT_RANDOMISATION + sizeof(int)*pif->avail_total + +#endif sizeof(struct port_comm*)*pif->maxout; for(i=0; i<pif->inuse; i++) s += sizeof(*pif->out[i]) + diff --git a/services/outside_network.h b/services/outside_network.h index 3456a3da38b0..c8f6d5724a87 100644 --- a/services/outside_network.h +++ b/services/outside_network.h @@ -132,12 +132,16 @@ struct outside_network { struct ub_randstate* rnd; /** ssl context to create ssl wrapped TCP with DNS connections */ void* sslctx; + /** if SNI will be used for TLS connections */ + int tls_use_sni; #ifdef USE_DNSTAP /** dnstap environment */ struct dt_env* dtenv; #endif /** maximum segment size of tcp socket */ int tcp_mss; + /** IP_TOS socket option requested on the sockets */ + int ip_dscp; /** * Array of tcp pending used for outgoing TCP connections. @@ -172,11 +176,13 @@ struct port_if { * if 0, no randomisation. */ int pfxlen; +#ifndef DISABLE_EXPLICIT_PORT_RANDOMISATION /** the available ports array. These are unused. * Only the first total-inuse part is filled. */ int* avail_ports; /** the total number of available ports (size of the array) */ int avail_total; +#endif /** array of the commpoints currently in use. * allocated for max number of fds, first part in use. */ @@ -399,6 +405,7 @@ struct serviced_query { * @param do_ip4: service IP4. * @param do_ip6: service IP6. * @param num_tcp: number of outgoing tcp buffers to preallocate. + * @param dscp: DSCP to use. * @param infra: pointer to infra cached used for serviced queries. * @param rnd: stored to create random numbers for serviced queries. * @param use_caps_for_id: enable to use 0x20 bits to encode id randomness. @@ -412,16 +419,17 @@ struct serviced_query { * @param sslctx: context to create outgoing connections with (if enabled). * @param delayclose: if not 0, udp sockets are delayed before timeout closure. * msec to wait on timeouted udp sockets. + * @param tls_use_sni: if SNI is used for TLS connections. * @param dtenv: environment to send dnstap events with (if enabled). * @return: the new structure (with no pending answers) or NULL on error. */ struct outside_network* outside_network_create(struct comm_base* base, size_t bufsize, size_t num_ports, char** ifs, int num_ifs, - int do_ip4, int do_ip6, size_t num_tcp, struct infra_cache* infra, + int do_ip4, int do_ip6, size_t num_tcp, int dscp, struct infra_cache* infra, struct ub_randstate* rnd, int use_caps_for_id, int* availports, int numavailports, size_t unwanted_threshold, int tcp_mss, void (*unwanted_action)(void*), void* unwanted_param, int do_udp, - void* sslctx, int delayclose, struct dt_env *dtenv); + void* sslctx, int delayclose, int tls_use_sni, struct dt_env *dtenv); /** * Delete outside_network structure. @@ -540,7 +548,7 @@ size_t serviced_get_mem(struct serviced_query* sq); /** get TCP file descriptor for address, returns -1 on failure, * tcp_mss is 0 or maxseg size to set for TCP packets. */ -int outnet_get_tcp_fd(struct sockaddr_storage* addr, socklen_t addrlen, int tcp_mss); +int outnet_get_tcp_fd(struct sockaddr_storage* addr, socklen_t addrlen, int tcp_mss, int dscp); /** * Create udp commpoint suitable for sending packets to the destination. diff --git a/services/rpz.c b/services/rpz.c index 643b20c91d20..105f238d0a6d 100644 --- a/services/rpz.c +++ b/services/rpz.c @@ -586,7 +586,7 @@ rpz_insert_response_ip_trigger(struct rpz* r, uint8_t* dname, size_t dnamelen, } int -rpz_insert_rr(struct rpz* r, size_t aznamelen, uint8_t* dname, +rpz_insert_rr(struct rpz* r, uint8_t* azname, size_t aznamelen, uint8_t* dname, size_t dnamelen, uint16_t rr_type, uint16_t rr_class, uint32_t rr_ttl, uint8_t* rdatawl, size_t rdatalen, uint8_t* rr, size_t rr_len) { @@ -596,9 +596,17 @@ rpz_insert_rr(struct rpz* r, size_t aznamelen, uint8_t* dname, enum rpz_action a; uint8_t* policydname; + if(!dname_subdomain_c(dname, azname)) { + log_err("RPZ: name of record to insert into RPZ is not a " + "subdomain of the configured name of the RPZ zone"); + return 0; + } + log_assert(dnamelen >= aznamelen); - if(!(policydname = calloc(1, (dnamelen-aznamelen)+1))) + if(!(policydname = calloc(1, (dnamelen-aznamelen)+1))) { + log_err("malloc error while inserting RPZ RR"); return 0; + } a = rpz_rr_to_action(rr_type, rdatawl, rdatalen); if(!(policydnamelen = strip_dname_origin(dname, dnamelen, aznamelen, @@ -826,6 +834,8 @@ rpz_remove_qname_trigger(struct rpz* r, uint8_t* dname, size_t dnamelen, delete_zone = rpz_data_delete_rr(z, dname, dnamelen, rr_type, rdatawl, rdatalen); else if(a != localzone_type_to_rpz_action(z->type)) { + lock_rw_unlock(&z->lock); + lock_rw_unlock(&r->local_zones->lock); return; } lock_rw_unlock(&z->lock); @@ -931,13 +941,16 @@ rpz_apply_qname_trigger(struct auth_zones* az, struct module_env* env, struct regional* temp, struct comm_reply* repinfo, uint8_t* taglist, size_t taglen, struct ub_server_stats* stats) { - struct rpz* r; + struct rpz* r = NULL; + struct auth_zone* a; int ret; enum localzone_type lzt; struct local_zone* z = NULL; struct local_data* ld = NULL; lock_rw_rdlock(&az->rpz_lock); - for(r = az->rpz_first; r; r = r->next) { + for(a = az->rpz_first; a; a = a->rpz_az_next) { + lock_rw_rdlock(&a->lock); + r = a->rpz; if(!r->taglist || taglist_intersect(r->taglist, r->taglistlen, taglist, taglen)) { z = rpz_find_zone(r, qinfo->qname, qinfo->qname_len, @@ -955,13 +968,14 @@ rpz_apply_qname_trigger(struct auth_zones* az, struct module_env* env, } if(z) break; - } + } + lock_rw_unlock(&a->lock); /* not found in this auth_zone */ } lock_rw_unlock(&az->rpz_lock); if(!z) - return 0; + return 0; /* not holding auth_zone.lock anymore */ - + log_assert(r); if(r->action_override == RPZ_NO_OVERRIDE_ACTION) lzt = z->type; else @@ -972,6 +986,7 @@ rpz_apply_qname_trigger(struct auth_zones* az, struct module_env* env, regional_alloc_zero(temp, sizeof(struct local_rrset)); if(!qinfo->local_alias) { lock_rw_unlock(&z->lock); + lock_rw_unlock(&a->lock); return 0; /* out of memory */ } qinfo->local_alias->rrset = @@ -979,6 +994,7 @@ rpz_apply_qname_trigger(struct auth_zones* az, struct module_env* env, sizeof(*r->cname_override)); if(!qinfo->local_alias->rrset) { lock_rw_unlock(&z->lock); + lock_rw_unlock(&a->lock); return 0; /* out of memory */ } qinfo->local_alias->rrset->rk.dname = qinfo->qname; @@ -988,6 +1004,7 @@ rpz_apply_qname_trigger(struct auth_zones* az, struct module_env* env, qinfo, repinfo, r->log_name); stats->rpz_action[RPZ_CNAME_OVERRIDE_ACTION]++; lock_rw_unlock(&z->lock); + lock_rw_unlock(&a->lock); return 0; } @@ -1000,6 +1017,7 @@ rpz_apply_qname_trigger(struct auth_zones* az, struct module_env* env, repinfo, r->log_name); stats->rpz_action[localzone_type_to_rpz_action(lzt)]++; lock_rw_unlock(&z->lock); + lock_rw_unlock(&a->lock); return !qinfo->local_alias; } @@ -1010,6 +1028,7 @@ rpz_apply_qname_trigger(struct auth_zones* az, struct module_env* env, qinfo, repinfo, r->log_name); stats->rpz_action[localzone_type_to_rpz_action(lzt)]++; lock_rw_unlock(&z->lock); + lock_rw_unlock(&a->lock); return ret; } diff --git a/services/rpz.h b/services/rpz.h index 676a4f2a8406..77a2db55ced4 100644 --- a/services/rpz.h +++ b/services/rpz.h @@ -86,7 +86,8 @@ enum rpz_action { /** * RPZ containing policies. Pointed to from corresponding auth-zone. Part of a * linked list to keep configuration order. Iterating or changing the linked - * list requires the rpz_lock from struct auth_zones. + * list requires the rpz_lock from struct auth_zones. Changing items in this + * struct require the lock from struct auth_zone. */ struct rpz { struct local_zones* local_zones; @@ -97,14 +98,13 @@ struct rpz { struct ub_packed_rrset_key* cname_override; int log; char* log_name; - struct rpz* next; - struct rpz* prev; struct regional* region; }; /** * Create policy from RR and add to this RPZ. * @param r: the rpz to add the policy to. + * @param azname: dname of the auth-zone * @param aznamelen: the length of the auth-zone name * @param dname: dname of the RR * @param dnamelen: length of the dname @@ -117,7 +117,7 @@ struct rpz { * @param rr_len: the length of the complete RR * @return: 0 on error */ -int rpz_insert_rr(struct rpz* r, size_t aznamelen, uint8_t* dname, +int rpz_insert_rr(struct rpz* r, uint8_t* azname, size_t aznamelen, uint8_t* dname, size_t dnamelen, uint16_t rr_type, uint16_t rr_class, uint32_t rr_ttl, uint8_t* rdatawl, size_t rdatalen, uint8_t* rr, size_t rr_len); diff --git a/sldns/parseutil.c b/sldns/parseutil.c index 82dbc0fe113e..3515d64c5d10 100644 --- a/sldns/parseutil.c +++ b/sldns/parseutil.c @@ -167,7 +167,7 @@ sldns_gmtime64_r(int64_t clock, struct tm *result) static int64_t sldns_serial_arithmetics_time(int32_t time, time_t now) { - int32_t offset = time - (int32_t) now; + int32_t offset = (int32_t)((uint32_t) time - (uint32_t) now); return (int64_t) now + offset; } diff --git a/smallapp/unbound-anchor.c b/smallapp/unbound-anchor.c index b8bd1b850c1a..a30523c76215 100644 --- a/smallapp/unbound-anchor.c +++ b/smallapp/unbound-anchor.c @@ -187,6 +187,7 @@ usage(void) printf("-c file cert file, default %s\n", ROOT_CERT_FILE); printf("-l list builtin key and cert on stdout\n"); printf("-u name server in https url, default %s\n", URLNAME); + printf("-S do not use SNI for the https connection\n"); printf("-x path pathname to xml in url, default %s\n", XMLNAME); printf("-s path pathname to p7s in url, default %s\n", P7SNAME); printf("-n name signer's subject emailAddress, default %s\n", P7SIGNER); @@ -245,9 +246,7 @@ get_builtin_ds(void) return /* The anchors must start on a new line with ". IN DS and end with \n"[;] * because the makedist script greps on the source here */ -/* anchor 19036 is from 2010 */ /* anchor 20326 is from 2017 */ -". IN DS 19036 8 2 49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5\n" ". IN DS 20326 8 2 E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D\n"; } @@ -772,7 +771,7 @@ setup_sslctx(void) /** initiate TLS on a connection */ static SSL* -TLS_initiate(SSL_CTX* sslctx, int fd) +TLS_initiate(SSL_CTX* sslctx, int fd, const char* urlname, int use_sni) { X509* x; int r; @@ -788,6 +787,9 @@ TLS_initiate(SSL_CTX* sslctx, int fd) SSL_free(ssl); return NULL; } + if(use_sni) { + (void)SSL_set_tlsext_host_name(ssl, urlname); + } while(1) { ERR_clear_error(); if( (r=SSL_do_handshake(ssl)) == 1) @@ -1123,7 +1125,7 @@ read_http_result(SSL* ssl) /** https to an IP addr, return BIO with pathname or NULL */ static BIO* https_to_ip(struct ip_list* ip, const char* pathname, const char* urlname, - struct ip_list* src) + struct ip_list* src, int use_sni) { int fd; SSL* ssl; @@ -1137,7 +1139,7 @@ https_to_ip(struct ip_list* ip, const char* pathname, const char* urlname, SSL_CTX_free(sslctx); return NULL; } - ssl = TLS_initiate(sslctx, fd); + ssl = TLS_initiate(sslctx, fd, urlname, use_sni); if(!ssl) { SSL_CTX_free(sslctx); fd_close(fd); @@ -1161,11 +1163,12 @@ https_to_ip(struct ip_list* ip, const char* pathname, const char* urlname, * @param pathname: pathname of file on server to GET. * @param urlname: name to pass as the virtual host for this request. * @param src: if nonNULL, source address to bind to. + * @param use_sni: if SNI will be used. * @return a memory BIO with the file in it. */ static BIO* https(struct ip_list* ip_list, const char* pathname, const char* urlname, - struct ip_list* src) + struct ip_list* src, int use_sni) { struct ip_list* ip; BIO* bio = NULL; @@ -1173,7 +1176,7 @@ https(struct ip_list* ip_list, const char* pathname, const char* urlname, wipe_ip_usage(ip_list); while( (ip = pick_random_ip(ip_list)) ) { ip->used = 1; - bio = https_to_ip(ip, pathname, urlname, src); + bio = https_to_ip(ip, pathname, urlname, src, use_sni); if(bio) break; } if(!bio) { @@ -1929,7 +1932,7 @@ do_certupdate(const char* root_anchor_file, const char* root_cert_file, const char* urlname, const char* xmlname, const char* p7sname, const char* p7signer, const char* res_conf, const char* root_hints, const char* debugconf, const char* srcaddr, int ip4only, int ip6only, - int port) + int port, int use_sni) { STACK_OF(X509)* cert; @@ -1963,8 +1966,8 @@ do_certupdate(const char* root_anchor_file, const char* root_cert_file, #endif /* fetch the necessary files over HTTPS */ - xml = https(ip_list, xmlname, urlname, src); - p7s = https(ip_list, p7sname, urlname, src); + xml = https(ip_list, xmlname, urlname, src, use_sni); + p7s = https(ip_list, p7sname, urlname, src, use_sni); /* verify and update the root anchor */ verify_and_update_anchor(root_anchor_file, xml, p7s, cert, p7signer); @@ -2235,7 +2238,7 @@ do_root_update_work(const char* root_anchor_file, const char* root_cert_file, const char* urlname, const char* xmlname, const char* p7sname, const char* p7signer, const char* res_conf, const char* root_hints, const char* debugconf, const char* srcaddr, int ip4only, int ip6only, - int force, int res_conf_fallback, int port) + int force, int res_conf_fallback, int port, int use_sni) { struct ub_result* dnskey; int used_builtin = 0; @@ -2278,7 +2281,7 @@ do_root_update_work(const char* root_anchor_file, const char* root_cert_file, probe_date_allows_certupdate(root_anchor_file)) || force) { if(do_certupdate(root_anchor_file, root_cert_file, urlname, xmlname, p7sname, p7signer, res_conf, root_hints, - debugconf, srcaddr, ip4only, ip6only, port)) + debugconf, srcaddr, ip4only, ip6only, port, use_sni)) return 1; return used_builtin; } @@ -2307,8 +2310,9 @@ int main(int argc, char* argv[]) const char* srcaddr = NULL; int dolist=0, ip4only=0, ip6only=0, force=0, port = HTTPS_PORT; int res_conf_fallback = 0; + int use_sni = 1; /* parse the options */ - while( (c=getopt(argc, argv, "46C:FRP:a:b:c:f:hln:r:s:u:vx:")) != -1) { + while( (c=getopt(argc, argv, "46C:FRSP:a:b:c:f:hln:r:s:u:vx:")) != -1) { switch(c) { case 'l': dolist = 1; @@ -2331,6 +2335,9 @@ int main(int argc, char* argv[]) case 'u': urlname = optarg; break; + case 'S': + use_sni = 0; + break; case 'x': xmlname = optarg; break; @@ -2397,5 +2404,5 @@ int main(int argc, char* argv[]) return do_root_update_work(root_anchor_file, root_cert_file, urlname, xmlname, p7sname, p7signer, res_conf, root_hints, debugconf, - srcaddr, ip4only, ip6only, force, res_conf_fallback, port); + srcaddr, ip4only, ip6only, force, res_conf_fallback, port, use_sni); } diff --git a/smallapp/unbound-checkconf.c b/smallapp/unbound-checkconf.c index c46d41215ba3..0cf348adde28 100644 --- a/smallapp/unbound-checkconf.c +++ b/smallapp/unbound-checkconf.c @@ -58,6 +58,7 @@ #include "services/authzone.h" #include "respip/respip.h" #include "sldns/sbuffer.h" +#include "sldns/str2wire.h" #ifdef HAVE_GETOPT_H #include <getopt.h> #endif @@ -194,6 +195,94 @@ localzonechecks(struct config_file* cfg) local_zones_delete(zs); } +/** checks for acl and views */ +static void +acl_view_tag_checks(struct config_file* cfg, struct views* views) +{ + int d; + struct sockaddr_storage a; + socklen_t alen; + struct config_str2list* acl; + struct config_str3list* s3; + struct config_strbytelist* sb; + + /* acl_view */ + for(acl=cfg->acl_view; acl; acl = acl->next) { + struct view* v; + if(!netblockstrtoaddr(acl->str, UNBOUND_DNS_PORT, &a, &alen, + &d)) { + fatal_exit("cannot parse access-control-view " + "address %s %s", acl->str, acl->str2); + } + v = views_find_view(views, acl->str2, 0); + if(!v) { + fatal_exit("cannot find view for " + "access-control-view: %s %s", + acl->str, acl->str2); + } + lock_rw_unlock(&v->lock); + } + + /* acl_tags */ + for(sb=cfg->acl_tags; sb; sb = sb->next) { + if(!netblockstrtoaddr(sb->str, UNBOUND_DNS_PORT, &a, &alen, + &d)) { + fatal_exit("cannot parse access-control-tags " + "address %s", sb->str); + } + } + + /* acl_tag_actions */ + for(s3=cfg->acl_tag_actions; s3; s3 = s3->next) { + enum localzone_type t; + if(!netblockstrtoaddr(s3->str, UNBOUND_DNS_PORT, &a, &alen, + &d)) { + fatal_exit("cannot parse access-control-tag-actions " + "address %s %s %s", + s3->str, s3->str2, s3->str3); + } + if(find_tag_id(cfg, s3->str2) == -1) { + fatal_exit("cannot parse tag %s (define-tag it), " + "for access-control-tag-actions: %s %s %s", + s3->str2, s3->str, s3->str2, s3->str3); + } + if(!local_zone_str2type(s3->str3, &t)) { + fatal_exit("cannot parse access control action type %s" + " for access-control-tag-actions: %s %s %s", + s3->str3, s3->str, s3->str2, s3->str3); + } + } + + /* acl_tag_datas */ + for(s3=cfg->acl_tag_datas; s3; s3 = s3->next) { + char buf[65536]; + uint8_t rr[LDNS_RR_BUF_SIZE]; + size_t len = sizeof(rr); + int res; + if(!netblockstrtoaddr(s3->str, UNBOUND_DNS_PORT, &a, &alen, + &d)) { + fatal_exit("cannot parse access-control-tag-datas address %s %s '%s'", + s3->str, s3->str2, s3->str3); + } + if(find_tag_id(cfg, s3->str2) == -1) { + fatal_exit("cannot parse tag %s (define-tag it), " + "for access-control-tag-datas: %s %s '%s'", + s3->str2, s3->str, s3->str2, s3->str3); + } + /* '.' is sufficient for validation, and it makes the call to + * sldns_wirerr_get_type() simpler below. */ + snprintf(buf, sizeof(buf), "%s %s", ".", s3->str3); + res = sldns_str2wire_rr_buf(buf, rr, &len, NULL, 3600, NULL, + 0, NULL, 0); + if(res != 0) { + fatal_exit("cannot parse rr data [char %d] parse error %s, for access-control-tag-datas: %s %s '%s'", + (int)LDNS_WIREPARSE_OFFSET(res)-2, + sldns_get_errorstr_parse(res), + s3->str, s3->str2, s3->str3); + } + } +} + /** check view and response-ip configuration */ static void view_and_respipchecks(struct config_file* cfg) @@ -211,6 +300,7 @@ view_and_respipchecks(struct config_file* cfg) fatal_exit("Could not setup respip set"); if(!respip_views_apply_cfg(views, cfg, &ignored)) fatal_exit("Could not setup per-view respip sets"); + acl_view_tag_checks(cfg, views); views_delete(views); respip_set_delete(respip); } @@ -481,6 +571,8 @@ morechecks(struct config_file* cfg) fatal_exit("num_threads value weird"); if(!cfg->do_ip4 && !cfg->do_ip6) fatal_exit("ip4 and ip6 are both disabled, pointless"); + if(!cfg->do_ip4 && cfg->prefer_ip4) + fatal_exit("cannot prefer and disable ip4, pointless"); if(!cfg->do_ip6 && cfg->prefer_ip6) fatal_exit("cannot prefer and disable ip6, pointless"); if(!cfg->do_udp && !cfg->do_tcp) @@ -567,6 +659,64 @@ morechecks(struct config_file* cfg) && strcmp(cfg->module_conf, "python dns64 iterator") != 0 && strcmp(cfg->module_conf, "python dns64 validator iterator") != 0 #endif +#ifdef WITH_DYNLIBMODULE + && strcmp(cfg->module_conf, "dynlib iterator") != 0 + && strcmp(cfg->module_conf, "dynlib dynlib iterator") != 0 + && strcmp(cfg->module_conf, "dynlib dynlib dynlib iterator") != 0 + && strcmp(cfg->module_conf, "python dynlib iterator") != 0 + && strcmp(cfg->module_conf, "python dynlib dynlib iterator") != 0 + && strcmp(cfg->module_conf, "python dynlib dynlib dynlib iterator") != 0 + && strcmp(cfg->module_conf, "dynlib respip iterator") != 0 + && strcmp(cfg->module_conf, "dynlib validator iterator") != 0 + && strcmp(cfg->module_conf, "dynlib dynlib validator iterator") != 0 + && strcmp(cfg->module_conf, "dynlib dynlib dynlib validator iterator") != 0 + && strcmp(cfg->module_conf, "python dynlib validator iterator") != 0 + && strcmp(cfg->module_conf, "python dynlib dynlib validator iterator") != 0 + && strcmp(cfg->module_conf, "python dynlib dynlib dynlib validator iterator") != 0 + && strcmp(cfg->module_conf, "dynlib respip validator iterator") != 0 + && strcmp(cfg->module_conf, "validator dynlib iterator") != 0 + && strcmp(cfg->module_conf, "dns64 dynlib iterator") != 0 + && strcmp(cfg->module_conf, "dns64 dynlib validator iterator") != 0 + && strcmp(cfg->module_conf, "dns64 validator dynlib iterator") != 0 + && strcmp(cfg->module_conf, "dynlib dns64 iterator") != 0 + && strcmp(cfg->module_conf, "dynlib dns64 validator iterator") != 0 + && strcmp(cfg->module_conf, "dynlib dns64 cachedb iterator") != 0 + && strcmp(cfg->module_conf, "dynlib dns64 validator cachedb iterator") != 0 + && strcmp(cfg->module_conf, "dns64 dynlib cachedb iterator") != 0 + && strcmp(cfg->module_conf, "dns64 dynlib validator cachedb iterator") != 0 + && strcmp(cfg->module_conf, "dynlib cachedb iterator") != 0 + && strcmp(cfg->module_conf, "dynlib respip cachedb iterator") != 0 + && strcmp(cfg->module_conf, "dynlib validator cachedb iterator") != 0 + && strcmp(cfg->module_conf, "dynlib respip validator cachedb iterator") != 0 + && strcmp(cfg->module_conf, "cachedb dynlib iterator") != 0 + && strcmp(cfg->module_conf, "respip cachedb dynlib iterator") != 0 + && strcmp(cfg->module_conf, "validator cachedb dynlib iterator") != 0 + && strcmp(cfg->module_conf, "respip validator cachedb dynlib iterator") != 0 + && strcmp(cfg->module_conf, "validator dynlib cachedb iterator") != 0 + && strcmp(cfg->module_conf, "respip validator dynlib cachedb iterator") != 0 + && strcmp(cfg->module_conf, "dynlib subnetcache iterator") != 0 + && strcmp(cfg->module_conf, "dynlib respip subnetcache iterator") != 0 + && strcmp(cfg->module_conf, "subnetcache dynlib iterator") != 0 + && strcmp(cfg->module_conf, "respip subnetcache dynlib iterator") != 0 + && strcmp(cfg->module_conf, "dynlib subnetcache validator iterator") != 0 + && strcmp(cfg->module_conf, "dynlib respip subnetcache validator iterator") != 0 + && strcmp(cfg->module_conf, "subnetcache dynlib validator iterator") != 0 + && strcmp(cfg->module_conf, "respip subnetcache dynlib validator iterator") != 0 + && strcmp(cfg->module_conf, "subnetcache validator dynlib iterator") != 0 + && strcmp(cfg->module_conf, "respip subnetcache validator dynlib iterator") != 0 + && strcmp(cfg->module_conf, "dynlib ipsecmod iterator") != 0 + && strcmp(cfg->module_conf, "dynlib ipsecmod respip iterator") != 0 + && strcmp(cfg->module_conf, "ipsecmod dynlib iterator") != 0 + && strcmp(cfg->module_conf, "ipsecmod dynlib respip iterator") != 0 + && strcmp(cfg->module_conf, "ipsecmod validator iterator") != 0 + && strcmp(cfg->module_conf, "ipsecmod respip validator iterator") != 0 + && strcmp(cfg->module_conf, "dynlib ipsecmod validator iterator") != 0 + && strcmp(cfg->module_conf, "dynlib ipsecmod respip validator iterator") != 0 + && strcmp(cfg->module_conf, "ipsecmod dynlib validator iterator") != 0 + && strcmp(cfg->module_conf, "ipsecmod dynlib respip validator iterator") != 0 + && strcmp(cfg->module_conf, "ipsecmod validator dynlib iterator") != 0 + && strcmp(cfg->module_conf, "ipsecmod respip validator dynlib iterator") != 0 +#endif #ifdef USE_CACHEDB && strcmp(cfg->module_conf, "validator cachedb iterator") != 0 && strcmp(cfg->module_conf, "respip validator cachedb iterator") != 0 @@ -598,6 +748,8 @@ morechecks(struct config_file* cfg) && strcmp(cfg->module_conf, "respip subnetcache validator iterator") != 0 && strcmp(cfg->module_conf, "dns64 subnetcache iterator") != 0 && strcmp(cfg->module_conf, "dns64 subnetcache validator iterator") != 0 + && strcmp(cfg->module_conf, "dns64 subnetcache respip iterator") != 0 + && strcmp(cfg->module_conf, "dns64 subnetcache respip validator iterator") != 0 #endif #if defined(WITH_PYTHONMODULE) && defined(CLIENT_SUBNET) && strcmp(cfg->module_conf, "python subnetcache iterator") != 0 @@ -701,7 +853,7 @@ check_auth(struct config_file* cfg) { int is_rpz = 0; struct auth_zones* az = auth_zones_create(); - if(!az || !auth_zones_apply_cfg(az, cfg, 0i, &is_rpz)) { + if(!az || !auth_zones_apply_cfg(az, cfg, 0, &is_rpz)) { fatal_exit("Could not setup authority zones"); } auth_zones_delete(az); diff --git a/smallapp/unbound-control-setup.sh.in b/smallapp/unbound-control-setup.sh.in index f4024b435530..3e506e84e236 100644 --- a/smallapp/unbound-control-setup.sh.in +++ b/smallapp/unbound-control-setup.sh.in @@ -5,22 +5,22 @@ # Copyright (c) 2008, NLnet Labs. All rights reserved. # # This software is open source. -# +# # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: -# +# # Redistributions of source code must retain the above copyright notice, # this list of conditions and the following disclaimer. -# +# # Redistributions in binary form must reproduce the above copyright notice, # this list of conditions and the following disclaimer in the documentation # and/or other materials provided with the distribution. -# +# # Neither the name of the NLNET LABS nor the names of its contributors may # be used to endorse or promote products derived from this software without # specific prior written permission. -# +# # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR @@ -57,87 +57,144 @@ SVR_BASE=unbound_server # base name for unbound-control keys CTL_BASE=unbound_control +# flag to recreate generated certificates +RECREATE=0 + # we want -rw-r----- access (say you run this as root: grp=yes (server), all=no). umask 0027 # end of options -# functions: -error ( ) { - echo "$0 fatal error: $1" - exit 1 +set -eu + +cleanup() { + echo "removing artifacts" + + rm -rf \ + server.cnf \ + client.cnf \ + "${SVR_BASE}_trust.pem" \ + "${CTL_BASE}_trust.pem" \ + "${SVR_BASE}_trust.srl" } -# check arguments: -while test $# -ne 0; do - case $1 in - -d) - if test $# -eq 1; then error "need argument for -d"; fi - DESTDIR="$2" - shift - ;; - *) - echo "unbound-control-setup.sh - setup SSL keys for unbound-control" - echo " -d dir use directory to store keys and certificates." - echo " default: $DESTDIR" - echo "please run this command using the same user id that the " - echo "unbound daemon uses, it needs read privileges." - exit 1 - ;; - esac - shift +fatal() { + printf "fatal error: $*\n" >/dev/stderr + exit 1 +} + +usage() { + cat <<EOF +usage: $0 OPTIONS +OPTIONS +-d <dir> used directory to store keys and certificates (default: $DESTDIR) +-h show help notice +-r recreate certificates +EOF +} + +OPTIND=1 +while getopts 'd:hr' arg; do + case "$arg" in + d) DESTDIR="$OPTARG" ;; + h) usage; exit 1 ;; + r) RECREATE=1 ;; + ?) fatal "'$arg' unknown option" ;; + esac done +shift $((OPTIND - 1)) + -# go!: echo "setup in directory $DESTDIR" -cd "$DESTDIR" || error "could not cd to $DESTDIR" - -# create certificate keys; do not recreate if they already exist. -if test -f $SVR_BASE.key; then - echo "$SVR_BASE.key exists" -else - echo "generating $SVR_BASE.key" - openssl genrsa -out $SVR_BASE.key $BITS || error "could not genrsa" +cd "$DESTDIR" + +trap cleanup INT + +# === +# Generate server certificate +# === + +# generate private key; do no recreate it if they already exist. +if [ ! -f "$SVR_BASE.key" ]; then + openssl genrsa -out "$SVR_BASE.key" "$BITS" fi -if test -f $CTL_BASE.key; then - echo "$CTL_BASE.key exists" -else - echo "generating $CTL_BASE.key" - openssl genrsa -out $CTL_BASE.key $BITS || error "could not genrsa" + +cat >server.cnf <<EOF +default_bits=$BITS +default_md=$HASH +prompt=no +distinguished_name=req_distinguished_name +[req_distinguished_name] +commonName=$SERVERNAME +EOF + +[ -f server.cnf ] || fatal "cannot create openssl configuration" + +if [ ! -f "$SVR_BASE.pem" -o $RECREATE -eq 1 ]; then + openssl req \ + -new -x509 \ + -key "$SVR_BASE.key" \ + -config server.cnf \ + -days "$DAYS" \ + -out "$SVR_BASE.pem" + + [ ! -f "SVR_BASE.pem" ] || fatal "cannot create server certificate" fi -# create self-signed cert for server -echo "[req]" > request.cfg -echo "default_bits=$BITS" >> request.cfg -echo "default_md=$HASH" >> request.cfg -echo "prompt=no" >> request.cfg -echo "distinguished_name=req_distinguished_name" >> request.cfg -echo "" >> request.cfg -echo "[req_distinguished_name]" >> request.cfg -echo "commonName=$SERVERNAME" >> request.cfg +# === +# Generate client certificate +# === -test -f request.cfg || error "could not create request.cfg" +# generate private key; do no recreate it if they already exist. +if [ ! -f "$CTL_BASE.key" ]; then + openssl genrsa -out "$CTL_BASE.key" "$BITS" +fi + +cat >client.cnf <<EOF +[req] +default_bits=$BITS +default_md=$HASH +prompt=no +distinguished_name=req_distinguished_name +[req_distinguished_name] +commonName=$CLIENTNAME +EOF + +[ -f client.cnf ] || fatal "cannot create openssl configuration" + +if [ ! -f "$CTL_BASE.pem" -o $RECREATE -eq 1 ]; then + openssl x509 \ + -addtrust serverAuth \ + -in "$SVR_BASE.pem" \ + -out "${SVR_BASE}_trust.pem" + + openssl req \ + -new \ + -config client.cnf \ + -key "$CTL_BASE.key" \ + | openssl x509 \ + -req \ + -days "$DAYS" \ + -CA "${SVR_BASE}_trust.pem" \ + -CAkey "$SVR_BASE.key" \ + -CAcreateserial \ + -$HASH \ + -out "$CTL_BASE.pem" + + [ ! -f "CTL_BASE.pem" ] || fatal "cannot create signed client certificate" +fi + +# remove unused permissions +chmod o-rw \ + "$SVR_BASE.pem" \ + "$SVR_BASE.key" \ + "$CTL_BASE.pem" \ + "$CTL_BASE.key" + +cleanup + +echo "Setup success. Certificates created. Enable in unbound.conf file to use" -echo "create $SVR_BASE.pem (self signed certificate)" -openssl req -key $SVR_BASE.key -config request.cfg -new -x509 -days $DAYS -out $SVR_BASE.pem || error "could not create $SVR_BASE.pem" -# create trusted usage pem -openssl x509 -in $SVR_BASE.pem -addtrust serverAuth -out $SVR_BASE"_trust.pem" - -# create client request and sign it, piped -echo "[req]" > request.cfg -echo "default_bits=$BITS" >> request.cfg -echo "default_md=$HASH" >> request.cfg -echo "prompt=no" >> request.cfg -echo "distinguished_name=req_distinguished_name" >> request.cfg -echo "" >> request.cfg -echo "[req_distinguished_name]" >> request.cfg -echo "commonName=$CLIENTNAME" >> request.cfg - -test -f request.cfg || error "could not create request.cfg" - -echo "create $CTL_BASE.pem (signed client certificate)" -openssl req -key $CTL_BASE.key -config request.cfg -new | openssl x509 -req -days $DAYS -CA $SVR_BASE"_trust.pem" -CAkey $SVR_BASE.key -CAcreateserial -$HASH -out $CTL_BASE.pem -test -f $CTL_BASE.pem || error "could not create $CTL_BASE.pem" # create trusted usage pem # openssl x509 -in $CTL_BASE.pem -addtrust clientAuth -out $CTL_BASE"_trust.pem" @@ -148,13 +205,3 @@ test -f $CTL_BASE.pem || error "could not create $CTL_BASE.pem" # echo "empty password is used, simply click OK on the password dialog box." # openssl pkcs12 -export -in $CTL_BASE"_trust.pem" -inkey $CTL_BASE.key -name "unbound remote control client cert" -out $CTL_BASE"_browser.pfx" -password "pass:" || error "could not create browser certificate" -# set desired permissions -chmod 0640 $SVR_BASE.pem $SVR_BASE.key $CTL_BASE.pem $CTL_BASE.key - -# remove crap -rm -f request.cfg -rm -f $CTL_BASE"_trust.pem" $SVR_BASE"_trust.pem" $SVR_BASE"_trust.srl" - -echo "Setup success. Certificates created. Enable in unbound.conf file to use" - -exit 0 diff --git a/smallapp/unbound-control.c b/smallapp/unbound-control.c index 4843a9b3112b..c2b42e951640 100644 --- a/smallapp/unbound-control.c +++ b/smallapp/unbound-control.c @@ -74,6 +74,10 @@ #include <sys/un.h> #endif +#ifdef HAVE_TARGETCONDITIONALS_H +#include <TargetConditionals.h> +#endif + static void usage(void) ATTR_NORETURN; static void ssl_err(const char* s) ATTR_NORETURN; static void ssl_path_err(const char* s, const char *path) ATTR_NORETURN; @@ -264,6 +268,9 @@ static void print_mem(struct ub_shm_stat_info* shm_stat, #ifdef USE_IPSECMOD PR_LL("mem.mod.ipsecmod", shm_stat->mem.ipsecmod); #endif +#ifdef WITH_DYNLIBMODULE + PR_LL("mem.mod.dynlib", shm_stat->mem.dynlib); +#endif #ifdef USE_DNSCRYPT PR_LL("mem.cache.dnscrypt_shared_secret", shm_stat->mem.dnscrypt_shared_secret); @@ -879,11 +886,16 @@ int main(int argc, char* argv[]) if(argc == 0) usage(); if(argc >= 1 && strcmp(argv[0], "start")==0) { +#if defined(TARGET_OS_TV) || defined(TARGET_OS_WATCH) + fatal_exit("could not exec unbound: %s", + strerror(ENOSYS)); +#else if(execlp("unbound", "unbound", "-c", cfgfile, (char*)NULL) < 0) { fatal_exit("could not exec unbound: %s", strerror(errno)); } +#endif } if(argc >= 1 && strcmp(argv[0], "stats_shm")==0) { print_stats_shm(cfgfile); diff --git a/smallapp/worker_cb.c b/smallapp/worker_cb.c index 6c3bd0049082..78d921a3c6e9 100644 --- a/smallapp/worker_cb.c +++ b/smallapp/worker_cb.c @@ -248,3 +248,19 @@ void remote_get_opt_ssl(char* ATTR_UNUSED(str), void* ATTR_UNUSED(arg)) { log_assert(0); } + +#ifdef USE_DNSTAP +void dtio_tap_callback(int ATTR_UNUSED(fd), short ATTR_UNUSED(ev), + void* ATTR_UNUSED(arg)) +{ + log_assert(0); +} +#endif + +#ifdef USE_DNSTAP +void dtio_mainfdcallback(int ATTR_UNUSED(fd), short ATTR_UNUSED(ev), + void* ATTR_UNUSED(arg)) +{ + log_assert(0); +} +#endif diff --git a/testcode/fake_event.c b/testcode/fake_event.c index d6e904a4d3cb..d89eedce8bd0 100644 --- a/testcode/fake_event.c +++ b/testcode/fake_event.c @@ -1031,6 +1031,7 @@ outside_network_create(struct comm_base* base, size_t bufsize, size_t ATTR_UNUSED(num_ports), char** ATTR_UNUSED(ifs), int ATTR_UNUSED(num_ifs), int ATTR_UNUSED(do_ip4), int ATTR_UNUSED(do_ip6), size_t ATTR_UNUSED(num_tcp), + int ATTR_UNUSED(dscp), struct infra_cache* infra, struct ub_randstate* ATTR_UNUSED(rnd), int ATTR_UNUSED(use_caps_for_id), int* ATTR_UNUSED(availports), @@ -1038,7 +1039,8 @@ outside_network_create(struct comm_base* base, size_t bufsize, int ATTR_UNUSED(outgoing_tcp_mss), void (*unwanted_action)(void*), void* ATTR_UNUSED(unwanted_param), int ATTR_UNUSED(do_udp), void* ATTR_UNUSED(sslctx), - int ATTR_UNUSED(delayclose), struct dt_env* ATTR_UNUSED(dtenv)) + int ATTR_UNUSED(delayclose), int ATTR_UNUSED(tls_use_sni), + struct dt_env* ATTR_UNUSED(dtenv)) { struct replay_runtime* runtime = (struct replay_runtime*)base; struct outside_network* outnet = calloc(1, @@ -1583,7 +1585,7 @@ int create_udp_sock(int ATTR_UNUSED(family), int ATTR_UNUSED(socktype), int* ATTR_UNUSED(noproto), int ATTR_UNUSED(rcv), int ATTR_UNUSED(snd), int ATTR_UNUSED(listen), int* ATTR_UNUSED(reuseport), int ATTR_UNUSED(transparent), int ATTR_UNUSED(freebind), - int ATTR_UNUSED(use_systemd)) + int ATTR_UNUSED(use_systemd), int ATTR_UNUSED(dscp)) { /* if you actually print to this, it'll be stdout during test */ return 1; @@ -1790,7 +1792,7 @@ int comm_point_send_udp_msg(struct comm_point *c, sldns_buffer* packet, } int outnet_get_tcp_fd(struct sockaddr_storage* ATTR_UNUSED(addr), - socklen_t ATTR_UNUSED(addrlen), int ATTR_UNUSED(tcp_mss)) + socklen_t ATTR_UNUSED(addrlen), int ATTR_UNUSED(tcp_mss), int ATTR_UNUSED(dscp)) { log_assert(0); return -1; diff --git a/testcode/run_vm.sh b/testcode/run_vm.sh index d4c2a2e11dda..5f599e144a5b 100755 --- a/testcode/run_vm.sh +++ b/testcode/run_vm.sh @@ -26,15 +26,20 @@ cd testdata TPKG=../testcode/mini_tdir.sh #RUNLIST=`(ls -1d *.tdir|grep -v '^0[016]')` RUNLIST=`(ls -1d *.tdir)` -if test "$#" = "1"; then RUNLIST="$1"; fi +if test "$#" = "1"; then + RUNLIST="$1"; + if echo "$RUNLIST" | grep '/$' >/dev/null; then + RUNLIST=`echo "$RUNLIST" | sed -e 's?/$??'` + fi +fi # fix up tdir that was edited on keyboard interrupt. cleanup() { echo cleanup - if test -f "$t.bak"; then mv "$t.bak" "$t"; fi + if test -f "$t.bak"; then rm -fr "${t}"; mv "$t.bak" "$t"; fi exit 0 } -trap cleanup SIGINT +trap cleanup INT for t in $RUNLIST do diff --git a/testcode/streamtcp.c b/testcode/streamtcp.c index 65ea8d4bcae9..c49159d33a58 100644 --- a/testcode/streamtcp.c +++ b/testcode/streamtcp.c @@ -200,6 +200,7 @@ write_q(int fd, int udp, SSL* ssl, sldns_buffer* buf, uint16_t id, static void recv_one(int fd, int udp, SSL* ssl, sldns_buffer* buf) { + size_t i; char* pktstr; uint16_t len; if(!udp) { @@ -270,7 +271,13 @@ recv_one(int fd, int udp, SSL* ssl, sldns_buffer* buf) len = (size_t)l; } printf("\nnext received packet\n"); - log_buf(0, "data", buf); + printf("data[%d] ", (int)sldns_buffer_limit(buf)); + for(i=0; i<sldns_buffer_limit(buf); i++) { + const char* hex = "0123456789ABCDEF"; + printf("%c%c", hex[(sldns_buffer_read_u8_at(buf, i)&0xf0)>>4], + hex[sldns_buffer_read_u8_at(buf, i)&0x0f]); + } + printf("\n"); pktstr = sldns_wire2str_pkt(sldns_buffer_begin(buf), len); printf("%s", pktstr); diff --git a/testcode/testbound.c b/testcode/testbound.c index 4405231c0862..602dffaff14a 100644 --- a/testcode/testbound.c +++ b/testcode/testbound.c @@ -577,3 +577,13 @@ void wsvc_cron_cb(void* ATTR_UNUSED(arg)) } #endif /* UB_ON_WINDOWS */ +int tcp_connect_errno_needs_log(struct sockaddr* ATTR_UNUSED(addr), + socklen_t ATTR_UNUSED(addrlen)) +{ + return 1; +} + +int squelch_err_ssl_handshake(unsigned long ATTR_UNUSED(err)) +{ + return 0; +} diff --git a/testcode/unitmain.c b/testcode/unitmain.c index e8e7a44c7cb6..a42be424e9e9 100644 --- a/testcode/unitmain.c +++ b/testcode/unitmain.c @@ -867,7 +867,13 @@ main(int argc, char* argv[]) printf("\tperforms unit tests.\n"); return 1; } + /* Disable roundrobin for the unit tests */ + RRSET_ROUNDROBIN = 0; +#ifdef USE_LIBEVENT + printf("Start of %s+libevent unit test.\n", PACKAGE_STRING); +#else printf("Start of %s unit test.\n", PACKAGE_STRING); +#endif #ifdef HAVE_SSL # ifdef HAVE_ERR_LOAD_CRYPTO_STRINGS ERR_load_crypto_strings(); @@ -917,7 +923,9 @@ main(int argc, char* argv[]) # ifdef HAVE_EVP_CLEANUP EVP_cleanup(); # endif +# if (OPENSSL_VERSION_NUMBER < 0x10100000) && !defined(OPENSSL_NO_ENGINE) && defined(HAVE_ENGINE_CLEANUP) ENGINE_cleanup(); +# endif CONF_modules_free(); # endif # ifdef HAVE_CRYPTO_CLEANUP_ALL_EX_DATA diff --git a/testdata/04-checkconf.tdir/bad.badfwd b/testdata/04-checkconf.tdir/bad.badfwd index 27d58c5ea048..139d31238481 100644 --- a/testdata/04-checkconf.tdir/bad.badfwd +++ b/testdata/04-checkconf.tdir/bad.badfwd @@ -2,6 +2,7 @@ server: # to make sure the check doesn't fail on username or chrootdir. username: "" chroot: "" + directory: "" forward-zone: name: "example.com" diff --git a/testdata/04-checkconf.tdir/bad.dscp b/testdata/04-checkconf.tdir/bad.dscp new file mode 100644 index 000000000000..5491c79fec85 --- /dev/null +++ b/testdata/04-checkconf.tdir/bad.dscp @@ -0,0 +1,5 @@ +include: "good.min" + +server: + # an abnormal value for the option + ip-dscp: 500 diff --git a/testdata/04-checkconf.tdir/bad.include-toplevel.1 b/testdata/04-checkconf.tdir/bad.include-toplevel.1 new file mode 100644 index 000000000000..e45efbc253b0 --- /dev/null +++ b/testdata/04-checkconf.tdir/bad.include-toplevel.1 @@ -0,0 +1,3 @@ +include-toplevel: include.withoutclauses.* +server: + identity: "top 1" diff --git a/testdata/04-checkconf.tdir/bad.include-toplevel.2 b/testdata/04-checkconf.tdir/bad.include-toplevel.2 new file mode 100644 index 000000000000..fc274fd5d0e6 --- /dev/null +++ b/testdata/04-checkconf.tdir/bad.include-toplevel.2 @@ -0,0 +1,5 @@ +include-toplevel: include.withclauses.* +server: + identity: "top 1" + include: include.withoutclauses.* + include-toplevel: include.withoutclauses.* diff --git a/testdata/04-checkconf.tdir/bad.include-toplevel.3 b/testdata/04-checkconf.tdir/bad.include-toplevel.3 new file mode 100644 index 000000000000..3a219a8a2f6d --- /dev/null +++ b/testdata/04-checkconf.tdir/bad.include-toplevel.3 @@ -0,0 +1,6 @@ +include-toplevel: include.withclauses.* +server: + identity: "top 1" + include: include.withoutclauses.* + include-toplevel: include.withclauses.* +include: include.withoutclauses.* diff --git a/testdata/04-checkconf.tdir/bad.include-toplevel.4 b/testdata/04-checkconf.tdir/bad.include-toplevel.4 new file mode 100644 index 000000000000..8dd4555b61f3 --- /dev/null +++ b/testdata/04-checkconf.tdir/bad.include-toplevel.4 @@ -0,0 +1,7 @@ +include-toplevel: include.withclauses.* +server: + identity: "top 1" + include: include.withoutclauses.* + include-toplevel: include.withclauses.* +include: include.withclauses.* +include-toplevel: include.withoutclauses.* diff --git a/testdata/04-checkconf.tdir/bad.include-toplevel.5 b/testdata/04-checkconf.tdir/bad.include-toplevel.5 new file mode 100644 index 000000000000..b2c0eae82854 --- /dev/null +++ b/testdata/04-checkconf.tdir/bad.include-toplevel.5 @@ -0,0 +1,8 @@ +include-toplevel: include.withclauses.* +server: + identity: "top 1" + include: include.withoutclauses.* + include-toplevel: include.withsomeclauses.* +include: include.withclauses.* +include-toplevel: include.withclauses.* +server: identity: "top 2" diff --git a/testdata/04-checkconf.tdir/bad.include-toplevel.6 b/testdata/04-checkconf.tdir/bad.include-toplevel.6 new file mode 100644 index 000000000000..4f578f5cf76b --- /dev/null +++ b/testdata/04-checkconf.tdir/bad.include-toplevel.6 @@ -0,0 +1,10 @@ +include-toplevel: include.withclauses.* +include-toplevel: include.withclauses.* +server: + identity: "top 1" + include: include.withoutclauses.* + include-toplevel: include.withclauses.* +include: include.withclauses.* +include-toplevel: include.withclauses.* +server: identity: "top 2" +include-toplevel: include.includetop.withoutclauses.* diff --git a/testdata/04-checkconf.tdir/bad.include-toplevel.7 b/testdata/04-checkconf.tdir/bad.include-toplevel.7 new file mode 100644 index 000000000000..386f0166e4fe --- /dev/null +++ b/testdata/04-checkconf.tdir/bad.include-toplevel.7 @@ -0,0 +1,11 @@ +include-toplevel: include.withclauses.* +include-toplevel: include.withclauses.* +server: + identity: "top 1" + include: include.withoutclauses.* + include-toplevel: include.withclauses.* +include: include.withclauses.* +include-toplevel: include.withclauses.* +server: identity: "top 2" +include-toplevel: include.includetop.withclauses.* +include-toplevel: include.include.withoutclauses.* diff --git a/testdata/04-checkconf.tdir/bad.user b/testdata/04-checkconf.tdir/bad.user index 40631abb4f79..ffa556e44fac 100644 --- a/testdata/04-checkconf.tdir/bad.user +++ b/testdata/04-checkconf.tdir/bad.user @@ -1,2 +1,4 @@ server: username: blabla_noexist_user + chroot: "" + directory: "" diff --git a/testdata/04-checkconf.tdir/good.all b/testdata/04-checkconf.tdir/good.all index 33ebaf014abf..d564f983c5a0 100644 --- a/testdata/04-checkconf.tdir/good.all +++ b/testdata/04-checkconf.tdir/good.all @@ -220,6 +220,10 @@ server: # more slabs reduce lock contention, but fragment memory usage. key-cache-slabs: 4 + # the value of the Differentiated Services Codepoint (DSCP) + # in the differentiated services field (DS) of the outgoing + # IP packets + ip-dscp: 5 # Stub zones. # Create entries like below, to make all queries for 'example.com' and diff --git a/testdata/04-checkconf.tdir/good.include-toplevel b/testdata/04-checkconf.tdir/good.include-toplevel new file mode 100644 index 000000000000..e88df7d5653a --- /dev/null +++ b/testdata/04-checkconf.tdir/good.include-toplevel @@ -0,0 +1,16 @@ +include-toplevel: include.withclauses.* +include-toplevel: include.withclauses.* +server: + identity: "top 1" + include: include.withoutclauses.* + include-toplevel: include.withclauses.* +include: include.withclauses.* +include-toplevel: include.withclauses.* +server: identity: "top 2" +include-toplevel: include.includetop.withclauses.* +include-toplevel: include.include.withclauses.* +include-toplevel: include.include.withclauses.* +server: + chroot: "" + directory: "" + username: "" diff --git a/testdata/04-checkconf.tdir/good.min b/testdata/04-checkconf.tdir/good.min new file mode 100644 index 000000000000..4b71c45f7f9b --- /dev/null +++ b/testdata/04-checkconf.tdir/good.min @@ -0,0 +1,7 @@ +# the minimal passing config - include in your bad.x to verify that +# it is your option which triggers failure +server: + chroot: "" + username: "" + directory: "." + pidfile: "" diff --git a/testdata/04-checkconf.tdir/include.include.withclauses.1 b/testdata/04-checkconf.tdir/include.include.withclauses.1 new file mode 100644 index 000000000000..49c88fe8c58e --- /dev/null +++ b/testdata/04-checkconf.tdir/include.include.withclauses.1 @@ -0,0 +1 @@ +include: include.withclauses.* diff --git a/testdata/04-checkconf.tdir/include.include.withclauses.2 b/testdata/04-checkconf.tdir/include.include.withclauses.2 new file mode 100644 index 000000000000..49c88fe8c58e --- /dev/null +++ b/testdata/04-checkconf.tdir/include.include.withclauses.2 @@ -0,0 +1 @@ +include: include.withclauses.* diff --git a/testdata/04-checkconf.tdir/include.include.withclauses.3 b/testdata/04-checkconf.tdir/include.include.withclauses.3 new file mode 100644 index 000000000000..49c88fe8c58e --- /dev/null +++ b/testdata/04-checkconf.tdir/include.include.withclauses.3 @@ -0,0 +1 @@ +include: include.withclauses.* diff --git a/testdata/04-checkconf.tdir/include.include.withoutclauses.1 b/testdata/04-checkconf.tdir/include.include.withoutclauses.1 new file mode 100644 index 000000000000..3552d769c896 --- /dev/null +++ b/testdata/04-checkconf.tdir/include.include.withoutclauses.1 @@ -0,0 +1 @@ +include: include.withoutclauses.* diff --git a/testdata/04-checkconf.tdir/include.include.withoutclauses.2 b/testdata/04-checkconf.tdir/include.include.withoutclauses.2 new file mode 100644 index 000000000000..3552d769c896 --- /dev/null +++ b/testdata/04-checkconf.tdir/include.include.withoutclauses.2 @@ -0,0 +1 @@ +include: include.withoutclauses.* diff --git a/testdata/04-checkconf.tdir/include.include.withoutclauses.3 b/testdata/04-checkconf.tdir/include.include.withoutclauses.3 new file mode 100644 index 000000000000..3552d769c896 --- /dev/null +++ b/testdata/04-checkconf.tdir/include.include.withoutclauses.3 @@ -0,0 +1 @@ +include: include.withoutclauses.* diff --git a/testdata/04-checkconf.tdir/include.includetop.withclauses.1 b/testdata/04-checkconf.tdir/include.includetop.withclauses.1 new file mode 100644 index 000000000000..5e296548f8a8 --- /dev/null +++ b/testdata/04-checkconf.tdir/include.includetop.withclauses.1 @@ -0,0 +1 @@ +include-toplevel: include.withclauses.* diff --git a/testdata/04-checkconf.tdir/include.includetop.withclauses.2 b/testdata/04-checkconf.tdir/include.includetop.withclauses.2 new file mode 100644 index 000000000000..5e296548f8a8 --- /dev/null +++ b/testdata/04-checkconf.tdir/include.includetop.withclauses.2 @@ -0,0 +1 @@ +include-toplevel: include.withclauses.* diff --git a/testdata/04-checkconf.tdir/include.includetop.withclauses.3 b/testdata/04-checkconf.tdir/include.includetop.withclauses.3 new file mode 100644 index 000000000000..5e296548f8a8 --- /dev/null +++ b/testdata/04-checkconf.tdir/include.includetop.withclauses.3 @@ -0,0 +1 @@ +include-toplevel: include.withclauses.* diff --git a/testdata/04-checkconf.tdir/include.includetop.withoutclauses.1 b/testdata/04-checkconf.tdir/include.includetop.withoutclauses.1 new file mode 100644 index 000000000000..a411f7b52c4b --- /dev/null +++ b/testdata/04-checkconf.tdir/include.includetop.withoutclauses.1 @@ -0,0 +1 @@ +include-toplevel: include.withoutclauses.* diff --git a/testdata/04-checkconf.tdir/include.includetop.withoutclauses.2 b/testdata/04-checkconf.tdir/include.includetop.withoutclauses.2 new file mode 100644 index 000000000000..a411f7b52c4b --- /dev/null +++ b/testdata/04-checkconf.tdir/include.includetop.withoutclauses.2 @@ -0,0 +1 @@ +include-toplevel: include.withoutclauses.* diff --git a/testdata/04-checkconf.tdir/include.includetop.withoutclauses.3 b/testdata/04-checkconf.tdir/include.includetop.withoutclauses.3 new file mode 100644 index 000000000000..a411f7b52c4b --- /dev/null +++ b/testdata/04-checkconf.tdir/include.includetop.withoutclauses.3 @@ -0,0 +1 @@ +include-toplevel: include.withoutclauses.* diff --git a/testdata/04-checkconf.tdir/include.withclauses.1 b/testdata/04-checkconf.tdir/include.withclauses.1 new file mode 100644 index 000000000000..d67920e06517 --- /dev/null +++ b/testdata/04-checkconf.tdir/include.withclauses.1 @@ -0,0 +1 @@ +server: identity: "withclauses1" diff --git a/testdata/04-checkconf.tdir/include.withclauses.2 b/testdata/04-checkconf.tdir/include.withclauses.2 new file mode 100644 index 000000000000..3537974c06e5 --- /dev/null +++ b/testdata/04-checkconf.tdir/include.withclauses.2 @@ -0,0 +1 @@ +server: identity: "withclauses2" diff --git a/testdata/04-checkconf.tdir/include.withclauses.3 b/testdata/04-checkconf.tdir/include.withclauses.3 new file mode 100644 index 000000000000..5e19c54ef0d2 --- /dev/null +++ b/testdata/04-checkconf.tdir/include.withclauses.3 @@ -0,0 +1 @@ +server: identity: "withclauses3" diff --git a/testdata/04-checkconf.tdir/include.withoutclauses.1 b/testdata/04-checkconf.tdir/include.withoutclauses.1 new file mode 100644 index 000000000000..3b3b6f48b06e --- /dev/null +++ b/testdata/04-checkconf.tdir/include.withoutclauses.1 @@ -0,0 +1 @@ +identity: "withoutclauses1" diff --git a/testdata/04-checkconf.tdir/include.withoutclauses.2 b/testdata/04-checkconf.tdir/include.withoutclauses.2 new file mode 100644 index 000000000000..fec8b200275d --- /dev/null +++ b/testdata/04-checkconf.tdir/include.withoutclauses.2 @@ -0,0 +1 @@ +identity: "withoutclauses2" diff --git a/testdata/04-checkconf.tdir/include.withoutclauses.3 b/testdata/04-checkconf.tdir/include.withoutclauses.3 new file mode 100644 index 000000000000..e34a4b12dd5b --- /dev/null +++ b/testdata/04-checkconf.tdir/include.withoutclauses.3 @@ -0,0 +1 @@ +identity: "withoutclauses3" diff --git a/testdata/04-checkconf.tdir/include.withsomeclauses.1 b/testdata/04-checkconf.tdir/include.withsomeclauses.1 new file mode 100644 index 000000000000..d719a44f783f --- /dev/null +++ b/testdata/04-checkconf.tdir/include.withsomeclauses.1 @@ -0,0 +1 @@ +server: identity: "withsomeclauses1" diff --git a/testdata/04-checkconf.tdir/include.withsomeclauses.2 b/testdata/04-checkconf.tdir/include.withsomeclauses.2 new file mode 100644 index 000000000000..ec910e1a88a4 --- /dev/null +++ b/testdata/04-checkconf.tdir/include.withsomeclauses.2 @@ -0,0 +1 @@ +identity: "withsomeclauses2" diff --git a/testdata/04-checkconf.tdir/include.withsomeclauses.3 b/testdata/04-checkconf.tdir/include.withsomeclauses.3 new file mode 100644 index 000000000000..dbb696eeb23b --- /dev/null +++ b/testdata/04-checkconf.tdir/include.withsomeclauses.3 @@ -0,0 +1 @@ +identity: "withsomeclauses3" diff --git a/testdata/09-unbound-control.tdir/bad_control.key b/testdata/09-unbound-control.tdir/bad_control.key index d29cdbc91b37..84d3883ed71f 100644 --- a/testdata/09-unbound-control.tdir/bad_control.key +++ b/testdata/09-unbound-control.tdir/bad_control.key @@ -1,15 +1,39 @@ -----BEGIN RSA PRIVATE KEY----- -MIICXAIBAAKBgQDti51Z6qASvAjPFFhLLlq8BwtsnmfqMPMn57dKAghb4OifeL4G -SLOE02/hKDkdkOvaUG2UqDNh2OoPTuJk4A+mG2LJoziFhHKlIebo9v2YiFWOBVtO -DWc3tXPT1IlSEN0xnAGelMmeLcPeCPe+A5IDlIHzF/+YiDgS38S9dL17owIDAQAB -AoGAG3w/DatfMCu/nS5OdQx9BSqPgNbnUSqux9xA0fhgPTlN0T3oRtPcqa7JUDUW -PryI/a62ry+zGkw98N2AxolCZg3N7Z3vuRx2FMcKKNwpTzDmcZW7TmMk5FPof6gE -PnYl/ff0w+kxqA+L2EexH3Xi6ApLSZcjyzKWj+dL2AuT9gkCQQD3dPitwITxgCAD -IaHw23e3FRkM/hw1Gp8bt6nbuxitVxxpO96q1EQ+fCy/mf0bMEJDp3xzMEIfP3r4 -GmNbaxa1AkEA9b8LeBLbQ2cm2+UMeUgygBsRirdUQ786auqH38Jbvi/j6S9sDl2x -q1vRtikEBZJWfkhsOzrzwFDKe1bI/EEn9wJAAzOwRA9JqRZPU7sLrWIpmmTbfh+L -neRKSsGFoSI6n4ORCouLxgoZF/XjXldPvxpQwS9ZnOPy9xSLMsqknno0QQJAeDtA -IT8Yh6GwIWWu9KeeDY8wxe1sDLlCm4yjbZZpzGMh3rSU6XJtuqjxsW3fydoO9zn3 -ugLdvvnIFxAexUwbgQJBANyM13xcObfUJOj9rjlGCh0CDh/04ONl8SH8HBnM8guA -RJI5S6vBHweVRopEZcF1sQm6wMf3ej/sGkyyNvJxRkY= +MIIG5AIBAAKCAYEAt/3PPZGM7eSdCnEQ04f6Y+Xnmp105gtxqoHxHfyGFG8ljNSd +T1hKBjrg1BRVszTg+Td5V+Y4vAHW25Etvuvg0DQBNDKtrMTTbTZKQbT6A7Xgyp42 +Oj8EyXFWs8BNx/joI1sAMUiCjPKpKAI5bIHV18It4n28MXWTVX5mfwcj82XPTQlO +6OhTXtA45idPLFKkCp4H879EIfIo1sfk+OTLjoSNLXFN3BoI9CIT6WZKrY0pAieL +jdotSlirx/UpwpojAp6IVxzjZ2PHnJZbBwHxVPYnysMogcKQ9CyL1jBT2phWVe2J +YJFwwGgziJH5CJEGVgWkctEtguKubzSCIf9RuX6j/n32ZRtAechm2Oi2WwxGr9tF +uzLXgYsu/MQ+AhzcFP1MEGlyCkyL2fxgDry34Rq7RVQQL9PolhBYk2orYTlsjCVR +kGzXvpFIF8OPDEEsXz2TTM2nkiCla1GqsGXL3xuPFjGD+CEMI5jB7U+j1uL2+xb/ +gVUMAxvpNHADcW1/AgMBAAECggGAFEXF8N25rniTCRR+KyB/aURqqXGR8MrwAj6B +B7HMQDIi7Ap9LsHmnhscrKF08+Luqub+2r2GIMj/GIA9jxzET4x7WXoAAtpJBW6G +7gh3x7LhitG13eMVrvBrAjE9ILx/L24Wblez8r3F/5+HHjqMClLd5We/NZ/j1Pax +amup/WaJWc6dwDHhBcBhlJJeOd79LiJNdADuC+N3tnqd8wKanyBhwdELKCZCOEwM +75mSvt6f1xnuWXnhpaBxhP2xVTzQUNz1jxA2j/ybDbnBdhjLn9QlBY604t8nwRz8 +dwCV6NRFbj85C1Fkw3FSzLSKzkzLGxYBvLpq6vjXiUHuY17bVDskCrgHOx/q0SXb +ivPdmJWhThfPUMRgSTQXXvWpQfEdBP9FDXLFPN6yI9Xocxa4oaalNaK+xIJyXt9w +ZkLb+ZB8+m4JqvgdrQiO0yEXM498aCdRfVnZV/e+GdbB90FW9SFf4/guca/I4SPD +sFpA96LOyxkX4h5AQxyeoDDriKopAoHBAOEQXDMIXxp9gmkZNRo/mW7RvnmUyDic +eCwCbcsLGjay/hKpyOTelXSF7bxdi6GuO5N9UWBQX2FK+//T/uT1kHjmUYTeLa47 +iSDJG73TT6ZSwI0D8Ak+4GEneS3xjldpPW1oFZt/kwuji6yfUFw6orsPa/l5Uf7/ +MCOzoFObtvDZKgd0BkBrQhlIG+u6jicrGfrVkCDX/ONqoQXr3a21b4nl52/r+ezj +N2kKSQOTll5pUQ00+M0SPDwytFJbhbkTpQKBwQDRSCzHPTGVW5R+8BPQY2mRRyjp +Pr1BmJXG05f2wjXeGhafWJ91RCwP7mOBbJDA15w3KoY9N64Rk6Mv5q0Ywwna7+Ea +pTXCfzeuoC+sLL6llCA4kbpJsvrLAeCYyvMuiPjgXfDo2S8qMqAnZ+ZKD16OjBzE +W6H2OI7Zmwjy7+C683Ac2kX+lIvbBeOu9oVtaSw/5nudScUi4njDz89Ha3g3j1AI +98crCLQdjTO94d5k4Mx4FFVdbxPwSa5iZcHWo1MCgcAnHI25PKIyW09Xbk8BIb5L +ON3uCQIGfIKRu1ZTK7nBebeXjLPhuiCk4EVhL6x9S2cFCYkjwLPil4JVggTQyy/x +Iq1V9rpfhe8dqHVOtrMnx0e4+c8z/B5II/D2H/1JiXtoUOc4X6IxKpmyRPlVHcd7 +1IFCGGg8dSJrgeLBxNS05DhelTYk6b7R3+siOwhLHD1mjsh+PKqw5q3W9pdOgbJB +d5eRpqOHHDFb6rKnkXVXMNwp/GOkV5/qIjGeAlOpxxUCgcEAlXLFB0Jbthy/3iXz +AEz9hhEa1fVHkSA1VNalHkFx1jkrDn9q34LfNEE4LaQpeox9sadcVTr9wu97CSnh +Ul11HDNQvIZd7ZaLXNhnMryBKByvJbZrIVX+YhnlGTdUkVae4xoyfxUY6TldxMYd +XaW8EG9d25rT/dBFsn9T1KgYA2j0FqaIdVP+y1lZTggdIBSK1NbyT0/uxwqS0sID +cyz7nDFrJfxK7iA4/yFmYaJ5/e/KE7Xxf9dilaUIMpwX3/6hAoHBAIYjfpbPfK21 +AwHgZiopxOODsjbMuO/f4VCaMhkt8bm7LRmbsNl/Sk9paTNKf20fttKLi2cSUIn8 +sP8iuwdrUNNhVd4cfsh+ncF4GitRs3WrZXEz8AB7m8frpzNr2pYcqVTPL8yl9i8t +ix0XEoVwMWgFroWaN/G+ujEoPZUgXI9z5DuArkNOiLgbpcqVJ8e/+SWTeKILIkWT +ZrFABevmFIaXSZLjI9Avk7cTqEKOVeZy9gag9lmbtVAzFFitdR4aWA== -----END RSA PRIVATE KEY----- diff --git a/testdata/09-unbound-control.tdir/bad_control.pem b/testdata/09-unbound-control.tdir/bad_control.pem index e06b847208e3..0785acaeb5c8 100644 --- a/testdata/09-unbound-control.tdir/bad_control.pem +++ b/testdata/09-unbound-control.tdir/bad_control.pem @@ -1,11 +1,22 @@ -----BEGIN CERTIFICATE----- -MIIBozCCAQwCCQDd5/rocjG5vDANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwd1 -bmJvdW5kMB4XDTA4MDkyNjEyMjQ0NFoXDTI4MDYxMzEyMjQ0NFowGjEYMBYGA1UE -AxMPdW5ib3VuZC1jb250cm9sMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDt -i51Z6qASvAjPFFhLLlq8BwtsnmfqMPMn57dKAghb4OifeL4GSLOE02/hKDkdkOva -UG2UqDNh2OoPTuJk4A+mG2LJoziFhHKlIebo9v2YiFWOBVtODWc3tXPT1IlSEN0x -nAGelMmeLcPeCPe+A5IDlIHzF/+YiDgS38S9dL17owIDAQABMA0GCSqGSIb3DQEB -BQUAA4GBAHpvcKqY48X9WsqogV16L+zT7iXhZ4tySA9EBk1a+0gud/iDPKSBi7mK -4rzphVfb4S207dVmTG+1WNpa6l3pTGML6XLElxqIu/kr7w4cF0rKvZxWPsBRqYjH -5HrK8CrQ0+YvUHXiu7IaACLGvKXY4Tqa3HQyvEtzLWJ4HhOrGx8F +MIIDszCCAhsCFEm6EpzKglG+V66IyIlx6Q2y3y8nMA0GCSqGSIb3DQEBCwUAMBIx +EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMzA3WhcNNDAwMzI1MTMzMzA3 +WjAaMRgwFgYDVQQDDA91bmJvdW5kLWNvbnRyb2wwggGiMA0GCSqGSIb3DQEBAQUA +A4IBjwAwggGKAoIBgQC3/c89kYzt5J0KcRDTh/pj5eeanXTmC3GqgfEd/IYUbyWM +1J1PWEoGOuDUFFWzNOD5N3lX5ji8AdbbkS2+6+DQNAE0Mq2sxNNtNkpBtPoDteDK +njY6PwTJcVazwE3H+OgjWwAxSIKM8qkoAjlsgdXXwi3ifbwxdZNVfmZ/ByPzZc9N +CU7o6FNe0DjmJ08sUqQKngfzv0Qh8ijWx+T45MuOhI0tcU3cGgj0IhPpZkqtjSkC +J4uN2i1KWKvH9SnCmiMCnohXHONnY8ecllsHAfFU9ifKwyiBwpD0LIvWMFPamFZV +7YlgkXDAaDOIkfkIkQZWBaRy0S2C4q5vNIIh/1G5fqP+ffZlG0B5yGbY6LZbDEav +20W7MteBiy78xD4CHNwU/UwQaXIKTIvZ/GAOvLfhGrtFVBAv0+iWEFiTaithOWyM +JVGQbNe+kUgXw48MQSxfPZNMzaeSIKVrUaqwZcvfG48WMYP4IQwjmMHtT6PW4vb7 +Fv+BVQwDG+k0cANxbX8CAwEAATANBgkqhkiG9w0BAQsFAAOCAYEATI+xHWEiq3SK +9Dw2FBiD7GPaaPAh/u5h+QxaLS9G5a6Djh6F9RT3To+gRVeiaAaIPg53asGM5TGR +ojv9nI8cIvi3dL6VKhHSdomldFjfQYmF/uSKEYsHaggceGE/GsG8J8g79HXGRp2y +m5hkACKFh5ZcSHeJBplv7agDbBZ6w5qQaY6QsnYLrAK7B3Jo1Xx+JEKzmgnp4TwV +Ni4wezgLiG+buJ5lXEYr2Rm7HR/cxLRN7CFrpUoavFUvqLKNpXO8MJFx+BkO5/JT +pgv0O/ll9aT+kuegUpf9kcUzhpsw1N4W/JzZOyJAdxrrQ88aNZm+7d433wDBt/WF +BCV4d5wEASxfQALEQa+/1FebIsDfQyBAOHdTAVkupZ00oeNerKe+mHFmNjj04vn8 +LwGgVuADCBJVCDhEqHLEXUqiGeSHJhAJO9pjma7r7H81OtAs/xVC8j8hqe8wLBKg +XNjWQ9QmNXt9VVQCMomro9lmoDozr9k1vsGtUsT3yQEAABQYwIjp -----END CERTIFICATE----- diff --git a/testdata/09-unbound-control.tdir/bad_server.key b/testdata/09-unbound-control.tdir/bad_server.key index 0dbb134b5be7..d64d05bf5fac 100644 --- a/testdata/09-unbound-control.tdir/bad_server.key +++ b/testdata/09-unbound-control.tdir/bad_server.key @@ -1,15 +1,39 @@ -----BEGIN RSA PRIVATE KEY----- -MIICWwIBAAKBgQC9hurNHBtB7QFEuPJOnCylUWUF2/US3v9yQQQXnstuXMQXRaq1 -1uviLmwaGurV9tngX59HITsBT74NQrtFKfEDLViLrm2arAM9Ozsn4tnv30HXPRDj -UOc1M05Q7UzjaSrOv+TkPEqyhtUyaP1DYo0bcmbxtSkYc2ZEWCwhPklUwQIDAQAB -AoGATjzZxN4ramWaNnJapJTX4U7eczK/0pB3xwSL2exVcjOdRzYdKH+WVIJxYb1m -3/jNLFCNAeH356yxeevoPr73nG75YJ9I1ZWQWTnS3SDK6JD1+3pmAD0bQWFoitpf -FoSH9H4X5gFB5vCZ99YVoYH1UXWPcgvUHwxz0voImt6lCKECQQD4YQ4A3M0+Ki8v -Hl+5FKULnS0UtBkweCvkF/X1zZRjjYr6hLnqldFkkgTBKWe17pUXX0nwRMbP1YZX -i+vDq5JNAkEAw1eYsmC0nVAMawo57N6LYavGv/n5u1cvpTpKDtn4cXH0Uqq13Kyu -2FUTzan2NhCEK78UzbWaeewBJmxYda1+RQJAdShKk6uTAEyjnwUjv8h2JWlJN2fQ -LeWxRlDrCruiz+aW9J4gl/99GoQpy/c83TshhjnDRZsbcDNWv/rXBZ/rTQJAFQva -CtX6f7yBKgM3DHtJvyM3zbVMH9Ab9QxbsE/xwZ9KeKGl6Hm+eNZpxM3cFiUfaGs0 -/ZjkZOB1m0MvILaplQJAXC3PJ/E+87banGZRJl5qtS6/HoX5lH9TPkL8Essy7ANO -2BT2OTQawD1A+VKIrQHXs085Of8tQUfrfHHt7s3Kqg== +MIIG4wIBAAKCAYEAr7FId+AlZUWP6MK9xfV0hJ9ooJdcL0sm9yZsWY4UYOlqcTGE +Rah/XvQmsOaKcMg8Wof24LAvo2vmariBYZoS61AAi6MeHHrPh8M2ZDMZQgW4nZC8 +A0biro93nMLU1VxgycSVmj29p18IdNzsYWxC7t+/6AWQSlwD+9YFOYrVWQYxEcSZ +7gZqoh08mDsNRjnVs7nagPAbk/B9jj9zhvgp+0d5h25Ms7Td22t7DfsGlL8Ei3ew +FwaqjThhhVHEVwARBLYGb2ZsZS5EMJv2W/V0k6yQZ+rV07+i0oZQ0cGxOuUy9TNO +7HfiI4ri2x26Wm0YH1qgK5miUIAkbL2E/iWVxMfQOdEAZuOmUpUFOFpm/XHL1/pC +yiqOb98jjLE93UoNPZdsjrbjfQ/WPkap+vtigVZJJPet6F9x4S5XvrhXkV2JWIYM +vhnrs9NpveCOe1lcxNVSsIAtMxsZKi2dIq+mRhfm9/UGoOmj8UxIQUepJJv1IHcd +ASWkTAMmUSyF7z7DAgMBAAECggGAKwY+GeURI1C6oiR2drDaPNQQuir2zzoXK7UE +GZY6lVTz1Q5sNubBck5V30JFqsLOTNk48uMSd3Gn9oCCZpVlhqyLxaZHbHACvFto +yXbd+5YNFMDp2d+VCWxmvUPU/P7nUOHMRP5ToFYcawni9SSe64Jtq3MZV6xa6WQK +2YGPJ4Llp1U+4NQ/br28JgdoA8eL9rxPrv2ds0fUZ25Qa0AAf+GL+Edhjyx+nAoh +E1Zi0TBJ+6FuxOTEBVtGPnC8pRWFrYDfiMX4y8qkbbanAQCNgLn0PC0JdKpFAtk/ +hnpGsZ4/oh0D3ogi6o5Xnn9Gl5+1uqqaEs/n6A4kojcJ/Z0uO7zJultSUDeggbA9 +VoTQucFY1Cqj68d56Rf3kS5FGgAOx7Q6LVCIH7C9+bfs7N6z/2zl6sF72ey88kpK +ZxsPjGUw2OHnwdrkfZHVMjiNUgrEH+KYe8EVmoBxoafGvxcs9mppqeczP3zbf5WX +8LBLQcIqNaSWAsuKQbJTNsbKEIT5AoHBANcs1QPluTGTY3BXvGMwjl3dDyf1h10u +iaGi1tDB60YtF++RnwOl40Zi1Gu8GqmmzY9j32EG5moRO6IhuZ2U+lZcK/AiwY00 ++4hnzc0hBInFlq3lLRa6zVj4rEeQJxuKXykJGLQyKtSqtppcAo7hWE08ZZ6DlnvP +4o4R9ii6gCZcajhr5Bh9FxZOHv+5gMRzOVWmMF0JSjnVToCi0UUY6b3roRdH/U+M +3EOVCOUT1WE7cGuZffkcQ3jQEsC9zRHFFwKBwQDRBsKIfm0FMjP2Z0aQDpHO5wR6 +Vcjw2kmVukTPqlYPcDGaYbUVuQJIR7+ffd8xk0YbIeOfO/bXGngLAjKSGz20JIIW +E/B5RkVycwjD/WeD5NMvKc3NaiT3aiXmnwz1YUzxDHByAtskAKsoXE/GIsyVCbV2 +vDaBn3MCywTvcC9RR4KYeTepKMvd4N8KLgP9n/+hKd1ElsBVnPJUyYabmaOC1tpx +DUyWu3dbhKBKcfEcyt1+YT1bPrfRnG9oxyRStzUCgcA8R9sFVH4lXV0mQ+4K+7dm +pF9yml5pxHfaSHxVz33SEx/5hZo+s2KQfW91HyV5EbnUye3yiLRUUq+aJEiT1QCs +4PWOOK5wmL8+35XQOcfDsQ8deG7BR2Pv4PqiscfC92jhXiMFmGhXW9v8Mnqk/Ix4 +VstBNSwbU4nssyt7DYSJOqqnU9J66dBl90zH53gjkQQm8n/qEIgy24c6kmJ+MRSK +mFBw7UIR3yx14nKzenL04moEOuQHvdtJJUGbrZCdwdECgcBCra9cr0fDwpIE5kkC +J0OoBtXM2JSzEE8s7jCJNkMhxZ5tKwIDHfN2bzzXeeW7AMn6WcMsxoolcBIfIOJU +7U+vqX294Tpy1VHOApgnPSzKTDJ59xHplxSXwEq62L3fgNx0gI1WMUcKoxP2Wgww +nmU4ndI/QCb7Dow3td+rKdROT0t/rBtvYM43x0YfDzLCs0luddZZzOUp6lj7ZxYD +iO06DaO9MIrgAok+rn4bgWFy19v0NrzF4KnuucJoYC5cHIkCgcEAzG+0oppa1L+e +Tw+511VtO070XJ0Kx4DNKjP2F5nFSqTkDAyEEiLoIArO5dYGG5nHy3lXSoj+wvOe +1+3KTZPeFA7ZByceehFXrULT4GbHwbsimzLWBXAF2Dgzb2OZYMnKuFR/tjlW0+vP +OP86cEkQXNJm4SsxxeFjJAcxxif305OzgL8oqndOsohopB+XCbKUP231HBMGJ4MR +EljQHXm63wWWiBUmrX0ZYzWkX5KiAbDlfhvde80fKsDOUrzZfoBw -----END RSA PRIVATE KEY----- diff --git a/testdata/09-unbound-control.tdir/bad_server.pem b/testdata/09-unbound-control.tdir/bad_server.pem index 983247ac73bd..b81fb19f2655 100644 --- a/testdata/09-unbound-control.tdir/bad_server.pem +++ b/testdata/09-unbound-control.tdir/bad_server.pem @@ -1,11 +1,22 @@ -----BEGIN CERTIFICATE----- -MIIBmzCCAQQCCQCDugnhq8B6LzANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwd1 -bmJvdW5kMB4XDTA4MDkyNjEyMjQ0M1oXDTI4MDYxMzEyMjQ0M1owEjEQMA4GA1UE -AxMHdW5ib3VuZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvYbqzRwbQe0B -RLjyTpwspVFlBdv1Et7/ckEEF57LblzEF0Wqtdbr4i5sGhrq1fbZ4F+fRyE7AU++ -DUK7RSnxAy1Yi65tmqwDPTs7J+LZ799B1z0Q41DnNTNOUO1M42kqzr/k5DxKsobV -Mmj9Q2KNG3Jm8bUpGHNmRFgsIT5JVMECAwEAATANBgkqhkiG9w0BAQUFAAOBgQCy -zGMW35/9xXoEWsuLFWUOaEKVq5DXuXtXbcMpDW6k2ELoraa305vh7Zwhj5JSqfcm -O0xyqIzXvz/cYdyOTgEkdMDZ/EvQsxKTwvj6eA4614yB1r3Ju5eZd4Gpo6BHhSpu -oqsrr0duJ+JOANTyaBplIxM1sjHbR4FGtmrFknBYBQ== +MIIDqzCCAhMCFFzmVNbhjiApmjK3VeO/j9TBp8yOMA0GCSqGSIb3DQEBCwUAMBIx +EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMzA3WhcNNDAwMzI1MTMzMzA3 +WjASMRAwDgYDVQQDDAd1bmJvdW5kMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIB +igKCAYEAr7FId+AlZUWP6MK9xfV0hJ9ooJdcL0sm9yZsWY4UYOlqcTGERah/XvQm +sOaKcMg8Wof24LAvo2vmariBYZoS61AAi6MeHHrPh8M2ZDMZQgW4nZC8A0biro93 +nMLU1VxgycSVmj29p18IdNzsYWxC7t+/6AWQSlwD+9YFOYrVWQYxEcSZ7gZqoh08 +mDsNRjnVs7nagPAbk/B9jj9zhvgp+0d5h25Ms7Td22t7DfsGlL8Ei3ewFwaqjThh +hVHEVwARBLYGb2ZsZS5EMJv2W/V0k6yQZ+rV07+i0oZQ0cGxOuUy9TNO7HfiI4ri +2x26Wm0YH1qgK5miUIAkbL2E/iWVxMfQOdEAZuOmUpUFOFpm/XHL1/pCyiqOb98j +jLE93UoNPZdsjrbjfQ/WPkap+vtigVZJJPet6F9x4S5XvrhXkV2JWIYMvhnrs9Np +veCOe1lcxNVSsIAtMxsZKi2dIq+mRhfm9/UGoOmj8UxIQUepJJv1IHcdASWkTAMm +USyF7z7DAgMBAAEwDQYJKoZIhvcNAQELBQADggGBAG+IhOsdEiaVCOB8PBRGJQ8F +/kyeQOtE7pPPkH57qYwAW9cxdSoiIxrvase30IGLWmOzjiAc/igf1qz/bVpwFXQr +XohzyeQJ2znlGzUbo67c8rocvWxHzvZwFuQEysJp/E9ft5kiWwoU/xVpoK5p9sxW +zRTTdpA24x6rqvk1ZFzwWGSg0yhjOYfwvwg3kGCbwe3GzAk1J65E+uJPFoLySbNL +p3eUDA2rUKDjVobJOEhtV8k/l+hB0kKwiz/A2sbMT/OoByWMNFKSkmDbNi5m5gJH +FHsZsucbL6ppLy7fmOiPlx6xejbiTR3uAn0aQImdHA5kyfAXLKhTkyYdjWHiHqdQ +XMxi0Ci7/HO9mRupbcjRZEPs//ozMxjOAg4VNasDLdnDI4EKrClqYPjsfoXXXiZf +YTPH9QypxJFGmGEH865BNacEjDBeag8ck1ZTiK/GlrAJMqfV5/60GWBGRQVV/Tvd +WXWY2x0gVp2fxtxF8JCvHKAcfUg2+LrUS7fbMx2Niw== -----END CERTIFICATE----- diff --git a/testdata/09-unbound-control.tdir/unbound_control.key b/testdata/09-unbound-control.tdir/unbound_control.key index d7c43a06bb58..753a4ef6162e 100644 --- a/testdata/09-unbound-control.tdir/unbound_control.key +++ b/testdata/09-unbound-control.tdir/unbound_control.key @@ -1,15 +1,39 @@ -----BEGIN RSA PRIVATE KEY----- -MIICXAIBAAKBgQDD6DogNCsSeEa1u99+6PUVbGzjMzzei9MIK6s94+zcpp7OAOBa -rzPA0vlyuNtUsEN3qwPomQQQmIgbT7OXkzC1wqioxwa609xoL8oW/I7e336rEyvH -ST6JwUdIg0Lzg/USJ81eTwMnzYSd4Bpsqr9eP33ubaR7Gh/6o76loLOlcQIDAQAB -AoGAFT3e35MIgI4uDJJ8X0RfHp2NCO2LUg4TKbWical/C0W9vlR1/x80G1pE1d2Z -WotqJVWTrOq6eBox19RCgtLg2wPGk9uD62+9SDT37heWFlUCElWq50pQG6k9ThiG -DDypkZyZ/52+DdWybiaQJkuK6O5qQXuNAtVJMpghu4GnHAECQQDsupnZUQDpapzr -4FC4MSkL2+A1PRt6g4VhwoqOpJXaHfVnH6F7AwUuOLNwGdR5Cvv70pfJ7Jqg8L2m -Kxyl5bORAkEA09rn34YQ0pHJdHidbl2kInIuYTz09+TO3LWwan17nISH9aaYvVDr -p9x1B4Qzw9qyxT9oll7ze/5Rw/7C3AQj4QJAT2B2a+b8bkgAXBs4FbruL3rHoDJg -P2FQXSpVOWU4lg2LlsuFYvDtUMVUbZdLplanjZXcral3Y9W1Ub2M+ped8QJAYQN+ -aRpge7ys7vwIw7B36Bo3aOncF+ScYe+FkM5Tm7II/JHEofT7ZQwMP1vnxIlSkgbe -YvWqNB6a3NC99LikoQJBAM4UhDdRg63Tr6Idky6CQaH///zAN7nArJfffKGWFdw9 -DKrWpNqvYZtX/cfEJucKcRCm5YL8CKFYbQy4VoCxUcE= +MIIG4gIBAAKCAYEAstEp+Pyh8XGrtZ77A4FhYjvbeB3dMa7Q2rGWxobzlA9przhA +1aChAvUtCOAuM+rB6NTNB8YWfZJbQHawyMNpmC77cg6vXLYCGUQHZyAqidN049RJ +F5T7j4N8Vniv17LiRdr0S6swy4PRvEnIPPV43EQHZqC5jVvHsKkhIfmBF/Dj5TXR +ypeawWV/m5jeU6/4HRYMfytBZdO1mPXuWLh0lgbQ4SCbgrOUVD3rniMk1yZIbQOm +vlDHYqekjDb/vOW2KxUQLG04aZMJ1mWfdbwG0CKQkSjISEDZ1l76vhM6mTM0fwXb +IvyFZ9yPPCle1mF5aSlxS2cmGuGVSRQaw8XF9fe3a9ACJJTr33HdSpyaZkKRAUzL +cKqLCl323daKv3NwwAT03Tj4iQM416ASMoiyfFa/2GWTKQVjddu8Crar7tGaf5xr +lig4DBmrBvdYA3njy72/RD71hLwmlRoCGU7dRuDr9O6KASUm1Ri91ONZ/qdjMvov +15l2vj4GV+KXR00dAgMBAAECggGAHepIL1N0dEQkCdpy+/8lH54L9WhpnOo2HqAf +LU9eaKK7d4jdr9+TkD8cLaPzltPrZNxVALvu/0sA4SP6J1wpyj/x6P7z73qzly5+ +Xo5PD4fEwmi9YaiW/UduAblnEZrnp/AddptJKoL/D5T4XtpiQddPtael4zQ7kB57 +YIexRSQTvEDovA/o3/nvA0TrzOxfgd4ycQP3iOWGN/TMzyLsvjydrUwbOB567iz9 +whL3Etdgvnwh5Sz2blbFfH+nAR8ctvFFz+osPvuIVR21VMEI6wm7kTpSNnQ6sh/c +lrLb/bTADn4g7z/LpIZJ+MrLvyEcoqValrLYeFBhM9CV8woPxvkO2P3pU47HVGax +tC7GV6a/kt5RoKFd/TNdiA3OC7NGZtaeXv9VkPf4fVwBtSO9d5ZZXTGEynDD/rUQ +U4KFJe6OD23APjse08HiiKqTPhsOneOONU67iqoaTdIkT2R4EdlkVEDpXVtWb+G9 +Q+IqYzVljlzuyHrhWXLJw/FMa2aBAoHBAOnZbi4gGpH+P6886WDWVgIlTccuXoyc +Mg9QQYk9UDeXxL0AizR5bZy49Sduegz9vkHpAiZARQsUnizHjZ8YlRcrmn4t6tx3 +ahTIKAjdprnxJfYINM580j8CGbXvX5LhIlm3O267D0Op+co3+7Ujy+cjsIuFQrP+ +1MqMgXSeBjzC1APivmps7HeFE+4w0k2PfN5wSMDNCzLo99PZuUG5XZ93OVOS5dpN +b+WskdcD8NOoJy/X/5A08veEI/jYO/DyqQKBwQDDwUQCOWf41ecvJLtBHKmEnHDz +ftzHino9DRKG8a9XaN4rmetnoWEaM2vHGX3pf3mwH+dAe8vJdAQueDhBKYeEpm6C +TYNOpou1+Zs5s99BilCTNYo8fkMOAyqwRwmz9zgHS6QxXuPwsghKefLJGt6o6RFF +tfWVTfLlYJ+I3GQe3ySsk3wjVz4oUTKiyiq5+KzD+HhEkS7u+RQ7Z0ZI2xd2cF8Y +aN2hjKDpcOiFf3CDoqka5D1qMNLgIHO52AHww1UCgcA1h7o7AMpURRka6hyaODY0 +A4oMYEbwdQjYjIyT998W+rzkbu1us6UtzQEBZ760npkgyU/epbOoV63lnkCC/MOU +LD0PST+L/CHiY/cWIHb79YG1EifUZKpUFg0Aoq0EGFkepF0MefGCkbRGYA5UZr9U +R80wAu9D+L+JJiS0J0BSRF74DL196zUuHt5zFeXuLzxsRtPAnq9DliS08BACRYZy +7H3I7cWD9Vn5/0jbKWHFcaaWwyETR6uekTcSzZzbCRECgcBeoE3/xUA9SSk34Mmj +7/cB4522Ft0imA3+9RK/qJTZ7Bd5fC4PKjOGNtUiqW/0L2rjeIiQ40bfWvWqgPKw +jSK1PL6uvkl6+4cNsFsYyZpiVDoe7wKju2UuoNlB3RUTqa2r2STFuNj2wRjA57I1 +BIgdnox65jqQsd14g/yaa+75/WP9CE45xzKEyrtvdcqxm0Pod3OrsYK+gikFjiar +kT0GQ8u0QPzh2tjt/2ZnIfOBrl+QYERP0MofDZDjhUdq2wECgcB0Lu841+yP5cdR +qbJhXO4zJNh7oWNcJlOuQp3ZMNFrA1oHpe9pmLukiROOy01k9WxIMQDzU5GSqRv3 +VLkYOIcbhJ3kClKAcM3j95SkKbU2H5/RENb3Ck52xtl4pNU1x/3PnVFZfDVuuHO9 +MZ9YBcIeK98MyP2jr5JtFKnOyPE7xKq0IHIhXadpbc2wjje5FtZ1cUtMyEECCXNa +C1TpXebHGyXGpY9WdWXhjdE/1jPvfS+uO5WyuDpYPr339gsdq1g= -----END RSA PRIVATE KEY----- diff --git a/testdata/09-unbound-control.tdir/unbound_control.pem b/testdata/09-unbound-control.tdir/unbound_control.pem index 8f1ba87f1cdd..a1edf7017f1d 100644 --- a/testdata/09-unbound-control.tdir/unbound_control.pem +++ b/testdata/09-unbound-control.tdir/unbound_control.pem @@ -1,11 +1,22 @@ -----BEGIN CERTIFICATE----- -MIIBozCCAQwCCQD6XaN6FzW/4DANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwd1 -bmJvdW5kMB4XDTA4MDkxMTA5MDk0MFoXDTI4MDUyOTA5MDk0MFowGjEYMBYGA1UE -AxMPdW5ib3VuZC1jb250cm9sMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDD -6DogNCsSeEa1u99+6PUVbGzjMzzei9MIK6s94+zcpp7OAOBarzPA0vlyuNtUsEN3 -qwPomQQQmIgbT7OXkzC1wqioxwa609xoL8oW/I7e336rEyvHST6JwUdIg0Lzg/US -J81eTwMnzYSd4Bpsqr9eP33ubaR7Gh/6o76loLOlcQIDAQABMA0GCSqGSIb3DQEB -BQUAA4GBAGFAXmaQHuFgAuc6HVhYZJdToxLBhfxGpot4oZNjcb1Cdoz3OL34MU1B -9E5psj2PpGPIi8/RwoqBtAJHJ+J5cWngo03o4ZmdwKNSzaxlp141z/3rUtFqEHEC -iO6gPCT3U7dt6MyC7r6vdMqyW6aldP3CtwD0gQziKAMoj+TAfAcq +MIIDszCCAhsCFGD5193whHQ2bVdzbaQfdf1gc4SkMA0GCSqGSIb3DQEBCwUAMBIx +EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjMwWhcNNDAwMzI1MTMzMjMw +WjAaMRgwFgYDVQQDDA91bmJvdW5kLWNvbnRyb2wwggGiMA0GCSqGSIb3DQEBAQUA +A4IBjwAwggGKAoIBgQCy0Sn4/KHxcau1nvsDgWFiO9t4Hd0xrtDasZbGhvOUD2mv +OEDVoKEC9S0I4C4z6sHo1M0HxhZ9kltAdrDIw2mYLvtyDq9ctgIZRAdnICqJ03Tj +1EkXlPuPg3xWeK/XsuJF2vRLqzDLg9G8Scg89XjcRAdmoLmNW8ewqSEh+YEX8OPl +NdHKl5rBZX+bmN5Tr/gdFgx/K0Fl07WY9e5YuHSWBtDhIJuCs5RUPeueIyTXJkht +A6a+UMdip6SMNv+85bYrFRAsbThpkwnWZZ91vAbQIpCRKMhIQNnWXvq+EzqZMzR/ +Bdsi/IVn3I88KV7WYXlpKXFLZyYa4ZVJFBrDxcX197dr0AIklOvfcd1KnJpmQpEB +TMtwqosKXfbd1oq/c3DABPTdOPiJAzjXoBIyiLJ8Vr/YZZMpBWN127wKtqvu0Zp/ +nGuWKDgMGasG91gDeePLvb9EPvWEvCaVGgIZTt1G4Ov07ooBJSbVGL3U41n+p2My ++i/XmXa+PgZX4pdHTR0CAwEAATANBgkqhkiG9w0BAQsFAAOCAYEAd++Wen6l8Ifj +4h3p/y16PhSsWJWuJ4wdNYy3/GM84S26wGjzlEEwiW76HpH6VJzPOiBAeWnFKE83 +hFyetEIxgJeIPbcs9ZP/Uoh8GZH9tRISBSN9Hgk2Slr9llo4t1H0g/XTgA5HqMQU +9YydlBh43G7Vw3FVwh09OM6poNOGQKNc/tq2/QdKeUMtyBbLWpRmjH5XcCT35fbn +ZiVOUldqSHD4kKrFO4nJYXZyipRbcXybsLiX9GP0GLemc3IgIvOXyJ2RPp06o/SJ +pzlMlkcAfLJaSuEW57xRakhuNK7m051TKKzJzIEX+NFYOVdafFHS8VwGrYsdrFvD +72tMfu+Fu55y3awdWWGc6YlaGogZiuMnJkvQphwgn+5qE/7CGEckoKEsH601rqIZ +muaIc85+nEcHJeijd/ZlBN9zeltjFoMuqTUENgmv8+tUAdVm/UMY9Vjme6b43ydP +uv6DS02+k9z8toxXworLiPr94BGaiGV1NxgwZKLZigYJt/Fi2Qte -----END CERTIFICATE----- diff --git a/testdata/09-unbound-control.tdir/unbound_server.key b/testdata/09-unbound-control.tdir/unbound_server.key index 4256c421dd0d..370a7bbb2f22 100644 --- a/testdata/09-unbound-control.tdir/unbound_server.key +++ b/testdata/09-unbound-control.tdir/unbound_server.key @@ -1,15 +1,39 @@ -----BEGIN RSA PRIVATE KEY----- -MIICWwIBAAKBgQC3F7Jsv2u01pLL9rFnjsMU/IaCFUIz/624DcaE84Z4gjMl5kWA -3axQcqul1wlwSrbKwrony+d9hH/+MX0tZwvl8w3OmhmOAiaQ+SHCsIuOjVwQjX0s -RLB61Pz5+PAiVvnPa9JIYB5QrK6DVEsxIHj8MOc5JKORrnESsFDh6yeMeQIDAQAB -AoGAAuWoGBprTOA8UGfl5LqYkaNxSWumsYXxLMFjC8WCsjN1NbtQDDr1uAwodSZS -6ujzvX+ZTHnofs7y64XC8k34HTOCD2zlW7kijWbT8YjRYFU6o9F5zUGD9RCan0ds -sVscT2psLSzfdsmFAcbmnGdxYkXk2PC1FHtaqExxehralGUCQQDcqrg9uQKXlhQi -XAaPr8SiWvtRm2a9IMMZkRfUWZclPHq6fCWNuUaCD+cTat4wAuqeknAz33VEosw3 -fXGsok//AkEA1GjIHXrOcSlpfVJb6NeOBugjRtZ7ZDT5gbtnMS9ob0qntKV6saaL -CNmJwuD9Q3XkU5j1+uHvYGP2NzcJd2CjhwJACV0hNlVMe9w9fHvFN4Gw6WbM9ViP -0oS6YrJafYNTu5vGZXVxLoNnL4u3NYa6aPUmuZXjNwBLfJ8f5VboZPf6RwJAINd2 -oYA8bSi/A755MX4qmozH74r4Fx1Nuq5UHTm8RwDe/0Javx8F/j9MWpJY9lZDEF3l -In5OebPa/NyInSmW/wJAZuP9aRn0nDBkHYri++1A7NykMiJ/nH0mDECbnk+wxx0S -LwqIetBhxb8eQwMg45+iAH7CHAMQ8BQuF/nFE6eotg== +MIIG5AIBAAKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI +0x41iG32a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+Nqq +GRS7XVQ24vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Z +uh9MDgotaBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8K +WaBe1ca4TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5 +FzUReSXZuTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xP +q6O9UPj4+nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XL +A5UoZgRzXgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP +7kFZSngxdy1+A/bNAgMBAAECggGBALpTOIqQwVg4CFBylL/a8K1IWJTI/I65sklf +XxYL7G7SB2HlEJ//z+E+F0+S4Vlao1vyLQ5QkgE82pAUB8FoMWvY1qF0Y8A5wtm6 +iZSGk4OLK488ZbT8Ii9i+AGKgPe2XbVxsJwj8N4k7Zooqec9hz73Up8ATEWJkRz7 +2u7oMGG4z91E0PULA64dOi3l/vOQe5w/Aa+CwVbAWtI05o7kMvQEBMDJn6C7CByo +MB5op9wueJMnz7PM7hns+U7Dy6oE4ljuolJUy51bDzFWwoM54cRoQqLFNHd8JVQj +WxldCkbfF43iyprlsEcUrTyUjtdA+ZeiG39vg/mtdmgNpGmdupHJZQvSuG8IcVlz +O+eMSeQS1QXPD6Ik8UK4SU0h+zOl8xIWtRrsxQuh4fnTN40udm/YUWl/6gOebsBI +IrVLlKGqJSfB3tMjpCRqdTzJ0dA9keVpkqm2ugZkxEf1+/efq/rFIQ2pUBLCqNTN +qpNqruK8y8FphP30I2uI4Ej2UIB8AQKBwQDd2Yptj2FyDyaXCycsyde0wYkNyzGU +dRnzdibfHnMZwjgTjwAwgIUBVIS8H0/z7ZJQKN7osJfddMrtjJtYYUk9g/dCpHXs +bNh2QSoWah3FdzNGuWd0iRf9+LFxhjAAMo/FS8zFJAJKrFsBdCGTfFUMdsLC0bjr +YjiWBuvV72uKf8XIZX5KIZruKdWBBcWukcb21R1UDyFYyXRBsly5XHaIYKZql3km +7pV7MKWO0IYgHbHIqGUqPQlzZ/lkunS1jKECgcEA23wHffD6Ou9/x3okPx2AWpTr +gh8rgqbyo6hQkBW5Y90Wz824cqaYebZDaBR/xlVx/YwjKkohv8Bde2lpH/ZxRZ1Z +5Sk2s6GJ/vU0L9RsJZgCgj4L6Coal1NMxuZtCXAlnOpiCdxSZgfqbshbTVz30KsG +ZJG361Cua1ScdAHxlZBxT52/1Sm0zRC2hnxL7h4qo7Idmtzs40LAJvYOKekR0pPN +oWeJfra7vgx/jVNvMFWoOoSLpidVO4g+ot4ery6tAoHAdW3rCic1C2zdnmH28Iw+ +s50l8Lk3mz+I5wgJd1zkzCO0DxZIoWPGA3g7cmCYr6N3KRsZMs4W9NAXgjpFGDkW +zYsG3K21BdpvkdjYcFjnPVjlOXB2RIc0vehf9Jl02wXoeCSxVUDEPcaRvWk9RJYx +ZpGOchUU7vNkxHURbIJ4yCzuAi9G8/Jp0dsu+kaV5tufF5SjG5WOrzKjaQsCbdN1 +oqaWMCHRrTvov/Z2C+xwsptFOdN5CSyZzg6hQiI4GMlBAoHAXyb6KINcOEi0YMp3 +BFXJ23tMTnEs78tozcKeipigcsbaqORK3omS+NEnj+uzKUzJyl4CsMbKstK2tFYS +mSTCHqgE3PBtIpsZtEqhgUraR8IK9GPpzZDTTl9ynZgwFTNlWw3RyuyVXF56J+T8 +kCGJ3hEHCHqT/ZRQyX85BKIDFhA0z4tYKxWVqIFiYBNq56R0X9tMMmMs36mEnF93 +7Ht6mowxTZQRa7nU0qOgeKh/P7ki4Zus3y+WJ+T9IqahLtlRAoHBAIhqMrcxSAB8 +RpB9jukJlAnidw2jCMPgrFE8tP0khhVvGrXMldxAUsMKntDIo8dGCnG1KTcWDI0O +jepvSPHSsxVLFugL79h0eVIS5z4huW48i9xgU8VlHdgAcgEPIAOFcOw2BCu/s0Vp +O+MM/EyUOdo3NsibB3qc/GJI6iNBYS7AljYEVo6rXo5V/MZvZUF4vClen6Obzsre +MTTb+4sJjfqleWuvr1XNMeu2mBfXBQkWGZP1byBK0MvD/aQ2PWq92A== -----END RSA PRIVATE KEY----- diff --git a/testdata/09-unbound-control.tdir/unbound_server.pem b/testdata/09-unbound-control.tdir/unbound_server.pem index aeda3ff11882..986807310f2b 100644 --- a/testdata/09-unbound-control.tdir/unbound_server.pem +++ b/testdata/09-unbound-control.tdir/unbound_server.pem @@ -1,11 +1,22 @@ -----BEGIN CERTIFICATE----- -MIIBmzCCAQQCCQDsNJ1UmphEFzANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwd1 -bmJvdW5kMB4XDTA4MDkxMTA5MDk0MFoXDTI4MDUyOTA5MDk0MFowEjEQMA4GA1UE -AxMHdW5ib3VuZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtxeybL9rtNaS -y/axZ47DFPyGghVCM/+tuA3GhPOGeIIzJeZFgN2sUHKrpdcJcEq2ysK6J8vnfYR/ -/jF9LWcL5fMNzpoZjgImkPkhwrCLjo1cEI19LESwetT8+fjwIlb5z2vSSGAeUKyu -g1RLMSB4/DDnOSSjka5xErBQ4esnjHkCAwEAATANBgkqhkiG9w0BAQUFAAOBgQAZ -9N0lnLENs4JMvPS+mn8C5m9bkkFITd32IiLjf0zgYpIUbFXH6XaEr9GNZBUG8feG -l/6WRXnbnVSblI5odQ4XxGZ9inYY6qtW30uv76HvoKp+QZ1c3460ddR8NauhcCHH -Z7S+QbLXi+r2JAhpPozZCjBHlRD0ixzA1mKQTJhJZg== +MIIDqzCCAhMCFBHWXeQ6ZIa9QcQbXLFfC6tj+KA+MA0GCSqGSIb3DQEBCwUAMBIx +EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjI5WhcNNDAwMzI1MTMzMjI5 +WjASMRAwDgYDVQQDDAd1bmJvdW5kMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIB +igKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI0x41iG32 +a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+NqqGRS7XVQ2 +4vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Zuh9MDgot +aBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8KWaBe1ca4 +TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5FzUReSXZ +uTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xPq6O9UPj4 ++nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XLA5UoZgRz +XgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP7kFZSngx +dy1+A/bNAgMBAAEwDQYJKoZIhvcNAQELBQADggGBABunf93MKaCUHiZgnoOTinsW +84/EgInrgtKzAyH+BhnKkJOhhR0kkIAx5d9BpDlaSiRTACFon9moWCgDIIsK/Ar7 +JE0Kln9cV//wiiNoFU0O4mnzyGUIMvlaEX6QHMJJQYvL05+w/3AAcf5XmMJtR5ca +fJ8FqvGC34b2WxX9lTQoyT52sRt+1KnQikiMEnEyAdKktMG+MwKsFDdOwDXyZhZg +XZhRrfX3/NVJolqB6EahjWIGXDeKuSSKZVtCyib6LskyeMzN5lcRfvubKDdlqFVF +qlD7rHBsKhQUWK/IO64mGf7y/de+CgHtED5vDvr/p2uj/9sABATfbrOQR3W/Of25 +sLBj4OEfrJ7lX8hQgFaxkMI3x6VFT3W8dTCp7xnQgb6bgROWB5fNEZ9jk/gjSRmD +yIU+r0UbKe5kBk/CmZVFXL2TyJ92V5NYEQh8V4DGy19qZ6u/XKYyNJL4ocs35GGe +CA8SBuyrmdhx38h1RHErR2Skzadi1S7MwGf1y431fQ== -----END CERTIFICATE----- diff --git a/testdata/10-unbound-anchor.tdir/keys/test_cert.pem b/testdata/10-unbound-anchor.tdir/keys/test_cert.pem index 6e588a4abc8f..1db9680cb303 100644 --- a/testdata/10-unbound-anchor.tdir/keys/test_cert.pem +++ b/testdata/10-unbound-anchor.tdir/keys/test_cert.pem @@ -1,15 +1,15 @@ -----BEGIN CERTIFICATE----- -MIICWTCCAYKgAwIBAgIJAN5YIkuCvJf5MA0GCSqGSIb3DQEBBQUAMCYxDjAMBgNV -BAMTBXBldGFsMRQwEgYJKoZIhvcNAQkBFgVwZXRhbDAeFw0xMzAxMTcxMTUyNDVa -Fw0zMjEwMDQxMTUyNDVaMCYxDjAMBgNVBAMTBXBldGFsMRQwEgYJKoZIhvcNAQkB -FgVwZXRhbDCB3zANBgkqhkiG9w0BAQEFAAOBzQAwgckCgcEAuPBoYZiFOuk2SnN0 -IsheC+W7JvAJcv8tksyz/hgAnqStDnDrQ4trF607aCQ7xjj2fSAqpiMvLv0P3Ctu -rcTRHmRXApS3GBf1PjWqoxMK8JBxCIHN4PKpyq4czOtSPH6AFlU+3KsRRwymLgpT -SE15NYv/2M6Z3/cL1SkOdVvVDrZv1gO4OCAxwrgI6HMsjQtwe16mGsBQzrHTCOGV -u4QtISEUDrwZL272PFsZrEpHXd9LtSpqCEoOMujr54pKxBEJAgMBAAGjDzANMAsG -A1UdDwQEAwIChDANBgkqhkiG9w0BAQUFAAOBwQCaA3ys5hDPMNV1oXIxH6u2KfAX -C9tYJId/SR0x8whsZuNaSEZAgImdM5dnyWdjey8Pio772E9/F2aUBGFkdadZx4My -d7hBfEi/NECEKs86k9g0ijbin41NKtnajb6GwyNQ9vDx7Z5FS8BZ3CD0BZIdCQUE -gKuDSWBROQU3tqrjdk2QTwGQkj2mgzT871Jn1MwZw0mczPjS1y469Ejym8wi3uCd -EboDOoGBCpmUQbxBv6JI75cUCdmNNEwjQjZ0XQw= +MIICZDCCAY2gAwIBAgIURC8vM7SbxPTMmosTyBzLlqxgsUAwDQYJKoZIhvcNAQEF +BQAwJjEOMAwGA1UEAwwFcGV0YWwxFDASBgkqhkiG9w0BCQEWBXBldGFsMB4XDTIw +MDcwODE0MDk0MloXDTQwMDMyNTE0MDk0MlowJjEOMAwGA1UEAwwFcGV0YWwxFDAS +BgkqhkiG9w0BCQEWBXBldGFsMIHfMA0GCSqGSIb3DQEBAQUAA4HNADCByQKBwQC4 +8GhhmIU66TZKc3QiyF4L5bsm8Aly/y2SzLP+GACepK0OcOtDi2sXrTtoJDvGOPZ9 +ICqmIy8u/Q/cK26txNEeZFcClLcYF/U+NaqjEwrwkHEIgc3g8qnKrhzM61I8foAW +VT7cqxFHDKYuClNITXk1i//Yzpnf9wvVKQ51W9UOtm/WA7g4IDHCuAjocyyNC3B7 +XqYawFDOsdMI4ZW7hC0hIRQOvBkvbvY8WxmsSkdd30u1KmoISg4y6OvnikrEEQkC +AwEAAaMPMA0wCwYDVR0PBAQDAgKEMA0GCSqGSIb3DQEBBQUAA4HBAHX0rIirg2Rt ++rp7BnR3riq81b0cWm4Y/UUdGmLtbPTJLuZogfLZhb9hf+185ub/8ZbuwuUFaiUY +zEcAjaOlPjBeRbNku1xnAVhlgtCIsCOyI37Ey+65OuJxL+0Rpwsyfh0WuR8SdBE5 +OdJ2DuH2yRkTd2JEsNi+DZVIEeaKwXtLGUvsqYWu0GrnXORwGsezfiLM4uAJW+tp +VA95CKpfS98l1MJIHtlcpffAjfRVZAJnGcXv+P/DtefC8aNukoiqvA== -----END CERTIFICATE----- diff --git a/testdata/10-unbound-anchor.tdir/keys/unbound-control-setup b/testdata/10-unbound-anchor.tdir/keys/unbound-control-setup index 3e593119909c..2492f47b4b5f 100755 --- a/testdata/10-unbound-anchor.tdir/keys/unbound-control-setup +++ b/testdata/10-unbound-anchor.tdir/keys/unbound-control-setup @@ -46,7 +46,7 @@ CLIENTNAME=unbound-anchor DAYS=7200 # size of keys in bits -BITS=1536 +BITS=3072 # hash algorithm HASH=sha1 diff --git a/testdata/10-unbound-anchor.tdir/keys/unbound_control.key b/testdata/10-unbound-anchor.tdir/keys/unbound_control.key index 47d15dd3707f..68b514f839d5 100644 --- a/testdata/10-unbound-anchor.tdir/keys/unbound_control.key +++ b/testdata/10-unbound-anchor.tdir/keys/unbound_control.key @@ -1,21 +1,39 @@ -----BEGIN RSA PRIVATE KEY----- -MIIDfAIBAAKBwQC2p0MTVVEfvOpaWlI6rLKGxaHfw/4JUxXCwDHRkkyB0hkISRMx -8imB+io0aY2Uck9zl0BTgPaKtFeA0+lukZk75keOuATPFZwbCGs+6Tx5AoN4+NzI -aVay5AuO8E1u6AVdmcAqByP+R92yz5f3T93/cSsYzqPZ6Y1wO9sabtrkGTYwnfMg -nSttyvlBIhRDWbEO+rWL2CCi0JtrnpiK8sa2ysQCq9Y6ZiGjT9PEWIZwkxQ6y5TI -WVtyitoknpDheZcCAwEAAQKBwAgeXSPh2e5ANmZ3t0n2XSUSacSJcKQ3djMm2dAH -4bCvhv9QSDMjIWcumGul+W4Muq1XnrtXcx3tMCqAwNJyVE5OSQX19fjCbCLjd+je -8xop23AoF6As1nazHjRnR/nTBD7QNx2xbaW8RNbaGpTe2G2lpdbg9myRpyqiB8Pk -73x/AQcPqm4SHBJS+kU/Q9k9yZRHGQ/PhYlvAmY0SCndew28Pcs+IdCI32k7e/aP -SCEQvVqKeIiSJ0Zj8RSk8Pz1cQJhANtNsvcEa2V8NxI9yL2zwvBXwoBuU+d9Pszt -Ooqc/kmvU0FV06HgiIPtTSoHLI7Zh9h5Xn4DFGmtS8WeGhwSVCN1iwcW9F2ldgAw -LXcoXjEK21KXYFNAYeo07vul/Ly/yQJhANU3lM8hAqq7FB4R5zgUCcp08FOVA8tl -kEK1JoAdfp6Wv4M2xGJ6tmKcf92r0F8zBDV6oZX/dtPwFzWhBZUi+zaA8PcEqbwt -CJtmM5ycoX6kkkIfXtAVNZiTIYHn01beXwJgQBFA+V03KtzREeku3gzIJILe9bpF -lNlIIYIkmh4nQ8uOnQW/4AjCmRgYdPDHmav/PcSnUFUB/6V6/26i3hSUtA9A4H9a -QIl4IbHxdmA6tEUhsc07fNbQRCXWs3nYjiPRAmEAjDe4MhsYYOUUzs2hTFzJL46F -ucHGtA0/uM7e2eQLsAmdOpJaxhTDOsiGwmXKa8DmJLFX8IgHQkujR850GGbf5DEZ -xqkXYrwO6/tjN7w97EYYNUniFV/NVmBz6bVmY7trAmAvvg7MoBlb/o6nwoCQqnUM -QyjIy9A0t8+KHNMFSQwUldG+HIwiU4/7y2zCqBYJg8NOjrdj/3+73A24rP8wRp15 -zqQCS7mLLWmYx7pWE1ZHN8eY3xGoHmr7LzlB+dzYG+w= +MIIG4gIBAAKCAYEAzDESJ2lpIno7KpSrYBeBshT8H5dbtNF9rVBONsCmwSSqclLR +ixZ62OKrUKMVCEpZ0zj4yZOu3DGTfL9V9pEk3dCD8mFmylidYeLh5GHGMcDVWOzD +VPsnQ9y43KWYeURpGy4QSCxYDb5rrPysleSZwuN5D4lbs/AKdpubAHj6z37Zbrs2 +GjofHp6TaD6ck7jyRXDtqShrnsVXq9U1CadYDOPiE4aZ1TvusRzhhjmDm8GQXalr +tIBJ5j5EcmRamFhONGLshfj5ECZrKo9L17kOd8PyRMaXNfvl2tpx1qtMxmp7FDpb +oGGIzP7F7hyaWMI/zAzkTMAtjGkAJWqHgTbSfvlVul23RLvovM3fD/ZiugBuTWY/ +CRpmN7CQFFV6iFyLGjRp8vV7BojUIQX7is8QTxSqW12SsElMXOuUmcCnuIaoGF4n +AoG6vNLFECtSdLTjQ0uXawIp7dOww4zS8j1/dZzXsVF4G4V7GjeWD8eX7n+HNWoc +3ojjuYzbWfWvLIQbAgMBAAECggGANUTD8KYuOEFc+BHK14mqWxPgZjltQjG4sKMX +lG8T0aVIFgUHB1r492XCvYmd7gi/gDwHo0a0wlromA2uVmGtFXTVR0EjuLv/as7u +kU70jnw47DbwClZu+uQ1EdLdgR1Ysi+FLd7rpcI8gudz+rKlblM7fNMfqkR/5ktX +13q4K7Ny89FBHvx0q99Ao1xaKquAAJ+iUJPr54KiCYDYkkkmzk4Q53kg3qEA9xGK +wCJ29AY+LEELiQ5CuR8baiBGBiJa5QegeThbQox0jBlezNWAMOg1seCchpbZ4tHm +zuM+IRjZ9GRgkxNctQu8nx3Z6QcClpNFW2WfdThI4nzjqvE9C2nQBR+i/a+v0D90 +bX3LbCcPBE5Hr6sdI+pSQ0C3eFOuGZaCdfRxVs6ymWti3STdlMtTgaEOsCswmU0e +DasWVYbezyPHImb34r0/q1ux4BZkxon1AqjLLYOCF5LQ91v868jdwOIITGL3gviN +/TYW0ObbJ3Szav860B9vlGUtG86JAoHBAPNcY2LLCVMWkzrsmkyLL8+MmF1dChsF +/rVt8QIiiStZkV2q3f3F522kVVvH3dYwh6MyzBNPFBAAXHmaY2IjczL3gKWEz0OA +YlKv5+KoEBlRtonJIHSs6GCjdnl6EJ9NyF8NHq/tgpab326Dpb7RyXzMv2EZV5uY +kp3WVqJZONa1xEHYud9SOA7TA3X/7td7bC49b07n0SidH2N93ZZMd+oApjsHx97q +9J1BxCbaJdPX7mK15pPPWD7vPZqsxyeSjQKBwQDWy+hH1jrr26UUAdIq6SgQxPXh +Y2+epVbHGD0UK51Io0rAg0m3Nlaxr28EPc/MLfjwzwPs6cHdM1j1FMqwGCYiO8mw +CV+XqPVDc6Xqzklf+awMqhn71j+M4Y4Dr6K71fXQ9ek5X+9I47I6iuVLOOegLm29 +qSlg/x1fOkQUKnJNQw6aEJmPj7mi6q693E+oa6hzVO160AGe4tAJoidaR7ifwKU1 +ySOhXtugs2I2P7lc07UtkIwftiYS69d1CRE2G0cCgcA41hj4F8dDuoAEQQIAYnl2 +FbX4CCS2Dv5fzR9+iiZTE4YZxDA4dqIIP1sYJmOvBIKJIPH8iHl9CziNxfr0Dqd2 +/crz3UKy1ycffKnBi9LGtwjUwT5tQXy8JTEkSdfb/MSRPnUuTWA0YI8cNm7dVA2k +sgT4XnzRgB6t8kMlg4T80FLXthAjEga5n5qtUmqrtM2dNwfp+8YjoB6Wk+zOj2lq +I2CvZK/PZjxfBd8T29r90O6B603As6o+eI2AtF2G5nkCgcAuhHBkhleyVpoUkCRk +2KOtpgod6rv0npgBfBVWNe/VGFALCyO+wszZpEWlpIFJFbew5xRRjXpHnmQoh30x +z7kKdupB7nW+UX/0QKpxBIXNfDOvdnM0H/0ZVIu97p6OkVKwE2GT5Fvc7DrgBM6N +kOBQx11K0sS8VeOViPfPajXg16Hk6a1n8tdgGfUH9xtlPRN5Dq5zh3KiZzpoq65c +FeY86qqc0FegDfwAfHjLiNdq7ApzuLcv8vGh7WN23CTXE+cCgcAhhnUawfKcOvwh +3+Tt+vX6dBU7x+JVUiaI27zirE4dbKAsNN8MY7hT5pEwYYArtS9szWqmce3VT8dN +t5kJdn0ZLh4tnZcWd8z+xTXjgxgKeSqoUqPjOd9V8f4ceiPeLGnDV/6xPiVdCrHi +/R/fLidzApQKg7kGDyB1IX0gW+9mT24/zD+M52TjRdmYL6E7/1nZlNlr2JWfIdb+ +RLg/+EujuZo36hR59XQVEnvuhZFQ+MQeHC82yP4gjG0ADpLQ3cY= -----END RSA PRIVATE KEY----- diff --git a/testdata/10-unbound-anchor.tdir/keys/unbound_control.pem b/testdata/10-unbound-anchor.tdir/keys/unbound_control.pem index ec7cd7e7814d..e7fe79bc3100 100644 --- a/testdata/10-unbound-anchor.tdir/keys/unbound_control.pem +++ b/testdata/10-unbound-anchor.tdir/keys/unbound_control.pem @@ -1,14 +1,19 @@ -----BEGIN CERTIFICATE----- -MIICNjCCAV8CCQCbt2WrJa/ewzANBgkqhkiG9w0BAQUFADAmMQ4wDAYDVQQDEwVw -ZXRhbDEUMBIGCSqGSIb3DQEJARYFcGV0YWwwHhcNMTMwMTE3MTE1MjQ1WhcNMzIx -MDA0MTE1MjQ1WjAZMRcwFQYDVQQDEw51bmJvdW5kLWFuY2hvcjCB3zANBgkqhkiG -9w0BAQEFAAOBzQAwgckCgcEAtqdDE1VRH7zqWlpSOqyyhsWh38P+CVMVwsAx0ZJM -gdIZCEkTMfIpgfoqNGmNlHJPc5dAU4D2irRXgNPpbpGZO+ZHjrgEzxWcGwhrPuk8 -eQKDePjcyGlWsuQLjvBNbugFXZnAKgcj/kfdss+X90/d/3ErGM6j2emNcDvbGm7a -5Bk2MJ3zIJ0rbcr5QSIUQ1mxDvq1i9ggotCba56YivLGtsrEAqvWOmYho0/TxFiG -cJMUOsuUyFlbcoraJJ6Q4XmXAgMBAAEwDQYJKoZIhvcNAQEFBQADgcEAhc3wYcbD -Uu9Osbu3bhbxLCkhedq/3weEO8RDU3AyB8diioAikagIOb99UeVE3WIds+JIPD6J -mK5UvS+lPR8SEOMRd0H91bEEp1Zn+gHAS/Z7k/x9t38Xk1N0jOnElc6n4vl42KLO -z2laJWcte7YXjzFjaNxP9fsGgEx1vRxcjtpXQWSY+oj+RVm5kRs5WKX5MCyD/p+y -Xitg7/a0ITKbW1GpVwaX6nPaeoze68m3qmy64l080XCna3igbhi3h2ay +MIIDBTCCAi4CFG36qDt2k02biKtMYGtLy9khnP+eMA0GCSqGSIb3DQEBBQUAMCYx +DjAMBgNVBAMMBXBldGFsMRQwEgYJKoZIhvcNAQkBFgVwZXRhbDAeFw0yMDA3MDgx +NDA5NDJaFw00MDAzMjUxNDA5NDJaMBkxFzAVBgNVBAMMDnVuYm91bmQtYW5jaG9y +MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAzDESJ2lpIno7KpSrYBeB +shT8H5dbtNF9rVBONsCmwSSqclLRixZ62OKrUKMVCEpZ0zj4yZOu3DGTfL9V9pEk +3dCD8mFmylidYeLh5GHGMcDVWOzDVPsnQ9y43KWYeURpGy4QSCxYDb5rrPysleSZ +wuN5D4lbs/AKdpubAHj6z37Zbrs2GjofHp6TaD6ck7jyRXDtqShrnsVXq9U1CadY +DOPiE4aZ1TvusRzhhjmDm8GQXalrtIBJ5j5EcmRamFhONGLshfj5ECZrKo9L17kO +d8PyRMaXNfvl2tpx1qtMxmp7FDpboGGIzP7F7hyaWMI/zAzkTMAtjGkAJWqHgTbS +fvlVul23RLvovM3fD/ZiugBuTWY/CRpmN7CQFFV6iFyLGjRp8vV7BojUIQX7is8Q +TxSqW12SsElMXOuUmcCnuIaoGF4nAoG6vNLFECtSdLTjQ0uXawIp7dOww4zS8j1/ +dZzXsVF4G4V7GjeWD8eX7n+HNWoc3ojjuYzbWfWvLIQbAgMBAAEwDQYJKoZIhvcN +AQEFBQADgcEAPz9Iw956A8piiC5y3hJXAEJ0JYdNrpsgdj7n6iAXRU2EY+juzcKU +D+zcNEcebQJJxayr4eEMfUOUO1wH5uPkWBhKOC/qm6T6i/+/xNsksOeHm12G4/vH +VYPXTxMS+K+mz5HLmLcR0kuQMnCK22FFQj86fhr2vHBGHqINR6MxwvLCES37FWvr +qVZSseK6/6IwRgsjN101JUpaSnM88cMDpuUcqQrAbSSBRKDvjYMkcYcYuvchab26 +G0jEU4KgxaOs -----END CERTIFICATE----- diff --git a/testdata/10-unbound-anchor.tdir/keys/unbound_server.key b/testdata/10-unbound-anchor.tdir/keys/unbound_server.key index 6614e498fcd2..370a7bbb2f22 100644 --- a/testdata/10-unbound-anchor.tdir/keys/unbound_server.key +++ b/testdata/10-unbound-anchor.tdir/keys/unbound_server.key @@ -1,21 +1,39 @@ -----BEGIN RSA PRIVATE KEY----- -MIIDfQIBAAKBwQC1xQ/Kca6zszZbcCtdOTIH2Uy2gOy/DfabMUU7TmNPm0dVE0NJ -RuN+Rm304SonpwghfP2/ULZNnuDgpG03/32yI7k/VzG6iA4hiF7tT/KAAWC/+2l1 -QCsawCV2bSrFK0VhcZr7ALqXd8vkDaQ867K029ypjOQtAJ85qdO3mERy7TGtdUcu -O6hLeVet419YeQ2F8cfNxn63d7bOzNGLPW5xwaCd3UcgD+Ib0k4xfFvbinvPQUeU -J/i4YDWexFYSL+ECAwEAAQKBwCLXXQl+9O+5AEhSnd1Go1Jh0pSA7eBJOuXQcebG -Rb7ykp+6C4G2NtDziwwPRNdI6wQQQ0sym18RfyVQHydGr78/nbiIbB3HCn5e92Mh -mefzW6ow9Kvm2txLzGKA1lvoyRbNm81jnG/eygi3u7Nqd5PNv+4dHj2RkTlmxOeh -qnDMVP5md8uZPv6lYNnrnIzvLCR5vnPNdVwn89AqzI85IcDZdy0R9ZX4NBbsDgAU -6ig6uXuRXvSGiyJ/OUXSrnogaQJhAOjvkHUhVZQkPOxO90TNH4j0GdKKtbSWxIdz -lKfuJeBAEqs0TL+C6vbS81Xw3W1alyDdUBk3rJMOBqW6Ryq5HNL+j5H+Jfsh7fvc -Yle+5wHGci0P9zCFZCrY8It7n9XFIwJhAMfEi6oJa2G8waPJ1bQhxka82Tf9pnKM -XCn/1BBOFjVIx5F842cpA+zp5a62GENTGYPQTTRBB/2/ZwnW5aIkrlg54AtmbqBZ -Oh+2kJdJQD/tfoVmc5soUE2ScTHadK5RKwJhAN4w9kjkXS+MSZjX0kIMsBIBVkhh -C+aREjJqa9ir7/Ey7RvmLXdYuCxtGLRXp7/R8+rjcK49Tx6O+IRJZe042mfhbq3C -EhS1Tr86f4xXix9EXlDhs9bSxrOgcAN9Dv/opQJhAK7eBcPaav0rVfYh/8emqQHS -3fJ9Pu6WnzbEksWTFS2ff9KDGCx9YspIFJ5TF/oXDAaumGZdZrlgirm6O1kr8tGY -F97i04PZl1+bWAaWQH+1TUNI43m2WFUPE7coG2tb8QJgcddDg9VlXliZqgcETZfJ -kJmYETxrcSn3ao6v116N8yxhEgUgjkmsCTiFgx36iDVnXwK6PIt+sIu8MC7eYNa3 -berrv/M21K0LRn20IWRxvUobG070weHCAgkko7fTWgr2 +MIIG5AIBAAKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI +0x41iG32a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+Nqq +GRS7XVQ24vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Z +uh9MDgotaBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8K +WaBe1ca4TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5 +FzUReSXZuTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xP +q6O9UPj4+nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XL +A5UoZgRzXgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP +7kFZSngxdy1+A/bNAgMBAAECggGBALpTOIqQwVg4CFBylL/a8K1IWJTI/I65sklf +XxYL7G7SB2HlEJ//z+E+F0+S4Vlao1vyLQ5QkgE82pAUB8FoMWvY1qF0Y8A5wtm6 +iZSGk4OLK488ZbT8Ii9i+AGKgPe2XbVxsJwj8N4k7Zooqec9hz73Up8ATEWJkRz7 +2u7oMGG4z91E0PULA64dOi3l/vOQe5w/Aa+CwVbAWtI05o7kMvQEBMDJn6C7CByo +MB5op9wueJMnz7PM7hns+U7Dy6oE4ljuolJUy51bDzFWwoM54cRoQqLFNHd8JVQj +WxldCkbfF43iyprlsEcUrTyUjtdA+ZeiG39vg/mtdmgNpGmdupHJZQvSuG8IcVlz +O+eMSeQS1QXPD6Ik8UK4SU0h+zOl8xIWtRrsxQuh4fnTN40udm/YUWl/6gOebsBI +IrVLlKGqJSfB3tMjpCRqdTzJ0dA9keVpkqm2ugZkxEf1+/efq/rFIQ2pUBLCqNTN +qpNqruK8y8FphP30I2uI4Ej2UIB8AQKBwQDd2Yptj2FyDyaXCycsyde0wYkNyzGU +dRnzdibfHnMZwjgTjwAwgIUBVIS8H0/z7ZJQKN7osJfddMrtjJtYYUk9g/dCpHXs +bNh2QSoWah3FdzNGuWd0iRf9+LFxhjAAMo/FS8zFJAJKrFsBdCGTfFUMdsLC0bjr +YjiWBuvV72uKf8XIZX5KIZruKdWBBcWukcb21R1UDyFYyXRBsly5XHaIYKZql3km +7pV7MKWO0IYgHbHIqGUqPQlzZ/lkunS1jKECgcEA23wHffD6Ou9/x3okPx2AWpTr +gh8rgqbyo6hQkBW5Y90Wz824cqaYebZDaBR/xlVx/YwjKkohv8Bde2lpH/ZxRZ1Z +5Sk2s6GJ/vU0L9RsJZgCgj4L6Coal1NMxuZtCXAlnOpiCdxSZgfqbshbTVz30KsG +ZJG361Cua1ScdAHxlZBxT52/1Sm0zRC2hnxL7h4qo7Idmtzs40LAJvYOKekR0pPN +oWeJfra7vgx/jVNvMFWoOoSLpidVO4g+ot4ery6tAoHAdW3rCic1C2zdnmH28Iw+ +s50l8Lk3mz+I5wgJd1zkzCO0DxZIoWPGA3g7cmCYr6N3KRsZMs4W9NAXgjpFGDkW +zYsG3K21BdpvkdjYcFjnPVjlOXB2RIc0vehf9Jl02wXoeCSxVUDEPcaRvWk9RJYx +ZpGOchUU7vNkxHURbIJ4yCzuAi9G8/Jp0dsu+kaV5tufF5SjG5WOrzKjaQsCbdN1 +oqaWMCHRrTvov/Z2C+xwsptFOdN5CSyZzg6hQiI4GMlBAoHAXyb6KINcOEi0YMp3 +BFXJ23tMTnEs78tozcKeipigcsbaqORK3omS+NEnj+uzKUzJyl4CsMbKstK2tFYS +mSTCHqgE3PBtIpsZtEqhgUraR8IK9GPpzZDTTl9ynZgwFTNlWw3RyuyVXF56J+T8 +kCGJ3hEHCHqT/ZRQyX85BKIDFhA0z4tYKxWVqIFiYBNq56R0X9tMMmMs36mEnF93 +7Ht6mowxTZQRa7nU0qOgeKh/P7ki4Zus3y+WJ+T9IqahLtlRAoHBAIhqMrcxSAB8 +RpB9jukJlAnidw2jCMPgrFE8tP0khhVvGrXMldxAUsMKntDIo8dGCnG1KTcWDI0O +jepvSPHSsxVLFugL79h0eVIS5z4huW48i9xgU8VlHdgAcgEPIAOFcOw2BCu/s0Vp +O+MM/EyUOdo3NsibB3qc/GJI6iNBYS7AljYEVo6rXo5V/MZvZUF4vClen6Obzsre +MTTb+4sJjfqleWuvr1XNMeu2mBfXBQkWGZP1byBK0MvD/aQ2PWq92A== -----END RSA PRIVATE KEY----- diff --git a/testdata/10-unbound-anchor.tdir/keys/unbound_server.pem b/testdata/10-unbound-anchor.tdir/keys/unbound_server.pem index 19c8b895ba86..986807310f2b 100644 --- a/testdata/10-unbound-anchor.tdir/keys/unbound_server.pem +++ b/testdata/10-unbound-anchor.tdir/keys/unbound_server.pem @@ -1,14 +1,22 @@ -----BEGIN CERTIFICATE----- -MIICFzCCAUACCQDO660L5y5LGDANBgkqhkiG9w0BAQUFADAQMQ4wDAYDVQQDEwVw -ZXRhbDAeFw0xMDA5MzAxMzQzMDFaFw0zMDA2MTcxMzQzMDFaMBAxDjAMBgNVBAMT -BXBldGFsMIHfMA0GCSqGSIb3DQEBAQUAA4HNADCByQKBwQC1xQ/Kca6zszZbcCtd -OTIH2Uy2gOy/DfabMUU7TmNPm0dVE0NJRuN+Rm304SonpwghfP2/ULZNnuDgpG03 -/32yI7k/VzG6iA4hiF7tT/KAAWC/+2l1QCsawCV2bSrFK0VhcZr7ALqXd8vkDaQ8 -67K029ypjOQtAJ85qdO3mERy7TGtdUcuO6hLeVet419YeQ2F8cfNxn63d7bOzNGL -PW5xwaCd3UcgD+Ib0k4xfFvbinvPQUeUJ/i4YDWexFYSL+ECAwEAATANBgkqhkiG -9w0BAQUFAAOBwQBBkX9KDP2RXbg+xPmdJ4P6CwvA5x1LZwC++ydVx4NlvT0pWicD -ZUnXjcWAJlkeOuUBAqFG7WHTrXpUUAjmdqFVq2yFjteUYBdrFz0RDB2jM9feeKYO -mTgxdZyT9a6humxCxt5VfgT02axLjm/2AqCyFPMbf4PASoJDln01AEuZLZ8Xl2gV -bYHMnHTGoD1Hu6FNEzRgkMC6XT8X3YjHvzQhpc/qL5wEfEsinQGdX4twsuWbf8xd -q7miNnkO8vd0maw= +MIIDqzCCAhMCFBHWXeQ6ZIa9QcQbXLFfC6tj+KA+MA0GCSqGSIb3DQEBCwUAMBIx +EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjI5WhcNNDAwMzI1MTMzMjI5 +WjASMRAwDgYDVQQDDAd1bmJvdW5kMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIB +igKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI0x41iG32 +a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+NqqGRS7XVQ2 +4vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Zuh9MDgot +aBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8KWaBe1ca4 +TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5FzUReSXZ +uTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xPq6O9UPj4 ++nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XLA5UoZgRz +XgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP7kFZSngx +dy1+A/bNAgMBAAEwDQYJKoZIhvcNAQELBQADggGBABunf93MKaCUHiZgnoOTinsW +84/EgInrgtKzAyH+BhnKkJOhhR0kkIAx5d9BpDlaSiRTACFon9moWCgDIIsK/Ar7 +JE0Kln9cV//wiiNoFU0O4mnzyGUIMvlaEX6QHMJJQYvL05+w/3AAcf5XmMJtR5ca +fJ8FqvGC34b2WxX9lTQoyT52sRt+1KnQikiMEnEyAdKktMG+MwKsFDdOwDXyZhZg +XZhRrfX3/NVJolqB6EahjWIGXDeKuSSKZVtCyib6LskyeMzN5lcRfvubKDdlqFVF +qlD7rHBsKhQUWK/IO64mGf7y/de+CgHtED5vDvr/p2uj/9sABATfbrOQR3W/Of25 +sLBj4OEfrJ7lX8hQgFaxkMI3x6VFT3W8dTCp7xnQgb6bgROWB5fNEZ9jk/gjSRmD +yIU+r0UbKe5kBk/CmZVFXL2TyJ92V5NYEQh8V4DGy19qZ6u/XKYyNJL4ocs35GGe +CA8SBuyrmdhx38h1RHErR2Skzadi1S7MwGf1y431fQ== -----END CERTIFICATE----- diff --git a/testdata/autotrust_10key.rpl b/testdata/autotrust_10key.rpl index 22cd5368141b..8e4ab5a18a4a 100644 --- a/testdata/autotrust_10key.rpl +++ b/testdata/autotrust_10key.rpl @@ -106,7 +106,6 @@ www.example.com. IN A SECTION ANSWER www.example.com. IN A 10.20.30.40 ENTRY_END -RANGE_END RANGE_END diff --git a/testdata/autotrust_revtp.rpl b/testdata/autotrust_revtp.rpl index 4ed113f7444a..ec3eeaa4d93d 100644 --- a/testdata/autotrust_revtp.rpl +++ b/testdata/autotrust_revtp.rpl @@ -97,7 +97,6 @@ www.example.com. IN A SECTION ANSWER www.example.com. IN A 10.20.30.40 ENTRY_END -RANGE_END RANGE_END diff --git a/testdata/autotrust_revtp_read.rpl b/testdata/autotrust_revtp_read.rpl index cd48a6339888..7428f7aae4e8 100644 --- a/testdata/autotrust_revtp_read.rpl +++ b/testdata/autotrust_revtp_read.rpl @@ -85,7 +85,6 @@ www.example.com. IN A SECTION ANSWER www.example.com. IN A 10.20.30.40 ENTRY_END -RANGE_END RANGE_END diff --git a/testdata/black_data.rpl b/testdata/black_data.rpl index de6f57ec1158..e6ef1b79d61c 100644 --- a/testdata/black_data.rpl +++ b/testdata/black_data.rpl @@ -8,6 +8,7 @@ server: fake-sha1: yes trust-anchor-signaling: no minimal-responses: no + rrset-roundrobin: no stub-zone: name: "." diff --git a/testdata/black_prime.rpl b/testdata/black_prime.rpl index 7e73f32f39ab..fbe92a721423 100644 --- a/testdata/black_prime.rpl +++ b/testdata/black_prime.rpl @@ -8,6 +8,7 @@ server: fake-sha1: yes trust-anchor-signaling: no minimal-responses: no + rrset-roundrobin: no stub-zone: name: "." diff --git a/testdata/ctrl_itr.tdir/unbound_control.key b/testdata/ctrl_itr.tdir/unbound_control.key index d7c43a06bb58..753a4ef6162e 100644 --- a/testdata/ctrl_itr.tdir/unbound_control.key +++ b/testdata/ctrl_itr.tdir/unbound_control.key @@ -1,15 +1,39 @@ -----BEGIN RSA PRIVATE KEY----- -MIICXAIBAAKBgQDD6DogNCsSeEa1u99+6PUVbGzjMzzei9MIK6s94+zcpp7OAOBa -rzPA0vlyuNtUsEN3qwPomQQQmIgbT7OXkzC1wqioxwa609xoL8oW/I7e336rEyvH -ST6JwUdIg0Lzg/USJ81eTwMnzYSd4Bpsqr9eP33ubaR7Gh/6o76loLOlcQIDAQAB -AoGAFT3e35MIgI4uDJJ8X0RfHp2NCO2LUg4TKbWical/C0W9vlR1/x80G1pE1d2Z -WotqJVWTrOq6eBox19RCgtLg2wPGk9uD62+9SDT37heWFlUCElWq50pQG6k9ThiG -DDypkZyZ/52+DdWybiaQJkuK6O5qQXuNAtVJMpghu4GnHAECQQDsupnZUQDpapzr -4FC4MSkL2+A1PRt6g4VhwoqOpJXaHfVnH6F7AwUuOLNwGdR5Cvv70pfJ7Jqg8L2m -Kxyl5bORAkEA09rn34YQ0pHJdHidbl2kInIuYTz09+TO3LWwan17nISH9aaYvVDr -p9x1B4Qzw9qyxT9oll7ze/5Rw/7C3AQj4QJAT2B2a+b8bkgAXBs4FbruL3rHoDJg -P2FQXSpVOWU4lg2LlsuFYvDtUMVUbZdLplanjZXcral3Y9W1Ub2M+ped8QJAYQN+ -aRpge7ys7vwIw7B36Bo3aOncF+ScYe+FkM5Tm7II/JHEofT7ZQwMP1vnxIlSkgbe -YvWqNB6a3NC99LikoQJBAM4UhDdRg63Tr6Idky6CQaH///zAN7nArJfffKGWFdw9 -DKrWpNqvYZtX/cfEJucKcRCm5YL8CKFYbQy4VoCxUcE= +MIIG4gIBAAKCAYEAstEp+Pyh8XGrtZ77A4FhYjvbeB3dMa7Q2rGWxobzlA9przhA +1aChAvUtCOAuM+rB6NTNB8YWfZJbQHawyMNpmC77cg6vXLYCGUQHZyAqidN049RJ +F5T7j4N8Vniv17LiRdr0S6swy4PRvEnIPPV43EQHZqC5jVvHsKkhIfmBF/Dj5TXR +ypeawWV/m5jeU6/4HRYMfytBZdO1mPXuWLh0lgbQ4SCbgrOUVD3rniMk1yZIbQOm +vlDHYqekjDb/vOW2KxUQLG04aZMJ1mWfdbwG0CKQkSjISEDZ1l76vhM6mTM0fwXb +IvyFZ9yPPCle1mF5aSlxS2cmGuGVSRQaw8XF9fe3a9ACJJTr33HdSpyaZkKRAUzL +cKqLCl323daKv3NwwAT03Tj4iQM416ASMoiyfFa/2GWTKQVjddu8Crar7tGaf5xr +lig4DBmrBvdYA3njy72/RD71hLwmlRoCGU7dRuDr9O6KASUm1Ri91ONZ/qdjMvov +15l2vj4GV+KXR00dAgMBAAECggGAHepIL1N0dEQkCdpy+/8lH54L9WhpnOo2HqAf +LU9eaKK7d4jdr9+TkD8cLaPzltPrZNxVALvu/0sA4SP6J1wpyj/x6P7z73qzly5+ +Xo5PD4fEwmi9YaiW/UduAblnEZrnp/AddptJKoL/D5T4XtpiQddPtael4zQ7kB57 +YIexRSQTvEDovA/o3/nvA0TrzOxfgd4ycQP3iOWGN/TMzyLsvjydrUwbOB567iz9 +whL3Etdgvnwh5Sz2blbFfH+nAR8ctvFFz+osPvuIVR21VMEI6wm7kTpSNnQ6sh/c +lrLb/bTADn4g7z/LpIZJ+MrLvyEcoqValrLYeFBhM9CV8woPxvkO2P3pU47HVGax +tC7GV6a/kt5RoKFd/TNdiA3OC7NGZtaeXv9VkPf4fVwBtSO9d5ZZXTGEynDD/rUQ +U4KFJe6OD23APjse08HiiKqTPhsOneOONU67iqoaTdIkT2R4EdlkVEDpXVtWb+G9 +Q+IqYzVljlzuyHrhWXLJw/FMa2aBAoHBAOnZbi4gGpH+P6886WDWVgIlTccuXoyc +Mg9QQYk9UDeXxL0AizR5bZy49Sduegz9vkHpAiZARQsUnizHjZ8YlRcrmn4t6tx3 +ahTIKAjdprnxJfYINM580j8CGbXvX5LhIlm3O267D0Op+co3+7Ujy+cjsIuFQrP+ +1MqMgXSeBjzC1APivmps7HeFE+4w0k2PfN5wSMDNCzLo99PZuUG5XZ93OVOS5dpN +b+WskdcD8NOoJy/X/5A08veEI/jYO/DyqQKBwQDDwUQCOWf41ecvJLtBHKmEnHDz +ftzHino9DRKG8a9XaN4rmetnoWEaM2vHGX3pf3mwH+dAe8vJdAQueDhBKYeEpm6C +TYNOpou1+Zs5s99BilCTNYo8fkMOAyqwRwmz9zgHS6QxXuPwsghKefLJGt6o6RFF +tfWVTfLlYJ+I3GQe3ySsk3wjVz4oUTKiyiq5+KzD+HhEkS7u+RQ7Z0ZI2xd2cF8Y +aN2hjKDpcOiFf3CDoqka5D1qMNLgIHO52AHww1UCgcA1h7o7AMpURRka6hyaODY0 +A4oMYEbwdQjYjIyT998W+rzkbu1us6UtzQEBZ760npkgyU/epbOoV63lnkCC/MOU +LD0PST+L/CHiY/cWIHb79YG1EifUZKpUFg0Aoq0EGFkepF0MefGCkbRGYA5UZr9U +R80wAu9D+L+JJiS0J0BSRF74DL196zUuHt5zFeXuLzxsRtPAnq9DliS08BACRYZy +7H3I7cWD9Vn5/0jbKWHFcaaWwyETR6uekTcSzZzbCRECgcBeoE3/xUA9SSk34Mmj +7/cB4522Ft0imA3+9RK/qJTZ7Bd5fC4PKjOGNtUiqW/0L2rjeIiQ40bfWvWqgPKw +jSK1PL6uvkl6+4cNsFsYyZpiVDoe7wKju2UuoNlB3RUTqa2r2STFuNj2wRjA57I1 +BIgdnox65jqQsd14g/yaa+75/WP9CE45xzKEyrtvdcqxm0Pod3OrsYK+gikFjiar +kT0GQ8u0QPzh2tjt/2ZnIfOBrl+QYERP0MofDZDjhUdq2wECgcB0Lu841+yP5cdR +qbJhXO4zJNh7oWNcJlOuQp3ZMNFrA1oHpe9pmLukiROOy01k9WxIMQDzU5GSqRv3 +VLkYOIcbhJ3kClKAcM3j95SkKbU2H5/RENb3Ck52xtl4pNU1x/3PnVFZfDVuuHO9 +MZ9YBcIeK98MyP2jr5JtFKnOyPE7xKq0IHIhXadpbc2wjje5FtZ1cUtMyEECCXNa +C1TpXebHGyXGpY9WdWXhjdE/1jPvfS+uO5WyuDpYPr339gsdq1g= -----END RSA PRIVATE KEY----- diff --git a/testdata/ctrl_itr.tdir/unbound_control.pem b/testdata/ctrl_itr.tdir/unbound_control.pem index 8f1ba87f1cdd..a1edf7017f1d 100644 --- a/testdata/ctrl_itr.tdir/unbound_control.pem +++ b/testdata/ctrl_itr.tdir/unbound_control.pem @@ -1,11 +1,22 @@ -----BEGIN CERTIFICATE----- -MIIBozCCAQwCCQD6XaN6FzW/4DANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwd1 -bmJvdW5kMB4XDTA4MDkxMTA5MDk0MFoXDTI4MDUyOTA5MDk0MFowGjEYMBYGA1UE -AxMPdW5ib3VuZC1jb250cm9sMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDD -6DogNCsSeEa1u99+6PUVbGzjMzzei9MIK6s94+zcpp7OAOBarzPA0vlyuNtUsEN3 -qwPomQQQmIgbT7OXkzC1wqioxwa609xoL8oW/I7e336rEyvHST6JwUdIg0Lzg/US -J81eTwMnzYSd4Bpsqr9eP33ubaR7Gh/6o76loLOlcQIDAQABMA0GCSqGSIb3DQEB -BQUAA4GBAGFAXmaQHuFgAuc6HVhYZJdToxLBhfxGpot4oZNjcb1Cdoz3OL34MU1B -9E5psj2PpGPIi8/RwoqBtAJHJ+J5cWngo03o4ZmdwKNSzaxlp141z/3rUtFqEHEC -iO6gPCT3U7dt6MyC7r6vdMqyW6aldP3CtwD0gQziKAMoj+TAfAcq +MIIDszCCAhsCFGD5193whHQ2bVdzbaQfdf1gc4SkMA0GCSqGSIb3DQEBCwUAMBIx +EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjMwWhcNNDAwMzI1MTMzMjMw +WjAaMRgwFgYDVQQDDA91bmJvdW5kLWNvbnRyb2wwggGiMA0GCSqGSIb3DQEBAQUA +A4IBjwAwggGKAoIBgQCy0Sn4/KHxcau1nvsDgWFiO9t4Hd0xrtDasZbGhvOUD2mv +OEDVoKEC9S0I4C4z6sHo1M0HxhZ9kltAdrDIw2mYLvtyDq9ctgIZRAdnICqJ03Tj +1EkXlPuPg3xWeK/XsuJF2vRLqzDLg9G8Scg89XjcRAdmoLmNW8ewqSEh+YEX8OPl +NdHKl5rBZX+bmN5Tr/gdFgx/K0Fl07WY9e5YuHSWBtDhIJuCs5RUPeueIyTXJkht +A6a+UMdip6SMNv+85bYrFRAsbThpkwnWZZ91vAbQIpCRKMhIQNnWXvq+EzqZMzR/ +Bdsi/IVn3I88KV7WYXlpKXFLZyYa4ZVJFBrDxcX197dr0AIklOvfcd1KnJpmQpEB +TMtwqosKXfbd1oq/c3DABPTdOPiJAzjXoBIyiLJ8Vr/YZZMpBWN127wKtqvu0Zp/ +nGuWKDgMGasG91gDeePLvb9EPvWEvCaVGgIZTt1G4Ov07ooBJSbVGL3U41n+p2My ++i/XmXa+PgZX4pdHTR0CAwEAATANBgkqhkiG9w0BAQsFAAOCAYEAd++Wen6l8Ifj +4h3p/y16PhSsWJWuJ4wdNYy3/GM84S26wGjzlEEwiW76HpH6VJzPOiBAeWnFKE83 +hFyetEIxgJeIPbcs9ZP/Uoh8GZH9tRISBSN9Hgk2Slr9llo4t1H0g/XTgA5HqMQU +9YydlBh43G7Vw3FVwh09OM6poNOGQKNc/tq2/QdKeUMtyBbLWpRmjH5XcCT35fbn +ZiVOUldqSHD4kKrFO4nJYXZyipRbcXybsLiX9GP0GLemc3IgIvOXyJ2RPp06o/SJ +pzlMlkcAfLJaSuEW57xRakhuNK7m051TKKzJzIEX+NFYOVdafFHS8VwGrYsdrFvD +72tMfu+Fu55y3awdWWGc6YlaGogZiuMnJkvQphwgn+5qE/7CGEckoKEsH601rqIZ +muaIc85+nEcHJeijd/ZlBN9zeltjFoMuqTUENgmv8+tUAdVm/UMY9Vjme6b43ydP +uv6DS02+k9z8toxXworLiPr94BGaiGV1NxgwZKLZigYJt/Fi2Qte -----END CERTIFICATE----- diff --git a/testdata/ctrl_itr.tdir/unbound_server.key b/testdata/ctrl_itr.tdir/unbound_server.key index 4256c421dd0d..370a7bbb2f22 100644 --- a/testdata/ctrl_itr.tdir/unbound_server.key +++ b/testdata/ctrl_itr.tdir/unbound_server.key @@ -1,15 +1,39 @@ -----BEGIN RSA PRIVATE KEY----- -MIICWwIBAAKBgQC3F7Jsv2u01pLL9rFnjsMU/IaCFUIz/624DcaE84Z4gjMl5kWA -3axQcqul1wlwSrbKwrony+d9hH/+MX0tZwvl8w3OmhmOAiaQ+SHCsIuOjVwQjX0s -RLB61Pz5+PAiVvnPa9JIYB5QrK6DVEsxIHj8MOc5JKORrnESsFDh6yeMeQIDAQAB -AoGAAuWoGBprTOA8UGfl5LqYkaNxSWumsYXxLMFjC8WCsjN1NbtQDDr1uAwodSZS -6ujzvX+ZTHnofs7y64XC8k34HTOCD2zlW7kijWbT8YjRYFU6o9F5zUGD9RCan0ds -sVscT2psLSzfdsmFAcbmnGdxYkXk2PC1FHtaqExxehralGUCQQDcqrg9uQKXlhQi -XAaPr8SiWvtRm2a9IMMZkRfUWZclPHq6fCWNuUaCD+cTat4wAuqeknAz33VEosw3 -fXGsok//AkEA1GjIHXrOcSlpfVJb6NeOBugjRtZ7ZDT5gbtnMS9ob0qntKV6saaL -CNmJwuD9Q3XkU5j1+uHvYGP2NzcJd2CjhwJACV0hNlVMe9w9fHvFN4Gw6WbM9ViP -0oS6YrJafYNTu5vGZXVxLoNnL4u3NYa6aPUmuZXjNwBLfJ8f5VboZPf6RwJAINd2 -oYA8bSi/A755MX4qmozH74r4Fx1Nuq5UHTm8RwDe/0Javx8F/j9MWpJY9lZDEF3l -In5OebPa/NyInSmW/wJAZuP9aRn0nDBkHYri++1A7NykMiJ/nH0mDECbnk+wxx0S -LwqIetBhxb8eQwMg45+iAH7CHAMQ8BQuF/nFE6eotg== +MIIG5AIBAAKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI +0x41iG32a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+Nqq +GRS7XVQ24vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Z +uh9MDgotaBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8K +WaBe1ca4TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5 +FzUReSXZuTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xP +q6O9UPj4+nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XL +A5UoZgRzXgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP +7kFZSngxdy1+A/bNAgMBAAECggGBALpTOIqQwVg4CFBylL/a8K1IWJTI/I65sklf +XxYL7G7SB2HlEJ//z+E+F0+S4Vlao1vyLQ5QkgE82pAUB8FoMWvY1qF0Y8A5wtm6 +iZSGk4OLK488ZbT8Ii9i+AGKgPe2XbVxsJwj8N4k7Zooqec9hz73Up8ATEWJkRz7 +2u7oMGG4z91E0PULA64dOi3l/vOQe5w/Aa+CwVbAWtI05o7kMvQEBMDJn6C7CByo +MB5op9wueJMnz7PM7hns+U7Dy6oE4ljuolJUy51bDzFWwoM54cRoQqLFNHd8JVQj +WxldCkbfF43iyprlsEcUrTyUjtdA+ZeiG39vg/mtdmgNpGmdupHJZQvSuG8IcVlz +O+eMSeQS1QXPD6Ik8UK4SU0h+zOl8xIWtRrsxQuh4fnTN40udm/YUWl/6gOebsBI +IrVLlKGqJSfB3tMjpCRqdTzJ0dA9keVpkqm2ugZkxEf1+/efq/rFIQ2pUBLCqNTN +qpNqruK8y8FphP30I2uI4Ej2UIB8AQKBwQDd2Yptj2FyDyaXCycsyde0wYkNyzGU +dRnzdibfHnMZwjgTjwAwgIUBVIS8H0/z7ZJQKN7osJfddMrtjJtYYUk9g/dCpHXs +bNh2QSoWah3FdzNGuWd0iRf9+LFxhjAAMo/FS8zFJAJKrFsBdCGTfFUMdsLC0bjr +YjiWBuvV72uKf8XIZX5KIZruKdWBBcWukcb21R1UDyFYyXRBsly5XHaIYKZql3km +7pV7MKWO0IYgHbHIqGUqPQlzZ/lkunS1jKECgcEA23wHffD6Ou9/x3okPx2AWpTr +gh8rgqbyo6hQkBW5Y90Wz824cqaYebZDaBR/xlVx/YwjKkohv8Bde2lpH/ZxRZ1Z +5Sk2s6GJ/vU0L9RsJZgCgj4L6Coal1NMxuZtCXAlnOpiCdxSZgfqbshbTVz30KsG +ZJG361Cua1ScdAHxlZBxT52/1Sm0zRC2hnxL7h4qo7Idmtzs40LAJvYOKekR0pPN +oWeJfra7vgx/jVNvMFWoOoSLpidVO4g+ot4ery6tAoHAdW3rCic1C2zdnmH28Iw+ +s50l8Lk3mz+I5wgJd1zkzCO0DxZIoWPGA3g7cmCYr6N3KRsZMs4W9NAXgjpFGDkW +zYsG3K21BdpvkdjYcFjnPVjlOXB2RIc0vehf9Jl02wXoeCSxVUDEPcaRvWk9RJYx +ZpGOchUU7vNkxHURbIJ4yCzuAi9G8/Jp0dsu+kaV5tufF5SjG5WOrzKjaQsCbdN1 +oqaWMCHRrTvov/Z2C+xwsptFOdN5CSyZzg6hQiI4GMlBAoHAXyb6KINcOEi0YMp3 +BFXJ23tMTnEs78tozcKeipigcsbaqORK3omS+NEnj+uzKUzJyl4CsMbKstK2tFYS +mSTCHqgE3PBtIpsZtEqhgUraR8IK9GPpzZDTTl9ynZgwFTNlWw3RyuyVXF56J+T8 +kCGJ3hEHCHqT/ZRQyX85BKIDFhA0z4tYKxWVqIFiYBNq56R0X9tMMmMs36mEnF93 +7Ht6mowxTZQRa7nU0qOgeKh/P7ki4Zus3y+WJ+T9IqahLtlRAoHBAIhqMrcxSAB8 +RpB9jukJlAnidw2jCMPgrFE8tP0khhVvGrXMldxAUsMKntDIo8dGCnG1KTcWDI0O +jepvSPHSsxVLFugL79h0eVIS5z4huW48i9xgU8VlHdgAcgEPIAOFcOw2BCu/s0Vp +O+MM/EyUOdo3NsibB3qc/GJI6iNBYS7AljYEVo6rXo5V/MZvZUF4vClen6Obzsre +MTTb+4sJjfqleWuvr1XNMeu2mBfXBQkWGZP1byBK0MvD/aQ2PWq92A== -----END RSA PRIVATE KEY----- diff --git a/testdata/ctrl_itr.tdir/unbound_server.pem b/testdata/ctrl_itr.tdir/unbound_server.pem index aeda3ff11882..986807310f2b 100644 --- a/testdata/ctrl_itr.tdir/unbound_server.pem +++ b/testdata/ctrl_itr.tdir/unbound_server.pem @@ -1,11 +1,22 @@ -----BEGIN CERTIFICATE----- -MIIBmzCCAQQCCQDsNJ1UmphEFzANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwd1 -bmJvdW5kMB4XDTA4MDkxMTA5MDk0MFoXDTI4MDUyOTA5MDk0MFowEjEQMA4GA1UE -AxMHdW5ib3VuZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtxeybL9rtNaS -y/axZ47DFPyGghVCM/+tuA3GhPOGeIIzJeZFgN2sUHKrpdcJcEq2ysK6J8vnfYR/ -/jF9LWcL5fMNzpoZjgImkPkhwrCLjo1cEI19LESwetT8+fjwIlb5z2vSSGAeUKyu -g1RLMSB4/DDnOSSjka5xErBQ4esnjHkCAwEAATANBgkqhkiG9w0BAQUFAAOBgQAZ -9N0lnLENs4JMvPS+mn8C5m9bkkFITd32IiLjf0zgYpIUbFXH6XaEr9GNZBUG8feG -l/6WRXnbnVSblI5odQ4XxGZ9inYY6qtW30uv76HvoKp+QZ1c3460ddR8NauhcCHH -Z7S+QbLXi+r2JAhpPozZCjBHlRD0ixzA1mKQTJhJZg== +MIIDqzCCAhMCFBHWXeQ6ZIa9QcQbXLFfC6tj+KA+MA0GCSqGSIb3DQEBCwUAMBIx +EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjI5WhcNNDAwMzI1MTMzMjI5 +WjASMRAwDgYDVQQDDAd1bmJvdW5kMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIB +igKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI0x41iG32 +a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+NqqGRS7XVQ2 +4vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Zuh9MDgot +aBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8KWaBe1ca4 +TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5FzUReSXZ +uTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xPq6O9UPj4 ++nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XLA5UoZgRz +XgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP7kFZSngx +dy1+A/bNAgMBAAEwDQYJKoZIhvcNAQELBQADggGBABunf93MKaCUHiZgnoOTinsW +84/EgInrgtKzAyH+BhnKkJOhhR0kkIAx5d9BpDlaSiRTACFon9moWCgDIIsK/Ar7 +JE0Kln9cV//wiiNoFU0O4mnzyGUIMvlaEX6QHMJJQYvL05+w/3AAcf5XmMJtR5ca +fJ8FqvGC34b2WxX9lTQoyT52sRt+1KnQikiMEnEyAdKktMG+MwKsFDdOwDXyZhZg +XZhRrfX3/NVJolqB6EahjWIGXDeKuSSKZVtCyib6LskyeMzN5lcRfvubKDdlqFVF +qlD7rHBsKhQUWK/IO64mGf7y/de+CgHtED5vDvr/p2uj/9sABATfbrOQR3W/Of25 +sLBj4OEfrJ7lX8hQgFaxkMI3x6VFT3W8dTCp7xnQgb6bgROWB5fNEZ9jk/gjSRmD +yIU+r0UbKe5kBk/CmZVFXL2TyJ92V5NYEQh8V4DGy19qZ6u/XKYyNJL4ocs35GGe +CA8SBuyrmdhx38h1RHErR2Skzadi1S7MwGf1y431fQ== -----END CERTIFICATE----- diff --git a/testdata/ctrl_pipe.tdir/unbound_control.key b/testdata/ctrl_pipe.tdir/unbound_control.key index d7c43a06bb58..753a4ef6162e 100644 --- a/testdata/ctrl_pipe.tdir/unbound_control.key +++ b/testdata/ctrl_pipe.tdir/unbound_control.key @@ -1,15 +1,39 @@ -----BEGIN RSA PRIVATE KEY----- -MIICXAIBAAKBgQDD6DogNCsSeEa1u99+6PUVbGzjMzzei9MIK6s94+zcpp7OAOBa -rzPA0vlyuNtUsEN3qwPomQQQmIgbT7OXkzC1wqioxwa609xoL8oW/I7e336rEyvH -ST6JwUdIg0Lzg/USJ81eTwMnzYSd4Bpsqr9eP33ubaR7Gh/6o76loLOlcQIDAQAB -AoGAFT3e35MIgI4uDJJ8X0RfHp2NCO2LUg4TKbWical/C0W9vlR1/x80G1pE1d2Z -WotqJVWTrOq6eBox19RCgtLg2wPGk9uD62+9SDT37heWFlUCElWq50pQG6k9ThiG -DDypkZyZ/52+DdWybiaQJkuK6O5qQXuNAtVJMpghu4GnHAECQQDsupnZUQDpapzr -4FC4MSkL2+A1PRt6g4VhwoqOpJXaHfVnH6F7AwUuOLNwGdR5Cvv70pfJ7Jqg8L2m -Kxyl5bORAkEA09rn34YQ0pHJdHidbl2kInIuYTz09+TO3LWwan17nISH9aaYvVDr -p9x1B4Qzw9qyxT9oll7ze/5Rw/7C3AQj4QJAT2B2a+b8bkgAXBs4FbruL3rHoDJg -P2FQXSpVOWU4lg2LlsuFYvDtUMVUbZdLplanjZXcral3Y9W1Ub2M+ped8QJAYQN+ -aRpge7ys7vwIw7B36Bo3aOncF+ScYe+FkM5Tm7II/JHEofT7ZQwMP1vnxIlSkgbe -YvWqNB6a3NC99LikoQJBAM4UhDdRg63Tr6Idky6CQaH///zAN7nArJfffKGWFdw9 -DKrWpNqvYZtX/cfEJucKcRCm5YL8CKFYbQy4VoCxUcE= +MIIG4gIBAAKCAYEAstEp+Pyh8XGrtZ77A4FhYjvbeB3dMa7Q2rGWxobzlA9przhA +1aChAvUtCOAuM+rB6NTNB8YWfZJbQHawyMNpmC77cg6vXLYCGUQHZyAqidN049RJ +F5T7j4N8Vniv17LiRdr0S6swy4PRvEnIPPV43EQHZqC5jVvHsKkhIfmBF/Dj5TXR +ypeawWV/m5jeU6/4HRYMfytBZdO1mPXuWLh0lgbQ4SCbgrOUVD3rniMk1yZIbQOm +vlDHYqekjDb/vOW2KxUQLG04aZMJ1mWfdbwG0CKQkSjISEDZ1l76vhM6mTM0fwXb +IvyFZ9yPPCle1mF5aSlxS2cmGuGVSRQaw8XF9fe3a9ACJJTr33HdSpyaZkKRAUzL +cKqLCl323daKv3NwwAT03Tj4iQM416ASMoiyfFa/2GWTKQVjddu8Crar7tGaf5xr +lig4DBmrBvdYA3njy72/RD71hLwmlRoCGU7dRuDr9O6KASUm1Ri91ONZ/qdjMvov +15l2vj4GV+KXR00dAgMBAAECggGAHepIL1N0dEQkCdpy+/8lH54L9WhpnOo2HqAf +LU9eaKK7d4jdr9+TkD8cLaPzltPrZNxVALvu/0sA4SP6J1wpyj/x6P7z73qzly5+ +Xo5PD4fEwmi9YaiW/UduAblnEZrnp/AddptJKoL/D5T4XtpiQddPtael4zQ7kB57 +YIexRSQTvEDovA/o3/nvA0TrzOxfgd4ycQP3iOWGN/TMzyLsvjydrUwbOB567iz9 +whL3Etdgvnwh5Sz2blbFfH+nAR8ctvFFz+osPvuIVR21VMEI6wm7kTpSNnQ6sh/c +lrLb/bTADn4g7z/LpIZJ+MrLvyEcoqValrLYeFBhM9CV8woPxvkO2P3pU47HVGax +tC7GV6a/kt5RoKFd/TNdiA3OC7NGZtaeXv9VkPf4fVwBtSO9d5ZZXTGEynDD/rUQ +U4KFJe6OD23APjse08HiiKqTPhsOneOONU67iqoaTdIkT2R4EdlkVEDpXVtWb+G9 +Q+IqYzVljlzuyHrhWXLJw/FMa2aBAoHBAOnZbi4gGpH+P6886WDWVgIlTccuXoyc +Mg9QQYk9UDeXxL0AizR5bZy49Sduegz9vkHpAiZARQsUnizHjZ8YlRcrmn4t6tx3 +ahTIKAjdprnxJfYINM580j8CGbXvX5LhIlm3O267D0Op+co3+7Ujy+cjsIuFQrP+ +1MqMgXSeBjzC1APivmps7HeFE+4w0k2PfN5wSMDNCzLo99PZuUG5XZ93OVOS5dpN +b+WskdcD8NOoJy/X/5A08veEI/jYO/DyqQKBwQDDwUQCOWf41ecvJLtBHKmEnHDz +ftzHino9DRKG8a9XaN4rmetnoWEaM2vHGX3pf3mwH+dAe8vJdAQueDhBKYeEpm6C +TYNOpou1+Zs5s99BilCTNYo8fkMOAyqwRwmz9zgHS6QxXuPwsghKefLJGt6o6RFF +tfWVTfLlYJ+I3GQe3ySsk3wjVz4oUTKiyiq5+KzD+HhEkS7u+RQ7Z0ZI2xd2cF8Y +aN2hjKDpcOiFf3CDoqka5D1qMNLgIHO52AHww1UCgcA1h7o7AMpURRka6hyaODY0 +A4oMYEbwdQjYjIyT998W+rzkbu1us6UtzQEBZ760npkgyU/epbOoV63lnkCC/MOU +LD0PST+L/CHiY/cWIHb79YG1EifUZKpUFg0Aoq0EGFkepF0MefGCkbRGYA5UZr9U +R80wAu9D+L+JJiS0J0BSRF74DL196zUuHt5zFeXuLzxsRtPAnq9DliS08BACRYZy +7H3I7cWD9Vn5/0jbKWHFcaaWwyETR6uekTcSzZzbCRECgcBeoE3/xUA9SSk34Mmj +7/cB4522Ft0imA3+9RK/qJTZ7Bd5fC4PKjOGNtUiqW/0L2rjeIiQ40bfWvWqgPKw +jSK1PL6uvkl6+4cNsFsYyZpiVDoe7wKju2UuoNlB3RUTqa2r2STFuNj2wRjA57I1 +BIgdnox65jqQsd14g/yaa+75/WP9CE45xzKEyrtvdcqxm0Pod3OrsYK+gikFjiar +kT0GQ8u0QPzh2tjt/2ZnIfOBrl+QYERP0MofDZDjhUdq2wECgcB0Lu841+yP5cdR +qbJhXO4zJNh7oWNcJlOuQp3ZMNFrA1oHpe9pmLukiROOy01k9WxIMQDzU5GSqRv3 +VLkYOIcbhJ3kClKAcM3j95SkKbU2H5/RENb3Ck52xtl4pNU1x/3PnVFZfDVuuHO9 +MZ9YBcIeK98MyP2jr5JtFKnOyPE7xKq0IHIhXadpbc2wjje5FtZ1cUtMyEECCXNa +C1TpXebHGyXGpY9WdWXhjdE/1jPvfS+uO5WyuDpYPr339gsdq1g= -----END RSA PRIVATE KEY----- diff --git a/testdata/ctrl_pipe.tdir/unbound_control.pem b/testdata/ctrl_pipe.tdir/unbound_control.pem index 8f1ba87f1cdd..a1edf7017f1d 100644 --- a/testdata/ctrl_pipe.tdir/unbound_control.pem +++ b/testdata/ctrl_pipe.tdir/unbound_control.pem @@ -1,11 +1,22 @@ -----BEGIN CERTIFICATE----- -MIIBozCCAQwCCQD6XaN6FzW/4DANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwd1 -bmJvdW5kMB4XDTA4MDkxMTA5MDk0MFoXDTI4MDUyOTA5MDk0MFowGjEYMBYGA1UE -AxMPdW5ib3VuZC1jb250cm9sMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDD -6DogNCsSeEa1u99+6PUVbGzjMzzei9MIK6s94+zcpp7OAOBarzPA0vlyuNtUsEN3 -qwPomQQQmIgbT7OXkzC1wqioxwa609xoL8oW/I7e336rEyvHST6JwUdIg0Lzg/US -J81eTwMnzYSd4Bpsqr9eP33ubaR7Gh/6o76loLOlcQIDAQABMA0GCSqGSIb3DQEB -BQUAA4GBAGFAXmaQHuFgAuc6HVhYZJdToxLBhfxGpot4oZNjcb1Cdoz3OL34MU1B -9E5psj2PpGPIi8/RwoqBtAJHJ+J5cWngo03o4ZmdwKNSzaxlp141z/3rUtFqEHEC -iO6gPCT3U7dt6MyC7r6vdMqyW6aldP3CtwD0gQziKAMoj+TAfAcq +MIIDszCCAhsCFGD5193whHQ2bVdzbaQfdf1gc4SkMA0GCSqGSIb3DQEBCwUAMBIx +EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjMwWhcNNDAwMzI1MTMzMjMw +WjAaMRgwFgYDVQQDDA91bmJvdW5kLWNvbnRyb2wwggGiMA0GCSqGSIb3DQEBAQUA +A4IBjwAwggGKAoIBgQCy0Sn4/KHxcau1nvsDgWFiO9t4Hd0xrtDasZbGhvOUD2mv +OEDVoKEC9S0I4C4z6sHo1M0HxhZ9kltAdrDIw2mYLvtyDq9ctgIZRAdnICqJ03Tj +1EkXlPuPg3xWeK/XsuJF2vRLqzDLg9G8Scg89XjcRAdmoLmNW8ewqSEh+YEX8OPl +NdHKl5rBZX+bmN5Tr/gdFgx/K0Fl07WY9e5YuHSWBtDhIJuCs5RUPeueIyTXJkht +A6a+UMdip6SMNv+85bYrFRAsbThpkwnWZZ91vAbQIpCRKMhIQNnWXvq+EzqZMzR/ +Bdsi/IVn3I88KV7WYXlpKXFLZyYa4ZVJFBrDxcX197dr0AIklOvfcd1KnJpmQpEB +TMtwqosKXfbd1oq/c3DABPTdOPiJAzjXoBIyiLJ8Vr/YZZMpBWN127wKtqvu0Zp/ +nGuWKDgMGasG91gDeePLvb9EPvWEvCaVGgIZTt1G4Ov07ooBJSbVGL3U41n+p2My ++i/XmXa+PgZX4pdHTR0CAwEAATANBgkqhkiG9w0BAQsFAAOCAYEAd++Wen6l8Ifj +4h3p/y16PhSsWJWuJ4wdNYy3/GM84S26wGjzlEEwiW76HpH6VJzPOiBAeWnFKE83 +hFyetEIxgJeIPbcs9ZP/Uoh8GZH9tRISBSN9Hgk2Slr9llo4t1H0g/XTgA5HqMQU +9YydlBh43G7Vw3FVwh09OM6poNOGQKNc/tq2/QdKeUMtyBbLWpRmjH5XcCT35fbn +ZiVOUldqSHD4kKrFO4nJYXZyipRbcXybsLiX9GP0GLemc3IgIvOXyJ2RPp06o/SJ +pzlMlkcAfLJaSuEW57xRakhuNK7m051TKKzJzIEX+NFYOVdafFHS8VwGrYsdrFvD +72tMfu+Fu55y3awdWWGc6YlaGogZiuMnJkvQphwgn+5qE/7CGEckoKEsH601rqIZ +muaIc85+nEcHJeijd/ZlBN9zeltjFoMuqTUENgmv8+tUAdVm/UMY9Vjme6b43ydP +uv6DS02+k9z8toxXworLiPr94BGaiGV1NxgwZKLZigYJt/Fi2Qte -----END CERTIFICATE----- diff --git a/testdata/ctrl_pipe.tdir/unbound_server.key b/testdata/ctrl_pipe.tdir/unbound_server.key index 4256c421dd0d..370a7bbb2f22 100644 --- a/testdata/ctrl_pipe.tdir/unbound_server.key +++ b/testdata/ctrl_pipe.tdir/unbound_server.key @@ -1,15 +1,39 @@ -----BEGIN RSA PRIVATE KEY----- -MIICWwIBAAKBgQC3F7Jsv2u01pLL9rFnjsMU/IaCFUIz/624DcaE84Z4gjMl5kWA -3axQcqul1wlwSrbKwrony+d9hH/+MX0tZwvl8w3OmhmOAiaQ+SHCsIuOjVwQjX0s -RLB61Pz5+PAiVvnPa9JIYB5QrK6DVEsxIHj8MOc5JKORrnESsFDh6yeMeQIDAQAB -AoGAAuWoGBprTOA8UGfl5LqYkaNxSWumsYXxLMFjC8WCsjN1NbtQDDr1uAwodSZS -6ujzvX+ZTHnofs7y64XC8k34HTOCD2zlW7kijWbT8YjRYFU6o9F5zUGD9RCan0ds -sVscT2psLSzfdsmFAcbmnGdxYkXk2PC1FHtaqExxehralGUCQQDcqrg9uQKXlhQi -XAaPr8SiWvtRm2a9IMMZkRfUWZclPHq6fCWNuUaCD+cTat4wAuqeknAz33VEosw3 -fXGsok//AkEA1GjIHXrOcSlpfVJb6NeOBugjRtZ7ZDT5gbtnMS9ob0qntKV6saaL -CNmJwuD9Q3XkU5j1+uHvYGP2NzcJd2CjhwJACV0hNlVMe9w9fHvFN4Gw6WbM9ViP -0oS6YrJafYNTu5vGZXVxLoNnL4u3NYa6aPUmuZXjNwBLfJ8f5VboZPf6RwJAINd2 -oYA8bSi/A755MX4qmozH74r4Fx1Nuq5UHTm8RwDe/0Javx8F/j9MWpJY9lZDEF3l -In5OebPa/NyInSmW/wJAZuP9aRn0nDBkHYri++1A7NykMiJ/nH0mDECbnk+wxx0S -LwqIetBhxb8eQwMg45+iAH7CHAMQ8BQuF/nFE6eotg== +MIIG5AIBAAKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI +0x41iG32a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+Nqq +GRS7XVQ24vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Z +uh9MDgotaBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8K +WaBe1ca4TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5 +FzUReSXZuTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xP +q6O9UPj4+nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XL +A5UoZgRzXgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP +7kFZSngxdy1+A/bNAgMBAAECggGBALpTOIqQwVg4CFBylL/a8K1IWJTI/I65sklf +XxYL7G7SB2HlEJ//z+E+F0+S4Vlao1vyLQ5QkgE82pAUB8FoMWvY1qF0Y8A5wtm6 +iZSGk4OLK488ZbT8Ii9i+AGKgPe2XbVxsJwj8N4k7Zooqec9hz73Up8ATEWJkRz7 +2u7oMGG4z91E0PULA64dOi3l/vOQe5w/Aa+CwVbAWtI05o7kMvQEBMDJn6C7CByo +MB5op9wueJMnz7PM7hns+U7Dy6oE4ljuolJUy51bDzFWwoM54cRoQqLFNHd8JVQj +WxldCkbfF43iyprlsEcUrTyUjtdA+ZeiG39vg/mtdmgNpGmdupHJZQvSuG8IcVlz +O+eMSeQS1QXPD6Ik8UK4SU0h+zOl8xIWtRrsxQuh4fnTN40udm/YUWl/6gOebsBI +IrVLlKGqJSfB3tMjpCRqdTzJ0dA9keVpkqm2ugZkxEf1+/efq/rFIQ2pUBLCqNTN +qpNqruK8y8FphP30I2uI4Ej2UIB8AQKBwQDd2Yptj2FyDyaXCycsyde0wYkNyzGU +dRnzdibfHnMZwjgTjwAwgIUBVIS8H0/z7ZJQKN7osJfddMrtjJtYYUk9g/dCpHXs +bNh2QSoWah3FdzNGuWd0iRf9+LFxhjAAMo/FS8zFJAJKrFsBdCGTfFUMdsLC0bjr +YjiWBuvV72uKf8XIZX5KIZruKdWBBcWukcb21R1UDyFYyXRBsly5XHaIYKZql3km +7pV7MKWO0IYgHbHIqGUqPQlzZ/lkunS1jKECgcEA23wHffD6Ou9/x3okPx2AWpTr +gh8rgqbyo6hQkBW5Y90Wz824cqaYebZDaBR/xlVx/YwjKkohv8Bde2lpH/ZxRZ1Z +5Sk2s6GJ/vU0L9RsJZgCgj4L6Coal1NMxuZtCXAlnOpiCdxSZgfqbshbTVz30KsG +ZJG361Cua1ScdAHxlZBxT52/1Sm0zRC2hnxL7h4qo7Idmtzs40LAJvYOKekR0pPN +oWeJfra7vgx/jVNvMFWoOoSLpidVO4g+ot4ery6tAoHAdW3rCic1C2zdnmH28Iw+ +s50l8Lk3mz+I5wgJd1zkzCO0DxZIoWPGA3g7cmCYr6N3KRsZMs4W9NAXgjpFGDkW +zYsG3K21BdpvkdjYcFjnPVjlOXB2RIc0vehf9Jl02wXoeCSxVUDEPcaRvWk9RJYx +ZpGOchUU7vNkxHURbIJ4yCzuAi9G8/Jp0dsu+kaV5tufF5SjG5WOrzKjaQsCbdN1 +oqaWMCHRrTvov/Z2C+xwsptFOdN5CSyZzg6hQiI4GMlBAoHAXyb6KINcOEi0YMp3 +BFXJ23tMTnEs78tozcKeipigcsbaqORK3omS+NEnj+uzKUzJyl4CsMbKstK2tFYS +mSTCHqgE3PBtIpsZtEqhgUraR8IK9GPpzZDTTl9ynZgwFTNlWw3RyuyVXF56J+T8 +kCGJ3hEHCHqT/ZRQyX85BKIDFhA0z4tYKxWVqIFiYBNq56R0X9tMMmMs36mEnF93 +7Ht6mowxTZQRa7nU0qOgeKh/P7ki4Zus3y+WJ+T9IqahLtlRAoHBAIhqMrcxSAB8 +RpB9jukJlAnidw2jCMPgrFE8tP0khhVvGrXMldxAUsMKntDIo8dGCnG1KTcWDI0O +jepvSPHSsxVLFugL79h0eVIS5z4huW48i9xgU8VlHdgAcgEPIAOFcOw2BCu/s0Vp +O+MM/EyUOdo3NsibB3qc/GJI6iNBYS7AljYEVo6rXo5V/MZvZUF4vClen6Obzsre +MTTb+4sJjfqleWuvr1XNMeu2mBfXBQkWGZP1byBK0MvD/aQ2PWq92A== -----END RSA PRIVATE KEY----- diff --git a/testdata/ctrl_pipe.tdir/unbound_server.pem b/testdata/ctrl_pipe.tdir/unbound_server.pem index aeda3ff11882..986807310f2b 100644 --- a/testdata/ctrl_pipe.tdir/unbound_server.pem +++ b/testdata/ctrl_pipe.tdir/unbound_server.pem @@ -1,11 +1,22 @@ -----BEGIN CERTIFICATE----- -MIIBmzCCAQQCCQDsNJ1UmphEFzANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwd1 -bmJvdW5kMB4XDTA4MDkxMTA5MDk0MFoXDTI4MDUyOTA5MDk0MFowEjEQMA4GA1UE -AxMHdW5ib3VuZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtxeybL9rtNaS -y/axZ47DFPyGghVCM/+tuA3GhPOGeIIzJeZFgN2sUHKrpdcJcEq2ysK6J8vnfYR/ -/jF9LWcL5fMNzpoZjgImkPkhwrCLjo1cEI19LESwetT8+fjwIlb5z2vSSGAeUKyu -g1RLMSB4/DDnOSSjka5xErBQ4esnjHkCAwEAATANBgkqhkiG9w0BAQUFAAOBgQAZ -9N0lnLENs4JMvPS+mn8C5m9bkkFITd32IiLjf0zgYpIUbFXH6XaEr9GNZBUG8feG -l/6WRXnbnVSblI5odQ4XxGZ9inYY6qtW30uv76HvoKp+QZ1c3460ddR8NauhcCHH -Z7S+QbLXi+r2JAhpPozZCjBHlRD0ixzA1mKQTJhJZg== +MIIDqzCCAhMCFBHWXeQ6ZIa9QcQbXLFfC6tj+KA+MA0GCSqGSIb3DQEBCwUAMBIx +EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjI5WhcNNDAwMzI1MTMzMjI5 +WjASMRAwDgYDVQQDDAd1bmJvdW5kMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIB +igKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI0x41iG32 +a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+NqqGRS7XVQ2 +4vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Zuh9MDgot +aBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8KWaBe1ca4 +TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5FzUReSXZ +uTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xPq6O9UPj4 ++nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XLA5UoZgRz +XgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP7kFZSngx +dy1+A/bNAgMBAAEwDQYJKoZIhvcNAQELBQADggGBABunf93MKaCUHiZgnoOTinsW +84/EgInrgtKzAyH+BhnKkJOhhR0kkIAx5d9BpDlaSiRTACFon9moWCgDIIsK/Ar7 +JE0Kln9cV//wiiNoFU0O4mnzyGUIMvlaEX6QHMJJQYvL05+w/3AAcf5XmMJtR5ca +fJ8FqvGC34b2WxX9lTQoyT52sRt+1KnQikiMEnEyAdKktMG+MwKsFDdOwDXyZhZg +XZhRrfX3/NVJolqB6EahjWIGXDeKuSSKZVtCyib6LskyeMzN5lcRfvubKDdlqFVF +qlD7rHBsKhQUWK/IO64mGf7y/de+CgHtED5vDvr/p2uj/9sABATfbrOQR3W/Of25 +sLBj4OEfrJ7lX8hQgFaxkMI3x6VFT3W8dTCp7xnQgb6bgROWB5fNEZ9jk/gjSRmD +yIU+r0UbKe5kBk/CmZVFXL2TyJ92V5NYEQh8V4DGy19qZ6u/XKYyNJL4ocs35GGe +CA8SBuyrmdhx38h1RHErR2Skzadi1S7MwGf1y431fQ== -----END CERTIFICATE----- diff --git a/testdata/dnstap.tdir/dnstap.conf b/testdata/dnstap.tdir/dnstap.conf new file mode 100644 index 000000000000..5e8dfaefbcef --- /dev/null +++ b/testdata/dnstap.tdir/dnstap.conf @@ -0,0 +1,40 @@ +server: + verbosity: 2 + num-threads: 3 + outgoing-range: 16 + interface: 127.0.0.1 + port: @PORT@ + use-syslog: no + directory: "" + pidfile: "unbound.pid" + chroot: "" + username: "" + do-not-query-localhost: no + local-zone: "example.net." redirect + local-data: "example.net. IN A 10.20.30.41" +remote-control: + control-enable: yes + control-interface: 127.0.0.1 + # control-interface: ::1 + control-port: @CONTROL_PORT@ + server-key-file: "unbound_server.key" + server-cert-file: "unbound_server.pem" + control-key-file: "unbound_control.key" + control-cert-file: "unbound_control.pem" +forward-zone: + name: "." + forward-addr: "127.0.0.1@@TOPORT@" +dnstap: + dnstap-enable: yes + dnstap-socket-path: "dnstap.socket" + dnstap-send-identity: yes + dnstap-send-version: yes + #dnstap-identity + #dnstap-version + dnstap-log-resolver-query-messages: yes + dnstap-log-resolver-response-messages: yes + dnstap-log-client-query-messages: yes + dnstap-log-client-response-messages: yes + dnstap-log-forwarder-query-messages: yes + dnstap-log-forwarder-response-messages: yes + diff --git a/testdata/dnstap.tdir/dnstap.dsc b/testdata/dnstap.tdir/dnstap.dsc new file mode 100644 index 000000000000..92a67ef2e0b5 --- /dev/null +++ b/testdata/dnstap.tdir/dnstap.dsc @@ -0,0 +1,16 @@ +BaseName: dnstap +Version: 1.0 +Description: test dnstap socket communication +CreationDate: Tue Jan 21 13:00:38 CET 2020 +Maintainer: dr. W.C.A. Wijngaards +Category: +Component: +CmdDepends: +Depends: +Help: +Pre: dnstap.pre +Post: dnstap.post +Test: dnstap.test +AuxFiles: +Passed: +Failure: diff --git a/testdata/dnstap.tdir/dnstap.post b/testdata/dnstap.tdir/dnstap.post new file mode 100644 index 000000000000..6744b4b618ce --- /dev/null +++ b/testdata/dnstap.tdir/dnstap.post @@ -0,0 +1,16 @@ +# #-- dnstap.post --# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# source the test var file when it's there +[ -f .tpkg.var.test ] && source .tpkg.var.test +# +# do your teardown here +. ../common.sh +PRE="../.." +if grep "define USE_DNSTAP 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi +kill_pid $DNSTAP_SOCKET_PID +kill_pid $FWD_PID +kill $UNBOUND_PID +kill $UNBOUND_PID >/dev/null 2>&1 +cat unbound.log +exit 0 diff --git a/testdata/dnstap.tdir/dnstap.pre b/testdata/dnstap.tdir/dnstap.pre new file mode 100644 index 000000000000..95216949cdde --- /dev/null +++ b/testdata/dnstap.tdir/dnstap.pre @@ -0,0 +1,55 @@ +# #-- dnstap.pre--# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test + +. ../common.sh + +PRE="../.." +if grep "define USE_DNSTAP 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi + +get_random_port 3 +UNBOUND_PORT=$RND_PORT +FWD_PORT=$(($RND_PORT + 1)) +CONTROL_PORT=$(($RND_PORT + 2)) +echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test +echo "FWD_PORT=$FWD_PORT" >> .tpkg.var.test +echo "CONTROL_PORT=$CONTROL_PORT" >> .tpkg.var.test + +# start forwarder +get_ldns_testns +$LDNS_TESTNS -p $FWD_PORT dnstap.testns >fwd.log 2>&1 & +FWD_PID=$! +echo "FWD_PID=$FWD_PID" >> .tpkg.var.test + +# start the dnstap log server +# the -vvvv flag prints protocol and connection information from the +# unbound-dnstap-socket server. +# the -l flag prints the DNS info in the DNSTAP packet in multiline output. +# stderr is the '-vvvv' server logs and errors. +# stdout is the one-line packet logs (or with -l, multiline). +$PRE/unbound-dnstap-socket -u dnstap.socket -l -vvvv 2>tap.errlog >tap.log & +if test $? -ne 0; then + echo "could not start unbound-dnstap-socket server" + exit 1 +fi +DNSTAP_SOCKET_PID=$! +echo "DNSTAP_SOCKET_PID=$DNSTAP_SOCKET_PID" >> .tpkg.var.test +# wait for the server to go up and make the dnstap.socket file +wait_server_up "tap.errlog" "creating unix socket" +if test ! -S dnstap.socket; then + echo "the dnstap.socket file does not exist!" +fi + +# make config file +sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@TOPORT\@/'$FWD_PORT'/' -e 's/@CONTROL_PORT\@/'$CONTROL_PORT'/' < dnstap.conf > ub.conf +# start unbound in the background +$PRE/unbound -d -c ub.conf >unbound.log 2>&1 & +UNBOUND_PID=$! +echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test + +cat .tpkg.var.test +wait_ldns_testns_up fwd.log +wait_unbound_up unbound.log + diff --git a/testdata/dnstap.tdir/dnstap.test b/testdata/dnstap.tdir/dnstap.test new file mode 100644 index 000000000000..04db17b2749d --- /dev/null +++ b/testdata/dnstap.tdir/dnstap.test @@ -0,0 +1,86 @@ +# #-- dnstap.test --# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test + +. ../common.sh +PRE="../.." +if grep "define USE_DNSTAP 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi + +# test if the server is up. +echo "> dig www.example.com." +dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile +echo "> check answer" +if grep "10.20.30.40" outfile; then + echo "OK" +else + echo "> cat logfiles" + cat tap.log + cat tap.errlog + cat fwd.log + cat unbound.log + echo "Not OK" + exit 1 +fi + +echo "> check tap.log for dnstap info" +# see if it logged the information in tap.log +# wait for a moment for filesystem to catch up. +if grep "www.example.com" tap.log >/dev/null; then :; else sleep 1; fi +if grep "www.example.com" tap.log >/dev/null; then :; else sleep 1; fi +if grep "www.example.com" tap.log >/dev/null; then :; else sleep 1; fi +if grep "www.example.com" tap.log >/dev/null; then :; else sleep 1; fi +if grep "www.example.com" tap.log >/dev/null; then :; else sleep 1; fi +if grep "www.example.com" tap.log >/dev/null; then :; else sleep 10; fi +if grep "www.example.com" tap.log; then echo "yes it is in tap.log"; +else + echo "information not in tap.log" + echo "failed" + echo "> cat logfiles" + cat tap.log + cat tap.errlog + cat fwd.log + cat unbound.log + echo "Not OK" + exit 1 +fi + +echo "> make 10 queries to spread them over threads" +dig @127.0.0.1 -p $UNBOUND_PORT q1.example.net. +dig @127.0.0.1 -p $UNBOUND_PORT q2.example.net. +dig @127.0.0.1 -p $UNBOUND_PORT q3.example.net. +dig @127.0.0.1 -p $UNBOUND_PORT q4.example.net. +dig @127.0.0.1 -p $UNBOUND_PORT q5.example.net. +dig @127.0.0.1 -p $UNBOUND_PORT q6.example.net. +dig @127.0.0.1 -p $UNBOUND_PORT q7.example.net. +dig @127.0.0.1 -p $UNBOUND_PORT q8.example.net. +dig @127.0.0.1 -p $UNBOUND_PORT q9.example.net. +dig @127.0.0.1 -p $UNBOUND_PORT q10.example.net. +for x in q1 q2 q3 q4 5 q6 q7 q8 q9 q10; do + if grep "$x.example.net" tap.log >/dev/null; then :; else sleep 1; fi + if grep "$x.example.net" tap.log >/dev/null; then :; else sleep 1; fi + if grep "$x.example.net" tap.log >/dev/null; then :; else sleep 1; fi + if grep "$x.example.net" tap.log >/dev/null; then :; else sleep 1; fi + if grep "$x.example.net" tap.log >/dev/null; then :; else sleep 1; fi + if grep "$x.example.net" tap.log >/dev/null; then :; else sleep 10; fi + if grep "$x.example.net" tap.log; then echo "yes it is in tap.log"; + else + echo "$x.example.net. information not in tap.log" + echo "failed" + echo "> cat logfiles" + cat tap.log + cat tap.errlog + cat fwd.log + cat unbound.log + echo "Not OK" + exit 1 + fi +done + +echo "> cat logfiles" +cat tap.log +cat tap.errlog +cat fwd.log +echo "> OK" +exit 0 diff --git a/testdata/dnstap.tdir/dnstap.testns b/testdata/dnstap.tdir/dnstap.testns new file mode 100644 index 000000000000..0c911ca5b30e --- /dev/null +++ b/testdata/dnstap.tdir/dnstap.testns @@ -0,0 +1,22 @@ +; nameserver test file +$ORIGIN example.com. +$TTL 3600 + +ENTRY_BEGIN +MATCH opcode qtype qname +REPLY QR AA NOERROR +ADJUST copy_id +SECTION QUESTION +www IN A +SECTION ANSWER +www IN A 10.20.30.40 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +REPLY QR AA SERVFAIL +ADJUST copy_id +SECTION QUESTION +www.example.net. IN A +ENTRY_END + diff --git a/testdata/dnstap.tdir/unbound_control.key b/testdata/dnstap.tdir/unbound_control.key new file mode 100644 index 000000000000..753a4ef6162e --- /dev/null +++ b/testdata/dnstap.tdir/unbound_control.key @@ -0,0 +1,39 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIG4gIBAAKCAYEAstEp+Pyh8XGrtZ77A4FhYjvbeB3dMa7Q2rGWxobzlA9przhA +1aChAvUtCOAuM+rB6NTNB8YWfZJbQHawyMNpmC77cg6vXLYCGUQHZyAqidN049RJ +F5T7j4N8Vniv17LiRdr0S6swy4PRvEnIPPV43EQHZqC5jVvHsKkhIfmBF/Dj5TXR +ypeawWV/m5jeU6/4HRYMfytBZdO1mPXuWLh0lgbQ4SCbgrOUVD3rniMk1yZIbQOm +vlDHYqekjDb/vOW2KxUQLG04aZMJ1mWfdbwG0CKQkSjISEDZ1l76vhM6mTM0fwXb +IvyFZ9yPPCle1mF5aSlxS2cmGuGVSRQaw8XF9fe3a9ACJJTr33HdSpyaZkKRAUzL +cKqLCl323daKv3NwwAT03Tj4iQM416ASMoiyfFa/2GWTKQVjddu8Crar7tGaf5xr +lig4DBmrBvdYA3njy72/RD71hLwmlRoCGU7dRuDr9O6KASUm1Ri91ONZ/qdjMvov +15l2vj4GV+KXR00dAgMBAAECggGAHepIL1N0dEQkCdpy+/8lH54L9WhpnOo2HqAf +LU9eaKK7d4jdr9+TkD8cLaPzltPrZNxVALvu/0sA4SP6J1wpyj/x6P7z73qzly5+ +Xo5PD4fEwmi9YaiW/UduAblnEZrnp/AddptJKoL/D5T4XtpiQddPtael4zQ7kB57 +YIexRSQTvEDovA/o3/nvA0TrzOxfgd4ycQP3iOWGN/TMzyLsvjydrUwbOB567iz9 +whL3Etdgvnwh5Sz2blbFfH+nAR8ctvFFz+osPvuIVR21VMEI6wm7kTpSNnQ6sh/c +lrLb/bTADn4g7z/LpIZJ+MrLvyEcoqValrLYeFBhM9CV8woPxvkO2P3pU47HVGax +tC7GV6a/kt5RoKFd/TNdiA3OC7NGZtaeXv9VkPf4fVwBtSO9d5ZZXTGEynDD/rUQ +U4KFJe6OD23APjse08HiiKqTPhsOneOONU67iqoaTdIkT2R4EdlkVEDpXVtWb+G9 +Q+IqYzVljlzuyHrhWXLJw/FMa2aBAoHBAOnZbi4gGpH+P6886WDWVgIlTccuXoyc +Mg9QQYk9UDeXxL0AizR5bZy49Sduegz9vkHpAiZARQsUnizHjZ8YlRcrmn4t6tx3 +ahTIKAjdprnxJfYINM580j8CGbXvX5LhIlm3O267D0Op+co3+7Ujy+cjsIuFQrP+ +1MqMgXSeBjzC1APivmps7HeFE+4w0k2PfN5wSMDNCzLo99PZuUG5XZ93OVOS5dpN +b+WskdcD8NOoJy/X/5A08veEI/jYO/DyqQKBwQDDwUQCOWf41ecvJLtBHKmEnHDz +ftzHino9DRKG8a9XaN4rmetnoWEaM2vHGX3pf3mwH+dAe8vJdAQueDhBKYeEpm6C +TYNOpou1+Zs5s99BilCTNYo8fkMOAyqwRwmz9zgHS6QxXuPwsghKefLJGt6o6RFF +tfWVTfLlYJ+I3GQe3ySsk3wjVz4oUTKiyiq5+KzD+HhEkS7u+RQ7Z0ZI2xd2cF8Y +aN2hjKDpcOiFf3CDoqka5D1qMNLgIHO52AHww1UCgcA1h7o7AMpURRka6hyaODY0 +A4oMYEbwdQjYjIyT998W+rzkbu1us6UtzQEBZ760npkgyU/epbOoV63lnkCC/MOU +LD0PST+L/CHiY/cWIHb79YG1EifUZKpUFg0Aoq0EGFkepF0MefGCkbRGYA5UZr9U +R80wAu9D+L+JJiS0J0BSRF74DL196zUuHt5zFeXuLzxsRtPAnq9DliS08BACRYZy +7H3I7cWD9Vn5/0jbKWHFcaaWwyETR6uekTcSzZzbCRECgcBeoE3/xUA9SSk34Mmj +7/cB4522Ft0imA3+9RK/qJTZ7Bd5fC4PKjOGNtUiqW/0L2rjeIiQ40bfWvWqgPKw +jSK1PL6uvkl6+4cNsFsYyZpiVDoe7wKju2UuoNlB3RUTqa2r2STFuNj2wRjA57I1 +BIgdnox65jqQsd14g/yaa+75/WP9CE45xzKEyrtvdcqxm0Pod3OrsYK+gikFjiar +kT0GQ8u0QPzh2tjt/2ZnIfOBrl+QYERP0MofDZDjhUdq2wECgcB0Lu841+yP5cdR +qbJhXO4zJNh7oWNcJlOuQp3ZMNFrA1oHpe9pmLukiROOy01k9WxIMQDzU5GSqRv3 +VLkYOIcbhJ3kClKAcM3j95SkKbU2H5/RENb3Ck52xtl4pNU1x/3PnVFZfDVuuHO9 +MZ9YBcIeK98MyP2jr5JtFKnOyPE7xKq0IHIhXadpbc2wjje5FtZ1cUtMyEECCXNa +C1TpXebHGyXGpY9WdWXhjdE/1jPvfS+uO5WyuDpYPr339gsdq1g= +-----END RSA PRIVATE KEY----- diff --git a/testdata/dnstap.tdir/unbound_control.pem b/testdata/dnstap.tdir/unbound_control.pem new file mode 100644 index 000000000000..a1edf7017f1d --- /dev/null +++ b/testdata/dnstap.tdir/unbound_control.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDszCCAhsCFGD5193whHQ2bVdzbaQfdf1gc4SkMA0GCSqGSIb3DQEBCwUAMBIx +EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjMwWhcNNDAwMzI1MTMzMjMw +WjAaMRgwFgYDVQQDDA91bmJvdW5kLWNvbnRyb2wwggGiMA0GCSqGSIb3DQEBAQUA +A4IBjwAwggGKAoIBgQCy0Sn4/KHxcau1nvsDgWFiO9t4Hd0xrtDasZbGhvOUD2mv +OEDVoKEC9S0I4C4z6sHo1M0HxhZ9kltAdrDIw2mYLvtyDq9ctgIZRAdnICqJ03Tj +1EkXlPuPg3xWeK/XsuJF2vRLqzDLg9G8Scg89XjcRAdmoLmNW8ewqSEh+YEX8OPl +NdHKl5rBZX+bmN5Tr/gdFgx/K0Fl07WY9e5YuHSWBtDhIJuCs5RUPeueIyTXJkht +A6a+UMdip6SMNv+85bYrFRAsbThpkwnWZZ91vAbQIpCRKMhIQNnWXvq+EzqZMzR/ +Bdsi/IVn3I88KV7WYXlpKXFLZyYa4ZVJFBrDxcX197dr0AIklOvfcd1KnJpmQpEB +TMtwqosKXfbd1oq/c3DABPTdOPiJAzjXoBIyiLJ8Vr/YZZMpBWN127wKtqvu0Zp/ +nGuWKDgMGasG91gDeePLvb9EPvWEvCaVGgIZTt1G4Ov07ooBJSbVGL3U41n+p2My ++i/XmXa+PgZX4pdHTR0CAwEAATANBgkqhkiG9w0BAQsFAAOCAYEAd++Wen6l8Ifj +4h3p/y16PhSsWJWuJ4wdNYy3/GM84S26wGjzlEEwiW76HpH6VJzPOiBAeWnFKE83 +hFyetEIxgJeIPbcs9ZP/Uoh8GZH9tRISBSN9Hgk2Slr9llo4t1H0g/XTgA5HqMQU +9YydlBh43G7Vw3FVwh09OM6poNOGQKNc/tq2/QdKeUMtyBbLWpRmjH5XcCT35fbn +ZiVOUldqSHD4kKrFO4nJYXZyipRbcXybsLiX9GP0GLemc3IgIvOXyJ2RPp06o/SJ +pzlMlkcAfLJaSuEW57xRakhuNK7m051TKKzJzIEX+NFYOVdafFHS8VwGrYsdrFvD +72tMfu+Fu55y3awdWWGc6YlaGogZiuMnJkvQphwgn+5qE/7CGEckoKEsH601rqIZ +muaIc85+nEcHJeijd/ZlBN9zeltjFoMuqTUENgmv8+tUAdVm/UMY9Vjme6b43ydP +uv6DS02+k9z8toxXworLiPr94BGaiGV1NxgwZKLZigYJt/Fi2Qte +-----END CERTIFICATE----- diff --git a/testdata/dnstap.tdir/unbound_server.key b/testdata/dnstap.tdir/unbound_server.key new file mode 100644 index 000000000000..370a7bbb2f22 --- /dev/null +++ b/testdata/dnstap.tdir/unbound_server.key @@ -0,0 +1,39 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIG5AIBAAKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI +0x41iG32a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+Nqq +GRS7XVQ24vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Z +uh9MDgotaBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8K +WaBe1ca4TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5 +FzUReSXZuTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xP +q6O9UPj4+nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XL +A5UoZgRzXgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP +7kFZSngxdy1+A/bNAgMBAAECggGBALpTOIqQwVg4CFBylL/a8K1IWJTI/I65sklf +XxYL7G7SB2HlEJ//z+E+F0+S4Vlao1vyLQ5QkgE82pAUB8FoMWvY1qF0Y8A5wtm6 +iZSGk4OLK488ZbT8Ii9i+AGKgPe2XbVxsJwj8N4k7Zooqec9hz73Up8ATEWJkRz7 +2u7oMGG4z91E0PULA64dOi3l/vOQe5w/Aa+CwVbAWtI05o7kMvQEBMDJn6C7CByo +MB5op9wueJMnz7PM7hns+U7Dy6oE4ljuolJUy51bDzFWwoM54cRoQqLFNHd8JVQj +WxldCkbfF43iyprlsEcUrTyUjtdA+ZeiG39vg/mtdmgNpGmdupHJZQvSuG8IcVlz +O+eMSeQS1QXPD6Ik8UK4SU0h+zOl8xIWtRrsxQuh4fnTN40udm/YUWl/6gOebsBI +IrVLlKGqJSfB3tMjpCRqdTzJ0dA9keVpkqm2ugZkxEf1+/efq/rFIQ2pUBLCqNTN +qpNqruK8y8FphP30I2uI4Ej2UIB8AQKBwQDd2Yptj2FyDyaXCycsyde0wYkNyzGU +dRnzdibfHnMZwjgTjwAwgIUBVIS8H0/z7ZJQKN7osJfddMrtjJtYYUk9g/dCpHXs +bNh2QSoWah3FdzNGuWd0iRf9+LFxhjAAMo/FS8zFJAJKrFsBdCGTfFUMdsLC0bjr +YjiWBuvV72uKf8XIZX5KIZruKdWBBcWukcb21R1UDyFYyXRBsly5XHaIYKZql3km +7pV7MKWO0IYgHbHIqGUqPQlzZ/lkunS1jKECgcEA23wHffD6Ou9/x3okPx2AWpTr +gh8rgqbyo6hQkBW5Y90Wz824cqaYebZDaBR/xlVx/YwjKkohv8Bde2lpH/ZxRZ1Z +5Sk2s6GJ/vU0L9RsJZgCgj4L6Coal1NMxuZtCXAlnOpiCdxSZgfqbshbTVz30KsG +ZJG361Cua1ScdAHxlZBxT52/1Sm0zRC2hnxL7h4qo7Idmtzs40LAJvYOKekR0pPN +oWeJfra7vgx/jVNvMFWoOoSLpidVO4g+ot4ery6tAoHAdW3rCic1C2zdnmH28Iw+ +s50l8Lk3mz+I5wgJd1zkzCO0DxZIoWPGA3g7cmCYr6N3KRsZMs4W9NAXgjpFGDkW +zYsG3K21BdpvkdjYcFjnPVjlOXB2RIc0vehf9Jl02wXoeCSxVUDEPcaRvWk9RJYx +ZpGOchUU7vNkxHURbIJ4yCzuAi9G8/Jp0dsu+kaV5tufF5SjG5WOrzKjaQsCbdN1 +oqaWMCHRrTvov/Z2C+xwsptFOdN5CSyZzg6hQiI4GMlBAoHAXyb6KINcOEi0YMp3 +BFXJ23tMTnEs78tozcKeipigcsbaqORK3omS+NEnj+uzKUzJyl4CsMbKstK2tFYS +mSTCHqgE3PBtIpsZtEqhgUraR8IK9GPpzZDTTl9ynZgwFTNlWw3RyuyVXF56J+T8 +kCGJ3hEHCHqT/ZRQyX85BKIDFhA0z4tYKxWVqIFiYBNq56R0X9tMMmMs36mEnF93 +7Ht6mowxTZQRa7nU0qOgeKh/P7ki4Zus3y+WJ+T9IqahLtlRAoHBAIhqMrcxSAB8 +RpB9jukJlAnidw2jCMPgrFE8tP0khhVvGrXMldxAUsMKntDIo8dGCnG1KTcWDI0O +jepvSPHSsxVLFugL79h0eVIS5z4huW48i9xgU8VlHdgAcgEPIAOFcOw2BCu/s0Vp +O+MM/EyUOdo3NsibB3qc/GJI6iNBYS7AljYEVo6rXo5V/MZvZUF4vClen6Obzsre +MTTb+4sJjfqleWuvr1XNMeu2mBfXBQkWGZP1byBK0MvD/aQ2PWq92A== +-----END RSA PRIVATE KEY----- diff --git a/testdata/dnstap.tdir/unbound_server.pem b/testdata/dnstap.tdir/unbound_server.pem new file mode 100644 index 000000000000..986807310f2b --- /dev/null +++ b/testdata/dnstap.tdir/unbound_server.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDqzCCAhMCFBHWXeQ6ZIa9QcQbXLFfC6tj+KA+MA0GCSqGSIb3DQEBCwUAMBIx +EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjI5WhcNNDAwMzI1MTMzMjI5 +WjASMRAwDgYDVQQDDAd1bmJvdW5kMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIB +igKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI0x41iG32 +a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+NqqGRS7XVQ2 +4vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Zuh9MDgot +aBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8KWaBe1ca4 +TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5FzUReSXZ +uTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xPq6O9UPj4 ++nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XLA5UoZgRz +XgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP7kFZSngx +dy1+A/bNAgMBAAEwDQYJKoZIhvcNAQELBQADggGBABunf93MKaCUHiZgnoOTinsW +84/EgInrgtKzAyH+BhnKkJOhhR0kkIAx5d9BpDlaSiRTACFon9moWCgDIIsK/Ar7 +JE0Kln9cV//wiiNoFU0O4mnzyGUIMvlaEX6QHMJJQYvL05+w/3AAcf5XmMJtR5ca +fJ8FqvGC34b2WxX9lTQoyT52sRt+1KnQikiMEnEyAdKktMG+MwKsFDdOwDXyZhZg +XZhRrfX3/NVJolqB6EahjWIGXDeKuSSKZVtCyib6LskyeMzN5lcRfvubKDdlqFVF +qlD7rHBsKhQUWK/IO64mGf7y/de+CgHtED5vDvr/p2uj/9sABATfbrOQR3W/Of25 +sLBj4OEfrJ7lX8hQgFaxkMI3x6VFT3W8dTCp7xnQgb6bgROWB5fNEZ9jk/gjSRmD +yIU+r0UbKe5kBk/CmZVFXL2TyJ92V5NYEQh8V4DGy19qZ6u/XKYyNJL4ocs35GGe +CA8SBuyrmdhx38h1RHErR2Skzadi1S7MwGf1y431fQ== +-----END CERTIFICATE----- diff --git a/testdata/dnstap_reconnect.tdir/dnstap_reconnect.conf b/testdata/dnstap_reconnect.tdir/dnstap_reconnect.conf new file mode 100644 index 000000000000..07febae5a8de --- /dev/null +++ b/testdata/dnstap_reconnect.tdir/dnstap_reconnect.conf @@ -0,0 +1,40 @@ +server: + verbosity: 2 + num-threads: 1 + outgoing-range: 16 + interface: 127.0.0.1 + port: @PORT@ + use-syslog: no + directory: "" + pidfile: "unbound.pid" + chroot: "" + username: "" + do-not-query-localhost: no + local-zone: "example.net." redirect + local-data: "example.net. IN A 10.20.30.41" +remote-control: + control-enable: yes + control-interface: 127.0.0.1 + # control-interface: ::1 + control-port: @CONTROL_PORT@ + server-key-file: "unbound_server.key" + server-cert-file: "unbound_server.pem" + control-key-file: "unbound_control.key" + control-cert-file: "unbound_control.pem" +forward-zone: + name: "." + forward-addr: "127.0.0.1@@TOPORT@" +dnstap: + dnstap-enable: yes + dnstap-socket-path: "dnstap.socket" + dnstap-send-identity: yes + dnstap-send-version: yes + #dnstap-identity + #dnstap-version + dnstap-log-resolver-query-messages: yes + dnstap-log-resolver-response-messages: yes + dnstap-log-client-query-messages: yes + dnstap-log-client-response-messages: yes + dnstap-log-forwarder-query-messages: yes + dnstap-log-forwarder-response-messages: yes + diff --git a/testdata/dnstap_reconnect.tdir/dnstap_reconnect.dsc b/testdata/dnstap_reconnect.tdir/dnstap_reconnect.dsc new file mode 100644 index 000000000000..c6b12800669c --- /dev/null +++ b/testdata/dnstap_reconnect.tdir/dnstap_reconnect.dsc @@ -0,0 +1,16 @@ +BaseName: dnstap_reconnect +Version: 1.0 +Description: test dnstap reconnect +CreationDate: Tue Jan 21 13:00:38 CET 2020 +Maintainer: dr. W.C.A. Wijngaards +Category: +Component: +CmdDepends: +Depends: +Help: +Pre: dnstap_reconnect.pre +Post: dnstap_reconnect.post +Test: dnstap_reconnect.test +AuxFiles: +Passed: +Failure: diff --git a/testdata/dnstap_reconnect.tdir/dnstap_reconnect.post b/testdata/dnstap_reconnect.tdir/dnstap_reconnect.post new file mode 100644 index 000000000000..8474b3a02cfc --- /dev/null +++ b/testdata/dnstap_reconnect.tdir/dnstap_reconnect.post @@ -0,0 +1,16 @@ +# #-- dnstap_reconnect.post --# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# source the test var file when it's there +[ -f .tpkg.var.test ] && source .tpkg.var.test +# +# do your teardown here +. ../common.sh +PRE="../.." +if grep "define USE_DNSTAP 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi +kill_pid $DNSTAP_SOCKET_PID +kill_pid $FWD_PID +kill $UNBOUND_PID +kill $UNBOUND_PID >/dev/null 2>&1 +cat unbound.log +exit 0 diff --git a/testdata/dnstap_reconnect.tdir/dnstap_reconnect.pre b/testdata/dnstap_reconnect.tdir/dnstap_reconnect.pre new file mode 100644 index 000000000000..a1aba4f35c5d --- /dev/null +++ b/testdata/dnstap_reconnect.tdir/dnstap_reconnect.pre @@ -0,0 +1,55 @@ +# #-- dnstap_reconnect.pre--# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test + +. ../common.sh + +PRE="../.." +if grep "define USE_DNSTAP 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi + +get_random_port 3 +UNBOUND_PORT=$RND_PORT +FWD_PORT=$(($RND_PORT + 1)) +CONTROL_PORT=$(($RND_PORT + 2)) +echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test +echo "FWD_PORT=$FWD_PORT" >> .tpkg.var.test +echo "CONTROL_PORT=$CONTROL_PORT" >> .tpkg.var.test + +# start forwarder +get_ldns_testns +$LDNS_TESTNS -p $FWD_PORT dnstap_reconnect.testns >fwd.log 2>&1 & +FWD_PID=$! +echo "FWD_PID=$FWD_PID" >> .tpkg.var.test + +# start the dnstap log server +# the -vvvv flag prints protocol and connection information from the +# unbound-dnstap-socket server. +# the -l flag prints the DNS info in the DNSTAP packet in multiline output. +# stderr is the '-vvvv' server logs and errors. +# stdout is the one-line packet logs (or with -l, multiline). +$PRE/unbound-dnstap-socket -u dnstap.socket -l -vvvv 2>tap.errlog >tap.log & +if test $? -ne 0; then + echo "could not start unbound-dnstap-socket server" + exit 1 +fi +DNSTAP_SOCKET_PID=$! +echo "DNSTAP_SOCKET_PID=$DNSTAP_SOCKET_PID" >> .tpkg.var.test +# wait for the server to go up and make the dnstap.socket file +wait_server_up "tap.errlog" "creating unix socket" +if test ! -S dnstap.socket; then + echo "the dnstap.socket file does not exist!" +fi + +# make config file +sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@TOPORT\@/'$FWD_PORT'/' -e 's/@CONTROL_PORT\@/'$CONTROL_PORT'/' < dnstap_reconnect.conf > ub.conf +# start unbound in the background +$PRE/unbound -d -c ub.conf >unbound.log 2>&1 & +UNBOUND_PID=$! +echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test + +cat .tpkg.var.test +wait_ldns_testns_up fwd.log +wait_unbound_up unbound.log + diff --git a/testdata/dnstap_reconnect.tdir/dnstap_reconnect.test b/testdata/dnstap_reconnect.tdir/dnstap_reconnect.test new file mode 100644 index 000000000000..94679bc66e78 --- /dev/null +++ b/testdata/dnstap_reconnect.tdir/dnstap_reconnect.test @@ -0,0 +1,98 @@ +# #-- dnstap_reconnect.test --# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test + +. ../common.sh +PRE="../.." +if grep "define USE_DNSTAP 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi + +# test if the server is up. +echo "> dig www.example.com." +dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile +echo "> check answer" +if grep "10.20.30.40" outfile; then + echo "OK" +else + echo "> cat logfiles" + cat tap.log + cat tap.errlog + cat fwd.log + cat unbound.log + echo "Not OK" + exit 1 +fi + +echo "> check tap.log for dnstap info" +# see if it logged the information in tap.log +# wait for a moment for filesystem to catch up. +if grep "www.example.com" tap.log >/dev/null; then :; else sleep 1; fi +if grep "www.example.com" tap.log >/dev/null; then :; else sleep 1; fi +if grep "www.example.com" tap.log >/dev/null; then :; else sleep 1; fi +if grep "www.example.com" tap.log >/dev/null; then :; else sleep 10; fi +if grep "www.example.com" tap.log; then echo "yes it is in tap.log"; +else + echo "information not in tap.log" + echo "failed" + echo "> cat logfiles" + cat tap.log + cat tap.errlog + cat fwd.log + cat unbound.log + echo "Not OK" + exit 1 +fi + +echo "" +echo "> test disconnect from the upstream server" + +kill_pid $DNSTAP_SOCKET_PID +dig @127.0.0.1 -p $UNBOUND_PORT down.example.net. + +# bring log socket back up +$PRE/unbound-dnstap-socket -u dnstap.socket -l -vvvv 2>tap2.errlog >tap2.log & +if test $? -ne 0; then + echo "could not start (again) unbound-dnstap-socket server" + exit 1 +fi +DNSTAP_SOCKET_PID=$! +echo "DNSTAP_SOCKET_PID=$DNSTAP_SOCKET_PID" >> .tpkg.var.test +# wait for the server to go up and make the dnstap.socket file +wait_server_up "tap2.errlog" "creating unix socket" + +dig @127.0.0.1 -p $UNBOUND_PORT up.example.net. +sleep 2 +dig @127.0.0.1 -p $UNBOUND_PORT up2.example.net. + +for x in down up up2; do + if grep "$x.example.net" tap2.log >/dev/null; then :; else sleep 1; fi + if grep "$x.example.net" tap2.log >/dev/null; then :; else sleep 1; fi + if grep "$x.example.net" tap2.log >/dev/null; then :; else sleep 1; fi + if grep "$x.example.net" tap2.log >/dev/null; then :; else sleep 10; fi + if grep "$x.example.net" tap2.log; then echo "yes it is in tap2.log"; + else + echo "$x.example.net. information not in tap2.log" + echo "failed" + echo "> cat logfiles" + cat tap.log + cat tap.errlog + echo "> tap2 logfiles" + cat tap2.log + cat tap2.errlog + cat fwd.log + cat unbound.log + echo "Not OK" + exit 1 + fi +done + +echo "> cat logfiles" +cat tap.log +cat tap.errlog +echo "> tap2 logfiles" +cat tap2.log +cat tap2.errlog +cat fwd.log +echo "> OK" +exit 0 diff --git a/testdata/dnstap_reconnect.tdir/dnstap_reconnect.testns b/testdata/dnstap_reconnect.tdir/dnstap_reconnect.testns new file mode 100644 index 000000000000..0c911ca5b30e --- /dev/null +++ b/testdata/dnstap_reconnect.tdir/dnstap_reconnect.testns @@ -0,0 +1,22 @@ +; nameserver test file +$ORIGIN example.com. +$TTL 3600 + +ENTRY_BEGIN +MATCH opcode qtype qname +REPLY QR AA NOERROR +ADJUST copy_id +SECTION QUESTION +www IN A +SECTION ANSWER +www IN A 10.20.30.40 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +REPLY QR AA SERVFAIL +ADJUST copy_id +SECTION QUESTION +www.example.net. IN A +ENTRY_END + diff --git a/testdata/dnstap_reconnect.tdir/unbound_control.key b/testdata/dnstap_reconnect.tdir/unbound_control.key new file mode 100644 index 000000000000..753a4ef6162e --- /dev/null +++ b/testdata/dnstap_reconnect.tdir/unbound_control.key @@ -0,0 +1,39 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIG4gIBAAKCAYEAstEp+Pyh8XGrtZ77A4FhYjvbeB3dMa7Q2rGWxobzlA9przhA +1aChAvUtCOAuM+rB6NTNB8YWfZJbQHawyMNpmC77cg6vXLYCGUQHZyAqidN049RJ +F5T7j4N8Vniv17LiRdr0S6swy4PRvEnIPPV43EQHZqC5jVvHsKkhIfmBF/Dj5TXR +ypeawWV/m5jeU6/4HRYMfytBZdO1mPXuWLh0lgbQ4SCbgrOUVD3rniMk1yZIbQOm +vlDHYqekjDb/vOW2KxUQLG04aZMJ1mWfdbwG0CKQkSjISEDZ1l76vhM6mTM0fwXb +IvyFZ9yPPCle1mF5aSlxS2cmGuGVSRQaw8XF9fe3a9ACJJTr33HdSpyaZkKRAUzL +cKqLCl323daKv3NwwAT03Tj4iQM416ASMoiyfFa/2GWTKQVjddu8Crar7tGaf5xr +lig4DBmrBvdYA3njy72/RD71hLwmlRoCGU7dRuDr9O6KASUm1Ri91ONZ/qdjMvov +15l2vj4GV+KXR00dAgMBAAECggGAHepIL1N0dEQkCdpy+/8lH54L9WhpnOo2HqAf +LU9eaKK7d4jdr9+TkD8cLaPzltPrZNxVALvu/0sA4SP6J1wpyj/x6P7z73qzly5+ +Xo5PD4fEwmi9YaiW/UduAblnEZrnp/AddptJKoL/D5T4XtpiQddPtael4zQ7kB57 +YIexRSQTvEDovA/o3/nvA0TrzOxfgd4ycQP3iOWGN/TMzyLsvjydrUwbOB567iz9 +whL3Etdgvnwh5Sz2blbFfH+nAR8ctvFFz+osPvuIVR21VMEI6wm7kTpSNnQ6sh/c +lrLb/bTADn4g7z/LpIZJ+MrLvyEcoqValrLYeFBhM9CV8woPxvkO2P3pU47HVGax +tC7GV6a/kt5RoKFd/TNdiA3OC7NGZtaeXv9VkPf4fVwBtSO9d5ZZXTGEynDD/rUQ +U4KFJe6OD23APjse08HiiKqTPhsOneOONU67iqoaTdIkT2R4EdlkVEDpXVtWb+G9 +Q+IqYzVljlzuyHrhWXLJw/FMa2aBAoHBAOnZbi4gGpH+P6886WDWVgIlTccuXoyc +Mg9QQYk9UDeXxL0AizR5bZy49Sduegz9vkHpAiZARQsUnizHjZ8YlRcrmn4t6tx3 +ahTIKAjdprnxJfYINM580j8CGbXvX5LhIlm3O267D0Op+co3+7Ujy+cjsIuFQrP+ +1MqMgXSeBjzC1APivmps7HeFE+4w0k2PfN5wSMDNCzLo99PZuUG5XZ93OVOS5dpN +b+WskdcD8NOoJy/X/5A08veEI/jYO/DyqQKBwQDDwUQCOWf41ecvJLtBHKmEnHDz +ftzHino9DRKG8a9XaN4rmetnoWEaM2vHGX3pf3mwH+dAe8vJdAQueDhBKYeEpm6C +TYNOpou1+Zs5s99BilCTNYo8fkMOAyqwRwmz9zgHS6QxXuPwsghKefLJGt6o6RFF +tfWVTfLlYJ+I3GQe3ySsk3wjVz4oUTKiyiq5+KzD+HhEkS7u+RQ7Z0ZI2xd2cF8Y +aN2hjKDpcOiFf3CDoqka5D1qMNLgIHO52AHww1UCgcA1h7o7AMpURRka6hyaODY0 +A4oMYEbwdQjYjIyT998W+rzkbu1us6UtzQEBZ760npkgyU/epbOoV63lnkCC/MOU +LD0PST+L/CHiY/cWIHb79YG1EifUZKpUFg0Aoq0EGFkepF0MefGCkbRGYA5UZr9U +R80wAu9D+L+JJiS0J0BSRF74DL196zUuHt5zFeXuLzxsRtPAnq9DliS08BACRYZy +7H3I7cWD9Vn5/0jbKWHFcaaWwyETR6uekTcSzZzbCRECgcBeoE3/xUA9SSk34Mmj +7/cB4522Ft0imA3+9RK/qJTZ7Bd5fC4PKjOGNtUiqW/0L2rjeIiQ40bfWvWqgPKw +jSK1PL6uvkl6+4cNsFsYyZpiVDoe7wKju2UuoNlB3RUTqa2r2STFuNj2wRjA57I1 +BIgdnox65jqQsd14g/yaa+75/WP9CE45xzKEyrtvdcqxm0Pod3OrsYK+gikFjiar +kT0GQ8u0QPzh2tjt/2ZnIfOBrl+QYERP0MofDZDjhUdq2wECgcB0Lu841+yP5cdR +qbJhXO4zJNh7oWNcJlOuQp3ZMNFrA1oHpe9pmLukiROOy01k9WxIMQDzU5GSqRv3 +VLkYOIcbhJ3kClKAcM3j95SkKbU2H5/RENb3Ck52xtl4pNU1x/3PnVFZfDVuuHO9 +MZ9YBcIeK98MyP2jr5JtFKnOyPE7xKq0IHIhXadpbc2wjje5FtZ1cUtMyEECCXNa +C1TpXebHGyXGpY9WdWXhjdE/1jPvfS+uO5WyuDpYPr339gsdq1g= +-----END RSA PRIVATE KEY----- diff --git a/testdata/dnstap_reconnect.tdir/unbound_control.pem b/testdata/dnstap_reconnect.tdir/unbound_control.pem new file mode 100644 index 000000000000..a1edf7017f1d --- /dev/null +++ b/testdata/dnstap_reconnect.tdir/unbound_control.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDszCCAhsCFGD5193whHQ2bVdzbaQfdf1gc4SkMA0GCSqGSIb3DQEBCwUAMBIx +EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjMwWhcNNDAwMzI1MTMzMjMw +WjAaMRgwFgYDVQQDDA91bmJvdW5kLWNvbnRyb2wwggGiMA0GCSqGSIb3DQEBAQUA +A4IBjwAwggGKAoIBgQCy0Sn4/KHxcau1nvsDgWFiO9t4Hd0xrtDasZbGhvOUD2mv +OEDVoKEC9S0I4C4z6sHo1M0HxhZ9kltAdrDIw2mYLvtyDq9ctgIZRAdnICqJ03Tj +1EkXlPuPg3xWeK/XsuJF2vRLqzDLg9G8Scg89XjcRAdmoLmNW8ewqSEh+YEX8OPl +NdHKl5rBZX+bmN5Tr/gdFgx/K0Fl07WY9e5YuHSWBtDhIJuCs5RUPeueIyTXJkht +A6a+UMdip6SMNv+85bYrFRAsbThpkwnWZZ91vAbQIpCRKMhIQNnWXvq+EzqZMzR/ +Bdsi/IVn3I88KV7WYXlpKXFLZyYa4ZVJFBrDxcX197dr0AIklOvfcd1KnJpmQpEB +TMtwqosKXfbd1oq/c3DABPTdOPiJAzjXoBIyiLJ8Vr/YZZMpBWN127wKtqvu0Zp/ +nGuWKDgMGasG91gDeePLvb9EPvWEvCaVGgIZTt1G4Ov07ooBJSbVGL3U41n+p2My ++i/XmXa+PgZX4pdHTR0CAwEAATANBgkqhkiG9w0BAQsFAAOCAYEAd++Wen6l8Ifj +4h3p/y16PhSsWJWuJ4wdNYy3/GM84S26wGjzlEEwiW76HpH6VJzPOiBAeWnFKE83 +hFyetEIxgJeIPbcs9ZP/Uoh8GZH9tRISBSN9Hgk2Slr9llo4t1H0g/XTgA5HqMQU +9YydlBh43G7Vw3FVwh09OM6poNOGQKNc/tq2/QdKeUMtyBbLWpRmjH5XcCT35fbn +ZiVOUldqSHD4kKrFO4nJYXZyipRbcXybsLiX9GP0GLemc3IgIvOXyJ2RPp06o/SJ +pzlMlkcAfLJaSuEW57xRakhuNK7m051TKKzJzIEX+NFYOVdafFHS8VwGrYsdrFvD +72tMfu+Fu55y3awdWWGc6YlaGogZiuMnJkvQphwgn+5qE/7CGEckoKEsH601rqIZ +muaIc85+nEcHJeijd/ZlBN9zeltjFoMuqTUENgmv8+tUAdVm/UMY9Vjme6b43ydP +uv6DS02+k9z8toxXworLiPr94BGaiGV1NxgwZKLZigYJt/Fi2Qte +-----END CERTIFICATE----- diff --git a/testdata/dnstap_reconnect.tdir/unbound_server.key b/testdata/dnstap_reconnect.tdir/unbound_server.key new file mode 100644 index 000000000000..370a7bbb2f22 --- /dev/null +++ b/testdata/dnstap_reconnect.tdir/unbound_server.key @@ -0,0 +1,39 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIG5AIBAAKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI +0x41iG32a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+Nqq +GRS7XVQ24vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Z +uh9MDgotaBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8K +WaBe1ca4TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5 +FzUReSXZuTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xP +q6O9UPj4+nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XL +A5UoZgRzXgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP +7kFZSngxdy1+A/bNAgMBAAECggGBALpTOIqQwVg4CFBylL/a8K1IWJTI/I65sklf +XxYL7G7SB2HlEJ//z+E+F0+S4Vlao1vyLQ5QkgE82pAUB8FoMWvY1qF0Y8A5wtm6 +iZSGk4OLK488ZbT8Ii9i+AGKgPe2XbVxsJwj8N4k7Zooqec9hz73Up8ATEWJkRz7 +2u7oMGG4z91E0PULA64dOi3l/vOQe5w/Aa+CwVbAWtI05o7kMvQEBMDJn6C7CByo +MB5op9wueJMnz7PM7hns+U7Dy6oE4ljuolJUy51bDzFWwoM54cRoQqLFNHd8JVQj +WxldCkbfF43iyprlsEcUrTyUjtdA+ZeiG39vg/mtdmgNpGmdupHJZQvSuG8IcVlz +O+eMSeQS1QXPD6Ik8UK4SU0h+zOl8xIWtRrsxQuh4fnTN40udm/YUWl/6gOebsBI +IrVLlKGqJSfB3tMjpCRqdTzJ0dA9keVpkqm2ugZkxEf1+/efq/rFIQ2pUBLCqNTN +qpNqruK8y8FphP30I2uI4Ej2UIB8AQKBwQDd2Yptj2FyDyaXCycsyde0wYkNyzGU +dRnzdibfHnMZwjgTjwAwgIUBVIS8H0/z7ZJQKN7osJfddMrtjJtYYUk9g/dCpHXs +bNh2QSoWah3FdzNGuWd0iRf9+LFxhjAAMo/FS8zFJAJKrFsBdCGTfFUMdsLC0bjr +YjiWBuvV72uKf8XIZX5KIZruKdWBBcWukcb21R1UDyFYyXRBsly5XHaIYKZql3km +7pV7MKWO0IYgHbHIqGUqPQlzZ/lkunS1jKECgcEA23wHffD6Ou9/x3okPx2AWpTr +gh8rgqbyo6hQkBW5Y90Wz824cqaYebZDaBR/xlVx/YwjKkohv8Bde2lpH/ZxRZ1Z +5Sk2s6GJ/vU0L9RsJZgCgj4L6Coal1NMxuZtCXAlnOpiCdxSZgfqbshbTVz30KsG +ZJG361Cua1ScdAHxlZBxT52/1Sm0zRC2hnxL7h4qo7Idmtzs40LAJvYOKekR0pPN +oWeJfra7vgx/jVNvMFWoOoSLpidVO4g+ot4ery6tAoHAdW3rCic1C2zdnmH28Iw+ +s50l8Lk3mz+I5wgJd1zkzCO0DxZIoWPGA3g7cmCYr6N3KRsZMs4W9NAXgjpFGDkW +zYsG3K21BdpvkdjYcFjnPVjlOXB2RIc0vehf9Jl02wXoeCSxVUDEPcaRvWk9RJYx +ZpGOchUU7vNkxHURbIJ4yCzuAi9G8/Jp0dsu+kaV5tufF5SjG5WOrzKjaQsCbdN1 +oqaWMCHRrTvov/Z2C+xwsptFOdN5CSyZzg6hQiI4GMlBAoHAXyb6KINcOEi0YMp3 +BFXJ23tMTnEs78tozcKeipigcsbaqORK3omS+NEnj+uzKUzJyl4CsMbKstK2tFYS +mSTCHqgE3PBtIpsZtEqhgUraR8IK9GPpzZDTTl9ynZgwFTNlWw3RyuyVXF56J+T8 +kCGJ3hEHCHqT/ZRQyX85BKIDFhA0z4tYKxWVqIFiYBNq56R0X9tMMmMs36mEnF93 +7Ht6mowxTZQRa7nU0qOgeKh/P7ki4Zus3y+WJ+T9IqahLtlRAoHBAIhqMrcxSAB8 +RpB9jukJlAnidw2jCMPgrFE8tP0khhVvGrXMldxAUsMKntDIo8dGCnG1KTcWDI0O +jepvSPHSsxVLFugL79h0eVIS5z4huW48i9xgU8VlHdgAcgEPIAOFcOw2BCu/s0Vp +O+MM/EyUOdo3NsibB3qc/GJI6iNBYS7AljYEVo6rXo5V/MZvZUF4vClen6Obzsre +MTTb+4sJjfqleWuvr1XNMeu2mBfXBQkWGZP1byBK0MvD/aQ2PWq92A== +-----END RSA PRIVATE KEY----- diff --git a/testdata/dnstap_reconnect.tdir/unbound_server.pem b/testdata/dnstap_reconnect.tdir/unbound_server.pem new file mode 100644 index 000000000000..986807310f2b --- /dev/null +++ b/testdata/dnstap_reconnect.tdir/unbound_server.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDqzCCAhMCFBHWXeQ6ZIa9QcQbXLFfC6tj+KA+MA0GCSqGSIb3DQEBCwUAMBIx +EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjI5WhcNNDAwMzI1MTMzMjI5 +WjASMRAwDgYDVQQDDAd1bmJvdW5kMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIB +igKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI0x41iG32 +a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+NqqGRS7XVQ2 +4vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Zuh9MDgot +aBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8KWaBe1ca4 +TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5FzUReSXZ +uTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xPq6O9UPj4 ++nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XLA5UoZgRz +XgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP7kFZSngx +dy1+A/bNAgMBAAEwDQYJKoZIhvcNAQELBQADggGBABunf93MKaCUHiZgnoOTinsW +84/EgInrgtKzAyH+BhnKkJOhhR0kkIAx5d9BpDlaSiRTACFon9moWCgDIIsK/Ar7 +JE0Kln9cV//wiiNoFU0O4mnzyGUIMvlaEX6QHMJJQYvL05+w/3AAcf5XmMJtR5ca +fJ8FqvGC34b2WxX9lTQoyT52sRt+1KnQikiMEnEyAdKktMG+MwKsFDdOwDXyZhZg +XZhRrfX3/NVJolqB6EahjWIGXDeKuSSKZVtCyib6LskyeMzN5lcRfvubKDdlqFVF +qlD7rHBsKhQUWK/IO64mGf7y/de+CgHtED5vDvr/p2uj/9sABATfbrOQR3W/Of25 +sLBj4OEfrJ7lX8hQgFaxkMI3x6VFT3W8dTCp7xnQgb6bgROWB5fNEZ9jk/gjSRmD +yIU+r0UbKe5kBk/CmZVFXL2TyJ92V5NYEQh8V4DGy19qZ6u/XKYyNJL4ocs35GGe +CA8SBuyrmdhx38h1RHErR2Skzadi1S7MwGf1y431fQ== +-----END CERTIFICATE----- diff --git a/testdata/dnstap_tcp.tdir/dnstap_tcp.conf b/testdata/dnstap_tcp.tdir/dnstap_tcp.conf new file mode 100644 index 000000000000..3506ab56a4d1 --- /dev/null +++ b/testdata/dnstap_tcp.tdir/dnstap_tcp.conf @@ -0,0 +1,42 @@ +server: + verbosity: 2 + num-threads: 1 + outgoing-range: 16 + interface: 127.0.0.1 + port: @PORT@ + use-syslog: no + directory: "" + pidfile: "unbound.pid" + chroot: "" + username: "" + do-not-query-localhost: no + local-zone: "example.net." redirect + local-data: "example.net. IN A 10.20.30.41" +remote-control: + control-enable: yes + control-interface: 127.0.0.1 + # control-interface: ::1 + control-port: @CONTROL_PORT@ + server-key-file: "unbound_server.key" + server-cert-file: "unbound_server.pem" + control-key-file: "unbound_control.key" + control-cert-file: "unbound_control.pem" +forward-zone: + name: "." + forward-addr: "127.0.0.1@@TOPORT@" +dnstap: + dnstap-enable: yes + dnstap-socket-path: "dnstap.socket" + dnstap-ip: "127.0.0.1@@TAPPORT@" + dnstap-tls: no + dnstap-send-identity: yes + dnstap-send-version: yes + #dnstap-identity + #dnstap-version + dnstap-log-resolver-query-messages: yes + dnstap-log-resolver-response-messages: yes + dnstap-log-client-query-messages: yes + dnstap-log-client-response-messages: yes + dnstap-log-forwarder-query-messages: yes + dnstap-log-forwarder-response-messages: yes + diff --git a/testdata/dnstap_tcp.tdir/dnstap_tcp.dsc b/testdata/dnstap_tcp.tdir/dnstap_tcp.dsc new file mode 100644 index 000000000000..de4ad82da14d --- /dev/null +++ b/testdata/dnstap_tcp.tdir/dnstap_tcp.dsc @@ -0,0 +1,16 @@ +BaseName: dnstap_tcp +Version: 1.0 +Description: test dnstap tcp and reconnect +CreationDate: Tue Feb 14 14:00:38 CET 2020 +Maintainer: dr. W.C.A. Wijngaards +Category: +Component: +CmdDepends: +Depends: +Help: +Pre: dnstap_tcp.pre +Post: dnstap_tcp.post +Test: dnstap_tcp.test +AuxFiles: +Passed: +Failure: diff --git a/testdata/dnstap_tcp.tdir/dnstap_tcp.post b/testdata/dnstap_tcp.tdir/dnstap_tcp.post new file mode 100644 index 000000000000..8aad21e19b6a --- /dev/null +++ b/testdata/dnstap_tcp.tdir/dnstap_tcp.post @@ -0,0 +1,23 @@ +# #-- dnstap_tcp.post --# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# source the test var file when it's there +[ -f .tpkg.var.test ] && source .tpkg.var.test +# +# do your teardown here +. ../common.sh +PRE="../.." +if grep "define USE_DNSTAP 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi +kill_pid $DNSTAP_SOCKET_PID +kill_pid $FWD_PID +kill $UNBOUND_PID +kill $UNBOUND_PID >/dev/null 2>&1 +cat unbound.log +echo "> tap logfiles" +cat tap.log +cat tap.errlog +echo "> tap2 logfiles" +if test -f tap2.log; then cat tap2.log; fi +if test -f tap2.errlog; then cat tap2.errlog; fi +cat fwd.log +exit 0 diff --git a/testdata/dnstap_tcp.tdir/dnstap_tcp.pre b/testdata/dnstap_tcp.tdir/dnstap_tcp.pre new file mode 100644 index 000000000000..3006603c5648 --- /dev/null +++ b/testdata/dnstap_tcp.tdir/dnstap_tcp.pre @@ -0,0 +1,54 @@ +# #-- dnstap_tcp.pre--# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test + +. ../common.sh + +PRE="../.." +if grep "define USE_DNSTAP 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi + +get_random_port 4 +UNBOUND_PORT=$RND_PORT +FWD_PORT=$(($RND_PORT + 1)) +CONTROL_PORT=$(($RND_PORT + 2)) +TAP_PORT=$(($RND_PORT + 3)) +echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test +echo "FWD_PORT=$FWD_PORT" >> .tpkg.var.test +echo "CONTROL_PORT=$CONTROL_PORT" >> .tpkg.var.test +echo "TAP_PORT=$TAP_PORT" >> .tpkg.var.test + +# start forwarder +get_ldns_testns +$LDNS_TESTNS -p $FWD_PORT dnstap_tcp.testns >fwd.log 2>&1 & +FWD_PID=$! +echo "FWD_PID=$FWD_PID" >> .tpkg.var.test + +# start the dnstap log server +# the -vvvv flag prints protocol and connection information from the +# unbound-dnstap-socket server. +# the -l flag prints the DNS info in the DNSTAP packet in multiline output. +# stderr is the '-vvvv' server logs and errors. +# stdout is the one-line packet logs (or with -l, multiline). +$PRE/unbound-dnstap-socket -s "127.0.0.1@$TAP_PORT" -l -vvvv 2>tap.errlog >tap.log & +if test $? -ne 0; then + echo "could not start unbound-dnstap-socket server" + exit 1 +fi +DNSTAP_SOCKET_PID=$! +echo "DNSTAP_SOCKET_PID=$DNSTAP_SOCKET_PID" >> .tpkg.var.test +# wait for the server to go up +wait_server_up "tap.errlog" "start of service" + +# make config file +sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@TOPORT\@/'$FWD_PORT'/' -e 's/@CONTROL_PORT\@/'$CONTROL_PORT'/' -e 's/@TAPPORT\@/'$TAP_PORT'/' < dnstap_tcp.conf > ub.conf +# start unbound in the background +$PRE/unbound -d -c ub.conf >unbound.log 2>&1 & +UNBOUND_PID=$! +echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test + +cat .tpkg.var.test +wait_ldns_testns_up fwd.log +wait_unbound_up unbound.log + diff --git a/testdata/dnstap_tcp.tdir/dnstap_tcp.test b/testdata/dnstap_tcp.tdir/dnstap_tcp.test new file mode 100644 index 000000000000..d57eecfdbb94 --- /dev/null +++ b/testdata/dnstap_tcp.tdir/dnstap_tcp.test @@ -0,0 +1,95 @@ +# #-- dnstap_tcp.test --# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test + +. ../common.sh +PRE="../.." +if grep "define USE_DNSTAP 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi + +# test if the server is up. +echo "> dig www.example.com." +dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile +echo "> check answer" +if grep "10.20.30.40" outfile; then + echo "OK" +else + echo "> cat logfiles" + cat tap.log + cat tap.errlog + cat fwd.log + cat unbound.log + echo "Not OK" + exit 1 +fi + +echo "> check tap.log for dnstap info" +# see if it logged the information in tap.log +# wait for a moment for filesystem to catch up. +if grep "www.example.com" tap.log >/dev/null; then :; else sleep 1; fi +if grep "www.example.com" tap.log >/dev/null; then :; else sleep 1; fi +if grep "www.example.com" tap.log >/dev/null; then :; else sleep 1; fi +if grep "www.example.com" tap.log >/dev/null; then :; else sleep 1; fi +if grep "www.example.com" tap.log >/dev/null; then :; else sleep 1; fi +if grep "www.example.com" tap.log >/dev/null; then :; else sleep 10; fi +if grep "www.example.com" tap.log; then echo "yes it is in tap.log"; +else + echo "information not in tap.log" + echo "failed" + echo "> cat logfiles" + cat tap.log + cat tap.errlog + cat fwd.log + cat unbound.log + echo "Not OK" + exit 1 +fi + +echo "" +echo "> test disconnect from the upstream server" + +kill_pid $DNSTAP_SOCKET_PID +dig @127.0.0.1 -p $UNBOUND_PORT down.example.net. + +# bring log socket back up +$PRE/unbound-dnstap-socket -s "127.0.0.1@$TAP_PORT" -l -vvvv 2>tap2.errlog >tap2.log & +if test $? -ne 0; then + echo "could not start (again) unbound-dnstap-socket server" + exit 1 +fi +DNSTAP_SOCKET_PID=$! +echo "DNSTAP_SOCKET_PID=$DNSTAP_SOCKET_PID" >> .tpkg.var.test +# wait for the server to go up +wait_server_up "tap2.errlog" "start of service" + +dig @127.0.0.1 -p $UNBOUND_PORT up.example.net. +sleep 2 +dig @127.0.0.1 -p $UNBOUND_PORT up2.example.net. + +for x in down up up2; do + if grep "$x.example.net" tap2.log >/dev/null; then :; else sleep 1; fi + if grep "$x.example.net" tap2.log >/dev/null; then :; else sleep 1; fi + if grep "$x.example.net" tap2.log >/dev/null; then :; else sleep 1; fi + if grep "$x.example.net" tap2.log >/dev/null; then :; else sleep 1; fi + if grep "$x.example.net" tap2.log >/dev/null; then :; else sleep 1; fi + if grep "$x.example.net" tap2.log >/dev/null; then :; else sleep 10; fi + if grep "$x.example.net" tap2.log; then echo "yes it is in tap2.log"; + else + echo "$x.example.net. information not in tap2.log" + echo "failed" + echo "> cat logfiles" + cat tap.log + cat tap.errlog + echo "> tap2 logfiles" + cat tap2.log + cat tap2.errlog + cat fwd.log + cat unbound.log + echo "Not OK" + exit 1 + fi +done + +echo "> OK" +exit 0 diff --git a/testdata/dnstap_tcp.tdir/dnstap_tcp.testns b/testdata/dnstap_tcp.tdir/dnstap_tcp.testns new file mode 100644 index 000000000000..0c911ca5b30e --- /dev/null +++ b/testdata/dnstap_tcp.tdir/dnstap_tcp.testns @@ -0,0 +1,22 @@ +; nameserver test file +$ORIGIN example.com. +$TTL 3600 + +ENTRY_BEGIN +MATCH opcode qtype qname +REPLY QR AA NOERROR +ADJUST copy_id +SECTION QUESTION +www IN A +SECTION ANSWER +www IN A 10.20.30.40 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +REPLY QR AA SERVFAIL +ADJUST copy_id +SECTION QUESTION +www.example.net. IN A +ENTRY_END + diff --git a/testdata/dnstap_tcp.tdir/unbound_control.key b/testdata/dnstap_tcp.tdir/unbound_control.key new file mode 100644 index 000000000000..753a4ef6162e --- /dev/null +++ b/testdata/dnstap_tcp.tdir/unbound_control.key @@ -0,0 +1,39 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIG4gIBAAKCAYEAstEp+Pyh8XGrtZ77A4FhYjvbeB3dMa7Q2rGWxobzlA9przhA +1aChAvUtCOAuM+rB6NTNB8YWfZJbQHawyMNpmC77cg6vXLYCGUQHZyAqidN049RJ +F5T7j4N8Vniv17LiRdr0S6swy4PRvEnIPPV43EQHZqC5jVvHsKkhIfmBF/Dj5TXR +ypeawWV/m5jeU6/4HRYMfytBZdO1mPXuWLh0lgbQ4SCbgrOUVD3rniMk1yZIbQOm +vlDHYqekjDb/vOW2KxUQLG04aZMJ1mWfdbwG0CKQkSjISEDZ1l76vhM6mTM0fwXb +IvyFZ9yPPCle1mF5aSlxS2cmGuGVSRQaw8XF9fe3a9ACJJTr33HdSpyaZkKRAUzL +cKqLCl323daKv3NwwAT03Tj4iQM416ASMoiyfFa/2GWTKQVjddu8Crar7tGaf5xr +lig4DBmrBvdYA3njy72/RD71hLwmlRoCGU7dRuDr9O6KASUm1Ri91ONZ/qdjMvov +15l2vj4GV+KXR00dAgMBAAECggGAHepIL1N0dEQkCdpy+/8lH54L9WhpnOo2HqAf +LU9eaKK7d4jdr9+TkD8cLaPzltPrZNxVALvu/0sA4SP6J1wpyj/x6P7z73qzly5+ +Xo5PD4fEwmi9YaiW/UduAblnEZrnp/AddptJKoL/D5T4XtpiQddPtael4zQ7kB57 +YIexRSQTvEDovA/o3/nvA0TrzOxfgd4ycQP3iOWGN/TMzyLsvjydrUwbOB567iz9 +whL3Etdgvnwh5Sz2blbFfH+nAR8ctvFFz+osPvuIVR21VMEI6wm7kTpSNnQ6sh/c +lrLb/bTADn4g7z/LpIZJ+MrLvyEcoqValrLYeFBhM9CV8woPxvkO2P3pU47HVGax +tC7GV6a/kt5RoKFd/TNdiA3OC7NGZtaeXv9VkPf4fVwBtSO9d5ZZXTGEynDD/rUQ +U4KFJe6OD23APjse08HiiKqTPhsOneOONU67iqoaTdIkT2R4EdlkVEDpXVtWb+G9 +Q+IqYzVljlzuyHrhWXLJw/FMa2aBAoHBAOnZbi4gGpH+P6886WDWVgIlTccuXoyc +Mg9QQYk9UDeXxL0AizR5bZy49Sduegz9vkHpAiZARQsUnizHjZ8YlRcrmn4t6tx3 +ahTIKAjdprnxJfYINM580j8CGbXvX5LhIlm3O267D0Op+co3+7Ujy+cjsIuFQrP+ +1MqMgXSeBjzC1APivmps7HeFE+4w0k2PfN5wSMDNCzLo99PZuUG5XZ93OVOS5dpN +b+WskdcD8NOoJy/X/5A08veEI/jYO/DyqQKBwQDDwUQCOWf41ecvJLtBHKmEnHDz +ftzHino9DRKG8a9XaN4rmetnoWEaM2vHGX3pf3mwH+dAe8vJdAQueDhBKYeEpm6C +TYNOpou1+Zs5s99BilCTNYo8fkMOAyqwRwmz9zgHS6QxXuPwsghKefLJGt6o6RFF +tfWVTfLlYJ+I3GQe3ySsk3wjVz4oUTKiyiq5+KzD+HhEkS7u+RQ7Z0ZI2xd2cF8Y +aN2hjKDpcOiFf3CDoqka5D1qMNLgIHO52AHww1UCgcA1h7o7AMpURRka6hyaODY0 +A4oMYEbwdQjYjIyT998W+rzkbu1us6UtzQEBZ760npkgyU/epbOoV63lnkCC/MOU +LD0PST+L/CHiY/cWIHb79YG1EifUZKpUFg0Aoq0EGFkepF0MefGCkbRGYA5UZr9U +R80wAu9D+L+JJiS0J0BSRF74DL196zUuHt5zFeXuLzxsRtPAnq9DliS08BACRYZy +7H3I7cWD9Vn5/0jbKWHFcaaWwyETR6uekTcSzZzbCRECgcBeoE3/xUA9SSk34Mmj +7/cB4522Ft0imA3+9RK/qJTZ7Bd5fC4PKjOGNtUiqW/0L2rjeIiQ40bfWvWqgPKw +jSK1PL6uvkl6+4cNsFsYyZpiVDoe7wKju2UuoNlB3RUTqa2r2STFuNj2wRjA57I1 +BIgdnox65jqQsd14g/yaa+75/WP9CE45xzKEyrtvdcqxm0Pod3OrsYK+gikFjiar +kT0GQ8u0QPzh2tjt/2ZnIfOBrl+QYERP0MofDZDjhUdq2wECgcB0Lu841+yP5cdR +qbJhXO4zJNh7oWNcJlOuQp3ZMNFrA1oHpe9pmLukiROOy01k9WxIMQDzU5GSqRv3 +VLkYOIcbhJ3kClKAcM3j95SkKbU2H5/RENb3Ck52xtl4pNU1x/3PnVFZfDVuuHO9 +MZ9YBcIeK98MyP2jr5JtFKnOyPE7xKq0IHIhXadpbc2wjje5FtZ1cUtMyEECCXNa +C1TpXebHGyXGpY9WdWXhjdE/1jPvfS+uO5WyuDpYPr339gsdq1g= +-----END RSA PRIVATE KEY----- diff --git a/testdata/dnstap_tcp.tdir/unbound_control.pem b/testdata/dnstap_tcp.tdir/unbound_control.pem new file mode 100644 index 000000000000..a1edf7017f1d --- /dev/null +++ b/testdata/dnstap_tcp.tdir/unbound_control.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDszCCAhsCFGD5193whHQ2bVdzbaQfdf1gc4SkMA0GCSqGSIb3DQEBCwUAMBIx +EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjMwWhcNNDAwMzI1MTMzMjMw +WjAaMRgwFgYDVQQDDA91bmJvdW5kLWNvbnRyb2wwggGiMA0GCSqGSIb3DQEBAQUA +A4IBjwAwggGKAoIBgQCy0Sn4/KHxcau1nvsDgWFiO9t4Hd0xrtDasZbGhvOUD2mv +OEDVoKEC9S0I4C4z6sHo1M0HxhZ9kltAdrDIw2mYLvtyDq9ctgIZRAdnICqJ03Tj +1EkXlPuPg3xWeK/XsuJF2vRLqzDLg9G8Scg89XjcRAdmoLmNW8ewqSEh+YEX8OPl +NdHKl5rBZX+bmN5Tr/gdFgx/K0Fl07WY9e5YuHSWBtDhIJuCs5RUPeueIyTXJkht +A6a+UMdip6SMNv+85bYrFRAsbThpkwnWZZ91vAbQIpCRKMhIQNnWXvq+EzqZMzR/ +Bdsi/IVn3I88KV7WYXlpKXFLZyYa4ZVJFBrDxcX197dr0AIklOvfcd1KnJpmQpEB +TMtwqosKXfbd1oq/c3DABPTdOPiJAzjXoBIyiLJ8Vr/YZZMpBWN127wKtqvu0Zp/ +nGuWKDgMGasG91gDeePLvb9EPvWEvCaVGgIZTt1G4Ov07ooBJSbVGL3U41n+p2My ++i/XmXa+PgZX4pdHTR0CAwEAATANBgkqhkiG9w0BAQsFAAOCAYEAd++Wen6l8Ifj +4h3p/y16PhSsWJWuJ4wdNYy3/GM84S26wGjzlEEwiW76HpH6VJzPOiBAeWnFKE83 +hFyetEIxgJeIPbcs9ZP/Uoh8GZH9tRISBSN9Hgk2Slr9llo4t1H0g/XTgA5HqMQU +9YydlBh43G7Vw3FVwh09OM6poNOGQKNc/tq2/QdKeUMtyBbLWpRmjH5XcCT35fbn +ZiVOUldqSHD4kKrFO4nJYXZyipRbcXybsLiX9GP0GLemc3IgIvOXyJ2RPp06o/SJ +pzlMlkcAfLJaSuEW57xRakhuNK7m051TKKzJzIEX+NFYOVdafFHS8VwGrYsdrFvD +72tMfu+Fu55y3awdWWGc6YlaGogZiuMnJkvQphwgn+5qE/7CGEckoKEsH601rqIZ +muaIc85+nEcHJeijd/ZlBN9zeltjFoMuqTUENgmv8+tUAdVm/UMY9Vjme6b43ydP +uv6DS02+k9z8toxXworLiPr94BGaiGV1NxgwZKLZigYJt/Fi2Qte +-----END CERTIFICATE----- diff --git a/testdata/dnstap_tcp.tdir/unbound_server.key b/testdata/dnstap_tcp.tdir/unbound_server.key new file mode 100644 index 000000000000..370a7bbb2f22 --- /dev/null +++ b/testdata/dnstap_tcp.tdir/unbound_server.key @@ -0,0 +1,39 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIG5AIBAAKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI +0x41iG32a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+Nqq +GRS7XVQ24vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Z +uh9MDgotaBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8K +WaBe1ca4TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5 +FzUReSXZuTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xP +q6O9UPj4+nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XL +A5UoZgRzXgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP +7kFZSngxdy1+A/bNAgMBAAECggGBALpTOIqQwVg4CFBylL/a8K1IWJTI/I65sklf +XxYL7G7SB2HlEJ//z+E+F0+S4Vlao1vyLQ5QkgE82pAUB8FoMWvY1qF0Y8A5wtm6 +iZSGk4OLK488ZbT8Ii9i+AGKgPe2XbVxsJwj8N4k7Zooqec9hz73Up8ATEWJkRz7 +2u7oMGG4z91E0PULA64dOi3l/vOQe5w/Aa+CwVbAWtI05o7kMvQEBMDJn6C7CByo +MB5op9wueJMnz7PM7hns+U7Dy6oE4ljuolJUy51bDzFWwoM54cRoQqLFNHd8JVQj +WxldCkbfF43iyprlsEcUrTyUjtdA+ZeiG39vg/mtdmgNpGmdupHJZQvSuG8IcVlz +O+eMSeQS1QXPD6Ik8UK4SU0h+zOl8xIWtRrsxQuh4fnTN40udm/YUWl/6gOebsBI +IrVLlKGqJSfB3tMjpCRqdTzJ0dA9keVpkqm2ugZkxEf1+/efq/rFIQ2pUBLCqNTN +qpNqruK8y8FphP30I2uI4Ej2UIB8AQKBwQDd2Yptj2FyDyaXCycsyde0wYkNyzGU +dRnzdibfHnMZwjgTjwAwgIUBVIS8H0/z7ZJQKN7osJfddMrtjJtYYUk9g/dCpHXs +bNh2QSoWah3FdzNGuWd0iRf9+LFxhjAAMo/FS8zFJAJKrFsBdCGTfFUMdsLC0bjr +YjiWBuvV72uKf8XIZX5KIZruKdWBBcWukcb21R1UDyFYyXRBsly5XHaIYKZql3km +7pV7MKWO0IYgHbHIqGUqPQlzZ/lkunS1jKECgcEA23wHffD6Ou9/x3okPx2AWpTr +gh8rgqbyo6hQkBW5Y90Wz824cqaYebZDaBR/xlVx/YwjKkohv8Bde2lpH/ZxRZ1Z +5Sk2s6GJ/vU0L9RsJZgCgj4L6Coal1NMxuZtCXAlnOpiCdxSZgfqbshbTVz30KsG +ZJG361Cua1ScdAHxlZBxT52/1Sm0zRC2hnxL7h4qo7Idmtzs40LAJvYOKekR0pPN +oWeJfra7vgx/jVNvMFWoOoSLpidVO4g+ot4ery6tAoHAdW3rCic1C2zdnmH28Iw+ +s50l8Lk3mz+I5wgJd1zkzCO0DxZIoWPGA3g7cmCYr6N3KRsZMs4W9NAXgjpFGDkW +zYsG3K21BdpvkdjYcFjnPVjlOXB2RIc0vehf9Jl02wXoeCSxVUDEPcaRvWk9RJYx +ZpGOchUU7vNkxHURbIJ4yCzuAi9G8/Jp0dsu+kaV5tufF5SjG5WOrzKjaQsCbdN1 +oqaWMCHRrTvov/Z2C+xwsptFOdN5CSyZzg6hQiI4GMlBAoHAXyb6KINcOEi0YMp3 +BFXJ23tMTnEs78tozcKeipigcsbaqORK3omS+NEnj+uzKUzJyl4CsMbKstK2tFYS +mSTCHqgE3PBtIpsZtEqhgUraR8IK9GPpzZDTTl9ynZgwFTNlWw3RyuyVXF56J+T8 +kCGJ3hEHCHqT/ZRQyX85BKIDFhA0z4tYKxWVqIFiYBNq56R0X9tMMmMs36mEnF93 +7Ht6mowxTZQRa7nU0qOgeKh/P7ki4Zus3y+WJ+T9IqahLtlRAoHBAIhqMrcxSAB8 +RpB9jukJlAnidw2jCMPgrFE8tP0khhVvGrXMldxAUsMKntDIo8dGCnG1KTcWDI0O +jepvSPHSsxVLFugL79h0eVIS5z4huW48i9xgU8VlHdgAcgEPIAOFcOw2BCu/s0Vp +O+MM/EyUOdo3NsibB3qc/GJI6iNBYS7AljYEVo6rXo5V/MZvZUF4vClen6Obzsre +MTTb+4sJjfqleWuvr1XNMeu2mBfXBQkWGZP1byBK0MvD/aQ2PWq92A== +-----END RSA PRIVATE KEY----- diff --git a/testdata/dnstap_tcp.tdir/unbound_server.pem b/testdata/dnstap_tcp.tdir/unbound_server.pem new file mode 100644 index 000000000000..986807310f2b --- /dev/null +++ b/testdata/dnstap_tcp.tdir/unbound_server.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDqzCCAhMCFBHWXeQ6ZIa9QcQbXLFfC6tj+KA+MA0GCSqGSIb3DQEBCwUAMBIx +EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjI5WhcNNDAwMzI1MTMzMjI5 +WjASMRAwDgYDVQQDDAd1bmJvdW5kMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIB +igKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI0x41iG32 +a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+NqqGRS7XVQ2 +4vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Zuh9MDgot +aBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8KWaBe1ca4 +TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5FzUReSXZ +uTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xPq6O9UPj4 ++nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XLA5UoZgRz +XgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP7kFZSngx +dy1+A/bNAgMBAAEwDQYJKoZIhvcNAQELBQADggGBABunf93MKaCUHiZgnoOTinsW +84/EgInrgtKzAyH+BhnKkJOhhR0kkIAx5d9BpDlaSiRTACFon9moWCgDIIsK/Ar7 +JE0Kln9cV//wiiNoFU0O4mnzyGUIMvlaEX6QHMJJQYvL05+w/3AAcf5XmMJtR5ca +fJ8FqvGC34b2WxX9lTQoyT52sRt+1KnQikiMEnEyAdKktMG+MwKsFDdOwDXyZhZg +XZhRrfX3/NVJolqB6EahjWIGXDeKuSSKZVtCyib6LskyeMzN5lcRfvubKDdlqFVF +qlD7rHBsKhQUWK/IO64mGf7y/de+CgHtED5vDvr/p2uj/9sABATfbrOQR3W/Of25 +sLBj4OEfrJ7lX8hQgFaxkMI3x6VFT3W8dTCp7xnQgb6bgROWB5fNEZ9jk/gjSRmD +yIU+r0UbKe5kBk/CmZVFXL2TyJ92V5NYEQh8V4DGy19qZ6u/XKYyNJL4ocs35GGe +CA8SBuyrmdhx38h1RHErR2Skzadi1S7MwGf1y431fQ== +-----END CERTIFICATE----- diff --git a/testdata/dnstap_tls.tdir/dnstap_tls.conf b/testdata/dnstap_tls.tdir/dnstap_tls.conf new file mode 100644 index 000000000000..3bff3d1d057d --- /dev/null +++ b/testdata/dnstap_tls.tdir/dnstap_tls.conf @@ -0,0 +1,42 @@ +server: + verbosity: 2 + num-threads: 1 + outgoing-range: 16 + interface: 127.0.0.1 + port: @PORT@ + use-syslog: no + directory: "" + pidfile: "unbound.pid" + chroot: "" + username: "" + do-not-query-localhost: no + local-zone: "example.net." redirect + local-data: "example.net. IN A 10.20.30.41" +remote-control: + control-enable: yes + control-interface: 127.0.0.1 + # control-interface: ::1 + control-port: @CONTROL_PORT@ + server-key-file: "unbound_server.key" + server-cert-file: "unbound_server.pem" + control-key-file: "unbound_control.key" + control-cert-file: "unbound_control.pem" +forward-zone: + name: "." + forward-addr: "127.0.0.1@@TOPORT@" +dnstap: + dnstap-enable: yes + dnstap-socket-path: "dnstap.socket" + dnstap-ip: "127.0.0.1@@TAPPORT@" + dnstap-tls: yes + dnstap-send-identity: yes + dnstap-send-version: yes + #dnstap-identity + #dnstap-version + dnstap-log-resolver-query-messages: yes + dnstap-log-resolver-response-messages: yes + dnstap-log-client-query-messages: yes + dnstap-log-client-response-messages: yes + dnstap-log-forwarder-query-messages: yes + dnstap-log-forwarder-response-messages: yes + diff --git a/testdata/dnstap_tls.tdir/dnstap_tls.dsc b/testdata/dnstap_tls.tdir/dnstap_tls.dsc new file mode 100644 index 000000000000..20a4467ce627 --- /dev/null +++ b/testdata/dnstap_tls.tdir/dnstap_tls.dsc @@ -0,0 +1,16 @@ +BaseName: dnstap_tls +Version: 1.0 +Description: test dnstap tls and reconnect +CreationDate: Tue Feb 14 14:00:38 CET 2020 +Maintainer: dr. W.C.A. Wijngaards +Category: +Component: +CmdDepends: +Depends: +Help: +Pre: dnstap_tls.pre +Post: dnstap_tls.post +Test: dnstap_tls.test +AuxFiles: +Passed: +Failure: diff --git a/testdata/dnstap_tls.tdir/dnstap_tls.post b/testdata/dnstap_tls.tdir/dnstap_tls.post new file mode 100644 index 000000000000..fe1824a063d8 --- /dev/null +++ b/testdata/dnstap_tls.tdir/dnstap_tls.post @@ -0,0 +1,23 @@ +# #-- dnstap_tls.post --# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# source the test var file when it's there +[ -f .tpkg.var.test ] && source .tpkg.var.test +# +# do your teardown here +. ../common.sh +PRE="../.." +if grep "define USE_DNSTAP 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi +kill_pid $DNSTAP_SOCKET_PID +kill_pid $FWD_PID +kill $UNBOUND_PID +kill $UNBOUND_PID >/dev/null 2>&1 +cat unbound.log +echo "> tap logfiles" +cat tap.log +cat tap.errlog +echo "> tap2 logfiles" +if test -f tap2.log; then cat tap2.log; fi +if test -f tap2.errlog; then cat tap2.errlog; fi +cat fwd.log +exit 0 diff --git a/testdata/dnstap_tls.tdir/dnstap_tls.pre b/testdata/dnstap_tls.tdir/dnstap_tls.pre new file mode 100644 index 000000000000..1df914873541 --- /dev/null +++ b/testdata/dnstap_tls.tdir/dnstap_tls.pre @@ -0,0 +1,54 @@ +# #-- dnstap_tls.pre--# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test + +. ../common.sh + +PRE="../.." +if grep "define USE_DNSTAP 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi + +get_random_port 4 +UNBOUND_PORT=$RND_PORT +FWD_PORT=$(($RND_PORT + 1)) +CONTROL_PORT=$(($RND_PORT + 2)) +TAP_PORT=$(($RND_PORT + 3)) +echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test +echo "FWD_PORT=$FWD_PORT" >> .tpkg.var.test +echo "CONTROL_PORT=$CONTROL_PORT" >> .tpkg.var.test +echo "TAP_PORT=$TAP_PORT" >> .tpkg.var.test + +# start forwarder +get_ldns_testns +$LDNS_TESTNS -p $FWD_PORT dnstap_tls.testns >fwd.log 2>&1 & +FWD_PID=$! +echo "FWD_PID=$FWD_PID" >> .tpkg.var.test + +# start the dnstap log server +# the -vvvv flag prints protocol and connection information from the +# unbound-dnstap-socket server. +# the -l flag prints the DNS info in the DNSTAP packet in multiline output. +# stderr is the '-vvvv' server logs and errors. +# stdout is the one-line packet logs (or with -l, multiline). +$PRE/unbound-dnstap-socket -t "127.0.0.1@$TAP_PORT" -x unbound_server.key -y unbound_server.pem -l -vvvv 2>tap.errlog >tap.log & +if test $? -ne 0; then + echo "could not start unbound-dnstap-socket server" + exit 1 +fi +DNSTAP_SOCKET_PID=$! +echo "DNSTAP_SOCKET_PID=$DNSTAP_SOCKET_PID" >> .tpkg.var.test +# wait for the server to go up +wait_server_up "tap.errlog" "start of service" + +# make config file +sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@TOPORT\@/'$FWD_PORT'/' -e 's/@CONTROL_PORT\@/'$CONTROL_PORT'/' -e 's/@TAPPORT\@/'$TAP_PORT'/' < dnstap_tls.conf > ub.conf +# start unbound in the background +$PRE/unbound -d -c ub.conf >unbound.log 2>&1 & +UNBOUND_PID=$! +echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test + +cat .tpkg.var.test +wait_ldns_testns_up fwd.log +wait_unbound_up unbound.log + diff --git a/testdata/dnstap_tls.tdir/dnstap_tls.test b/testdata/dnstap_tls.tdir/dnstap_tls.test new file mode 100644 index 000000000000..f9a2bf00d7fd --- /dev/null +++ b/testdata/dnstap_tls.tdir/dnstap_tls.test @@ -0,0 +1,95 @@ +# #-- dnstap_tls.test --# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test + +. ../common.sh +PRE="../.." +if grep "define USE_DNSTAP 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi + +# test if the server is up. +echo "> dig www.example.com." +dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile +echo "> check answer" +if grep "10.20.30.40" outfile; then + echo "OK" +else + echo "> cat logfiles" + cat tap.log + cat tap.errlog + cat fwd.log + cat unbound.log + echo "Not OK" + exit 1 +fi + +echo "> check tap.log for dnstap info" +# see if it logged the information in tap.log +# wait for a moment for filesystem to catch up. +if grep "www.example.com" tap.log >/dev/null; then :; else sleep 1; fi +if grep "www.example.com" tap.log >/dev/null; then :; else sleep 1; fi +if grep "www.example.com" tap.log >/dev/null; then :; else sleep 1; fi +if grep "www.example.com" tap.log >/dev/null; then :; else sleep 1; fi +if grep "www.example.com" tap.log >/dev/null; then :; else sleep 1; fi +if grep "www.example.com" tap.log >/dev/null; then :; else sleep 10; fi +if grep "www.example.com" tap.log; then echo "yes it is in tap.log"; +else + echo "information not in tap.log" + echo "failed" + echo "> cat logfiles" + cat tap.log + cat tap.errlog + cat fwd.log + cat unbound.log + echo "Not OK" + exit 1 +fi + +echo "" +echo "> test disconnect from the upstream server" + +kill_pid $DNSTAP_SOCKET_PID +dig @127.0.0.1 -p $UNBOUND_PORT down.example.net. + +# bring log socket back up +$PRE/unbound-dnstap-socket -t "127.0.0.1@$TAP_PORT" -x unbound_server.key -y unbound_server.pem -l -vvvv 2>tap2.errlog >tap2.log & +if test $? -ne 0; then + echo "could not start (again) unbound-dnstap-socket server" + exit 1 +fi +DNSTAP_SOCKET_PID=$! +echo "DNSTAP_SOCKET_PID=$DNSTAP_SOCKET_PID" >> .tpkg.var.test +# wait for the server to go up +wait_server_up "tap2.errlog" "start of service" + +dig @127.0.0.1 -p $UNBOUND_PORT up.example.net. +sleep 2 +dig @127.0.0.1 -p $UNBOUND_PORT up2.example.net. + +for x in down up up2; do + if grep "$x.example.net" tap2.log >/dev/null; then :; else sleep 1; fi + if grep "$x.example.net" tap2.log >/dev/null; then :; else sleep 1; fi + if grep "$x.example.net" tap2.log >/dev/null; then :; else sleep 1; fi + if grep "$x.example.net" tap2.log >/dev/null; then :; else sleep 1; fi + if grep "$x.example.net" tap2.log >/dev/null; then :; else sleep 1; fi + if grep "$x.example.net" tap2.log >/dev/null; then :; else sleep 10; fi + if grep "$x.example.net" tap2.log; then echo "yes it is in tap2.log"; + else + echo "$x.example.net. information not in tap2.log" + echo "failed" + echo "> cat logfiles" + cat tap.log + cat tap.errlog + echo "> tap2 logfiles" + cat tap2.log + cat tap2.errlog + cat fwd.log + cat unbound.log + echo "Not OK" + exit 1 + fi +done + +echo "> OK" +exit 0 diff --git a/testdata/dnstap_tls.tdir/dnstap_tls.testns b/testdata/dnstap_tls.tdir/dnstap_tls.testns new file mode 100644 index 000000000000..0c911ca5b30e --- /dev/null +++ b/testdata/dnstap_tls.tdir/dnstap_tls.testns @@ -0,0 +1,22 @@ +; nameserver test file +$ORIGIN example.com. +$TTL 3600 + +ENTRY_BEGIN +MATCH opcode qtype qname +REPLY QR AA NOERROR +ADJUST copy_id +SECTION QUESTION +www IN A +SECTION ANSWER +www IN A 10.20.30.40 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +REPLY QR AA SERVFAIL +ADJUST copy_id +SECTION QUESTION +www.example.net. IN A +ENTRY_END + diff --git a/testdata/dnstap_tls.tdir/unbound_control.key b/testdata/dnstap_tls.tdir/unbound_control.key new file mode 100644 index 000000000000..753a4ef6162e --- /dev/null +++ b/testdata/dnstap_tls.tdir/unbound_control.key @@ -0,0 +1,39 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIG4gIBAAKCAYEAstEp+Pyh8XGrtZ77A4FhYjvbeB3dMa7Q2rGWxobzlA9przhA +1aChAvUtCOAuM+rB6NTNB8YWfZJbQHawyMNpmC77cg6vXLYCGUQHZyAqidN049RJ +F5T7j4N8Vniv17LiRdr0S6swy4PRvEnIPPV43EQHZqC5jVvHsKkhIfmBF/Dj5TXR +ypeawWV/m5jeU6/4HRYMfytBZdO1mPXuWLh0lgbQ4SCbgrOUVD3rniMk1yZIbQOm +vlDHYqekjDb/vOW2KxUQLG04aZMJ1mWfdbwG0CKQkSjISEDZ1l76vhM6mTM0fwXb +IvyFZ9yPPCle1mF5aSlxS2cmGuGVSRQaw8XF9fe3a9ACJJTr33HdSpyaZkKRAUzL +cKqLCl323daKv3NwwAT03Tj4iQM416ASMoiyfFa/2GWTKQVjddu8Crar7tGaf5xr +lig4DBmrBvdYA3njy72/RD71hLwmlRoCGU7dRuDr9O6KASUm1Ri91ONZ/qdjMvov +15l2vj4GV+KXR00dAgMBAAECggGAHepIL1N0dEQkCdpy+/8lH54L9WhpnOo2HqAf +LU9eaKK7d4jdr9+TkD8cLaPzltPrZNxVALvu/0sA4SP6J1wpyj/x6P7z73qzly5+ +Xo5PD4fEwmi9YaiW/UduAblnEZrnp/AddptJKoL/D5T4XtpiQddPtael4zQ7kB57 +YIexRSQTvEDovA/o3/nvA0TrzOxfgd4ycQP3iOWGN/TMzyLsvjydrUwbOB567iz9 +whL3Etdgvnwh5Sz2blbFfH+nAR8ctvFFz+osPvuIVR21VMEI6wm7kTpSNnQ6sh/c +lrLb/bTADn4g7z/LpIZJ+MrLvyEcoqValrLYeFBhM9CV8woPxvkO2P3pU47HVGax +tC7GV6a/kt5RoKFd/TNdiA3OC7NGZtaeXv9VkPf4fVwBtSO9d5ZZXTGEynDD/rUQ +U4KFJe6OD23APjse08HiiKqTPhsOneOONU67iqoaTdIkT2R4EdlkVEDpXVtWb+G9 +Q+IqYzVljlzuyHrhWXLJw/FMa2aBAoHBAOnZbi4gGpH+P6886WDWVgIlTccuXoyc +Mg9QQYk9UDeXxL0AizR5bZy49Sduegz9vkHpAiZARQsUnizHjZ8YlRcrmn4t6tx3 +ahTIKAjdprnxJfYINM580j8CGbXvX5LhIlm3O267D0Op+co3+7Ujy+cjsIuFQrP+ +1MqMgXSeBjzC1APivmps7HeFE+4w0k2PfN5wSMDNCzLo99PZuUG5XZ93OVOS5dpN +b+WskdcD8NOoJy/X/5A08veEI/jYO/DyqQKBwQDDwUQCOWf41ecvJLtBHKmEnHDz +ftzHino9DRKG8a9XaN4rmetnoWEaM2vHGX3pf3mwH+dAe8vJdAQueDhBKYeEpm6C +TYNOpou1+Zs5s99BilCTNYo8fkMOAyqwRwmz9zgHS6QxXuPwsghKefLJGt6o6RFF +tfWVTfLlYJ+I3GQe3ySsk3wjVz4oUTKiyiq5+KzD+HhEkS7u+RQ7Z0ZI2xd2cF8Y +aN2hjKDpcOiFf3CDoqka5D1qMNLgIHO52AHww1UCgcA1h7o7AMpURRka6hyaODY0 +A4oMYEbwdQjYjIyT998W+rzkbu1us6UtzQEBZ760npkgyU/epbOoV63lnkCC/MOU +LD0PST+L/CHiY/cWIHb79YG1EifUZKpUFg0Aoq0EGFkepF0MefGCkbRGYA5UZr9U +R80wAu9D+L+JJiS0J0BSRF74DL196zUuHt5zFeXuLzxsRtPAnq9DliS08BACRYZy +7H3I7cWD9Vn5/0jbKWHFcaaWwyETR6uekTcSzZzbCRECgcBeoE3/xUA9SSk34Mmj +7/cB4522Ft0imA3+9RK/qJTZ7Bd5fC4PKjOGNtUiqW/0L2rjeIiQ40bfWvWqgPKw +jSK1PL6uvkl6+4cNsFsYyZpiVDoe7wKju2UuoNlB3RUTqa2r2STFuNj2wRjA57I1 +BIgdnox65jqQsd14g/yaa+75/WP9CE45xzKEyrtvdcqxm0Pod3OrsYK+gikFjiar +kT0GQ8u0QPzh2tjt/2ZnIfOBrl+QYERP0MofDZDjhUdq2wECgcB0Lu841+yP5cdR +qbJhXO4zJNh7oWNcJlOuQp3ZMNFrA1oHpe9pmLukiROOy01k9WxIMQDzU5GSqRv3 +VLkYOIcbhJ3kClKAcM3j95SkKbU2H5/RENb3Ck52xtl4pNU1x/3PnVFZfDVuuHO9 +MZ9YBcIeK98MyP2jr5JtFKnOyPE7xKq0IHIhXadpbc2wjje5FtZ1cUtMyEECCXNa +C1TpXebHGyXGpY9WdWXhjdE/1jPvfS+uO5WyuDpYPr339gsdq1g= +-----END RSA PRIVATE KEY----- diff --git a/testdata/dnstap_tls.tdir/unbound_control.pem b/testdata/dnstap_tls.tdir/unbound_control.pem new file mode 100644 index 000000000000..a1edf7017f1d --- /dev/null +++ b/testdata/dnstap_tls.tdir/unbound_control.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDszCCAhsCFGD5193whHQ2bVdzbaQfdf1gc4SkMA0GCSqGSIb3DQEBCwUAMBIx +EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjMwWhcNNDAwMzI1MTMzMjMw +WjAaMRgwFgYDVQQDDA91bmJvdW5kLWNvbnRyb2wwggGiMA0GCSqGSIb3DQEBAQUA +A4IBjwAwggGKAoIBgQCy0Sn4/KHxcau1nvsDgWFiO9t4Hd0xrtDasZbGhvOUD2mv +OEDVoKEC9S0I4C4z6sHo1M0HxhZ9kltAdrDIw2mYLvtyDq9ctgIZRAdnICqJ03Tj +1EkXlPuPg3xWeK/XsuJF2vRLqzDLg9G8Scg89XjcRAdmoLmNW8ewqSEh+YEX8OPl +NdHKl5rBZX+bmN5Tr/gdFgx/K0Fl07WY9e5YuHSWBtDhIJuCs5RUPeueIyTXJkht +A6a+UMdip6SMNv+85bYrFRAsbThpkwnWZZ91vAbQIpCRKMhIQNnWXvq+EzqZMzR/ +Bdsi/IVn3I88KV7WYXlpKXFLZyYa4ZVJFBrDxcX197dr0AIklOvfcd1KnJpmQpEB +TMtwqosKXfbd1oq/c3DABPTdOPiJAzjXoBIyiLJ8Vr/YZZMpBWN127wKtqvu0Zp/ +nGuWKDgMGasG91gDeePLvb9EPvWEvCaVGgIZTt1G4Ov07ooBJSbVGL3U41n+p2My ++i/XmXa+PgZX4pdHTR0CAwEAATANBgkqhkiG9w0BAQsFAAOCAYEAd++Wen6l8Ifj +4h3p/y16PhSsWJWuJ4wdNYy3/GM84S26wGjzlEEwiW76HpH6VJzPOiBAeWnFKE83 +hFyetEIxgJeIPbcs9ZP/Uoh8GZH9tRISBSN9Hgk2Slr9llo4t1H0g/XTgA5HqMQU +9YydlBh43G7Vw3FVwh09OM6poNOGQKNc/tq2/QdKeUMtyBbLWpRmjH5XcCT35fbn +ZiVOUldqSHD4kKrFO4nJYXZyipRbcXybsLiX9GP0GLemc3IgIvOXyJ2RPp06o/SJ +pzlMlkcAfLJaSuEW57xRakhuNK7m051TKKzJzIEX+NFYOVdafFHS8VwGrYsdrFvD +72tMfu+Fu55y3awdWWGc6YlaGogZiuMnJkvQphwgn+5qE/7CGEckoKEsH601rqIZ +muaIc85+nEcHJeijd/ZlBN9zeltjFoMuqTUENgmv8+tUAdVm/UMY9Vjme6b43ydP +uv6DS02+k9z8toxXworLiPr94BGaiGV1NxgwZKLZigYJt/Fi2Qte +-----END CERTIFICATE----- diff --git a/testdata/dnstap_tls.tdir/unbound_server.key b/testdata/dnstap_tls.tdir/unbound_server.key new file mode 100644 index 000000000000..370a7bbb2f22 --- /dev/null +++ b/testdata/dnstap_tls.tdir/unbound_server.key @@ -0,0 +1,39 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIG5AIBAAKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI +0x41iG32a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+Nqq +GRS7XVQ24vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Z +uh9MDgotaBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8K +WaBe1ca4TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5 +FzUReSXZuTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xP +q6O9UPj4+nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XL +A5UoZgRzXgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP +7kFZSngxdy1+A/bNAgMBAAECggGBALpTOIqQwVg4CFBylL/a8K1IWJTI/I65sklf +XxYL7G7SB2HlEJ//z+E+F0+S4Vlao1vyLQ5QkgE82pAUB8FoMWvY1qF0Y8A5wtm6 +iZSGk4OLK488ZbT8Ii9i+AGKgPe2XbVxsJwj8N4k7Zooqec9hz73Up8ATEWJkRz7 +2u7oMGG4z91E0PULA64dOi3l/vOQe5w/Aa+CwVbAWtI05o7kMvQEBMDJn6C7CByo +MB5op9wueJMnz7PM7hns+U7Dy6oE4ljuolJUy51bDzFWwoM54cRoQqLFNHd8JVQj +WxldCkbfF43iyprlsEcUrTyUjtdA+ZeiG39vg/mtdmgNpGmdupHJZQvSuG8IcVlz +O+eMSeQS1QXPD6Ik8UK4SU0h+zOl8xIWtRrsxQuh4fnTN40udm/YUWl/6gOebsBI +IrVLlKGqJSfB3tMjpCRqdTzJ0dA9keVpkqm2ugZkxEf1+/efq/rFIQ2pUBLCqNTN +qpNqruK8y8FphP30I2uI4Ej2UIB8AQKBwQDd2Yptj2FyDyaXCycsyde0wYkNyzGU +dRnzdibfHnMZwjgTjwAwgIUBVIS8H0/z7ZJQKN7osJfddMrtjJtYYUk9g/dCpHXs +bNh2QSoWah3FdzNGuWd0iRf9+LFxhjAAMo/FS8zFJAJKrFsBdCGTfFUMdsLC0bjr +YjiWBuvV72uKf8XIZX5KIZruKdWBBcWukcb21R1UDyFYyXRBsly5XHaIYKZql3km +7pV7MKWO0IYgHbHIqGUqPQlzZ/lkunS1jKECgcEA23wHffD6Ou9/x3okPx2AWpTr +gh8rgqbyo6hQkBW5Y90Wz824cqaYebZDaBR/xlVx/YwjKkohv8Bde2lpH/ZxRZ1Z +5Sk2s6GJ/vU0L9RsJZgCgj4L6Coal1NMxuZtCXAlnOpiCdxSZgfqbshbTVz30KsG +ZJG361Cua1ScdAHxlZBxT52/1Sm0zRC2hnxL7h4qo7Idmtzs40LAJvYOKekR0pPN +oWeJfra7vgx/jVNvMFWoOoSLpidVO4g+ot4ery6tAoHAdW3rCic1C2zdnmH28Iw+ +s50l8Lk3mz+I5wgJd1zkzCO0DxZIoWPGA3g7cmCYr6N3KRsZMs4W9NAXgjpFGDkW +zYsG3K21BdpvkdjYcFjnPVjlOXB2RIc0vehf9Jl02wXoeCSxVUDEPcaRvWk9RJYx +ZpGOchUU7vNkxHURbIJ4yCzuAi9G8/Jp0dsu+kaV5tufF5SjG5WOrzKjaQsCbdN1 +oqaWMCHRrTvov/Z2C+xwsptFOdN5CSyZzg6hQiI4GMlBAoHAXyb6KINcOEi0YMp3 +BFXJ23tMTnEs78tozcKeipigcsbaqORK3omS+NEnj+uzKUzJyl4CsMbKstK2tFYS +mSTCHqgE3PBtIpsZtEqhgUraR8IK9GPpzZDTTl9ynZgwFTNlWw3RyuyVXF56J+T8 +kCGJ3hEHCHqT/ZRQyX85BKIDFhA0z4tYKxWVqIFiYBNq56R0X9tMMmMs36mEnF93 +7Ht6mowxTZQRa7nU0qOgeKh/P7ki4Zus3y+WJ+T9IqahLtlRAoHBAIhqMrcxSAB8 +RpB9jukJlAnidw2jCMPgrFE8tP0khhVvGrXMldxAUsMKntDIo8dGCnG1KTcWDI0O +jepvSPHSsxVLFugL79h0eVIS5z4huW48i9xgU8VlHdgAcgEPIAOFcOw2BCu/s0Vp +O+MM/EyUOdo3NsibB3qc/GJI6iNBYS7AljYEVo6rXo5V/MZvZUF4vClen6Obzsre +MTTb+4sJjfqleWuvr1XNMeu2mBfXBQkWGZP1byBK0MvD/aQ2PWq92A== +-----END RSA PRIVATE KEY----- diff --git a/testdata/dnstap_tls.tdir/unbound_server.pem b/testdata/dnstap_tls.tdir/unbound_server.pem new file mode 100644 index 000000000000..986807310f2b --- /dev/null +++ b/testdata/dnstap_tls.tdir/unbound_server.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDqzCCAhMCFBHWXeQ6ZIa9QcQbXLFfC6tj+KA+MA0GCSqGSIb3DQEBCwUAMBIx +EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjI5WhcNNDAwMzI1MTMzMjI5 +WjASMRAwDgYDVQQDDAd1bmJvdW5kMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIB +igKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI0x41iG32 +a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+NqqGRS7XVQ2 +4vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Zuh9MDgot +aBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8KWaBe1ca4 +TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5FzUReSXZ +uTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xPq6O9UPj4 ++nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XLA5UoZgRz +XgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP7kFZSngx +dy1+A/bNAgMBAAEwDQYJKoZIhvcNAQELBQADggGBABunf93MKaCUHiZgnoOTinsW +84/EgInrgtKzAyH+BhnKkJOhhR0kkIAx5d9BpDlaSiRTACFon9moWCgDIIsK/Ar7 +JE0Kln9cV//wiiNoFU0O4mnzyGUIMvlaEX6QHMJJQYvL05+w/3AAcf5XmMJtR5ca +fJ8FqvGC34b2WxX9lTQoyT52sRt+1KnQikiMEnEyAdKktMG+MwKsFDdOwDXyZhZg +XZhRrfX3/NVJolqB6EahjWIGXDeKuSSKZVtCyib6LskyeMzN5lcRfvubKDdlqFVF +qlD7rHBsKhQUWK/IO64mGf7y/de+CgHtED5vDvr/p2uj/9sABATfbrOQR3W/Of25 +sLBj4OEfrJ7lX8hQgFaxkMI3x6VFT3W8dTCp7xnQgb6bgROWB5fNEZ9jk/gjSRmD +yIU+r0UbKe5kBk/CmZVFXL2TyJ92V5NYEQh8V4DGy19qZ6u/XKYyNJL4ocs35GGe +CA8SBuyrmdhx38h1RHErR2Skzadi1S7MwGf1y431fQ== +-----END CERTIFICATE----- diff --git a/testdata/dnstap_tls_badcert.tdir/dnstap_tls_badcert.conf b/testdata/dnstap_tls_badcert.tdir/dnstap_tls_badcert.conf new file mode 100644 index 000000000000..32698b6215a7 --- /dev/null +++ b/testdata/dnstap_tls_badcert.tdir/dnstap_tls_badcert.conf @@ -0,0 +1,48 @@ +server: + verbosity: 4 + num-threads: 1 + outgoing-range: 16 + interface: 127.0.0.1 + port: @PORT@ + use-syslog: no + directory: "" + pidfile: "unbound.pid" + chroot: "" + username: "" + do-not-query-localhost: no + local-zone: "example.net." redirect + local-data: "example.net. IN A 10.20.30.41" +remote-control: + control-enable: yes + control-interface: 127.0.0.1 + # control-interface: ::1 + control-port: @CONTROL_PORT@ + server-key-file: "unbound_server.key" + server-cert-file: "unbound_server.pem" + control-key-file: "unbound_control.key" + control-cert-file: "unbound_control.pem" +forward-zone: + name: "." + forward-addr: "127.0.0.1@@TOPORT@" +dnstap: + dnstap-enable: yes + dnstap-socket-path: "dnstap.socket" + dnstap-ip: "127.0.0.1@@TAPPORT@" + dnstap-tls: yes + dnstap-tls-server-name: "unbound" + # the actual tls cert bundle that authenticates the server + # is the unbound_server.pem bundle. + # we pass the wrong bundle. (of another key we also use in the client + # authentication test) + dnstap-tls-cert-bundle: "unbound_control.pem" + dnstap-send-identity: yes + dnstap-send-version: yes + #dnstap-identity + #dnstap-version + dnstap-log-resolver-query-messages: yes + dnstap-log-resolver-response-messages: yes + dnstap-log-client-query-messages: yes + dnstap-log-client-response-messages: yes + dnstap-log-forwarder-query-messages: yes + dnstap-log-forwarder-response-messages: yes + diff --git a/testdata/dnstap_tls_badcert.tdir/dnstap_tls_badcert.dsc b/testdata/dnstap_tls_badcert.tdir/dnstap_tls_badcert.dsc new file mode 100644 index 000000000000..7d392ff5618a --- /dev/null +++ b/testdata/dnstap_tls_badcert.tdir/dnstap_tls_badcert.dsc @@ -0,0 +1,16 @@ +BaseName: dnstap_tls_badcert +Version: 1.0 +Description: test dnstap tls with bad cert for authentication +CreationDate: Tue Feb 18 13:00:38 CET 2020 +Maintainer: dr. W.C.A. Wijngaards +Category: +Component: +CmdDepends: +Depends: +Help: +Pre: dnstap_tls_badcert.pre +Post: dnstap_tls_badcert.post +Test: dnstap_tls_badcert.test +AuxFiles: +Passed: +Failure: diff --git a/testdata/dnstap_tls_badcert.tdir/dnstap_tls_badcert.post b/testdata/dnstap_tls_badcert.tdir/dnstap_tls_badcert.post new file mode 100644 index 000000000000..d71eb28ae113 --- /dev/null +++ b/testdata/dnstap_tls_badcert.tdir/dnstap_tls_badcert.post @@ -0,0 +1,20 @@ +# #-- dnstap_tls_badcert.post --# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# source the test var file when it's there +[ -f .tpkg.var.test ] && source .tpkg.var.test +# +# do your teardown here +. ../common.sh +PRE="../.." +if grep "define USE_DNSTAP 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi +kill_pid $DNSTAP_SOCKET_PID +kill_pid $FWD_PID +kill $UNBOUND_PID +kill $UNBOUND_PID >/dev/null 2>&1 +cat unbound.log +echo "> tap logfiles" +cat tap.log +cat tap.errlog +cat fwd.log +exit 0 diff --git a/testdata/dnstap_tls_badcert.tdir/dnstap_tls_badcert.pre b/testdata/dnstap_tls_badcert.tdir/dnstap_tls_badcert.pre new file mode 100644 index 000000000000..eff7074d0b1e --- /dev/null +++ b/testdata/dnstap_tls_badcert.tdir/dnstap_tls_badcert.pre @@ -0,0 +1,54 @@ +# #-- dnstap_tls_badcert.pre--# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test + +. ../common.sh + +PRE="../.." +if grep "define USE_DNSTAP 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi + +get_random_port 4 +UNBOUND_PORT=$RND_PORT +FWD_PORT=$(($RND_PORT + 1)) +CONTROL_PORT=$(($RND_PORT + 2)) +TAP_PORT=$(($RND_PORT + 3)) +echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test +echo "FWD_PORT=$FWD_PORT" >> .tpkg.var.test +echo "CONTROL_PORT=$CONTROL_PORT" >> .tpkg.var.test +echo "TAP_PORT=$TAP_PORT" >> .tpkg.var.test + +# start forwarder +get_ldns_testns +$LDNS_TESTNS -p $FWD_PORT dnstap_tls_badcert.testns >fwd.log 2>&1 & +FWD_PID=$! +echo "FWD_PID=$FWD_PID" >> .tpkg.var.test + +# start the dnstap log server +# the -vvvv flag prints protocol and connection information from the +# unbound-dnstap-socket server. +# the -l flag prints the DNS info in the DNSTAP packet in multiline output. +# stderr is the '-vvvv' server logs and errors. +# stdout is the one-line packet logs (or with -l, multiline). +$PRE/unbound-dnstap-socket -t "127.0.0.1@$TAP_PORT" -x unbound_server.key -y unbound_server.pem -l -vvvv 2>tap.errlog >tap.log & +if test $? -ne 0; then + echo "could not start unbound-dnstap-socket server" + exit 1 +fi +DNSTAP_SOCKET_PID=$! +echo "DNSTAP_SOCKET_PID=$DNSTAP_SOCKET_PID" >> .tpkg.var.test +# wait for the server to go up +wait_server_up "tap.errlog" "start of service" + +# make config file +sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@TOPORT\@/'$FWD_PORT'/' -e 's/@CONTROL_PORT\@/'$CONTROL_PORT'/' -e 's/@TAPPORT\@/'$TAP_PORT'/' < dnstap_tls_badcert.conf > ub.conf +# start unbound in the background +$PRE/unbound -d -c ub.conf >unbound.log 2>&1 & +UNBOUND_PID=$! +echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test + +cat .tpkg.var.test +wait_ldns_testns_up fwd.log +wait_unbound_up unbound.log + diff --git a/testdata/dnstap_tls_badcert.tdir/dnstap_tls_badcert.test b/testdata/dnstap_tls_badcert.tdir/dnstap_tls_badcert.test new file mode 100644 index 000000000000..0b85f64accbc --- /dev/null +++ b/testdata/dnstap_tls_badcert.tdir/dnstap_tls_badcert.test @@ -0,0 +1,51 @@ +# #-- dnstap_tls_badcert.test --# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test + +. ../common.sh +PRE="../.." +if grep "define USE_DNSTAP 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi + +# test if the server is up. +echo "> dig www.example.com." +dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile +echo "> check answer" +if grep "10.20.30.40" outfile; then + echo "OK" +else + echo "> cat logfiles" + cat tap.log + cat tap.errlog + cat fwd.log + cat unbound.log + echo "Not OK" + exit 1 +fi + +echo "> check tap.log for dnstap info" +# see if it logged the information in tap.log +# wait for a moment for filesystem to catch up. +if grep "www.example.com" tap.log >/dev/null; then :; else sleep 1; fi +if grep "www.example.com" tap.log >/dev/null; then :; else sleep 1; fi +if grep "www.example.com" tap.log >/dev/null; then :; else sleep 1; fi +if grep "www.example.com" tap.log >/dev/null; then :; else sleep 1; fi +if grep "www.example.com" tap.log >/dev/null; then :; else sleep 1; fi +if grep "www.example.com" tap.log; then + echo "it is in tap.log"; + echo "but there should not be a connection" + echo "failed" + echo "> cat logfiles" + cat tap.log + cat tap.errlog + cat fwd.log + cat unbound.log + echo "Not OK" + exit 1 +else + echo "information not in tap.log" +fi + +echo "> OK" +exit 0 diff --git a/testdata/dnstap_tls_badcert.tdir/dnstap_tls_badcert.testns b/testdata/dnstap_tls_badcert.tdir/dnstap_tls_badcert.testns new file mode 100644 index 000000000000..0c911ca5b30e --- /dev/null +++ b/testdata/dnstap_tls_badcert.tdir/dnstap_tls_badcert.testns @@ -0,0 +1,22 @@ +; nameserver test file +$ORIGIN example.com. +$TTL 3600 + +ENTRY_BEGIN +MATCH opcode qtype qname +REPLY QR AA NOERROR +ADJUST copy_id +SECTION QUESTION +www IN A +SECTION ANSWER +www IN A 10.20.30.40 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +REPLY QR AA SERVFAIL +ADJUST copy_id +SECTION QUESTION +www.example.net. IN A +ENTRY_END + diff --git a/testdata/dnstap_tls_badcert.tdir/unbound_control.key b/testdata/dnstap_tls_badcert.tdir/unbound_control.key new file mode 100644 index 000000000000..753a4ef6162e --- /dev/null +++ b/testdata/dnstap_tls_badcert.tdir/unbound_control.key @@ -0,0 +1,39 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIG4gIBAAKCAYEAstEp+Pyh8XGrtZ77A4FhYjvbeB3dMa7Q2rGWxobzlA9przhA +1aChAvUtCOAuM+rB6NTNB8YWfZJbQHawyMNpmC77cg6vXLYCGUQHZyAqidN049RJ +F5T7j4N8Vniv17LiRdr0S6swy4PRvEnIPPV43EQHZqC5jVvHsKkhIfmBF/Dj5TXR +ypeawWV/m5jeU6/4HRYMfytBZdO1mPXuWLh0lgbQ4SCbgrOUVD3rniMk1yZIbQOm +vlDHYqekjDb/vOW2KxUQLG04aZMJ1mWfdbwG0CKQkSjISEDZ1l76vhM6mTM0fwXb +IvyFZ9yPPCle1mF5aSlxS2cmGuGVSRQaw8XF9fe3a9ACJJTr33HdSpyaZkKRAUzL +cKqLCl323daKv3NwwAT03Tj4iQM416ASMoiyfFa/2GWTKQVjddu8Crar7tGaf5xr +lig4DBmrBvdYA3njy72/RD71hLwmlRoCGU7dRuDr9O6KASUm1Ri91ONZ/qdjMvov +15l2vj4GV+KXR00dAgMBAAECggGAHepIL1N0dEQkCdpy+/8lH54L9WhpnOo2HqAf +LU9eaKK7d4jdr9+TkD8cLaPzltPrZNxVALvu/0sA4SP6J1wpyj/x6P7z73qzly5+ +Xo5PD4fEwmi9YaiW/UduAblnEZrnp/AddptJKoL/D5T4XtpiQddPtael4zQ7kB57 +YIexRSQTvEDovA/o3/nvA0TrzOxfgd4ycQP3iOWGN/TMzyLsvjydrUwbOB567iz9 +whL3Etdgvnwh5Sz2blbFfH+nAR8ctvFFz+osPvuIVR21VMEI6wm7kTpSNnQ6sh/c +lrLb/bTADn4g7z/LpIZJ+MrLvyEcoqValrLYeFBhM9CV8woPxvkO2P3pU47HVGax +tC7GV6a/kt5RoKFd/TNdiA3OC7NGZtaeXv9VkPf4fVwBtSO9d5ZZXTGEynDD/rUQ +U4KFJe6OD23APjse08HiiKqTPhsOneOONU67iqoaTdIkT2R4EdlkVEDpXVtWb+G9 +Q+IqYzVljlzuyHrhWXLJw/FMa2aBAoHBAOnZbi4gGpH+P6886WDWVgIlTccuXoyc +Mg9QQYk9UDeXxL0AizR5bZy49Sduegz9vkHpAiZARQsUnizHjZ8YlRcrmn4t6tx3 +ahTIKAjdprnxJfYINM580j8CGbXvX5LhIlm3O267D0Op+co3+7Ujy+cjsIuFQrP+ +1MqMgXSeBjzC1APivmps7HeFE+4w0k2PfN5wSMDNCzLo99PZuUG5XZ93OVOS5dpN +b+WskdcD8NOoJy/X/5A08veEI/jYO/DyqQKBwQDDwUQCOWf41ecvJLtBHKmEnHDz +ftzHino9DRKG8a9XaN4rmetnoWEaM2vHGX3pf3mwH+dAe8vJdAQueDhBKYeEpm6C +TYNOpou1+Zs5s99BilCTNYo8fkMOAyqwRwmz9zgHS6QxXuPwsghKefLJGt6o6RFF +tfWVTfLlYJ+I3GQe3ySsk3wjVz4oUTKiyiq5+KzD+HhEkS7u+RQ7Z0ZI2xd2cF8Y +aN2hjKDpcOiFf3CDoqka5D1qMNLgIHO52AHww1UCgcA1h7o7AMpURRka6hyaODY0 +A4oMYEbwdQjYjIyT998W+rzkbu1us6UtzQEBZ760npkgyU/epbOoV63lnkCC/MOU +LD0PST+L/CHiY/cWIHb79YG1EifUZKpUFg0Aoq0EGFkepF0MefGCkbRGYA5UZr9U +R80wAu9D+L+JJiS0J0BSRF74DL196zUuHt5zFeXuLzxsRtPAnq9DliS08BACRYZy +7H3I7cWD9Vn5/0jbKWHFcaaWwyETR6uekTcSzZzbCRECgcBeoE3/xUA9SSk34Mmj +7/cB4522Ft0imA3+9RK/qJTZ7Bd5fC4PKjOGNtUiqW/0L2rjeIiQ40bfWvWqgPKw +jSK1PL6uvkl6+4cNsFsYyZpiVDoe7wKju2UuoNlB3RUTqa2r2STFuNj2wRjA57I1 +BIgdnox65jqQsd14g/yaa+75/WP9CE45xzKEyrtvdcqxm0Pod3OrsYK+gikFjiar +kT0GQ8u0QPzh2tjt/2ZnIfOBrl+QYERP0MofDZDjhUdq2wECgcB0Lu841+yP5cdR +qbJhXO4zJNh7oWNcJlOuQp3ZMNFrA1oHpe9pmLukiROOy01k9WxIMQDzU5GSqRv3 +VLkYOIcbhJ3kClKAcM3j95SkKbU2H5/RENb3Ck52xtl4pNU1x/3PnVFZfDVuuHO9 +MZ9YBcIeK98MyP2jr5JtFKnOyPE7xKq0IHIhXadpbc2wjje5FtZ1cUtMyEECCXNa +C1TpXebHGyXGpY9WdWXhjdE/1jPvfS+uO5WyuDpYPr339gsdq1g= +-----END RSA PRIVATE KEY----- diff --git a/testdata/dnstap_tls_badcert.tdir/unbound_control.pem b/testdata/dnstap_tls_badcert.tdir/unbound_control.pem new file mode 100644 index 000000000000..a1edf7017f1d --- /dev/null +++ b/testdata/dnstap_tls_badcert.tdir/unbound_control.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDszCCAhsCFGD5193whHQ2bVdzbaQfdf1gc4SkMA0GCSqGSIb3DQEBCwUAMBIx +EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjMwWhcNNDAwMzI1MTMzMjMw +WjAaMRgwFgYDVQQDDA91bmJvdW5kLWNvbnRyb2wwggGiMA0GCSqGSIb3DQEBAQUA +A4IBjwAwggGKAoIBgQCy0Sn4/KHxcau1nvsDgWFiO9t4Hd0xrtDasZbGhvOUD2mv +OEDVoKEC9S0I4C4z6sHo1M0HxhZ9kltAdrDIw2mYLvtyDq9ctgIZRAdnICqJ03Tj +1EkXlPuPg3xWeK/XsuJF2vRLqzDLg9G8Scg89XjcRAdmoLmNW8ewqSEh+YEX8OPl +NdHKl5rBZX+bmN5Tr/gdFgx/K0Fl07WY9e5YuHSWBtDhIJuCs5RUPeueIyTXJkht +A6a+UMdip6SMNv+85bYrFRAsbThpkwnWZZ91vAbQIpCRKMhIQNnWXvq+EzqZMzR/ +Bdsi/IVn3I88KV7WYXlpKXFLZyYa4ZVJFBrDxcX197dr0AIklOvfcd1KnJpmQpEB +TMtwqosKXfbd1oq/c3DABPTdOPiJAzjXoBIyiLJ8Vr/YZZMpBWN127wKtqvu0Zp/ +nGuWKDgMGasG91gDeePLvb9EPvWEvCaVGgIZTt1G4Ov07ooBJSbVGL3U41n+p2My ++i/XmXa+PgZX4pdHTR0CAwEAATANBgkqhkiG9w0BAQsFAAOCAYEAd++Wen6l8Ifj +4h3p/y16PhSsWJWuJ4wdNYy3/GM84S26wGjzlEEwiW76HpH6VJzPOiBAeWnFKE83 +hFyetEIxgJeIPbcs9ZP/Uoh8GZH9tRISBSN9Hgk2Slr9llo4t1H0g/XTgA5HqMQU +9YydlBh43G7Vw3FVwh09OM6poNOGQKNc/tq2/QdKeUMtyBbLWpRmjH5XcCT35fbn +ZiVOUldqSHD4kKrFO4nJYXZyipRbcXybsLiX9GP0GLemc3IgIvOXyJ2RPp06o/SJ +pzlMlkcAfLJaSuEW57xRakhuNK7m051TKKzJzIEX+NFYOVdafFHS8VwGrYsdrFvD +72tMfu+Fu55y3awdWWGc6YlaGogZiuMnJkvQphwgn+5qE/7CGEckoKEsH601rqIZ +muaIc85+nEcHJeijd/ZlBN9zeltjFoMuqTUENgmv8+tUAdVm/UMY9Vjme6b43ydP +uv6DS02+k9z8toxXworLiPr94BGaiGV1NxgwZKLZigYJt/Fi2Qte +-----END CERTIFICATE----- diff --git a/testdata/dnstap_tls_badcert.tdir/unbound_server.key b/testdata/dnstap_tls_badcert.tdir/unbound_server.key new file mode 100644 index 000000000000..370a7bbb2f22 --- /dev/null +++ b/testdata/dnstap_tls_badcert.tdir/unbound_server.key @@ -0,0 +1,39 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIG5AIBAAKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI +0x41iG32a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+Nqq +GRS7XVQ24vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Z +uh9MDgotaBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8K +WaBe1ca4TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5 +FzUReSXZuTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xP +q6O9UPj4+nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XL +A5UoZgRzXgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP +7kFZSngxdy1+A/bNAgMBAAECggGBALpTOIqQwVg4CFBylL/a8K1IWJTI/I65sklf +XxYL7G7SB2HlEJ//z+E+F0+S4Vlao1vyLQ5QkgE82pAUB8FoMWvY1qF0Y8A5wtm6 +iZSGk4OLK488ZbT8Ii9i+AGKgPe2XbVxsJwj8N4k7Zooqec9hz73Up8ATEWJkRz7 +2u7oMGG4z91E0PULA64dOi3l/vOQe5w/Aa+CwVbAWtI05o7kMvQEBMDJn6C7CByo +MB5op9wueJMnz7PM7hns+U7Dy6oE4ljuolJUy51bDzFWwoM54cRoQqLFNHd8JVQj +WxldCkbfF43iyprlsEcUrTyUjtdA+ZeiG39vg/mtdmgNpGmdupHJZQvSuG8IcVlz +O+eMSeQS1QXPD6Ik8UK4SU0h+zOl8xIWtRrsxQuh4fnTN40udm/YUWl/6gOebsBI +IrVLlKGqJSfB3tMjpCRqdTzJ0dA9keVpkqm2ugZkxEf1+/efq/rFIQ2pUBLCqNTN +qpNqruK8y8FphP30I2uI4Ej2UIB8AQKBwQDd2Yptj2FyDyaXCycsyde0wYkNyzGU +dRnzdibfHnMZwjgTjwAwgIUBVIS8H0/z7ZJQKN7osJfddMrtjJtYYUk9g/dCpHXs +bNh2QSoWah3FdzNGuWd0iRf9+LFxhjAAMo/FS8zFJAJKrFsBdCGTfFUMdsLC0bjr +YjiWBuvV72uKf8XIZX5KIZruKdWBBcWukcb21R1UDyFYyXRBsly5XHaIYKZql3km +7pV7MKWO0IYgHbHIqGUqPQlzZ/lkunS1jKECgcEA23wHffD6Ou9/x3okPx2AWpTr +gh8rgqbyo6hQkBW5Y90Wz824cqaYebZDaBR/xlVx/YwjKkohv8Bde2lpH/ZxRZ1Z +5Sk2s6GJ/vU0L9RsJZgCgj4L6Coal1NMxuZtCXAlnOpiCdxSZgfqbshbTVz30KsG +ZJG361Cua1ScdAHxlZBxT52/1Sm0zRC2hnxL7h4qo7Idmtzs40LAJvYOKekR0pPN +oWeJfra7vgx/jVNvMFWoOoSLpidVO4g+ot4ery6tAoHAdW3rCic1C2zdnmH28Iw+ +s50l8Lk3mz+I5wgJd1zkzCO0DxZIoWPGA3g7cmCYr6N3KRsZMs4W9NAXgjpFGDkW +zYsG3K21BdpvkdjYcFjnPVjlOXB2RIc0vehf9Jl02wXoeCSxVUDEPcaRvWk9RJYx +ZpGOchUU7vNkxHURbIJ4yCzuAi9G8/Jp0dsu+kaV5tufF5SjG5WOrzKjaQsCbdN1 +oqaWMCHRrTvov/Z2C+xwsptFOdN5CSyZzg6hQiI4GMlBAoHAXyb6KINcOEi0YMp3 +BFXJ23tMTnEs78tozcKeipigcsbaqORK3omS+NEnj+uzKUzJyl4CsMbKstK2tFYS +mSTCHqgE3PBtIpsZtEqhgUraR8IK9GPpzZDTTl9ynZgwFTNlWw3RyuyVXF56J+T8 +kCGJ3hEHCHqT/ZRQyX85BKIDFhA0z4tYKxWVqIFiYBNq56R0X9tMMmMs36mEnF93 +7Ht6mowxTZQRa7nU0qOgeKh/P7ki4Zus3y+WJ+T9IqahLtlRAoHBAIhqMrcxSAB8 +RpB9jukJlAnidw2jCMPgrFE8tP0khhVvGrXMldxAUsMKntDIo8dGCnG1KTcWDI0O +jepvSPHSsxVLFugL79h0eVIS5z4huW48i9xgU8VlHdgAcgEPIAOFcOw2BCu/s0Vp +O+MM/EyUOdo3NsibB3qc/GJI6iNBYS7AljYEVo6rXo5V/MZvZUF4vClen6Obzsre +MTTb+4sJjfqleWuvr1XNMeu2mBfXBQkWGZP1byBK0MvD/aQ2PWq92A== +-----END RSA PRIVATE KEY----- diff --git a/testdata/dnstap_tls_badcert.tdir/unbound_server.pem b/testdata/dnstap_tls_badcert.tdir/unbound_server.pem new file mode 100644 index 000000000000..986807310f2b --- /dev/null +++ b/testdata/dnstap_tls_badcert.tdir/unbound_server.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDqzCCAhMCFBHWXeQ6ZIa9QcQbXLFfC6tj+KA+MA0GCSqGSIb3DQEBCwUAMBIx +EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjI5WhcNNDAwMzI1MTMzMjI5 +WjASMRAwDgYDVQQDDAd1bmJvdW5kMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIB +igKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI0x41iG32 +a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+NqqGRS7XVQ2 +4vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Zuh9MDgot +aBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8KWaBe1ca4 +TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5FzUReSXZ +uTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xPq6O9UPj4 ++nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XLA5UoZgRz +XgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP7kFZSngx +dy1+A/bNAgMBAAEwDQYJKoZIhvcNAQELBQADggGBABunf93MKaCUHiZgnoOTinsW +84/EgInrgtKzAyH+BhnKkJOhhR0kkIAx5d9BpDlaSiRTACFon9moWCgDIIsK/Ar7 +JE0Kln9cV//wiiNoFU0O4mnzyGUIMvlaEX6QHMJJQYvL05+w/3AAcf5XmMJtR5ca +fJ8FqvGC34b2WxX9lTQoyT52sRt+1KnQikiMEnEyAdKktMG+MwKsFDdOwDXyZhZg +XZhRrfX3/NVJolqB6EahjWIGXDeKuSSKZVtCyib6LskyeMzN5lcRfvubKDdlqFVF +qlD7rHBsKhQUWK/IO64mGf7y/de+CgHtED5vDvr/p2uj/9sABATfbrOQR3W/Of25 +sLBj4OEfrJ7lX8hQgFaxkMI3x6VFT3W8dTCp7xnQgb6bgROWB5fNEZ9jk/gjSRmD +yIU+r0UbKe5kBk/CmZVFXL2TyJ92V5NYEQh8V4DGy19qZ6u/XKYyNJL4ocs35GGe +CA8SBuyrmdhx38h1RHErR2Skzadi1S7MwGf1y431fQ== +-----END CERTIFICATE----- diff --git a/testdata/dnstap_tls_badname.tdir/dnstap_tls_badname.conf b/testdata/dnstap_tls_badname.tdir/dnstap_tls_badname.conf new file mode 100644 index 000000000000..75e98a71d3e5 --- /dev/null +++ b/testdata/dnstap_tls_badname.tdir/dnstap_tls_badname.conf @@ -0,0 +1,46 @@ +server: + verbosity: 4 + num-threads: 1 + outgoing-range: 16 + interface: 127.0.0.1 + port: @PORT@ + use-syslog: no + directory: "" + pidfile: "unbound.pid" + chroot: "" + username: "" + do-not-query-localhost: no + local-zone: "example.net." redirect + local-data: "example.net. IN A 10.20.30.41" +remote-control: + control-enable: yes + control-interface: 127.0.0.1 + # control-interface: ::1 + control-port: @CONTROL_PORT@ + server-key-file: "unbound_server.key" + server-cert-file: "unbound_server.pem" + control-key-file: "unbound_control.key" + control-cert-file: "unbound_control.pem" +forward-zone: + name: "." + forward-addr: "127.0.0.1@@TOPORT@" +dnstap: + dnstap-enable: yes + dnstap-socket-path: "dnstap.socket" + dnstap-ip: "127.0.0.1@@TAPPORT@" + dnstap-tls: yes + # actual certificate name: "unbound" + # we enter another name here. + dnstap-tls-server-name: "anothername" + dnstap-tls-cert-bundle: "unbound_server.pem" + dnstap-send-identity: yes + dnstap-send-version: yes + #dnstap-identity + #dnstap-version + dnstap-log-resolver-query-messages: yes + dnstap-log-resolver-response-messages: yes + dnstap-log-client-query-messages: yes + dnstap-log-client-response-messages: yes + dnstap-log-forwarder-query-messages: yes + dnstap-log-forwarder-response-messages: yes + diff --git a/testdata/dnstap_tls_badname.tdir/dnstap_tls_badname.dsc b/testdata/dnstap_tls_badname.tdir/dnstap_tls_badname.dsc new file mode 100644 index 000000000000..9f878b91c39e --- /dev/null +++ b/testdata/dnstap_tls_badname.tdir/dnstap_tls_badname.dsc @@ -0,0 +1,16 @@ +BaseName: dnstap_tls_badname +Version: 1.0 +Description: test dnstap tls test bad peer name for authentication +CreationDate: Tue Feb 18 13:00:38 CET 2020 +Maintainer: dr. W.C.A. Wijngaards +Category: +Component: +CmdDepends: +Depends: +Help: +Pre: dnstap_tls_badname.pre +Post: dnstap_tls_badname.post +Test: dnstap_tls_badname.test +AuxFiles: +Passed: +Failure: diff --git a/testdata/dnstap_tls_badname.tdir/dnstap_tls_badname.post b/testdata/dnstap_tls_badname.tdir/dnstap_tls_badname.post new file mode 100644 index 000000000000..59f05b81d936 --- /dev/null +++ b/testdata/dnstap_tls_badname.tdir/dnstap_tls_badname.post @@ -0,0 +1,20 @@ +# #-- dnstap_tls_badname.post --# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# source the test var file when it's there +[ -f .tpkg.var.test ] && source .tpkg.var.test +# +# do your teardown here +. ../common.sh +PRE="../.." +if grep "define USE_DNSTAP 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi +kill_pid $DNSTAP_SOCKET_PID +kill_pid $FWD_PID +kill $UNBOUND_PID +kill $UNBOUND_PID >/dev/null 2>&1 +cat unbound.log +echo "> tap logfiles" +cat tap.log +cat tap.errlog +cat fwd.log +exit 0 diff --git a/testdata/dnstap_tls_badname.tdir/dnstap_tls_badname.pre b/testdata/dnstap_tls_badname.tdir/dnstap_tls_badname.pre new file mode 100644 index 000000000000..0ffee6081619 --- /dev/null +++ b/testdata/dnstap_tls_badname.tdir/dnstap_tls_badname.pre @@ -0,0 +1,54 @@ +# #-- dnstap_tls_badname.pre--# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test + +. ../common.sh + +PRE="../.." +if grep "define USE_DNSTAP 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi + +get_random_port 4 +UNBOUND_PORT=$RND_PORT +FWD_PORT=$(($RND_PORT + 1)) +CONTROL_PORT=$(($RND_PORT + 2)) +TAP_PORT=$(($RND_PORT + 3)) +echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test +echo "FWD_PORT=$FWD_PORT" >> .tpkg.var.test +echo "CONTROL_PORT=$CONTROL_PORT" >> .tpkg.var.test +echo "TAP_PORT=$TAP_PORT" >> .tpkg.var.test + +# start forwarder +get_ldns_testns +$LDNS_TESTNS -p $FWD_PORT dnstap_tls_badname.testns >fwd.log 2>&1 & +FWD_PID=$! +echo "FWD_PID=$FWD_PID" >> .tpkg.var.test + +# start the dnstap log server +# the -vvvv flag prints protocol and connection information from the +# unbound-dnstap-socket server. +# the -l flag prints the DNS info in the DNSTAP packet in multiline output. +# stderr is the '-vvvv' server logs and errors. +# stdout is the one-line packet logs (or with -l, multiline). +$PRE/unbound-dnstap-socket -t "127.0.0.1@$TAP_PORT" -x unbound_server.key -y unbound_server.pem -l -vvvv 2>tap.errlog >tap.log & +if test $? -ne 0; then + echo "could not start unbound-dnstap-socket server" + exit 1 +fi +DNSTAP_SOCKET_PID=$! +echo "DNSTAP_SOCKET_PID=$DNSTAP_SOCKET_PID" >> .tpkg.var.test +# wait for the server to go up +wait_server_up "tap.errlog" "start of service" + +# make config file +sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@TOPORT\@/'$FWD_PORT'/' -e 's/@CONTROL_PORT\@/'$CONTROL_PORT'/' -e 's/@TAPPORT\@/'$TAP_PORT'/' < dnstap_tls_badname.conf > ub.conf +# start unbound in the background +$PRE/unbound -d -c ub.conf >unbound.log 2>&1 & +UNBOUND_PID=$! +echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test + +cat .tpkg.var.test +wait_ldns_testns_up fwd.log +wait_unbound_up unbound.log + diff --git a/testdata/dnstap_tls_badname.tdir/dnstap_tls_badname.test b/testdata/dnstap_tls_badname.tdir/dnstap_tls_badname.test new file mode 100644 index 000000000000..248d8f222531 --- /dev/null +++ b/testdata/dnstap_tls_badname.tdir/dnstap_tls_badname.test @@ -0,0 +1,51 @@ +# #-- dnstap_tls_badname.test --# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test + +. ../common.sh +PRE="../.." +if grep "define USE_DNSTAP 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi + +# test if the server is up. +echo "> dig www.example.com." +dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile +echo "> check answer" +if grep "10.20.30.40" outfile; then + echo "OK" +else + echo "> cat logfiles" + cat tap.log + cat tap.errlog + cat fwd.log + cat unbound.log + echo "Not OK" + exit 1 +fi + +echo "> check tap.log for dnstap info" +# see if it logged the information in tap.log +# wait for a moment for filesystem to catch up. +if grep "www.example.com" tap.log >/dev/null; then :; else sleep 1; fi +if grep "www.example.com" tap.log >/dev/null; then :; else sleep 1; fi +if grep "www.example.com" tap.log >/dev/null; then :; else sleep 1; fi +if grep "www.example.com" tap.log >/dev/null; then :; else sleep 1; fi +if grep "www.example.com" tap.log >/dev/null; then :; else sleep 1; fi +if grep "www.example.com" tap.log; then + echo "it is in tap.log"; + echo "but there should not be a connection" + echo "failed" + echo "> cat logfiles" + cat tap.log + cat tap.errlog + cat fwd.log + cat unbound.log + echo "Not OK" + exit 1 +else + echo "information not in tap.log" +fi + +echo "> OK" +exit 0 diff --git a/testdata/dnstap_tls_badname.tdir/dnstap_tls_badname.testns b/testdata/dnstap_tls_badname.tdir/dnstap_tls_badname.testns new file mode 100644 index 000000000000..0c911ca5b30e --- /dev/null +++ b/testdata/dnstap_tls_badname.tdir/dnstap_tls_badname.testns @@ -0,0 +1,22 @@ +; nameserver test file +$ORIGIN example.com. +$TTL 3600 + +ENTRY_BEGIN +MATCH opcode qtype qname +REPLY QR AA NOERROR +ADJUST copy_id +SECTION QUESTION +www IN A +SECTION ANSWER +www IN A 10.20.30.40 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +REPLY QR AA SERVFAIL +ADJUST copy_id +SECTION QUESTION +www.example.net. IN A +ENTRY_END + diff --git a/testdata/dnstap_tls_badname.tdir/unbound_control.key b/testdata/dnstap_tls_badname.tdir/unbound_control.key new file mode 100644 index 000000000000..753a4ef6162e --- /dev/null +++ b/testdata/dnstap_tls_badname.tdir/unbound_control.key @@ -0,0 +1,39 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIG4gIBAAKCAYEAstEp+Pyh8XGrtZ77A4FhYjvbeB3dMa7Q2rGWxobzlA9przhA +1aChAvUtCOAuM+rB6NTNB8YWfZJbQHawyMNpmC77cg6vXLYCGUQHZyAqidN049RJ +F5T7j4N8Vniv17LiRdr0S6swy4PRvEnIPPV43EQHZqC5jVvHsKkhIfmBF/Dj5TXR +ypeawWV/m5jeU6/4HRYMfytBZdO1mPXuWLh0lgbQ4SCbgrOUVD3rniMk1yZIbQOm +vlDHYqekjDb/vOW2KxUQLG04aZMJ1mWfdbwG0CKQkSjISEDZ1l76vhM6mTM0fwXb +IvyFZ9yPPCle1mF5aSlxS2cmGuGVSRQaw8XF9fe3a9ACJJTr33HdSpyaZkKRAUzL +cKqLCl323daKv3NwwAT03Tj4iQM416ASMoiyfFa/2GWTKQVjddu8Crar7tGaf5xr +lig4DBmrBvdYA3njy72/RD71hLwmlRoCGU7dRuDr9O6KASUm1Ri91ONZ/qdjMvov +15l2vj4GV+KXR00dAgMBAAECggGAHepIL1N0dEQkCdpy+/8lH54L9WhpnOo2HqAf +LU9eaKK7d4jdr9+TkD8cLaPzltPrZNxVALvu/0sA4SP6J1wpyj/x6P7z73qzly5+ +Xo5PD4fEwmi9YaiW/UduAblnEZrnp/AddptJKoL/D5T4XtpiQddPtael4zQ7kB57 +YIexRSQTvEDovA/o3/nvA0TrzOxfgd4ycQP3iOWGN/TMzyLsvjydrUwbOB567iz9 +whL3Etdgvnwh5Sz2blbFfH+nAR8ctvFFz+osPvuIVR21VMEI6wm7kTpSNnQ6sh/c +lrLb/bTADn4g7z/LpIZJ+MrLvyEcoqValrLYeFBhM9CV8woPxvkO2P3pU47HVGax +tC7GV6a/kt5RoKFd/TNdiA3OC7NGZtaeXv9VkPf4fVwBtSO9d5ZZXTGEynDD/rUQ +U4KFJe6OD23APjse08HiiKqTPhsOneOONU67iqoaTdIkT2R4EdlkVEDpXVtWb+G9 +Q+IqYzVljlzuyHrhWXLJw/FMa2aBAoHBAOnZbi4gGpH+P6886WDWVgIlTccuXoyc +Mg9QQYk9UDeXxL0AizR5bZy49Sduegz9vkHpAiZARQsUnizHjZ8YlRcrmn4t6tx3 +ahTIKAjdprnxJfYINM580j8CGbXvX5LhIlm3O267D0Op+co3+7Ujy+cjsIuFQrP+ +1MqMgXSeBjzC1APivmps7HeFE+4w0k2PfN5wSMDNCzLo99PZuUG5XZ93OVOS5dpN +b+WskdcD8NOoJy/X/5A08veEI/jYO/DyqQKBwQDDwUQCOWf41ecvJLtBHKmEnHDz +ftzHino9DRKG8a9XaN4rmetnoWEaM2vHGX3pf3mwH+dAe8vJdAQueDhBKYeEpm6C +TYNOpou1+Zs5s99BilCTNYo8fkMOAyqwRwmz9zgHS6QxXuPwsghKefLJGt6o6RFF +tfWVTfLlYJ+I3GQe3ySsk3wjVz4oUTKiyiq5+KzD+HhEkS7u+RQ7Z0ZI2xd2cF8Y +aN2hjKDpcOiFf3CDoqka5D1qMNLgIHO52AHww1UCgcA1h7o7AMpURRka6hyaODY0 +A4oMYEbwdQjYjIyT998W+rzkbu1us6UtzQEBZ760npkgyU/epbOoV63lnkCC/MOU +LD0PST+L/CHiY/cWIHb79YG1EifUZKpUFg0Aoq0EGFkepF0MefGCkbRGYA5UZr9U +R80wAu9D+L+JJiS0J0BSRF74DL196zUuHt5zFeXuLzxsRtPAnq9DliS08BACRYZy +7H3I7cWD9Vn5/0jbKWHFcaaWwyETR6uekTcSzZzbCRECgcBeoE3/xUA9SSk34Mmj +7/cB4522Ft0imA3+9RK/qJTZ7Bd5fC4PKjOGNtUiqW/0L2rjeIiQ40bfWvWqgPKw +jSK1PL6uvkl6+4cNsFsYyZpiVDoe7wKju2UuoNlB3RUTqa2r2STFuNj2wRjA57I1 +BIgdnox65jqQsd14g/yaa+75/WP9CE45xzKEyrtvdcqxm0Pod3OrsYK+gikFjiar +kT0GQ8u0QPzh2tjt/2ZnIfOBrl+QYERP0MofDZDjhUdq2wECgcB0Lu841+yP5cdR +qbJhXO4zJNh7oWNcJlOuQp3ZMNFrA1oHpe9pmLukiROOy01k9WxIMQDzU5GSqRv3 +VLkYOIcbhJ3kClKAcM3j95SkKbU2H5/RENb3Ck52xtl4pNU1x/3PnVFZfDVuuHO9 +MZ9YBcIeK98MyP2jr5JtFKnOyPE7xKq0IHIhXadpbc2wjje5FtZ1cUtMyEECCXNa +C1TpXebHGyXGpY9WdWXhjdE/1jPvfS+uO5WyuDpYPr339gsdq1g= +-----END RSA PRIVATE KEY----- diff --git a/testdata/dnstap_tls_badname.tdir/unbound_control.pem b/testdata/dnstap_tls_badname.tdir/unbound_control.pem new file mode 100644 index 000000000000..a1edf7017f1d --- /dev/null +++ b/testdata/dnstap_tls_badname.tdir/unbound_control.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDszCCAhsCFGD5193whHQ2bVdzbaQfdf1gc4SkMA0GCSqGSIb3DQEBCwUAMBIx +EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjMwWhcNNDAwMzI1MTMzMjMw +WjAaMRgwFgYDVQQDDA91bmJvdW5kLWNvbnRyb2wwggGiMA0GCSqGSIb3DQEBAQUA +A4IBjwAwggGKAoIBgQCy0Sn4/KHxcau1nvsDgWFiO9t4Hd0xrtDasZbGhvOUD2mv +OEDVoKEC9S0I4C4z6sHo1M0HxhZ9kltAdrDIw2mYLvtyDq9ctgIZRAdnICqJ03Tj +1EkXlPuPg3xWeK/XsuJF2vRLqzDLg9G8Scg89XjcRAdmoLmNW8ewqSEh+YEX8OPl +NdHKl5rBZX+bmN5Tr/gdFgx/K0Fl07WY9e5YuHSWBtDhIJuCs5RUPeueIyTXJkht +A6a+UMdip6SMNv+85bYrFRAsbThpkwnWZZ91vAbQIpCRKMhIQNnWXvq+EzqZMzR/ +Bdsi/IVn3I88KV7WYXlpKXFLZyYa4ZVJFBrDxcX197dr0AIklOvfcd1KnJpmQpEB +TMtwqosKXfbd1oq/c3DABPTdOPiJAzjXoBIyiLJ8Vr/YZZMpBWN127wKtqvu0Zp/ +nGuWKDgMGasG91gDeePLvb9EPvWEvCaVGgIZTt1G4Ov07ooBJSbVGL3U41n+p2My ++i/XmXa+PgZX4pdHTR0CAwEAATANBgkqhkiG9w0BAQsFAAOCAYEAd++Wen6l8Ifj +4h3p/y16PhSsWJWuJ4wdNYy3/GM84S26wGjzlEEwiW76HpH6VJzPOiBAeWnFKE83 +hFyetEIxgJeIPbcs9ZP/Uoh8GZH9tRISBSN9Hgk2Slr9llo4t1H0g/XTgA5HqMQU +9YydlBh43G7Vw3FVwh09OM6poNOGQKNc/tq2/QdKeUMtyBbLWpRmjH5XcCT35fbn +ZiVOUldqSHD4kKrFO4nJYXZyipRbcXybsLiX9GP0GLemc3IgIvOXyJ2RPp06o/SJ +pzlMlkcAfLJaSuEW57xRakhuNK7m051TKKzJzIEX+NFYOVdafFHS8VwGrYsdrFvD +72tMfu+Fu55y3awdWWGc6YlaGogZiuMnJkvQphwgn+5qE/7CGEckoKEsH601rqIZ +muaIc85+nEcHJeijd/ZlBN9zeltjFoMuqTUENgmv8+tUAdVm/UMY9Vjme6b43ydP +uv6DS02+k9z8toxXworLiPr94BGaiGV1NxgwZKLZigYJt/Fi2Qte +-----END CERTIFICATE----- diff --git a/testdata/dnstap_tls_badname.tdir/unbound_server.key b/testdata/dnstap_tls_badname.tdir/unbound_server.key new file mode 100644 index 000000000000..370a7bbb2f22 --- /dev/null +++ b/testdata/dnstap_tls_badname.tdir/unbound_server.key @@ -0,0 +1,39 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIG5AIBAAKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI +0x41iG32a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+Nqq +GRS7XVQ24vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Z +uh9MDgotaBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8K +WaBe1ca4TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5 +FzUReSXZuTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xP +q6O9UPj4+nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XL +A5UoZgRzXgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP +7kFZSngxdy1+A/bNAgMBAAECggGBALpTOIqQwVg4CFBylL/a8K1IWJTI/I65sklf +XxYL7G7SB2HlEJ//z+E+F0+S4Vlao1vyLQ5QkgE82pAUB8FoMWvY1qF0Y8A5wtm6 +iZSGk4OLK488ZbT8Ii9i+AGKgPe2XbVxsJwj8N4k7Zooqec9hz73Up8ATEWJkRz7 +2u7oMGG4z91E0PULA64dOi3l/vOQe5w/Aa+CwVbAWtI05o7kMvQEBMDJn6C7CByo +MB5op9wueJMnz7PM7hns+U7Dy6oE4ljuolJUy51bDzFWwoM54cRoQqLFNHd8JVQj +WxldCkbfF43iyprlsEcUrTyUjtdA+ZeiG39vg/mtdmgNpGmdupHJZQvSuG8IcVlz +O+eMSeQS1QXPD6Ik8UK4SU0h+zOl8xIWtRrsxQuh4fnTN40udm/YUWl/6gOebsBI +IrVLlKGqJSfB3tMjpCRqdTzJ0dA9keVpkqm2ugZkxEf1+/efq/rFIQ2pUBLCqNTN +qpNqruK8y8FphP30I2uI4Ej2UIB8AQKBwQDd2Yptj2FyDyaXCycsyde0wYkNyzGU +dRnzdibfHnMZwjgTjwAwgIUBVIS8H0/z7ZJQKN7osJfddMrtjJtYYUk9g/dCpHXs +bNh2QSoWah3FdzNGuWd0iRf9+LFxhjAAMo/FS8zFJAJKrFsBdCGTfFUMdsLC0bjr +YjiWBuvV72uKf8XIZX5KIZruKdWBBcWukcb21R1UDyFYyXRBsly5XHaIYKZql3km +7pV7MKWO0IYgHbHIqGUqPQlzZ/lkunS1jKECgcEA23wHffD6Ou9/x3okPx2AWpTr +gh8rgqbyo6hQkBW5Y90Wz824cqaYebZDaBR/xlVx/YwjKkohv8Bde2lpH/ZxRZ1Z +5Sk2s6GJ/vU0L9RsJZgCgj4L6Coal1NMxuZtCXAlnOpiCdxSZgfqbshbTVz30KsG +ZJG361Cua1ScdAHxlZBxT52/1Sm0zRC2hnxL7h4qo7Idmtzs40LAJvYOKekR0pPN +oWeJfra7vgx/jVNvMFWoOoSLpidVO4g+ot4ery6tAoHAdW3rCic1C2zdnmH28Iw+ +s50l8Lk3mz+I5wgJd1zkzCO0DxZIoWPGA3g7cmCYr6N3KRsZMs4W9NAXgjpFGDkW +zYsG3K21BdpvkdjYcFjnPVjlOXB2RIc0vehf9Jl02wXoeCSxVUDEPcaRvWk9RJYx +ZpGOchUU7vNkxHURbIJ4yCzuAi9G8/Jp0dsu+kaV5tufF5SjG5WOrzKjaQsCbdN1 +oqaWMCHRrTvov/Z2C+xwsptFOdN5CSyZzg6hQiI4GMlBAoHAXyb6KINcOEi0YMp3 +BFXJ23tMTnEs78tozcKeipigcsbaqORK3omS+NEnj+uzKUzJyl4CsMbKstK2tFYS +mSTCHqgE3PBtIpsZtEqhgUraR8IK9GPpzZDTTl9ynZgwFTNlWw3RyuyVXF56J+T8 +kCGJ3hEHCHqT/ZRQyX85BKIDFhA0z4tYKxWVqIFiYBNq56R0X9tMMmMs36mEnF93 +7Ht6mowxTZQRa7nU0qOgeKh/P7ki4Zus3y+WJ+T9IqahLtlRAoHBAIhqMrcxSAB8 +RpB9jukJlAnidw2jCMPgrFE8tP0khhVvGrXMldxAUsMKntDIo8dGCnG1KTcWDI0O +jepvSPHSsxVLFugL79h0eVIS5z4huW48i9xgU8VlHdgAcgEPIAOFcOw2BCu/s0Vp +O+MM/EyUOdo3NsibB3qc/GJI6iNBYS7AljYEVo6rXo5V/MZvZUF4vClen6Obzsre +MTTb+4sJjfqleWuvr1XNMeu2mBfXBQkWGZP1byBK0MvD/aQ2PWq92A== +-----END RSA PRIVATE KEY----- diff --git a/testdata/dnstap_tls_badname.tdir/unbound_server.pem b/testdata/dnstap_tls_badname.tdir/unbound_server.pem new file mode 100644 index 000000000000..986807310f2b --- /dev/null +++ b/testdata/dnstap_tls_badname.tdir/unbound_server.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDqzCCAhMCFBHWXeQ6ZIa9QcQbXLFfC6tj+KA+MA0GCSqGSIb3DQEBCwUAMBIx +EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjI5WhcNNDAwMzI1MTMzMjI5 +WjASMRAwDgYDVQQDDAd1bmJvdW5kMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIB +igKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI0x41iG32 +a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+NqqGRS7XVQ2 +4vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Zuh9MDgot +aBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8KWaBe1ca4 +TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5FzUReSXZ +uTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xPq6O9UPj4 ++nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XLA5UoZgRz +XgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP7kFZSngx +dy1+A/bNAgMBAAEwDQYJKoZIhvcNAQELBQADggGBABunf93MKaCUHiZgnoOTinsW +84/EgInrgtKzAyH+BhnKkJOhhR0kkIAx5d9BpDlaSiRTACFon9moWCgDIIsK/Ar7 +JE0Kln9cV//wiiNoFU0O4mnzyGUIMvlaEX6QHMJJQYvL05+w/3AAcf5XmMJtR5ca +fJ8FqvGC34b2WxX9lTQoyT52sRt+1KnQikiMEnEyAdKktMG+MwKsFDdOwDXyZhZg +XZhRrfX3/NVJolqB6EahjWIGXDeKuSSKZVtCyib6LskyeMzN5lcRfvubKDdlqFVF +qlD7rHBsKhQUWK/IO64mGf7y/de+CgHtED5vDvr/p2uj/9sABATfbrOQR3W/Of25 +sLBj4OEfrJ7lX8hQgFaxkMI3x6VFT3W8dTCp7xnQgb6bgROWB5fNEZ9jk/gjSRmD +yIU+r0UbKe5kBk/CmZVFXL2TyJ92V5NYEQh8V4DGy19qZ6u/XKYyNJL4ocs35GGe +CA8SBuyrmdhx38h1RHErR2Skzadi1S7MwGf1y431fQ== +-----END CERTIFICATE----- diff --git a/testdata/dnstap_tls_clientauth.tdir/dnstap_tls_clientauth.conf b/testdata/dnstap_tls_clientauth.tdir/dnstap_tls_clientauth.conf new file mode 100644 index 000000000000..6182526ace96 --- /dev/null +++ b/testdata/dnstap_tls_clientauth.tdir/dnstap_tls_clientauth.conf @@ -0,0 +1,46 @@ +server: + verbosity: 4 + num-threads: 1 + outgoing-range: 16 + interface: 127.0.0.1 + port: @PORT@ + use-syslog: no + directory: "" + pidfile: "unbound.pid" + chroot: "" + username: "" + do-not-query-localhost: no + local-zone: "example.net." redirect + local-data: "example.net. IN A 10.20.30.41" +remote-control: + control-enable: yes + control-interface: 127.0.0.1 + # control-interface: ::1 + control-port: @CONTROL_PORT@ + server-key-file: "unbound_server.key" + server-cert-file: "unbound_server.pem" + control-key-file: "unbound_control.key" + control-cert-file: "unbound_control.pem" +forward-zone: + name: "." + forward-addr: "127.0.0.1@@TOPORT@" +dnstap: + dnstap-enable: yes + dnstap-socket-path: "dnstap.socket" + dnstap-ip: "127.0.0.1@@TAPPORT@" + dnstap-tls: yes + dnstap-tls-server-name: "unbound" + dnstap-tls-cert-bundle: "unbound_server.pem" + dnstap-tls-client-key-file: "unbound_control.key" + dnstap-tls-client-cert-file: "unbound_control.pem" + dnstap-send-identity: yes + dnstap-send-version: yes + #dnstap-identity + #dnstap-version + dnstap-log-resolver-query-messages: yes + dnstap-log-resolver-response-messages: yes + dnstap-log-client-query-messages: yes + dnstap-log-client-response-messages: yes + dnstap-log-forwarder-query-messages: yes + dnstap-log-forwarder-response-messages: yes + diff --git a/testdata/dnstap_tls_clientauth.tdir/dnstap_tls_clientauth.dsc b/testdata/dnstap_tls_clientauth.tdir/dnstap_tls_clientauth.dsc new file mode 100644 index 000000000000..37aacbbd9fcf --- /dev/null +++ b/testdata/dnstap_tls_clientauth.tdir/dnstap_tls_clientauth.dsc @@ -0,0 +1,16 @@ +BaseName: dnstap_tls_clientauth +Version: 1.0 +Description: test dnstap tls with client authentication +CreationDate: Tue Feb 18 14:00:38 CET 2020 +Maintainer: dr. W.C.A. Wijngaards +Category: +Component: +CmdDepends: +Depends: +Help: +Pre: dnstap_tls_clientauth.pre +Post: dnstap_tls_clientauth.post +Test: dnstap_tls_clientauth.test +AuxFiles: +Passed: +Failure: diff --git a/testdata/dnstap_tls_clientauth.tdir/dnstap_tls_clientauth.post b/testdata/dnstap_tls_clientauth.tdir/dnstap_tls_clientauth.post new file mode 100644 index 000000000000..83df2a72ec79 --- /dev/null +++ b/testdata/dnstap_tls_clientauth.tdir/dnstap_tls_clientauth.post @@ -0,0 +1,20 @@ +# #-- dnstap_tls_clientauth.post --# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# source the test var file when it's there +[ -f .tpkg.var.test ] && source .tpkg.var.test +# +# do your teardown here +. ../common.sh +PRE="../.." +if grep "define USE_DNSTAP 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi +kill_pid $DNSTAP_SOCKET_PID +kill_pid $FWD_PID +kill $UNBOUND_PID +kill $UNBOUND_PID >/dev/null 2>&1 +cat unbound.log +echo "> tap logfiles" +cat tap.log +cat tap.errlog +cat fwd.log +exit 0 diff --git a/testdata/dnstap_tls_clientauth.tdir/dnstap_tls_clientauth.pre b/testdata/dnstap_tls_clientauth.tdir/dnstap_tls_clientauth.pre new file mode 100644 index 000000000000..a035181cec0f --- /dev/null +++ b/testdata/dnstap_tls_clientauth.tdir/dnstap_tls_clientauth.pre @@ -0,0 +1,54 @@ +# #-- dnstap_tls_clientauth.pre--# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test + +. ../common.sh + +PRE="../.." +if grep "define USE_DNSTAP 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi + +get_random_port 4 +UNBOUND_PORT=$RND_PORT +FWD_PORT=$(($RND_PORT + 1)) +CONTROL_PORT=$(($RND_PORT + 2)) +TAP_PORT=$(($RND_PORT + 3)) +echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test +echo "FWD_PORT=$FWD_PORT" >> .tpkg.var.test +echo "CONTROL_PORT=$CONTROL_PORT" >> .tpkg.var.test +echo "TAP_PORT=$TAP_PORT" >> .tpkg.var.test + +# start forwarder +get_ldns_testns +$LDNS_TESTNS -p $FWD_PORT dnstap_tls_clientauth.testns >fwd.log 2>&1 & +FWD_PID=$! +echo "FWD_PID=$FWD_PID" >> .tpkg.var.test + +# start the dnstap log server +# the -vvvv flag prints protocol and connection information from the +# unbound-dnstap-socket server. +# the -l flag prints the DNS info in the DNSTAP packet in multiline output. +# stderr is the '-vvvv' server logs and errors. +# stdout is the one-line packet logs (or with -l, multiline). +$PRE/unbound-dnstap-socket -t "127.0.0.1@$TAP_PORT" -x unbound_server.key -y unbound_server.pem -z unbound_server.pem -l -vvvv 2>tap.errlog >tap.log & +if test $? -ne 0; then + echo "could not start unbound-dnstap-socket server" + exit 1 +fi +DNSTAP_SOCKET_PID=$! +echo "DNSTAP_SOCKET_PID=$DNSTAP_SOCKET_PID" >> .tpkg.var.test +# wait for the server to go up +wait_server_up "tap.errlog" "start of service" + +# make config file +sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@TOPORT\@/'$FWD_PORT'/' -e 's/@CONTROL_PORT\@/'$CONTROL_PORT'/' -e 's/@TAPPORT\@/'$TAP_PORT'/' < dnstap_tls_clientauth.conf > ub.conf +# start unbound in the background +$PRE/unbound -d -c ub.conf >unbound.log 2>&1 & +UNBOUND_PID=$! +echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test + +cat .tpkg.var.test +wait_ldns_testns_up fwd.log +wait_unbound_up unbound.log + diff --git a/testdata/dnstap_tls_clientauth.tdir/dnstap_tls_clientauth.test b/testdata/dnstap_tls_clientauth.tdir/dnstap_tls_clientauth.test new file mode 100644 index 000000000000..5b9cce0a4c47 --- /dev/null +++ b/testdata/dnstap_tls_clientauth.tdir/dnstap_tls_clientauth.test @@ -0,0 +1,50 @@ +# #-- dnstap_tls_clientauth.test --# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test + +. ../common.sh +PRE="../.." +if grep "define USE_DNSTAP 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi + +# test if the server is up. +echo "> dig www.example.com." +dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile +echo "> check answer" +if grep "10.20.30.40" outfile; then + echo "OK" +else + echo "> cat logfiles" + cat tap.log + cat tap.errlog + cat fwd.log + cat unbound.log + echo "Not OK" + exit 1 +fi + +echo "> check tap.log for dnstap info" +# see if it logged the information in tap.log +# wait for a moment for filesystem to catch up. +if grep "www.example.com" tap.log >/dev/null; then :; else sleep 1; fi +if grep "www.example.com" tap.log >/dev/null; then :; else sleep 1; fi +if grep "www.example.com" tap.log >/dev/null; then :; else sleep 1; fi +if grep "www.example.com" tap.log >/dev/null; then :; else sleep 1; fi +if grep "www.example.com" tap.log >/dev/null; then :; else sleep 1; fi +if grep "www.example.com" tap.log >/dev/null; then :; else sleep 10; fi +if grep "www.example.com" tap.log; then echo "yes it is in tap.log"; +else + echo "information not in tap.log" + echo "failed" + echo "> cat logfiles" + cat tap.log + cat tap.errlog + cat fwd.log + cat unbound.log + echo "Not OK" + exit 1 +fi + +echo "> OK" +exit 0 diff --git a/testdata/dnstap_tls_clientauth.tdir/dnstap_tls_clientauth.testns b/testdata/dnstap_tls_clientauth.tdir/dnstap_tls_clientauth.testns new file mode 100644 index 000000000000..0c911ca5b30e --- /dev/null +++ b/testdata/dnstap_tls_clientauth.tdir/dnstap_tls_clientauth.testns @@ -0,0 +1,22 @@ +; nameserver test file +$ORIGIN example.com. +$TTL 3600 + +ENTRY_BEGIN +MATCH opcode qtype qname +REPLY QR AA NOERROR +ADJUST copy_id +SECTION QUESTION +www IN A +SECTION ANSWER +www IN A 10.20.30.40 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +REPLY QR AA SERVFAIL +ADJUST copy_id +SECTION QUESTION +www.example.net. IN A +ENTRY_END + diff --git a/testdata/dnstap_tls_clientauth.tdir/unbound_control.key b/testdata/dnstap_tls_clientauth.tdir/unbound_control.key new file mode 100644 index 000000000000..753a4ef6162e --- /dev/null +++ b/testdata/dnstap_tls_clientauth.tdir/unbound_control.key @@ -0,0 +1,39 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIG4gIBAAKCAYEAstEp+Pyh8XGrtZ77A4FhYjvbeB3dMa7Q2rGWxobzlA9przhA +1aChAvUtCOAuM+rB6NTNB8YWfZJbQHawyMNpmC77cg6vXLYCGUQHZyAqidN049RJ +F5T7j4N8Vniv17LiRdr0S6swy4PRvEnIPPV43EQHZqC5jVvHsKkhIfmBF/Dj5TXR +ypeawWV/m5jeU6/4HRYMfytBZdO1mPXuWLh0lgbQ4SCbgrOUVD3rniMk1yZIbQOm +vlDHYqekjDb/vOW2KxUQLG04aZMJ1mWfdbwG0CKQkSjISEDZ1l76vhM6mTM0fwXb +IvyFZ9yPPCle1mF5aSlxS2cmGuGVSRQaw8XF9fe3a9ACJJTr33HdSpyaZkKRAUzL +cKqLCl323daKv3NwwAT03Tj4iQM416ASMoiyfFa/2GWTKQVjddu8Crar7tGaf5xr +lig4DBmrBvdYA3njy72/RD71hLwmlRoCGU7dRuDr9O6KASUm1Ri91ONZ/qdjMvov +15l2vj4GV+KXR00dAgMBAAECggGAHepIL1N0dEQkCdpy+/8lH54L9WhpnOo2HqAf +LU9eaKK7d4jdr9+TkD8cLaPzltPrZNxVALvu/0sA4SP6J1wpyj/x6P7z73qzly5+ +Xo5PD4fEwmi9YaiW/UduAblnEZrnp/AddptJKoL/D5T4XtpiQddPtael4zQ7kB57 +YIexRSQTvEDovA/o3/nvA0TrzOxfgd4ycQP3iOWGN/TMzyLsvjydrUwbOB567iz9 +whL3Etdgvnwh5Sz2blbFfH+nAR8ctvFFz+osPvuIVR21VMEI6wm7kTpSNnQ6sh/c +lrLb/bTADn4g7z/LpIZJ+MrLvyEcoqValrLYeFBhM9CV8woPxvkO2P3pU47HVGax +tC7GV6a/kt5RoKFd/TNdiA3OC7NGZtaeXv9VkPf4fVwBtSO9d5ZZXTGEynDD/rUQ +U4KFJe6OD23APjse08HiiKqTPhsOneOONU67iqoaTdIkT2R4EdlkVEDpXVtWb+G9 +Q+IqYzVljlzuyHrhWXLJw/FMa2aBAoHBAOnZbi4gGpH+P6886WDWVgIlTccuXoyc +Mg9QQYk9UDeXxL0AizR5bZy49Sduegz9vkHpAiZARQsUnizHjZ8YlRcrmn4t6tx3 +ahTIKAjdprnxJfYINM580j8CGbXvX5LhIlm3O267D0Op+co3+7Ujy+cjsIuFQrP+ +1MqMgXSeBjzC1APivmps7HeFE+4w0k2PfN5wSMDNCzLo99PZuUG5XZ93OVOS5dpN +b+WskdcD8NOoJy/X/5A08veEI/jYO/DyqQKBwQDDwUQCOWf41ecvJLtBHKmEnHDz +ftzHino9DRKG8a9XaN4rmetnoWEaM2vHGX3pf3mwH+dAe8vJdAQueDhBKYeEpm6C +TYNOpou1+Zs5s99BilCTNYo8fkMOAyqwRwmz9zgHS6QxXuPwsghKefLJGt6o6RFF +tfWVTfLlYJ+I3GQe3ySsk3wjVz4oUTKiyiq5+KzD+HhEkS7u+RQ7Z0ZI2xd2cF8Y +aN2hjKDpcOiFf3CDoqka5D1qMNLgIHO52AHww1UCgcA1h7o7AMpURRka6hyaODY0 +A4oMYEbwdQjYjIyT998W+rzkbu1us6UtzQEBZ760npkgyU/epbOoV63lnkCC/MOU +LD0PST+L/CHiY/cWIHb79YG1EifUZKpUFg0Aoq0EGFkepF0MefGCkbRGYA5UZr9U +R80wAu9D+L+JJiS0J0BSRF74DL196zUuHt5zFeXuLzxsRtPAnq9DliS08BACRYZy +7H3I7cWD9Vn5/0jbKWHFcaaWwyETR6uekTcSzZzbCRECgcBeoE3/xUA9SSk34Mmj +7/cB4522Ft0imA3+9RK/qJTZ7Bd5fC4PKjOGNtUiqW/0L2rjeIiQ40bfWvWqgPKw +jSK1PL6uvkl6+4cNsFsYyZpiVDoe7wKju2UuoNlB3RUTqa2r2STFuNj2wRjA57I1 +BIgdnox65jqQsd14g/yaa+75/WP9CE45xzKEyrtvdcqxm0Pod3OrsYK+gikFjiar +kT0GQ8u0QPzh2tjt/2ZnIfOBrl+QYERP0MofDZDjhUdq2wECgcB0Lu841+yP5cdR +qbJhXO4zJNh7oWNcJlOuQp3ZMNFrA1oHpe9pmLukiROOy01k9WxIMQDzU5GSqRv3 +VLkYOIcbhJ3kClKAcM3j95SkKbU2H5/RENb3Ck52xtl4pNU1x/3PnVFZfDVuuHO9 +MZ9YBcIeK98MyP2jr5JtFKnOyPE7xKq0IHIhXadpbc2wjje5FtZ1cUtMyEECCXNa +C1TpXebHGyXGpY9WdWXhjdE/1jPvfS+uO5WyuDpYPr339gsdq1g= +-----END RSA PRIVATE KEY----- diff --git a/testdata/dnstap_tls_clientauth.tdir/unbound_control.pem b/testdata/dnstap_tls_clientauth.tdir/unbound_control.pem new file mode 100644 index 000000000000..a1edf7017f1d --- /dev/null +++ b/testdata/dnstap_tls_clientauth.tdir/unbound_control.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDszCCAhsCFGD5193whHQ2bVdzbaQfdf1gc4SkMA0GCSqGSIb3DQEBCwUAMBIx +EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjMwWhcNNDAwMzI1MTMzMjMw +WjAaMRgwFgYDVQQDDA91bmJvdW5kLWNvbnRyb2wwggGiMA0GCSqGSIb3DQEBAQUA +A4IBjwAwggGKAoIBgQCy0Sn4/KHxcau1nvsDgWFiO9t4Hd0xrtDasZbGhvOUD2mv +OEDVoKEC9S0I4C4z6sHo1M0HxhZ9kltAdrDIw2mYLvtyDq9ctgIZRAdnICqJ03Tj +1EkXlPuPg3xWeK/XsuJF2vRLqzDLg9G8Scg89XjcRAdmoLmNW8ewqSEh+YEX8OPl +NdHKl5rBZX+bmN5Tr/gdFgx/K0Fl07WY9e5YuHSWBtDhIJuCs5RUPeueIyTXJkht +A6a+UMdip6SMNv+85bYrFRAsbThpkwnWZZ91vAbQIpCRKMhIQNnWXvq+EzqZMzR/ +Bdsi/IVn3I88KV7WYXlpKXFLZyYa4ZVJFBrDxcX197dr0AIklOvfcd1KnJpmQpEB +TMtwqosKXfbd1oq/c3DABPTdOPiJAzjXoBIyiLJ8Vr/YZZMpBWN127wKtqvu0Zp/ +nGuWKDgMGasG91gDeePLvb9EPvWEvCaVGgIZTt1G4Ov07ooBJSbVGL3U41n+p2My ++i/XmXa+PgZX4pdHTR0CAwEAATANBgkqhkiG9w0BAQsFAAOCAYEAd++Wen6l8Ifj +4h3p/y16PhSsWJWuJ4wdNYy3/GM84S26wGjzlEEwiW76HpH6VJzPOiBAeWnFKE83 +hFyetEIxgJeIPbcs9ZP/Uoh8GZH9tRISBSN9Hgk2Slr9llo4t1H0g/XTgA5HqMQU +9YydlBh43G7Vw3FVwh09OM6poNOGQKNc/tq2/QdKeUMtyBbLWpRmjH5XcCT35fbn +ZiVOUldqSHD4kKrFO4nJYXZyipRbcXybsLiX9GP0GLemc3IgIvOXyJ2RPp06o/SJ +pzlMlkcAfLJaSuEW57xRakhuNK7m051TKKzJzIEX+NFYOVdafFHS8VwGrYsdrFvD +72tMfu+Fu55y3awdWWGc6YlaGogZiuMnJkvQphwgn+5qE/7CGEckoKEsH601rqIZ +muaIc85+nEcHJeijd/ZlBN9zeltjFoMuqTUENgmv8+tUAdVm/UMY9Vjme6b43ydP +uv6DS02+k9z8toxXworLiPr94BGaiGV1NxgwZKLZigYJt/Fi2Qte +-----END CERTIFICATE----- diff --git a/testdata/dnstap_tls_clientauth.tdir/unbound_server.key b/testdata/dnstap_tls_clientauth.tdir/unbound_server.key new file mode 100644 index 000000000000..370a7bbb2f22 --- /dev/null +++ b/testdata/dnstap_tls_clientauth.tdir/unbound_server.key @@ -0,0 +1,39 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIG5AIBAAKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI +0x41iG32a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+Nqq +GRS7XVQ24vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Z +uh9MDgotaBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8K +WaBe1ca4TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5 +FzUReSXZuTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xP +q6O9UPj4+nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XL +A5UoZgRzXgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP +7kFZSngxdy1+A/bNAgMBAAECggGBALpTOIqQwVg4CFBylL/a8K1IWJTI/I65sklf +XxYL7G7SB2HlEJ//z+E+F0+S4Vlao1vyLQ5QkgE82pAUB8FoMWvY1qF0Y8A5wtm6 +iZSGk4OLK488ZbT8Ii9i+AGKgPe2XbVxsJwj8N4k7Zooqec9hz73Up8ATEWJkRz7 +2u7oMGG4z91E0PULA64dOi3l/vOQe5w/Aa+CwVbAWtI05o7kMvQEBMDJn6C7CByo +MB5op9wueJMnz7PM7hns+U7Dy6oE4ljuolJUy51bDzFWwoM54cRoQqLFNHd8JVQj +WxldCkbfF43iyprlsEcUrTyUjtdA+ZeiG39vg/mtdmgNpGmdupHJZQvSuG8IcVlz +O+eMSeQS1QXPD6Ik8UK4SU0h+zOl8xIWtRrsxQuh4fnTN40udm/YUWl/6gOebsBI +IrVLlKGqJSfB3tMjpCRqdTzJ0dA9keVpkqm2ugZkxEf1+/efq/rFIQ2pUBLCqNTN +qpNqruK8y8FphP30I2uI4Ej2UIB8AQKBwQDd2Yptj2FyDyaXCycsyde0wYkNyzGU +dRnzdibfHnMZwjgTjwAwgIUBVIS8H0/z7ZJQKN7osJfddMrtjJtYYUk9g/dCpHXs +bNh2QSoWah3FdzNGuWd0iRf9+LFxhjAAMo/FS8zFJAJKrFsBdCGTfFUMdsLC0bjr +YjiWBuvV72uKf8XIZX5KIZruKdWBBcWukcb21R1UDyFYyXRBsly5XHaIYKZql3km +7pV7MKWO0IYgHbHIqGUqPQlzZ/lkunS1jKECgcEA23wHffD6Ou9/x3okPx2AWpTr +gh8rgqbyo6hQkBW5Y90Wz824cqaYebZDaBR/xlVx/YwjKkohv8Bde2lpH/ZxRZ1Z +5Sk2s6GJ/vU0L9RsJZgCgj4L6Coal1NMxuZtCXAlnOpiCdxSZgfqbshbTVz30KsG +ZJG361Cua1ScdAHxlZBxT52/1Sm0zRC2hnxL7h4qo7Idmtzs40LAJvYOKekR0pPN +oWeJfra7vgx/jVNvMFWoOoSLpidVO4g+ot4ery6tAoHAdW3rCic1C2zdnmH28Iw+ +s50l8Lk3mz+I5wgJd1zkzCO0DxZIoWPGA3g7cmCYr6N3KRsZMs4W9NAXgjpFGDkW +zYsG3K21BdpvkdjYcFjnPVjlOXB2RIc0vehf9Jl02wXoeCSxVUDEPcaRvWk9RJYx +ZpGOchUU7vNkxHURbIJ4yCzuAi9G8/Jp0dsu+kaV5tufF5SjG5WOrzKjaQsCbdN1 +oqaWMCHRrTvov/Z2C+xwsptFOdN5CSyZzg6hQiI4GMlBAoHAXyb6KINcOEi0YMp3 +BFXJ23tMTnEs78tozcKeipigcsbaqORK3omS+NEnj+uzKUzJyl4CsMbKstK2tFYS +mSTCHqgE3PBtIpsZtEqhgUraR8IK9GPpzZDTTl9ynZgwFTNlWw3RyuyVXF56J+T8 +kCGJ3hEHCHqT/ZRQyX85BKIDFhA0z4tYKxWVqIFiYBNq56R0X9tMMmMs36mEnF93 +7Ht6mowxTZQRa7nU0qOgeKh/P7ki4Zus3y+WJ+T9IqahLtlRAoHBAIhqMrcxSAB8 +RpB9jukJlAnidw2jCMPgrFE8tP0khhVvGrXMldxAUsMKntDIo8dGCnG1KTcWDI0O +jepvSPHSsxVLFugL79h0eVIS5z4huW48i9xgU8VlHdgAcgEPIAOFcOw2BCu/s0Vp +O+MM/EyUOdo3NsibB3qc/GJI6iNBYS7AljYEVo6rXo5V/MZvZUF4vClen6Obzsre +MTTb+4sJjfqleWuvr1XNMeu2mBfXBQkWGZP1byBK0MvD/aQ2PWq92A== +-----END RSA PRIVATE KEY----- diff --git a/testdata/dnstap_tls_clientauth.tdir/unbound_server.pem b/testdata/dnstap_tls_clientauth.tdir/unbound_server.pem new file mode 100644 index 000000000000..986807310f2b --- /dev/null +++ b/testdata/dnstap_tls_clientauth.tdir/unbound_server.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDqzCCAhMCFBHWXeQ6ZIa9QcQbXLFfC6tj+KA+MA0GCSqGSIb3DQEBCwUAMBIx +EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjI5WhcNNDAwMzI1MTMzMjI5 +WjASMRAwDgYDVQQDDAd1bmJvdW5kMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIB +igKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI0x41iG32 +a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+NqqGRS7XVQ2 +4vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Zuh9MDgot +aBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8KWaBe1ca4 +TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5FzUReSXZ +uTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xPq6O9UPj4 ++nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XLA5UoZgRz +XgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP7kFZSngx +dy1+A/bNAgMBAAEwDQYJKoZIhvcNAQELBQADggGBABunf93MKaCUHiZgnoOTinsW +84/EgInrgtKzAyH+BhnKkJOhhR0kkIAx5d9BpDlaSiRTACFon9moWCgDIIsK/Ar7 +JE0Kln9cV//wiiNoFU0O4mnzyGUIMvlaEX6QHMJJQYvL05+w/3AAcf5XmMJtR5ca +fJ8FqvGC34b2WxX9lTQoyT52sRt+1KnQikiMEnEyAdKktMG+MwKsFDdOwDXyZhZg +XZhRrfX3/NVJolqB6EahjWIGXDeKuSSKZVtCyib6LskyeMzN5lcRfvubKDdlqFVF +qlD7rHBsKhQUWK/IO64mGf7y/de+CgHtED5vDvr/p2uj/9sABATfbrOQR3W/Of25 +sLBj4OEfrJ7lX8hQgFaxkMI3x6VFT3W8dTCp7xnQgb6bgROWB5fNEZ9jk/gjSRmD +yIU+r0UbKe5kBk/CmZVFXL2TyJ92V5NYEQh8V4DGy19qZ6u/XKYyNJL4ocs35GGe +CA8SBuyrmdhx38h1RHErR2Skzadi1S7MwGf1y431fQ== +-----END CERTIFICATE----- diff --git a/testdata/dnstap_tls_peername.tdir/dnstap_tls_peername.conf b/testdata/dnstap_tls_peername.tdir/dnstap_tls_peername.conf new file mode 100644 index 000000000000..55f844ae467f --- /dev/null +++ b/testdata/dnstap_tls_peername.tdir/dnstap_tls_peername.conf @@ -0,0 +1,44 @@ +server: + verbosity: 4 + num-threads: 1 + outgoing-range: 16 + interface: 127.0.0.1 + port: @PORT@ + use-syslog: no + directory: "" + pidfile: "unbound.pid" + chroot: "" + username: "" + do-not-query-localhost: no + local-zone: "example.net." redirect + local-data: "example.net. IN A 10.20.30.41" +remote-control: + control-enable: yes + control-interface: 127.0.0.1 + # control-interface: ::1 + control-port: @CONTROL_PORT@ + server-key-file: "unbound_server.key" + server-cert-file: "unbound_server.pem" + control-key-file: "unbound_control.key" + control-cert-file: "unbound_control.pem" +forward-zone: + name: "." + forward-addr: "127.0.0.1@@TOPORT@" +dnstap: + dnstap-enable: yes + dnstap-socket-path: "dnstap.socket" + dnstap-ip: "127.0.0.1@@TAPPORT@" + dnstap-tls: yes + dnstap-tls-server-name: "unbound" + dnstap-tls-cert-bundle: "unbound_server.pem" + dnstap-send-identity: yes + dnstap-send-version: yes + #dnstap-identity + #dnstap-version + dnstap-log-resolver-query-messages: yes + dnstap-log-resolver-response-messages: yes + dnstap-log-client-query-messages: yes + dnstap-log-client-response-messages: yes + dnstap-log-forwarder-query-messages: yes + dnstap-log-forwarder-response-messages: yes + diff --git a/testdata/dnstap_tls_peername.tdir/dnstap_tls_peername.dsc b/testdata/dnstap_tls_peername.tdir/dnstap_tls_peername.dsc new file mode 100644 index 000000000000..bce84f55cd19 --- /dev/null +++ b/testdata/dnstap_tls_peername.tdir/dnstap_tls_peername.dsc @@ -0,0 +1,16 @@ +BaseName: dnstap_tls_peername +Version: 1.0 +Description: test dnstap tls with auth name and tls authentication +CreationDate: Tue Feb 14 14:00:38 CET 2020 +Maintainer: dr. W.C.A. Wijngaards +Category: +Component: +CmdDepends: +Depends: +Help: +Pre: dnstap_tls_peername.pre +Post: dnstap_tls_peername.post +Test: dnstap_tls_peername.test +AuxFiles: +Passed: +Failure: diff --git a/testdata/dnstap_tls_peername.tdir/dnstap_tls_peername.post b/testdata/dnstap_tls_peername.tdir/dnstap_tls_peername.post new file mode 100644 index 000000000000..3ca63ada4ee3 --- /dev/null +++ b/testdata/dnstap_tls_peername.tdir/dnstap_tls_peername.post @@ -0,0 +1,20 @@ +# #-- dnstap_tls_peername.post --# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# source the test var file when it's there +[ -f .tpkg.var.test ] && source .tpkg.var.test +# +# do your teardown here +. ../common.sh +PRE="../.." +if grep "define USE_DNSTAP 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi +kill_pid $DNSTAP_SOCKET_PID +kill_pid $FWD_PID +kill $UNBOUND_PID +kill $UNBOUND_PID >/dev/null 2>&1 +cat unbound.log +echo "> tap logfiles" +cat tap.log +cat tap.errlog +cat fwd.log +exit 0 diff --git a/testdata/dnstap_tls_peername.tdir/dnstap_tls_peername.pre b/testdata/dnstap_tls_peername.tdir/dnstap_tls_peername.pre new file mode 100644 index 000000000000..25b838d8bfb0 --- /dev/null +++ b/testdata/dnstap_tls_peername.tdir/dnstap_tls_peername.pre @@ -0,0 +1,54 @@ +# #-- dnstap_tls_peername.pre--# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test + +. ../common.sh + +PRE="../.." +if grep "define USE_DNSTAP 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi + +get_random_port 4 +UNBOUND_PORT=$RND_PORT +FWD_PORT=$(($RND_PORT + 1)) +CONTROL_PORT=$(($RND_PORT + 2)) +TAP_PORT=$(($RND_PORT + 3)) +echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test +echo "FWD_PORT=$FWD_PORT" >> .tpkg.var.test +echo "CONTROL_PORT=$CONTROL_PORT" >> .tpkg.var.test +echo "TAP_PORT=$TAP_PORT" >> .tpkg.var.test + +# start forwarder +get_ldns_testns +$LDNS_TESTNS -p $FWD_PORT dnstap_tls_peername.testns >fwd.log 2>&1 & +FWD_PID=$! +echo "FWD_PID=$FWD_PID" >> .tpkg.var.test + +# start the dnstap log server +# the -vvvv flag prints protocol and connection information from the +# unbound-dnstap-socket server. +# the -l flag prints the DNS info in the DNSTAP packet in multiline output. +# stderr is the '-vvvv' server logs and errors. +# stdout is the one-line packet logs (or with -l, multiline). +$PRE/unbound-dnstap-socket -t "127.0.0.1@$TAP_PORT" -x unbound_server.key -y unbound_server.pem -l -vvvv 2>tap.errlog >tap.log & +if test $? -ne 0; then + echo "could not start unbound-dnstap-socket server" + exit 1 +fi +DNSTAP_SOCKET_PID=$! +echo "DNSTAP_SOCKET_PID=$DNSTAP_SOCKET_PID" >> .tpkg.var.test +# wait for the server to go up +wait_server_up "tap.errlog" "start of service" + +# make config file +sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@TOPORT\@/'$FWD_PORT'/' -e 's/@CONTROL_PORT\@/'$CONTROL_PORT'/' -e 's/@TAPPORT\@/'$TAP_PORT'/' < dnstap_tls_peername.conf > ub.conf +# start unbound in the background +$PRE/unbound -d -c ub.conf >unbound.log 2>&1 & +UNBOUND_PID=$! +echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test + +cat .tpkg.var.test +wait_ldns_testns_up fwd.log +wait_unbound_up unbound.log + diff --git a/testdata/dnstap_tls_peername.tdir/dnstap_tls_peername.test b/testdata/dnstap_tls_peername.tdir/dnstap_tls_peername.test new file mode 100644 index 000000000000..03bcbadfd093 --- /dev/null +++ b/testdata/dnstap_tls_peername.tdir/dnstap_tls_peername.test @@ -0,0 +1,50 @@ +# #-- dnstap_tls_peername.test --# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test + +. ../common.sh +PRE="../.." +if grep "define USE_DNSTAP 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi + +# test if the server is up. +echo "> dig www.example.com." +dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile +echo "> check answer" +if grep "10.20.30.40" outfile; then + echo "OK" +else + echo "> cat logfiles" + cat tap.log + cat tap.errlog + cat fwd.log + cat unbound.log + echo "Not OK" + exit 1 +fi + +echo "> check tap.log for dnstap info" +# see if it logged the information in tap.log +# wait for a moment for filesystem to catch up. +if grep "www.example.com" tap.log >/dev/null; then :; else sleep 1; fi +if grep "www.example.com" tap.log >/dev/null; then :; else sleep 1; fi +if grep "www.example.com" tap.log >/dev/null; then :; else sleep 1; fi +if grep "www.example.com" tap.log >/dev/null; then :; else sleep 1; fi +if grep "www.example.com" tap.log >/dev/null; then :; else sleep 1; fi +if grep "www.example.com" tap.log >/dev/null; then :; else sleep 10; fi +if grep "www.example.com" tap.log; then echo "yes it is in tap.log"; +else + echo "information not in tap.log" + echo "failed" + echo "> cat logfiles" + cat tap.log + cat tap.errlog + cat fwd.log + cat unbound.log + echo "Not OK" + exit 1 +fi + +echo "> OK" +exit 0 diff --git a/testdata/dnstap_tls_peername.tdir/dnstap_tls_peername.testns b/testdata/dnstap_tls_peername.tdir/dnstap_tls_peername.testns new file mode 100644 index 000000000000..0c911ca5b30e --- /dev/null +++ b/testdata/dnstap_tls_peername.tdir/dnstap_tls_peername.testns @@ -0,0 +1,22 @@ +; nameserver test file +$ORIGIN example.com. +$TTL 3600 + +ENTRY_BEGIN +MATCH opcode qtype qname +REPLY QR AA NOERROR +ADJUST copy_id +SECTION QUESTION +www IN A +SECTION ANSWER +www IN A 10.20.30.40 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +REPLY QR AA SERVFAIL +ADJUST copy_id +SECTION QUESTION +www.example.net. IN A +ENTRY_END + diff --git a/testdata/dnstap_tls_peername.tdir/unbound_control.key b/testdata/dnstap_tls_peername.tdir/unbound_control.key new file mode 100644 index 000000000000..753a4ef6162e --- /dev/null +++ b/testdata/dnstap_tls_peername.tdir/unbound_control.key @@ -0,0 +1,39 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIG4gIBAAKCAYEAstEp+Pyh8XGrtZ77A4FhYjvbeB3dMa7Q2rGWxobzlA9przhA +1aChAvUtCOAuM+rB6NTNB8YWfZJbQHawyMNpmC77cg6vXLYCGUQHZyAqidN049RJ +F5T7j4N8Vniv17LiRdr0S6swy4PRvEnIPPV43EQHZqC5jVvHsKkhIfmBF/Dj5TXR +ypeawWV/m5jeU6/4HRYMfytBZdO1mPXuWLh0lgbQ4SCbgrOUVD3rniMk1yZIbQOm +vlDHYqekjDb/vOW2KxUQLG04aZMJ1mWfdbwG0CKQkSjISEDZ1l76vhM6mTM0fwXb +IvyFZ9yPPCle1mF5aSlxS2cmGuGVSRQaw8XF9fe3a9ACJJTr33HdSpyaZkKRAUzL +cKqLCl323daKv3NwwAT03Tj4iQM416ASMoiyfFa/2GWTKQVjddu8Crar7tGaf5xr +lig4DBmrBvdYA3njy72/RD71hLwmlRoCGU7dRuDr9O6KASUm1Ri91ONZ/qdjMvov +15l2vj4GV+KXR00dAgMBAAECggGAHepIL1N0dEQkCdpy+/8lH54L9WhpnOo2HqAf +LU9eaKK7d4jdr9+TkD8cLaPzltPrZNxVALvu/0sA4SP6J1wpyj/x6P7z73qzly5+ +Xo5PD4fEwmi9YaiW/UduAblnEZrnp/AddptJKoL/D5T4XtpiQddPtael4zQ7kB57 +YIexRSQTvEDovA/o3/nvA0TrzOxfgd4ycQP3iOWGN/TMzyLsvjydrUwbOB567iz9 +whL3Etdgvnwh5Sz2blbFfH+nAR8ctvFFz+osPvuIVR21VMEI6wm7kTpSNnQ6sh/c +lrLb/bTADn4g7z/LpIZJ+MrLvyEcoqValrLYeFBhM9CV8woPxvkO2P3pU47HVGax +tC7GV6a/kt5RoKFd/TNdiA3OC7NGZtaeXv9VkPf4fVwBtSO9d5ZZXTGEynDD/rUQ +U4KFJe6OD23APjse08HiiKqTPhsOneOONU67iqoaTdIkT2R4EdlkVEDpXVtWb+G9 +Q+IqYzVljlzuyHrhWXLJw/FMa2aBAoHBAOnZbi4gGpH+P6886WDWVgIlTccuXoyc +Mg9QQYk9UDeXxL0AizR5bZy49Sduegz9vkHpAiZARQsUnizHjZ8YlRcrmn4t6tx3 +ahTIKAjdprnxJfYINM580j8CGbXvX5LhIlm3O267D0Op+co3+7Ujy+cjsIuFQrP+ +1MqMgXSeBjzC1APivmps7HeFE+4w0k2PfN5wSMDNCzLo99PZuUG5XZ93OVOS5dpN +b+WskdcD8NOoJy/X/5A08veEI/jYO/DyqQKBwQDDwUQCOWf41ecvJLtBHKmEnHDz +ftzHino9DRKG8a9XaN4rmetnoWEaM2vHGX3pf3mwH+dAe8vJdAQueDhBKYeEpm6C +TYNOpou1+Zs5s99BilCTNYo8fkMOAyqwRwmz9zgHS6QxXuPwsghKefLJGt6o6RFF +tfWVTfLlYJ+I3GQe3ySsk3wjVz4oUTKiyiq5+KzD+HhEkS7u+RQ7Z0ZI2xd2cF8Y +aN2hjKDpcOiFf3CDoqka5D1qMNLgIHO52AHww1UCgcA1h7o7AMpURRka6hyaODY0 +A4oMYEbwdQjYjIyT998W+rzkbu1us6UtzQEBZ760npkgyU/epbOoV63lnkCC/MOU +LD0PST+L/CHiY/cWIHb79YG1EifUZKpUFg0Aoq0EGFkepF0MefGCkbRGYA5UZr9U +R80wAu9D+L+JJiS0J0BSRF74DL196zUuHt5zFeXuLzxsRtPAnq9DliS08BACRYZy +7H3I7cWD9Vn5/0jbKWHFcaaWwyETR6uekTcSzZzbCRECgcBeoE3/xUA9SSk34Mmj +7/cB4522Ft0imA3+9RK/qJTZ7Bd5fC4PKjOGNtUiqW/0L2rjeIiQ40bfWvWqgPKw +jSK1PL6uvkl6+4cNsFsYyZpiVDoe7wKju2UuoNlB3RUTqa2r2STFuNj2wRjA57I1 +BIgdnox65jqQsd14g/yaa+75/WP9CE45xzKEyrtvdcqxm0Pod3OrsYK+gikFjiar +kT0GQ8u0QPzh2tjt/2ZnIfOBrl+QYERP0MofDZDjhUdq2wECgcB0Lu841+yP5cdR +qbJhXO4zJNh7oWNcJlOuQp3ZMNFrA1oHpe9pmLukiROOy01k9WxIMQDzU5GSqRv3 +VLkYOIcbhJ3kClKAcM3j95SkKbU2H5/RENb3Ck52xtl4pNU1x/3PnVFZfDVuuHO9 +MZ9YBcIeK98MyP2jr5JtFKnOyPE7xKq0IHIhXadpbc2wjje5FtZ1cUtMyEECCXNa +C1TpXebHGyXGpY9WdWXhjdE/1jPvfS+uO5WyuDpYPr339gsdq1g= +-----END RSA PRIVATE KEY----- diff --git a/testdata/dnstap_tls_peername.tdir/unbound_control.pem b/testdata/dnstap_tls_peername.tdir/unbound_control.pem new file mode 100644 index 000000000000..a1edf7017f1d --- /dev/null +++ b/testdata/dnstap_tls_peername.tdir/unbound_control.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDszCCAhsCFGD5193whHQ2bVdzbaQfdf1gc4SkMA0GCSqGSIb3DQEBCwUAMBIx +EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjMwWhcNNDAwMzI1MTMzMjMw +WjAaMRgwFgYDVQQDDA91bmJvdW5kLWNvbnRyb2wwggGiMA0GCSqGSIb3DQEBAQUA +A4IBjwAwggGKAoIBgQCy0Sn4/KHxcau1nvsDgWFiO9t4Hd0xrtDasZbGhvOUD2mv +OEDVoKEC9S0I4C4z6sHo1M0HxhZ9kltAdrDIw2mYLvtyDq9ctgIZRAdnICqJ03Tj +1EkXlPuPg3xWeK/XsuJF2vRLqzDLg9G8Scg89XjcRAdmoLmNW8ewqSEh+YEX8OPl +NdHKl5rBZX+bmN5Tr/gdFgx/K0Fl07WY9e5YuHSWBtDhIJuCs5RUPeueIyTXJkht +A6a+UMdip6SMNv+85bYrFRAsbThpkwnWZZ91vAbQIpCRKMhIQNnWXvq+EzqZMzR/ +Bdsi/IVn3I88KV7WYXlpKXFLZyYa4ZVJFBrDxcX197dr0AIklOvfcd1KnJpmQpEB +TMtwqosKXfbd1oq/c3DABPTdOPiJAzjXoBIyiLJ8Vr/YZZMpBWN127wKtqvu0Zp/ +nGuWKDgMGasG91gDeePLvb9EPvWEvCaVGgIZTt1G4Ov07ooBJSbVGL3U41n+p2My ++i/XmXa+PgZX4pdHTR0CAwEAATANBgkqhkiG9w0BAQsFAAOCAYEAd++Wen6l8Ifj +4h3p/y16PhSsWJWuJ4wdNYy3/GM84S26wGjzlEEwiW76HpH6VJzPOiBAeWnFKE83 +hFyetEIxgJeIPbcs9ZP/Uoh8GZH9tRISBSN9Hgk2Slr9llo4t1H0g/XTgA5HqMQU +9YydlBh43G7Vw3FVwh09OM6poNOGQKNc/tq2/QdKeUMtyBbLWpRmjH5XcCT35fbn +ZiVOUldqSHD4kKrFO4nJYXZyipRbcXybsLiX9GP0GLemc3IgIvOXyJ2RPp06o/SJ +pzlMlkcAfLJaSuEW57xRakhuNK7m051TKKzJzIEX+NFYOVdafFHS8VwGrYsdrFvD +72tMfu+Fu55y3awdWWGc6YlaGogZiuMnJkvQphwgn+5qE/7CGEckoKEsH601rqIZ +muaIc85+nEcHJeijd/ZlBN9zeltjFoMuqTUENgmv8+tUAdVm/UMY9Vjme6b43ydP +uv6DS02+k9z8toxXworLiPr94BGaiGV1NxgwZKLZigYJt/Fi2Qte +-----END CERTIFICATE----- diff --git a/testdata/dnstap_tls_peername.tdir/unbound_server.key b/testdata/dnstap_tls_peername.tdir/unbound_server.key new file mode 100644 index 000000000000..370a7bbb2f22 --- /dev/null +++ b/testdata/dnstap_tls_peername.tdir/unbound_server.key @@ -0,0 +1,39 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIG5AIBAAKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI +0x41iG32a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+Nqq +GRS7XVQ24vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Z +uh9MDgotaBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8K +WaBe1ca4TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5 +FzUReSXZuTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xP +q6O9UPj4+nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XL +A5UoZgRzXgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP +7kFZSngxdy1+A/bNAgMBAAECggGBALpTOIqQwVg4CFBylL/a8K1IWJTI/I65sklf +XxYL7G7SB2HlEJ//z+E+F0+S4Vlao1vyLQ5QkgE82pAUB8FoMWvY1qF0Y8A5wtm6 +iZSGk4OLK488ZbT8Ii9i+AGKgPe2XbVxsJwj8N4k7Zooqec9hz73Up8ATEWJkRz7 +2u7oMGG4z91E0PULA64dOi3l/vOQe5w/Aa+CwVbAWtI05o7kMvQEBMDJn6C7CByo +MB5op9wueJMnz7PM7hns+U7Dy6oE4ljuolJUy51bDzFWwoM54cRoQqLFNHd8JVQj +WxldCkbfF43iyprlsEcUrTyUjtdA+ZeiG39vg/mtdmgNpGmdupHJZQvSuG8IcVlz +O+eMSeQS1QXPD6Ik8UK4SU0h+zOl8xIWtRrsxQuh4fnTN40udm/YUWl/6gOebsBI +IrVLlKGqJSfB3tMjpCRqdTzJ0dA9keVpkqm2ugZkxEf1+/efq/rFIQ2pUBLCqNTN +qpNqruK8y8FphP30I2uI4Ej2UIB8AQKBwQDd2Yptj2FyDyaXCycsyde0wYkNyzGU +dRnzdibfHnMZwjgTjwAwgIUBVIS8H0/z7ZJQKN7osJfddMrtjJtYYUk9g/dCpHXs +bNh2QSoWah3FdzNGuWd0iRf9+LFxhjAAMo/FS8zFJAJKrFsBdCGTfFUMdsLC0bjr +YjiWBuvV72uKf8XIZX5KIZruKdWBBcWukcb21R1UDyFYyXRBsly5XHaIYKZql3km +7pV7MKWO0IYgHbHIqGUqPQlzZ/lkunS1jKECgcEA23wHffD6Ou9/x3okPx2AWpTr +gh8rgqbyo6hQkBW5Y90Wz824cqaYebZDaBR/xlVx/YwjKkohv8Bde2lpH/ZxRZ1Z +5Sk2s6GJ/vU0L9RsJZgCgj4L6Coal1NMxuZtCXAlnOpiCdxSZgfqbshbTVz30KsG +ZJG361Cua1ScdAHxlZBxT52/1Sm0zRC2hnxL7h4qo7Idmtzs40LAJvYOKekR0pPN +oWeJfra7vgx/jVNvMFWoOoSLpidVO4g+ot4ery6tAoHAdW3rCic1C2zdnmH28Iw+ +s50l8Lk3mz+I5wgJd1zkzCO0DxZIoWPGA3g7cmCYr6N3KRsZMs4W9NAXgjpFGDkW +zYsG3K21BdpvkdjYcFjnPVjlOXB2RIc0vehf9Jl02wXoeCSxVUDEPcaRvWk9RJYx +ZpGOchUU7vNkxHURbIJ4yCzuAi9G8/Jp0dsu+kaV5tufF5SjG5WOrzKjaQsCbdN1 +oqaWMCHRrTvov/Z2C+xwsptFOdN5CSyZzg6hQiI4GMlBAoHAXyb6KINcOEi0YMp3 +BFXJ23tMTnEs78tozcKeipigcsbaqORK3omS+NEnj+uzKUzJyl4CsMbKstK2tFYS +mSTCHqgE3PBtIpsZtEqhgUraR8IK9GPpzZDTTl9ynZgwFTNlWw3RyuyVXF56J+T8 +kCGJ3hEHCHqT/ZRQyX85BKIDFhA0z4tYKxWVqIFiYBNq56R0X9tMMmMs36mEnF93 +7Ht6mowxTZQRa7nU0qOgeKh/P7ki4Zus3y+WJ+T9IqahLtlRAoHBAIhqMrcxSAB8 +RpB9jukJlAnidw2jCMPgrFE8tP0khhVvGrXMldxAUsMKntDIo8dGCnG1KTcWDI0O +jepvSPHSsxVLFugL79h0eVIS5z4huW48i9xgU8VlHdgAcgEPIAOFcOw2BCu/s0Vp +O+MM/EyUOdo3NsibB3qc/GJI6iNBYS7AljYEVo6rXo5V/MZvZUF4vClen6Obzsre +MTTb+4sJjfqleWuvr1XNMeu2mBfXBQkWGZP1byBK0MvD/aQ2PWq92A== +-----END RSA PRIVATE KEY----- diff --git a/testdata/dnstap_tls_peername.tdir/unbound_server.pem b/testdata/dnstap_tls_peername.tdir/unbound_server.pem new file mode 100644 index 000000000000..986807310f2b --- /dev/null +++ b/testdata/dnstap_tls_peername.tdir/unbound_server.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDqzCCAhMCFBHWXeQ6ZIa9QcQbXLFfC6tj+KA+MA0GCSqGSIb3DQEBCwUAMBIx +EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjI5WhcNNDAwMzI1MTMzMjI5 +WjASMRAwDgYDVQQDDAd1bmJvdW5kMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIB +igKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI0x41iG32 +a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+NqqGRS7XVQ2 +4vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Zuh9MDgot +aBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8KWaBe1ca4 +TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5FzUReSXZ +uTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xPq6O9UPj4 ++nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XLA5UoZgRz +XgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP7kFZSngx +dy1+A/bNAgMBAAEwDQYJKoZIhvcNAQELBQADggGBABunf93MKaCUHiZgnoOTinsW +84/EgInrgtKzAyH+BhnKkJOhhR0kkIAx5d9BpDlaSiRTACFon9moWCgDIIsK/Ar7 +JE0Kln9cV//wiiNoFU0O4mnzyGUIMvlaEX6QHMJJQYvL05+w/3AAcf5XmMJtR5ca +fJ8FqvGC34b2WxX9lTQoyT52sRt+1KnQikiMEnEyAdKktMG+MwKsFDdOwDXyZhZg +XZhRrfX3/NVJolqB6EahjWIGXDeKuSSKZVtCyib6LskyeMzN5lcRfvubKDdlqFVF +qlD7rHBsKhQUWK/IO64mGf7y/de+CgHtED5vDvr/p2uj/9sABATfbrOQR3W/Of25 +sLBj4OEfrJ7lX8hQgFaxkMI3x6VFT3W8dTCp7xnQgb6bgROWB5fNEZ9jk/gjSRmD +yIU+r0UbKe5kBk/CmZVFXL2TyJ92V5NYEQh8V4DGy19qZ6u/XKYyNJL4ocs35GGe +CA8SBuyrmdhx38h1RHErR2Skzadi1S7MwGf1y431fQ== +-----END CERTIFICATE----- diff --git a/testdata/dynlibmod.tdir/dynlibmod.conf b/testdata/dynlibmod.tdir/dynlibmod.conf new file mode 100644 index 000000000000..d59444344a56 --- /dev/null +++ b/testdata/dynlibmod.tdir/dynlibmod.conf @@ -0,0 +1,32 @@ +server: + verbosity: 2 + num-threads: 3 + outgoing-range: 16 + interface: 127.0.0.1 + port: @PORT@ + use-syslog: no + directory: "" + pidfile: "unbound.pid" + chroot: "" + username: "" + do-not-query-localhost: no + local-zone: "example.net." redirect + local-data: "example.net. IN A 10.20.30.41" + module-config: "dynlib iterator" + +dynlib: + dynlib-file: "@DLL_FILE@" + +remote-control: + control-enable: yes + control-interface: 127.0.0.1 + # control-interface: ::1 + control-port: @CONTROL_PORT@ + server-key-file: "unbound_server.key" + server-cert-file: "unbound_server.pem" + control-key-file: "unbound_control.key" + control-cert-file: "unbound_control.pem" + +forward-zone: + name: "." + forward-addr: "127.0.0.1@@TOPORT@" diff --git a/testdata/dynlibmod.tdir/dynlibmod.dsc b/testdata/dynlibmod.tdir/dynlibmod.dsc new file mode 100644 index 000000000000..b1a83910d490 --- /dev/null +++ b/testdata/dynlibmod.tdir/dynlibmod.dsc @@ -0,0 +1,16 @@ +BaseName: dynlibmod +Version: 1.0 +Description: test dynlibmod module +CreationDate: Tue May 19 15:00:38 CET 2020 +Maintainer: dr. W.C.A. Wijngaards +Category: +Component: +CmdDepends: +Depends: +Help: +Pre: dynlibmod.pre +Post: dynlibmod.post +Test: dynlibmod.test +AuxFiles: +Passed: +Failure: diff --git a/testdata/dynlibmod.tdir/dynlibmod.post b/testdata/dynlibmod.tdir/dynlibmod.post new file mode 100644 index 000000000000..caa0da4f5161 --- /dev/null +++ b/testdata/dynlibmod.tdir/dynlibmod.post @@ -0,0 +1,15 @@ +# #-- dynlibmod.post --# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# source the test var file when it's there +[ -f .tpkg.var.test ] && source .tpkg.var.test +# +# do your teardown here +. ../common.sh +PRE="../.." +if grep "define WITH_DYNLIBMODULE 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi +kill_pid $FWD_PID +kill $UNBOUND_PID +kill $UNBOUND_PID >/dev/null 2>&1 +cat unbound.log +exit 0 diff --git a/testdata/dynlibmod.tdir/dynlibmod.pre b/testdata/dynlibmod.tdir/dynlibmod.pre new file mode 100644 index 000000000000..94adaa72332d --- /dev/null +++ b/testdata/dynlibmod.tdir/dynlibmod.pre @@ -0,0 +1,35 @@ +# #-- dynlibmod.pre--# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test + +. ../common.sh + +PRE="../.." +if grep "define WITH_DYNLIBMODULE 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi + +get_random_port 3 +UNBOUND_PORT=$RND_PORT +FWD_PORT=$(($RND_PORT + 1)) +CONTROL_PORT=$(($RND_PORT + 2)) +echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test +echo "FWD_PORT=$FWD_PORT" >> .tpkg.var.test +echo "CONTROL_PORT=$CONTROL_PORT" >> .tpkg.var.test + +# start forwarder +get_ldns_testns +$LDNS_TESTNS -p $FWD_PORT dynlibmod.testns >fwd.log 2>&1 & +FWD_PID=$! +echo "FWD_PID=$FWD_PID" >> .tpkg.var.test + +# make config file +if grep "define USE_WINSOCK 1" $PRE/config.h; then + DLL_FILE="helloworld.dll" +else + DLL_FILE="helloworld.so" +fi +sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@TOPORT\@/'$FWD_PORT'/' -e 's/@CONTROL_PORT\@/'$CONTROL_PORT'/' -e 's/@DLL_FILE\@/'$DLL_FILE'/' < dynlibmod.conf > ub.conf + +cat .tpkg.var.test +wait_ldns_testns_up fwd.log diff --git a/testdata/dynlibmod.tdir/dynlibmod.test b/testdata/dynlibmod.tdir/dynlibmod.test new file mode 100644 index 000000000000..f99f6fbc4e8b --- /dev/null +++ b/testdata/dynlibmod.tdir/dynlibmod.test @@ -0,0 +1,74 @@ +# #-- dynlibmod.test --# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test + +. ../common.sh +PRE="../.." +if grep "define WITH_DYNLIBMODULE 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi + +# compile the dynamic library module +if grep "define USE_WINSOCK 1" $PRE/config.h; then + echo "compile dynamic library dll for mingw" + echo "x86_64-w64-mingw32-gcc -m64 -I$PRE -shared -Wall -fpic -o helloworld.dll $PRE/dynlibmod/examples/helloworld.c -L../.. -l:libunbound.a" + x86_64-w64-mingw32-gcc -m64 -I$PRE -shared -Wall -fpic -o helloworld.dll $PRE/dynlibmod/examples/helloworld.c -L../.. -l:libunbound.a + if test $? != 0; then + echo "compile failure" + exit 1; + fi +else + echo "compile dynamic library" + echo "gcc -I$PRE -shared -Wall -fpic -o helloworld.so $PRE/dynlibmod/examples/helloworld.c" + gcc -I$PRE -shared -Wall -fpic -o helloworld.so $PRE/dynlibmod/examples/helloworld.c + if test $? != 0; then + echo "compile failure" + exit 1; + fi +fi + +# start unbound in the background +LD_LIBRARY_PATH="." $PRE/unbound -d -c ub.conf >unbound.log 2>&1 & +UNBOUND_PID=$! +echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test +wait_unbound_up unbound.log + +# test if the server is up. +echo "> dig www.example.com." +dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile +echo "> check answer" +if grep "10.20.30.40" outfile; then + echo "OK" +else + echo "> cat logfiles" + cat fwd.log + cat unbound.log + echo "Not OK" + exit 1 +fi + +echo "> check log for dynlibmod info" +# wait for a moment for filesystem to catch up. +if grep "hello world from operate" unbound.log >/dev/null; then :; else sleep 1; fi +if grep "hello world from operate" unbound.log >/dev/null; then :; else sleep 1; fi +if grep "hello world from operate" unbound.log >/dev/null; then :; else sleep 1; fi +if grep "hello world from operate" unbound.log >/dev/null; then :; else sleep 1; fi +if grep "hello world from operate" unbound.log >/dev/null; then :; else sleep 1; fi +if grep "hello world from operate" unbound.log >/dev/null; then :; else sleep 1; fi +if grep "hello world from operate" unbound.log >/dev/null; then :; else sleep 10; fi +if grep "hello world from operate" unbound.log; then echo "yes it is in unbound.log"; +else + echo "information not in unbound.log" + echo "failed" + echo "> cat logfiles" + cat fwd.log + cat unbound.log + echo "Not OK" + exit 1 +fi + +echo "> cat logfiles" +cat fwd.log +cat unbound.log +echo "> OK" +exit 0 diff --git a/testdata/dynlibmod.tdir/dynlibmod.testns b/testdata/dynlibmod.tdir/dynlibmod.testns new file mode 100644 index 000000000000..0c911ca5b30e --- /dev/null +++ b/testdata/dynlibmod.tdir/dynlibmod.testns @@ -0,0 +1,22 @@ +; nameserver test file +$ORIGIN example.com. +$TTL 3600 + +ENTRY_BEGIN +MATCH opcode qtype qname +REPLY QR AA NOERROR +ADJUST copy_id +SECTION QUESTION +www IN A +SECTION ANSWER +www IN A 10.20.30.40 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +REPLY QR AA SERVFAIL +ADJUST copy_id +SECTION QUESTION +www.example.net. IN A +ENTRY_END + diff --git a/testdata/dynlibmod.tdir/unbound_control.key b/testdata/dynlibmod.tdir/unbound_control.key new file mode 100644 index 000000000000..753a4ef6162e --- /dev/null +++ b/testdata/dynlibmod.tdir/unbound_control.key @@ -0,0 +1,39 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIG4gIBAAKCAYEAstEp+Pyh8XGrtZ77A4FhYjvbeB3dMa7Q2rGWxobzlA9przhA +1aChAvUtCOAuM+rB6NTNB8YWfZJbQHawyMNpmC77cg6vXLYCGUQHZyAqidN049RJ +F5T7j4N8Vniv17LiRdr0S6swy4PRvEnIPPV43EQHZqC5jVvHsKkhIfmBF/Dj5TXR +ypeawWV/m5jeU6/4HRYMfytBZdO1mPXuWLh0lgbQ4SCbgrOUVD3rniMk1yZIbQOm +vlDHYqekjDb/vOW2KxUQLG04aZMJ1mWfdbwG0CKQkSjISEDZ1l76vhM6mTM0fwXb +IvyFZ9yPPCle1mF5aSlxS2cmGuGVSRQaw8XF9fe3a9ACJJTr33HdSpyaZkKRAUzL +cKqLCl323daKv3NwwAT03Tj4iQM416ASMoiyfFa/2GWTKQVjddu8Crar7tGaf5xr +lig4DBmrBvdYA3njy72/RD71hLwmlRoCGU7dRuDr9O6KASUm1Ri91ONZ/qdjMvov +15l2vj4GV+KXR00dAgMBAAECggGAHepIL1N0dEQkCdpy+/8lH54L9WhpnOo2HqAf +LU9eaKK7d4jdr9+TkD8cLaPzltPrZNxVALvu/0sA4SP6J1wpyj/x6P7z73qzly5+ +Xo5PD4fEwmi9YaiW/UduAblnEZrnp/AddptJKoL/D5T4XtpiQddPtael4zQ7kB57 +YIexRSQTvEDovA/o3/nvA0TrzOxfgd4ycQP3iOWGN/TMzyLsvjydrUwbOB567iz9 +whL3Etdgvnwh5Sz2blbFfH+nAR8ctvFFz+osPvuIVR21VMEI6wm7kTpSNnQ6sh/c +lrLb/bTADn4g7z/LpIZJ+MrLvyEcoqValrLYeFBhM9CV8woPxvkO2P3pU47HVGax +tC7GV6a/kt5RoKFd/TNdiA3OC7NGZtaeXv9VkPf4fVwBtSO9d5ZZXTGEynDD/rUQ +U4KFJe6OD23APjse08HiiKqTPhsOneOONU67iqoaTdIkT2R4EdlkVEDpXVtWb+G9 +Q+IqYzVljlzuyHrhWXLJw/FMa2aBAoHBAOnZbi4gGpH+P6886WDWVgIlTccuXoyc +Mg9QQYk9UDeXxL0AizR5bZy49Sduegz9vkHpAiZARQsUnizHjZ8YlRcrmn4t6tx3 +ahTIKAjdprnxJfYINM580j8CGbXvX5LhIlm3O267D0Op+co3+7Ujy+cjsIuFQrP+ +1MqMgXSeBjzC1APivmps7HeFE+4w0k2PfN5wSMDNCzLo99PZuUG5XZ93OVOS5dpN +b+WskdcD8NOoJy/X/5A08veEI/jYO/DyqQKBwQDDwUQCOWf41ecvJLtBHKmEnHDz +ftzHino9DRKG8a9XaN4rmetnoWEaM2vHGX3pf3mwH+dAe8vJdAQueDhBKYeEpm6C +TYNOpou1+Zs5s99BilCTNYo8fkMOAyqwRwmz9zgHS6QxXuPwsghKefLJGt6o6RFF +tfWVTfLlYJ+I3GQe3ySsk3wjVz4oUTKiyiq5+KzD+HhEkS7u+RQ7Z0ZI2xd2cF8Y +aN2hjKDpcOiFf3CDoqka5D1qMNLgIHO52AHww1UCgcA1h7o7AMpURRka6hyaODY0 +A4oMYEbwdQjYjIyT998W+rzkbu1us6UtzQEBZ760npkgyU/epbOoV63lnkCC/MOU +LD0PST+L/CHiY/cWIHb79YG1EifUZKpUFg0Aoq0EGFkepF0MefGCkbRGYA5UZr9U +R80wAu9D+L+JJiS0J0BSRF74DL196zUuHt5zFeXuLzxsRtPAnq9DliS08BACRYZy +7H3I7cWD9Vn5/0jbKWHFcaaWwyETR6uekTcSzZzbCRECgcBeoE3/xUA9SSk34Mmj +7/cB4522Ft0imA3+9RK/qJTZ7Bd5fC4PKjOGNtUiqW/0L2rjeIiQ40bfWvWqgPKw +jSK1PL6uvkl6+4cNsFsYyZpiVDoe7wKju2UuoNlB3RUTqa2r2STFuNj2wRjA57I1 +BIgdnox65jqQsd14g/yaa+75/WP9CE45xzKEyrtvdcqxm0Pod3OrsYK+gikFjiar +kT0GQ8u0QPzh2tjt/2ZnIfOBrl+QYERP0MofDZDjhUdq2wECgcB0Lu841+yP5cdR +qbJhXO4zJNh7oWNcJlOuQp3ZMNFrA1oHpe9pmLukiROOy01k9WxIMQDzU5GSqRv3 +VLkYOIcbhJ3kClKAcM3j95SkKbU2H5/RENb3Ck52xtl4pNU1x/3PnVFZfDVuuHO9 +MZ9YBcIeK98MyP2jr5JtFKnOyPE7xKq0IHIhXadpbc2wjje5FtZ1cUtMyEECCXNa +C1TpXebHGyXGpY9WdWXhjdE/1jPvfS+uO5WyuDpYPr339gsdq1g= +-----END RSA PRIVATE KEY----- diff --git a/testdata/dynlibmod.tdir/unbound_control.pem b/testdata/dynlibmod.tdir/unbound_control.pem new file mode 100644 index 000000000000..a1edf7017f1d --- /dev/null +++ b/testdata/dynlibmod.tdir/unbound_control.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDszCCAhsCFGD5193whHQ2bVdzbaQfdf1gc4SkMA0GCSqGSIb3DQEBCwUAMBIx +EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjMwWhcNNDAwMzI1MTMzMjMw +WjAaMRgwFgYDVQQDDA91bmJvdW5kLWNvbnRyb2wwggGiMA0GCSqGSIb3DQEBAQUA +A4IBjwAwggGKAoIBgQCy0Sn4/KHxcau1nvsDgWFiO9t4Hd0xrtDasZbGhvOUD2mv +OEDVoKEC9S0I4C4z6sHo1M0HxhZ9kltAdrDIw2mYLvtyDq9ctgIZRAdnICqJ03Tj +1EkXlPuPg3xWeK/XsuJF2vRLqzDLg9G8Scg89XjcRAdmoLmNW8ewqSEh+YEX8OPl +NdHKl5rBZX+bmN5Tr/gdFgx/K0Fl07WY9e5YuHSWBtDhIJuCs5RUPeueIyTXJkht +A6a+UMdip6SMNv+85bYrFRAsbThpkwnWZZ91vAbQIpCRKMhIQNnWXvq+EzqZMzR/ +Bdsi/IVn3I88KV7WYXlpKXFLZyYa4ZVJFBrDxcX197dr0AIklOvfcd1KnJpmQpEB +TMtwqosKXfbd1oq/c3DABPTdOPiJAzjXoBIyiLJ8Vr/YZZMpBWN127wKtqvu0Zp/ +nGuWKDgMGasG91gDeePLvb9EPvWEvCaVGgIZTt1G4Ov07ooBJSbVGL3U41n+p2My ++i/XmXa+PgZX4pdHTR0CAwEAATANBgkqhkiG9w0BAQsFAAOCAYEAd++Wen6l8Ifj +4h3p/y16PhSsWJWuJ4wdNYy3/GM84S26wGjzlEEwiW76HpH6VJzPOiBAeWnFKE83 +hFyetEIxgJeIPbcs9ZP/Uoh8GZH9tRISBSN9Hgk2Slr9llo4t1H0g/XTgA5HqMQU +9YydlBh43G7Vw3FVwh09OM6poNOGQKNc/tq2/QdKeUMtyBbLWpRmjH5XcCT35fbn +ZiVOUldqSHD4kKrFO4nJYXZyipRbcXybsLiX9GP0GLemc3IgIvOXyJ2RPp06o/SJ +pzlMlkcAfLJaSuEW57xRakhuNK7m051TKKzJzIEX+NFYOVdafFHS8VwGrYsdrFvD +72tMfu+Fu55y3awdWWGc6YlaGogZiuMnJkvQphwgn+5qE/7CGEckoKEsH601rqIZ +muaIc85+nEcHJeijd/ZlBN9zeltjFoMuqTUENgmv8+tUAdVm/UMY9Vjme6b43ydP +uv6DS02+k9z8toxXworLiPr94BGaiGV1NxgwZKLZigYJt/Fi2Qte +-----END CERTIFICATE----- diff --git a/testdata/dynlibmod.tdir/unbound_server.key b/testdata/dynlibmod.tdir/unbound_server.key new file mode 100644 index 000000000000..370a7bbb2f22 --- /dev/null +++ b/testdata/dynlibmod.tdir/unbound_server.key @@ -0,0 +1,39 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIG5AIBAAKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI +0x41iG32a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+Nqq +GRS7XVQ24vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Z +uh9MDgotaBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8K +WaBe1ca4TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5 +FzUReSXZuTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xP +q6O9UPj4+nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XL +A5UoZgRzXgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP +7kFZSngxdy1+A/bNAgMBAAECggGBALpTOIqQwVg4CFBylL/a8K1IWJTI/I65sklf +XxYL7G7SB2HlEJ//z+E+F0+S4Vlao1vyLQ5QkgE82pAUB8FoMWvY1qF0Y8A5wtm6 +iZSGk4OLK488ZbT8Ii9i+AGKgPe2XbVxsJwj8N4k7Zooqec9hz73Up8ATEWJkRz7 +2u7oMGG4z91E0PULA64dOi3l/vOQe5w/Aa+CwVbAWtI05o7kMvQEBMDJn6C7CByo +MB5op9wueJMnz7PM7hns+U7Dy6oE4ljuolJUy51bDzFWwoM54cRoQqLFNHd8JVQj +WxldCkbfF43iyprlsEcUrTyUjtdA+ZeiG39vg/mtdmgNpGmdupHJZQvSuG8IcVlz +O+eMSeQS1QXPD6Ik8UK4SU0h+zOl8xIWtRrsxQuh4fnTN40udm/YUWl/6gOebsBI +IrVLlKGqJSfB3tMjpCRqdTzJ0dA9keVpkqm2ugZkxEf1+/efq/rFIQ2pUBLCqNTN +qpNqruK8y8FphP30I2uI4Ej2UIB8AQKBwQDd2Yptj2FyDyaXCycsyde0wYkNyzGU +dRnzdibfHnMZwjgTjwAwgIUBVIS8H0/z7ZJQKN7osJfddMrtjJtYYUk9g/dCpHXs +bNh2QSoWah3FdzNGuWd0iRf9+LFxhjAAMo/FS8zFJAJKrFsBdCGTfFUMdsLC0bjr +YjiWBuvV72uKf8XIZX5KIZruKdWBBcWukcb21R1UDyFYyXRBsly5XHaIYKZql3km +7pV7MKWO0IYgHbHIqGUqPQlzZ/lkunS1jKECgcEA23wHffD6Ou9/x3okPx2AWpTr +gh8rgqbyo6hQkBW5Y90Wz824cqaYebZDaBR/xlVx/YwjKkohv8Bde2lpH/ZxRZ1Z +5Sk2s6GJ/vU0L9RsJZgCgj4L6Coal1NMxuZtCXAlnOpiCdxSZgfqbshbTVz30KsG +ZJG361Cua1ScdAHxlZBxT52/1Sm0zRC2hnxL7h4qo7Idmtzs40LAJvYOKekR0pPN +oWeJfra7vgx/jVNvMFWoOoSLpidVO4g+ot4ery6tAoHAdW3rCic1C2zdnmH28Iw+ +s50l8Lk3mz+I5wgJd1zkzCO0DxZIoWPGA3g7cmCYr6N3KRsZMs4W9NAXgjpFGDkW +zYsG3K21BdpvkdjYcFjnPVjlOXB2RIc0vehf9Jl02wXoeCSxVUDEPcaRvWk9RJYx +ZpGOchUU7vNkxHURbIJ4yCzuAi9G8/Jp0dsu+kaV5tufF5SjG5WOrzKjaQsCbdN1 +oqaWMCHRrTvov/Z2C+xwsptFOdN5CSyZzg6hQiI4GMlBAoHAXyb6KINcOEi0YMp3 +BFXJ23tMTnEs78tozcKeipigcsbaqORK3omS+NEnj+uzKUzJyl4CsMbKstK2tFYS +mSTCHqgE3PBtIpsZtEqhgUraR8IK9GPpzZDTTl9ynZgwFTNlWw3RyuyVXF56J+T8 +kCGJ3hEHCHqT/ZRQyX85BKIDFhA0z4tYKxWVqIFiYBNq56R0X9tMMmMs36mEnF93 +7Ht6mowxTZQRa7nU0qOgeKh/P7ki4Zus3y+WJ+T9IqahLtlRAoHBAIhqMrcxSAB8 +RpB9jukJlAnidw2jCMPgrFE8tP0khhVvGrXMldxAUsMKntDIo8dGCnG1KTcWDI0O +jepvSPHSsxVLFugL79h0eVIS5z4huW48i9xgU8VlHdgAcgEPIAOFcOw2BCu/s0Vp +O+MM/EyUOdo3NsibB3qc/GJI6iNBYS7AljYEVo6rXo5V/MZvZUF4vClen6Obzsre +MTTb+4sJjfqleWuvr1XNMeu2mBfXBQkWGZP1byBK0MvD/aQ2PWq92A== +-----END RSA PRIVATE KEY----- diff --git a/testdata/dynlibmod.tdir/unbound_server.pem b/testdata/dynlibmod.tdir/unbound_server.pem new file mode 100644 index 000000000000..986807310f2b --- /dev/null +++ b/testdata/dynlibmod.tdir/unbound_server.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDqzCCAhMCFBHWXeQ6ZIa9QcQbXLFfC6tj+KA+MA0GCSqGSIb3DQEBCwUAMBIx +EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjI5WhcNNDAwMzI1MTMzMjI5 +WjASMRAwDgYDVQQDDAd1bmJvdW5kMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIB +igKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI0x41iG32 +a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+NqqGRS7XVQ2 +4vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Zuh9MDgot +aBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8KWaBe1ca4 +TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5FzUReSXZ +uTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xPq6O9UPj4 ++nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XLA5UoZgRz +XgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP7kFZSngx +dy1+A/bNAgMBAAEwDQYJKoZIhvcNAQELBQADggGBABunf93MKaCUHiZgnoOTinsW +84/EgInrgtKzAyH+BhnKkJOhhR0kkIAx5d9BpDlaSiRTACFon9moWCgDIIsK/Ar7 +JE0Kln9cV//wiiNoFU0O4mnzyGUIMvlaEX6QHMJJQYvL05+w/3AAcf5XmMJtR5ca +fJ8FqvGC34b2WxX9lTQoyT52sRt+1KnQikiMEnEyAdKktMG+MwKsFDdOwDXyZhZg +XZhRrfX3/NVJolqB6EahjWIGXDeKuSSKZVtCyib6LskyeMzN5lcRfvubKDdlqFVF +qlD7rHBsKhQUWK/IO64mGf7y/de+CgHtED5vDvr/p2uj/9sABATfbrOQR3W/Of25 +sLBj4OEfrJ7lX8hQgFaxkMI3x6VFT3W8dTCp7xnQgb6bgROWB5fNEZ9jk/gjSRmD +yIU+r0UbKe5kBk/CmZVFXL2TyJ92V5NYEQh8V4DGy19qZ6u/XKYyNJL4ocs35GGe +CA8SBuyrmdhx38h1RHErR2Skzadi1S7MwGf1y431fQ== +-----END CERTIFICATE----- diff --git a/testdata/fwd_bogus.tdir/unbound_control.key b/testdata/fwd_bogus.tdir/unbound_control.key index d7c43a06bb58..753a4ef6162e 100644 --- a/testdata/fwd_bogus.tdir/unbound_control.key +++ b/testdata/fwd_bogus.tdir/unbound_control.key @@ -1,15 +1,39 @@ -----BEGIN RSA PRIVATE KEY----- -MIICXAIBAAKBgQDD6DogNCsSeEa1u99+6PUVbGzjMzzei9MIK6s94+zcpp7OAOBa -rzPA0vlyuNtUsEN3qwPomQQQmIgbT7OXkzC1wqioxwa609xoL8oW/I7e336rEyvH -ST6JwUdIg0Lzg/USJ81eTwMnzYSd4Bpsqr9eP33ubaR7Gh/6o76loLOlcQIDAQAB -AoGAFT3e35MIgI4uDJJ8X0RfHp2NCO2LUg4TKbWical/C0W9vlR1/x80G1pE1d2Z -WotqJVWTrOq6eBox19RCgtLg2wPGk9uD62+9SDT37heWFlUCElWq50pQG6k9ThiG -DDypkZyZ/52+DdWybiaQJkuK6O5qQXuNAtVJMpghu4GnHAECQQDsupnZUQDpapzr -4FC4MSkL2+A1PRt6g4VhwoqOpJXaHfVnH6F7AwUuOLNwGdR5Cvv70pfJ7Jqg8L2m -Kxyl5bORAkEA09rn34YQ0pHJdHidbl2kInIuYTz09+TO3LWwan17nISH9aaYvVDr -p9x1B4Qzw9qyxT9oll7ze/5Rw/7C3AQj4QJAT2B2a+b8bkgAXBs4FbruL3rHoDJg -P2FQXSpVOWU4lg2LlsuFYvDtUMVUbZdLplanjZXcral3Y9W1Ub2M+ped8QJAYQN+ -aRpge7ys7vwIw7B36Bo3aOncF+ScYe+FkM5Tm7II/JHEofT7ZQwMP1vnxIlSkgbe -YvWqNB6a3NC99LikoQJBAM4UhDdRg63Tr6Idky6CQaH///zAN7nArJfffKGWFdw9 -DKrWpNqvYZtX/cfEJucKcRCm5YL8CKFYbQy4VoCxUcE= +MIIG4gIBAAKCAYEAstEp+Pyh8XGrtZ77A4FhYjvbeB3dMa7Q2rGWxobzlA9przhA +1aChAvUtCOAuM+rB6NTNB8YWfZJbQHawyMNpmC77cg6vXLYCGUQHZyAqidN049RJ +F5T7j4N8Vniv17LiRdr0S6swy4PRvEnIPPV43EQHZqC5jVvHsKkhIfmBF/Dj5TXR +ypeawWV/m5jeU6/4HRYMfytBZdO1mPXuWLh0lgbQ4SCbgrOUVD3rniMk1yZIbQOm +vlDHYqekjDb/vOW2KxUQLG04aZMJ1mWfdbwG0CKQkSjISEDZ1l76vhM6mTM0fwXb +IvyFZ9yPPCle1mF5aSlxS2cmGuGVSRQaw8XF9fe3a9ACJJTr33HdSpyaZkKRAUzL +cKqLCl323daKv3NwwAT03Tj4iQM416ASMoiyfFa/2GWTKQVjddu8Crar7tGaf5xr +lig4DBmrBvdYA3njy72/RD71hLwmlRoCGU7dRuDr9O6KASUm1Ri91ONZ/qdjMvov +15l2vj4GV+KXR00dAgMBAAECggGAHepIL1N0dEQkCdpy+/8lH54L9WhpnOo2HqAf +LU9eaKK7d4jdr9+TkD8cLaPzltPrZNxVALvu/0sA4SP6J1wpyj/x6P7z73qzly5+ +Xo5PD4fEwmi9YaiW/UduAblnEZrnp/AddptJKoL/D5T4XtpiQddPtael4zQ7kB57 +YIexRSQTvEDovA/o3/nvA0TrzOxfgd4ycQP3iOWGN/TMzyLsvjydrUwbOB567iz9 +whL3Etdgvnwh5Sz2blbFfH+nAR8ctvFFz+osPvuIVR21VMEI6wm7kTpSNnQ6sh/c +lrLb/bTADn4g7z/LpIZJ+MrLvyEcoqValrLYeFBhM9CV8woPxvkO2P3pU47HVGax +tC7GV6a/kt5RoKFd/TNdiA3OC7NGZtaeXv9VkPf4fVwBtSO9d5ZZXTGEynDD/rUQ +U4KFJe6OD23APjse08HiiKqTPhsOneOONU67iqoaTdIkT2R4EdlkVEDpXVtWb+G9 +Q+IqYzVljlzuyHrhWXLJw/FMa2aBAoHBAOnZbi4gGpH+P6886WDWVgIlTccuXoyc +Mg9QQYk9UDeXxL0AizR5bZy49Sduegz9vkHpAiZARQsUnizHjZ8YlRcrmn4t6tx3 +ahTIKAjdprnxJfYINM580j8CGbXvX5LhIlm3O267D0Op+co3+7Ujy+cjsIuFQrP+ +1MqMgXSeBjzC1APivmps7HeFE+4w0k2PfN5wSMDNCzLo99PZuUG5XZ93OVOS5dpN +b+WskdcD8NOoJy/X/5A08veEI/jYO/DyqQKBwQDDwUQCOWf41ecvJLtBHKmEnHDz +ftzHino9DRKG8a9XaN4rmetnoWEaM2vHGX3pf3mwH+dAe8vJdAQueDhBKYeEpm6C +TYNOpou1+Zs5s99BilCTNYo8fkMOAyqwRwmz9zgHS6QxXuPwsghKefLJGt6o6RFF +tfWVTfLlYJ+I3GQe3ySsk3wjVz4oUTKiyiq5+KzD+HhEkS7u+RQ7Z0ZI2xd2cF8Y +aN2hjKDpcOiFf3CDoqka5D1qMNLgIHO52AHww1UCgcA1h7o7AMpURRka6hyaODY0 +A4oMYEbwdQjYjIyT998W+rzkbu1us6UtzQEBZ760npkgyU/epbOoV63lnkCC/MOU +LD0PST+L/CHiY/cWIHb79YG1EifUZKpUFg0Aoq0EGFkepF0MefGCkbRGYA5UZr9U +R80wAu9D+L+JJiS0J0BSRF74DL196zUuHt5zFeXuLzxsRtPAnq9DliS08BACRYZy +7H3I7cWD9Vn5/0jbKWHFcaaWwyETR6uekTcSzZzbCRECgcBeoE3/xUA9SSk34Mmj +7/cB4522Ft0imA3+9RK/qJTZ7Bd5fC4PKjOGNtUiqW/0L2rjeIiQ40bfWvWqgPKw +jSK1PL6uvkl6+4cNsFsYyZpiVDoe7wKju2UuoNlB3RUTqa2r2STFuNj2wRjA57I1 +BIgdnox65jqQsd14g/yaa+75/WP9CE45xzKEyrtvdcqxm0Pod3OrsYK+gikFjiar +kT0GQ8u0QPzh2tjt/2ZnIfOBrl+QYERP0MofDZDjhUdq2wECgcB0Lu841+yP5cdR +qbJhXO4zJNh7oWNcJlOuQp3ZMNFrA1oHpe9pmLukiROOy01k9WxIMQDzU5GSqRv3 +VLkYOIcbhJ3kClKAcM3j95SkKbU2H5/RENb3Ck52xtl4pNU1x/3PnVFZfDVuuHO9 +MZ9YBcIeK98MyP2jr5JtFKnOyPE7xKq0IHIhXadpbc2wjje5FtZ1cUtMyEECCXNa +C1TpXebHGyXGpY9WdWXhjdE/1jPvfS+uO5WyuDpYPr339gsdq1g= -----END RSA PRIVATE KEY----- diff --git a/testdata/fwd_bogus.tdir/unbound_control.pem b/testdata/fwd_bogus.tdir/unbound_control.pem index 8f1ba87f1cdd..a1edf7017f1d 100644 --- a/testdata/fwd_bogus.tdir/unbound_control.pem +++ b/testdata/fwd_bogus.tdir/unbound_control.pem @@ -1,11 +1,22 @@ -----BEGIN CERTIFICATE----- -MIIBozCCAQwCCQD6XaN6FzW/4DANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwd1 -bmJvdW5kMB4XDTA4MDkxMTA5MDk0MFoXDTI4MDUyOTA5MDk0MFowGjEYMBYGA1UE -AxMPdW5ib3VuZC1jb250cm9sMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDD -6DogNCsSeEa1u99+6PUVbGzjMzzei9MIK6s94+zcpp7OAOBarzPA0vlyuNtUsEN3 -qwPomQQQmIgbT7OXkzC1wqioxwa609xoL8oW/I7e336rEyvHST6JwUdIg0Lzg/US -J81eTwMnzYSd4Bpsqr9eP33ubaR7Gh/6o76loLOlcQIDAQABMA0GCSqGSIb3DQEB -BQUAA4GBAGFAXmaQHuFgAuc6HVhYZJdToxLBhfxGpot4oZNjcb1Cdoz3OL34MU1B -9E5psj2PpGPIi8/RwoqBtAJHJ+J5cWngo03o4ZmdwKNSzaxlp141z/3rUtFqEHEC -iO6gPCT3U7dt6MyC7r6vdMqyW6aldP3CtwD0gQziKAMoj+TAfAcq +MIIDszCCAhsCFGD5193whHQ2bVdzbaQfdf1gc4SkMA0GCSqGSIb3DQEBCwUAMBIx +EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjMwWhcNNDAwMzI1MTMzMjMw +WjAaMRgwFgYDVQQDDA91bmJvdW5kLWNvbnRyb2wwggGiMA0GCSqGSIb3DQEBAQUA +A4IBjwAwggGKAoIBgQCy0Sn4/KHxcau1nvsDgWFiO9t4Hd0xrtDasZbGhvOUD2mv +OEDVoKEC9S0I4C4z6sHo1M0HxhZ9kltAdrDIw2mYLvtyDq9ctgIZRAdnICqJ03Tj +1EkXlPuPg3xWeK/XsuJF2vRLqzDLg9G8Scg89XjcRAdmoLmNW8ewqSEh+YEX8OPl +NdHKl5rBZX+bmN5Tr/gdFgx/K0Fl07WY9e5YuHSWBtDhIJuCs5RUPeueIyTXJkht +A6a+UMdip6SMNv+85bYrFRAsbThpkwnWZZ91vAbQIpCRKMhIQNnWXvq+EzqZMzR/ +Bdsi/IVn3I88KV7WYXlpKXFLZyYa4ZVJFBrDxcX197dr0AIklOvfcd1KnJpmQpEB +TMtwqosKXfbd1oq/c3DABPTdOPiJAzjXoBIyiLJ8Vr/YZZMpBWN127wKtqvu0Zp/ +nGuWKDgMGasG91gDeePLvb9EPvWEvCaVGgIZTt1G4Ov07ooBJSbVGL3U41n+p2My ++i/XmXa+PgZX4pdHTR0CAwEAATANBgkqhkiG9w0BAQsFAAOCAYEAd++Wen6l8Ifj +4h3p/y16PhSsWJWuJ4wdNYy3/GM84S26wGjzlEEwiW76HpH6VJzPOiBAeWnFKE83 +hFyetEIxgJeIPbcs9ZP/Uoh8GZH9tRISBSN9Hgk2Slr9llo4t1H0g/XTgA5HqMQU +9YydlBh43G7Vw3FVwh09OM6poNOGQKNc/tq2/QdKeUMtyBbLWpRmjH5XcCT35fbn +ZiVOUldqSHD4kKrFO4nJYXZyipRbcXybsLiX9GP0GLemc3IgIvOXyJ2RPp06o/SJ +pzlMlkcAfLJaSuEW57xRakhuNK7m051TKKzJzIEX+NFYOVdafFHS8VwGrYsdrFvD +72tMfu+Fu55y3awdWWGc6YlaGogZiuMnJkvQphwgn+5qE/7CGEckoKEsH601rqIZ +muaIc85+nEcHJeijd/ZlBN9zeltjFoMuqTUENgmv8+tUAdVm/UMY9Vjme6b43ydP +uv6DS02+k9z8toxXworLiPr94BGaiGV1NxgwZKLZigYJt/Fi2Qte -----END CERTIFICATE----- diff --git a/testdata/fwd_bogus.tdir/unbound_server.key b/testdata/fwd_bogus.tdir/unbound_server.key index 4256c421dd0d..370a7bbb2f22 100644 --- a/testdata/fwd_bogus.tdir/unbound_server.key +++ b/testdata/fwd_bogus.tdir/unbound_server.key @@ -1,15 +1,39 @@ -----BEGIN RSA PRIVATE KEY----- -MIICWwIBAAKBgQC3F7Jsv2u01pLL9rFnjsMU/IaCFUIz/624DcaE84Z4gjMl5kWA -3axQcqul1wlwSrbKwrony+d9hH/+MX0tZwvl8w3OmhmOAiaQ+SHCsIuOjVwQjX0s -RLB61Pz5+PAiVvnPa9JIYB5QrK6DVEsxIHj8MOc5JKORrnESsFDh6yeMeQIDAQAB -AoGAAuWoGBprTOA8UGfl5LqYkaNxSWumsYXxLMFjC8WCsjN1NbtQDDr1uAwodSZS -6ujzvX+ZTHnofs7y64XC8k34HTOCD2zlW7kijWbT8YjRYFU6o9F5zUGD9RCan0ds -sVscT2psLSzfdsmFAcbmnGdxYkXk2PC1FHtaqExxehralGUCQQDcqrg9uQKXlhQi -XAaPr8SiWvtRm2a9IMMZkRfUWZclPHq6fCWNuUaCD+cTat4wAuqeknAz33VEosw3 -fXGsok//AkEA1GjIHXrOcSlpfVJb6NeOBugjRtZ7ZDT5gbtnMS9ob0qntKV6saaL -CNmJwuD9Q3XkU5j1+uHvYGP2NzcJd2CjhwJACV0hNlVMe9w9fHvFN4Gw6WbM9ViP -0oS6YrJafYNTu5vGZXVxLoNnL4u3NYa6aPUmuZXjNwBLfJ8f5VboZPf6RwJAINd2 -oYA8bSi/A755MX4qmozH74r4Fx1Nuq5UHTm8RwDe/0Javx8F/j9MWpJY9lZDEF3l -In5OebPa/NyInSmW/wJAZuP9aRn0nDBkHYri++1A7NykMiJ/nH0mDECbnk+wxx0S -LwqIetBhxb8eQwMg45+iAH7CHAMQ8BQuF/nFE6eotg== +MIIG5AIBAAKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI +0x41iG32a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+Nqq +GRS7XVQ24vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Z +uh9MDgotaBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8K +WaBe1ca4TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5 +FzUReSXZuTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xP +q6O9UPj4+nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XL +A5UoZgRzXgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP +7kFZSngxdy1+A/bNAgMBAAECggGBALpTOIqQwVg4CFBylL/a8K1IWJTI/I65sklf +XxYL7G7SB2HlEJ//z+E+F0+S4Vlao1vyLQ5QkgE82pAUB8FoMWvY1qF0Y8A5wtm6 +iZSGk4OLK488ZbT8Ii9i+AGKgPe2XbVxsJwj8N4k7Zooqec9hz73Up8ATEWJkRz7 +2u7oMGG4z91E0PULA64dOi3l/vOQe5w/Aa+CwVbAWtI05o7kMvQEBMDJn6C7CByo +MB5op9wueJMnz7PM7hns+U7Dy6oE4ljuolJUy51bDzFWwoM54cRoQqLFNHd8JVQj +WxldCkbfF43iyprlsEcUrTyUjtdA+ZeiG39vg/mtdmgNpGmdupHJZQvSuG8IcVlz +O+eMSeQS1QXPD6Ik8UK4SU0h+zOl8xIWtRrsxQuh4fnTN40udm/YUWl/6gOebsBI +IrVLlKGqJSfB3tMjpCRqdTzJ0dA9keVpkqm2ugZkxEf1+/efq/rFIQ2pUBLCqNTN +qpNqruK8y8FphP30I2uI4Ej2UIB8AQKBwQDd2Yptj2FyDyaXCycsyde0wYkNyzGU +dRnzdibfHnMZwjgTjwAwgIUBVIS8H0/z7ZJQKN7osJfddMrtjJtYYUk9g/dCpHXs +bNh2QSoWah3FdzNGuWd0iRf9+LFxhjAAMo/FS8zFJAJKrFsBdCGTfFUMdsLC0bjr +YjiWBuvV72uKf8XIZX5KIZruKdWBBcWukcb21R1UDyFYyXRBsly5XHaIYKZql3km +7pV7MKWO0IYgHbHIqGUqPQlzZ/lkunS1jKECgcEA23wHffD6Ou9/x3okPx2AWpTr +gh8rgqbyo6hQkBW5Y90Wz824cqaYebZDaBR/xlVx/YwjKkohv8Bde2lpH/ZxRZ1Z +5Sk2s6GJ/vU0L9RsJZgCgj4L6Coal1NMxuZtCXAlnOpiCdxSZgfqbshbTVz30KsG +ZJG361Cua1ScdAHxlZBxT52/1Sm0zRC2hnxL7h4qo7Idmtzs40LAJvYOKekR0pPN +oWeJfra7vgx/jVNvMFWoOoSLpidVO4g+ot4ery6tAoHAdW3rCic1C2zdnmH28Iw+ +s50l8Lk3mz+I5wgJd1zkzCO0DxZIoWPGA3g7cmCYr6N3KRsZMs4W9NAXgjpFGDkW +zYsG3K21BdpvkdjYcFjnPVjlOXB2RIc0vehf9Jl02wXoeCSxVUDEPcaRvWk9RJYx +ZpGOchUU7vNkxHURbIJ4yCzuAi9G8/Jp0dsu+kaV5tufF5SjG5WOrzKjaQsCbdN1 +oqaWMCHRrTvov/Z2C+xwsptFOdN5CSyZzg6hQiI4GMlBAoHAXyb6KINcOEi0YMp3 +BFXJ23tMTnEs78tozcKeipigcsbaqORK3omS+NEnj+uzKUzJyl4CsMbKstK2tFYS +mSTCHqgE3PBtIpsZtEqhgUraR8IK9GPpzZDTTl9ynZgwFTNlWw3RyuyVXF56J+T8 +kCGJ3hEHCHqT/ZRQyX85BKIDFhA0z4tYKxWVqIFiYBNq56R0X9tMMmMs36mEnF93 +7Ht6mowxTZQRa7nU0qOgeKh/P7ki4Zus3y+WJ+T9IqahLtlRAoHBAIhqMrcxSAB8 +RpB9jukJlAnidw2jCMPgrFE8tP0khhVvGrXMldxAUsMKntDIo8dGCnG1KTcWDI0O +jepvSPHSsxVLFugL79h0eVIS5z4huW48i9xgU8VlHdgAcgEPIAOFcOw2BCu/s0Vp +O+MM/EyUOdo3NsibB3qc/GJI6iNBYS7AljYEVo6rXo5V/MZvZUF4vClen6Obzsre +MTTb+4sJjfqleWuvr1XNMeu2mBfXBQkWGZP1byBK0MvD/aQ2PWq92A== -----END RSA PRIVATE KEY----- diff --git a/testdata/fwd_bogus.tdir/unbound_server.pem b/testdata/fwd_bogus.tdir/unbound_server.pem index aeda3ff11882..986807310f2b 100644 --- a/testdata/fwd_bogus.tdir/unbound_server.pem +++ b/testdata/fwd_bogus.tdir/unbound_server.pem @@ -1,11 +1,22 @@ -----BEGIN CERTIFICATE----- -MIIBmzCCAQQCCQDsNJ1UmphEFzANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwd1 -bmJvdW5kMB4XDTA4MDkxMTA5MDk0MFoXDTI4MDUyOTA5MDk0MFowEjEQMA4GA1UE -AxMHdW5ib3VuZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtxeybL9rtNaS -y/axZ47DFPyGghVCM/+tuA3GhPOGeIIzJeZFgN2sUHKrpdcJcEq2ysK6J8vnfYR/ -/jF9LWcL5fMNzpoZjgImkPkhwrCLjo1cEI19LESwetT8+fjwIlb5z2vSSGAeUKyu -g1RLMSB4/DDnOSSjka5xErBQ4esnjHkCAwEAATANBgkqhkiG9w0BAQUFAAOBgQAZ -9N0lnLENs4JMvPS+mn8C5m9bkkFITd32IiLjf0zgYpIUbFXH6XaEr9GNZBUG8feG -l/6WRXnbnVSblI5odQ4XxGZ9inYY6qtW30uv76HvoKp+QZ1c3460ddR8NauhcCHH -Z7S+QbLXi+r2JAhpPozZCjBHlRD0ixzA1mKQTJhJZg== +MIIDqzCCAhMCFBHWXeQ6ZIa9QcQbXLFfC6tj+KA+MA0GCSqGSIb3DQEBCwUAMBIx +EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjI5WhcNNDAwMzI1MTMzMjI5 +WjASMRAwDgYDVQQDDAd1bmJvdW5kMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIB +igKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI0x41iG32 +a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+NqqGRS7XVQ2 +4vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Zuh9MDgot +aBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8KWaBe1ca4 +TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5FzUReSXZ +uTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xPq6O9UPj4 ++nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XLA5UoZgRz +XgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP7kFZSngx +dy1+A/bNAgMBAAEwDQYJKoZIhvcNAQELBQADggGBABunf93MKaCUHiZgnoOTinsW +84/EgInrgtKzAyH+BhnKkJOhhR0kkIAx5d9BpDlaSiRTACFon9moWCgDIIsK/Ar7 +JE0Kln9cV//wiiNoFU0O4mnzyGUIMvlaEX6QHMJJQYvL05+w/3AAcf5XmMJtR5ca +fJ8FqvGC34b2WxX9lTQoyT52sRt+1KnQikiMEnEyAdKktMG+MwKsFDdOwDXyZhZg +XZhRrfX3/NVJolqB6EahjWIGXDeKuSSKZVtCyib6LskyeMzN5lcRfvubKDdlqFVF +qlD7rHBsKhQUWK/IO64mGf7y/de+CgHtED5vDvr/p2uj/9sABATfbrOQR3W/Of25 +sLBj4OEfrJ7lX8hQgFaxkMI3x6VFT3W8dTCp7xnQgb6bgROWB5fNEZ9jk/gjSRmD +yIU+r0UbKe5kBk/CmZVFXL2TyJ92V5NYEQh8V4DGy19qZ6u/XKYyNJL4ocs35GGe +CA8SBuyrmdhx38h1RHErR2Skzadi1S7MwGf1y431fQ== -----END CERTIFICATE----- diff --git a/testdata/fwd_compress_c00c.tdir/fwd_compress_c00c.conf b/testdata/fwd_compress_c00c.tdir/fwd_compress_c00c.conf index 08e9d643274c..5b2c8045a757 100644 --- a/testdata/fwd_compress_c00c.tdir/fwd_compress_c00c.conf +++ b/testdata/fwd_compress_c00c.tdir/fwd_compress_c00c.conf @@ -10,6 +10,7 @@ server: username: "" do-not-query-localhost: no minimal-responses: no + rrset-roundrobin: no forward-zone: name: "." forward-addr: "127.0.0.1@@TOPORT@" diff --git a/testdata/iter_lame_noaa.rpl b/testdata/iter_lame_noaa.rpl index 7a6eb1b30536..defaa5ca82ad 100644 --- a/testdata/iter_lame_noaa.rpl +++ b/testdata/iter_lame_noaa.rpl @@ -4,6 +4,7 @@ server: target-fetch-policy: "0 0 0 0 0" qname-minimisation: "no" minimal-responses: no + rrset-roundrobin: no stub-zone: name: "." diff --git a/testdata/iter_lame_nosoa.rpl b/testdata/iter_lame_nosoa.rpl index 4914f7461f5f..3bf6ccc18bd7 100644 --- a/testdata/iter_lame_nosoa.rpl +++ b/testdata/iter_lame_nosoa.rpl @@ -2,6 +2,7 @@ server: target-fetch-policy: "0 0 0 0 0" minimal-responses: no + rrset-roundrobin: no stub-zone: name: "." diff --git a/testdata/iter_ns_badip.rpl b/testdata/iter_ns_badip.rpl index ad266c64d117..e0bf966747bc 100644 --- a/testdata/iter_ns_badip.rpl +++ b/testdata/iter_ns_badip.rpl @@ -3,6 +3,7 @@ server: target-fetch-policy: "3 2 1 0 0" qname-minimisation: "no" minimal-responses: no + rrset-roundrobin: no stub-zone: name: "." diff --git a/testdata/iter_pcnamech.rpl b/testdata/iter_pcnamech.rpl index 098ae0bb5449..32b3130c8054 100644 --- a/testdata/iter_pcnamech.rpl +++ b/testdata/iter_pcnamech.rpl @@ -2,6 +2,7 @@ server: target-fetch-policy: "0 0 0 0 0" minimal-responses: no + rrset-roundrobin: no stub-zone: name: "." diff --git a/testdata/iter_pcnamechrec.rpl b/testdata/iter_pcnamechrec.rpl index ca996bb389a5..8bf7ad8792b7 100644 --- a/testdata/iter_pcnamechrec.rpl +++ b/testdata/iter_pcnamechrec.rpl @@ -2,6 +2,7 @@ server: target-fetch-policy: "0 0 0 0 0" minimal-responses: no + rrset-roundrobin: no stub-zone: name: "." diff --git a/testdata/iter_ranoaa_lame.rpl b/testdata/iter_ranoaa_lame.rpl index 4808b25a9a16..0e6d9877858e 100644 --- a/testdata/iter_ranoaa_lame.rpl +++ b/testdata/iter_ranoaa_lame.rpl @@ -2,6 +2,7 @@ server: target-fetch-policy: "0 0 0 0 0" minimal-responses: no + rrset-roundrobin: no stub-zone: name: "." diff --git a/testdata/iter_reclame_one.rpl b/testdata/iter_reclame_one.rpl index 4df9b6594fe4..4a6abfae534f 100644 --- a/testdata/iter_reclame_one.rpl +++ b/testdata/iter_reclame_one.rpl @@ -3,6 +3,7 @@ server: target-fetch-policy: "0 0 0 0 0" qname-minimisation: "no" minimal-responses: no + rrset-roundrobin: no stub-zone: name: "." diff --git a/testdata/iter_reclame_two.rpl b/testdata/iter_reclame_two.rpl index de4ef4165550..459dcb17f401 100644 --- a/testdata/iter_reclame_two.rpl +++ b/testdata/iter_reclame_two.rpl @@ -2,6 +2,7 @@ server: target-fetch-policy: "0 0 0 0 0" minimal-responses: no + rrset-roundrobin: no stub-zone: name: "." diff --git a/testdata/localdata.rpl b/testdata/localdata.rpl index 08aec6d7dd1d..a2e7eeba2949 100644 --- a/testdata/localdata.rpl +++ b/testdata/localdata.rpl @@ -4,6 +4,7 @@ server: hide-version: no identity: "test-identity" version: "test-version" + rrset-roundrobin: no ; implicit transparent zone should not block id.server local-data: "mydata.server. CH A 10.11.12.13" diff --git a/testdata/remote-threaded.tdir/unbound_control.key b/testdata/remote-threaded.tdir/unbound_control.key index d7c43a06bb58..753a4ef6162e 100644 --- a/testdata/remote-threaded.tdir/unbound_control.key +++ b/testdata/remote-threaded.tdir/unbound_control.key @@ -1,15 +1,39 @@ -----BEGIN RSA PRIVATE KEY----- -MIICXAIBAAKBgQDD6DogNCsSeEa1u99+6PUVbGzjMzzei9MIK6s94+zcpp7OAOBa -rzPA0vlyuNtUsEN3qwPomQQQmIgbT7OXkzC1wqioxwa609xoL8oW/I7e336rEyvH -ST6JwUdIg0Lzg/USJ81eTwMnzYSd4Bpsqr9eP33ubaR7Gh/6o76loLOlcQIDAQAB -AoGAFT3e35MIgI4uDJJ8X0RfHp2NCO2LUg4TKbWical/C0W9vlR1/x80G1pE1d2Z -WotqJVWTrOq6eBox19RCgtLg2wPGk9uD62+9SDT37heWFlUCElWq50pQG6k9ThiG -DDypkZyZ/52+DdWybiaQJkuK6O5qQXuNAtVJMpghu4GnHAECQQDsupnZUQDpapzr -4FC4MSkL2+A1PRt6g4VhwoqOpJXaHfVnH6F7AwUuOLNwGdR5Cvv70pfJ7Jqg8L2m -Kxyl5bORAkEA09rn34YQ0pHJdHidbl2kInIuYTz09+TO3LWwan17nISH9aaYvVDr -p9x1B4Qzw9qyxT9oll7ze/5Rw/7C3AQj4QJAT2B2a+b8bkgAXBs4FbruL3rHoDJg -P2FQXSpVOWU4lg2LlsuFYvDtUMVUbZdLplanjZXcral3Y9W1Ub2M+ped8QJAYQN+ -aRpge7ys7vwIw7B36Bo3aOncF+ScYe+FkM5Tm7II/JHEofT7ZQwMP1vnxIlSkgbe -YvWqNB6a3NC99LikoQJBAM4UhDdRg63Tr6Idky6CQaH///zAN7nArJfffKGWFdw9 -DKrWpNqvYZtX/cfEJucKcRCm5YL8CKFYbQy4VoCxUcE= +MIIG4gIBAAKCAYEAstEp+Pyh8XGrtZ77A4FhYjvbeB3dMa7Q2rGWxobzlA9przhA +1aChAvUtCOAuM+rB6NTNB8YWfZJbQHawyMNpmC77cg6vXLYCGUQHZyAqidN049RJ +F5T7j4N8Vniv17LiRdr0S6swy4PRvEnIPPV43EQHZqC5jVvHsKkhIfmBF/Dj5TXR +ypeawWV/m5jeU6/4HRYMfytBZdO1mPXuWLh0lgbQ4SCbgrOUVD3rniMk1yZIbQOm +vlDHYqekjDb/vOW2KxUQLG04aZMJ1mWfdbwG0CKQkSjISEDZ1l76vhM6mTM0fwXb +IvyFZ9yPPCle1mF5aSlxS2cmGuGVSRQaw8XF9fe3a9ACJJTr33HdSpyaZkKRAUzL +cKqLCl323daKv3NwwAT03Tj4iQM416ASMoiyfFa/2GWTKQVjddu8Crar7tGaf5xr +lig4DBmrBvdYA3njy72/RD71hLwmlRoCGU7dRuDr9O6KASUm1Ri91ONZ/qdjMvov +15l2vj4GV+KXR00dAgMBAAECggGAHepIL1N0dEQkCdpy+/8lH54L9WhpnOo2HqAf +LU9eaKK7d4jdr9+TkD8cLaPzltPrZNxVALvu/0sA4SP6J1wpyj/x6P7z73qzly5+ +Xo5PD4fEwmi9YaiW/UduAblnEZrnp/AddptJKoL/D5T4XtpiQddPtael4zQ7kB57 +YIexRSQTvEDovA/o3/nvA0TrzOxfgd4ycQP3iOWGN/TMzyLsvjydrUwbOB567iz9 +whL3Etdgvnwh5Sz2blbFfH+nAR8ctvFFz+osPvuIVR21VMEI6wm7kTpSNnQ6sh/c +lrLb/bTADn4g7z/LpIZJ+MrLvyEcoqValrLYeFBhM9CV8woPxvkO2P3pU47HVGax +tC7GV6a/kt5RoKFd/TNdiA3OC7NGZtaeXv9VkPf4fVwBtSO9d5ZZXTGEynDD/rUQ +U4KFJe6OD23APjse08HiiKqTPhsOneOONU67iqoaTdIkT2R4EdlkVEDpXVtWb+G9 +Q+IqYzVljlzuyHrhWXLJw/FMa2aBAoHBAOnZbi4gGpH+P6886WDWVgIlTccuXoyc +Mg9QQYk9UDeXxL0AizR5bZy49Sduegz9vkHpAiZARQsUnizHjZ8YlRcrmn4t6tx3 +ahTIKAjdprnxJfYINM580j8CGbXvX5LhIlm3O267D0Op+co3+7Ujy+cjsIuFQrP+ +1MqMgXSeBjzC1APivmps7HeFE+4w0k2PfN5wSMDNCzLo99PZuUG5XZ93OVOS5dpN +b+WskdcD8NOoJy/X/5A08veEI/jYO/DyqQKBwQDDwUQCOWf41ecvJLtBHKmEnHDz +ftzHino9DRKG8a9XaN4rmetnoWEaM2vHGX3pf3mwH+dAe8vJdAQueDhBKYeEpm6C +TYNOpou1+Zs5s99BilCTNYo8fkMOAyqwRwmz9zgHS6QxXuPwsghKefLJGt6o6RFF +tfWVTfLlYJ+I3GQe3ySsk3wjVz4oUTKiyiq5+KzD+HhEkS7u+RQ7Z0ZI2xd2cF8Y +aN2hjKDpcOiFf3CDoqka5D1qMNLgIHO52AHww1UCgcA1h7o7AMpURRka6hyaODY0 +A4oMYEbwdQjYjIyT998W+rzkbu1us6UtzQEBZ760npkgyU/epbOoV63lnkCC/MOU +LD0PST+L/CHiY/cWIHb79YG1EifUZKpUFg0Aoq0EGFkepF0MefGCkbRGYA5UZr9U +R80wAu9D+L+JJiS0J0BSRF74DL196zUuHt5zFeXuLzxsRtPAnq9DliS08BACRYZy +7H3I7cWD9Vn5/0jbKWHFcaaWwyETR6uekTcSzZzbCRECgcBeoE3/xUA9SSk34Mmj +7/cB4522Ft0imA3+9RK/qJTZ7Bd5fC4PKjOGNtUiqW/0L2rjeIiQ40bfWvWqgPKw +jSK1PL6uvkl6+4cNsFsYyZpiVDoe7wKju2UuoNlB3RUTqa2r2STFuNj2wRjA57I1 +BIgdnox65jqQsd14g/yaa+75/WP9CE45xzKEyrtvdcqxm0Pod3OrsYK+gikFjiar +kT0GQ8u0QPzh2tjt/2ZnIfOBrl+QYERP0MofDZDjhUdq2wECgcB0Lu841+yP5cdR +qbJhXO4zJNh7oWNcJlOuQp3ZMNFrA1oHpe9pmLukiROOy01k9WxIMQDzU5GSqRv3 +VLkYOIcbhJ3kClKAcM3j95SkKbU2H5/RENb3Ck52xtl4pNU1x/3PnVFZfDVuuHO9 +MZ9YBcIeK98MyP2jr5JtFKnOyPE7xKq0IHIhXadpbc2wjje5FtZ1cUtMyEECCXNa +C1TpXebHGyXGpY9WdWXhjdE/1jPvfS+uO5WyuDpYPr339gsdq1g= -----END RSA PRIVATE KEY----- diff --git a/testdata/remote-threaded.tdir/unbound_control.pem b/testdata/remote-threaded.tdir/unbound_control.pem index 8f1ba87f1cdd..a1edf7017f1d 100644 --- a/testdata/remote-threaded.tdir/unbound_control.pem +++ b/testdata/remote-threaded.tdir/unbound_control.pem @@ -1,11 +1,22 @@ -----BEGIN CERTIFICATE----- -MIIBozCCAQwCCQD6XaN6FzW/4DANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwd1 -bmJvdW5kMB4XDTA4MDkxMTA5MDk0MFoXDTI4MDUyOTA5MDk0MFowGjEYMBYGA1UE -AxMPdW5ib3VuZC1jb250cm9sMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDD -6DogNCsSeEa1u99+6PUVbGzjMzzei9MIK6s94+zcpp7OAOBarzPA0vlyuNtUsEN3 -qwPomQQQmIgbT7OXkzC1wqioxwa609xoL8oW/I7e336rEyvHST6JwUdIg0Lzg/US -J81eTwMnzYSd4Bpsqr9eP33ubaR7Gh/6o76loLOlcQIDAQABMA0GCSqGSIb3DQEB -BQUAA4GBAGFAXmaQHuFgAuc6HVhYZJdToxLBhfxGpot4oZNjcb1Cdoz3OL34MU1B -9E5psj2PpGPIi8/RwoqBtAJHJ+J5cWngo03o4ZmdwKNSzaxlp141z/3rUtFqEHEC -iO6gPCT3U7dt6MyC7r6vdMqyW6aldP3CtwD0gQziKAMoj+TAfAcq +MIIDszCCAhsCFGD5193whHQ2bVdzbaQfdf1gc4SkMA0GCSqGSIb3DQEBCwUAMBIx +EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjMwWhcNNDAwMzI1MTMzMjMw +WjAaMRgwFgYDVQQDDA91bmJvdW5kLWNvbnRyb2wwggGiMA0GCSqGSIb3DQEBAQUA +A4IBjwAwggGKAoIBgQCy0Sn4/KHxcau1nvsDgWFiO9t4Hd0xrtDasZbGhvOUD2mv +OEDVoKEC9S0I4C4z6sHo1M0HxhZ9kltAdrDIw2mYLvtyDq9ctgIZRAdnICqJ03Tj +1EkXlPuPg3xWeK/XsuJF2vRLqzDLg9G8Scg89XjcRAdmoLmNW8ewqSEh+YEX8OPl +NdHKl5rBZX+bmN5Tr/gdFgx/K0Fl07WY9e5YuHSWBtDhIJuCs5RUPeueIyTXJkht +A6a+UMdip6SMNv+85bYrFRAsbThpkwnWZZ91vAbQIpCRKMhIQNnWXvq+EzqZMzR/ +Bdsi/IVn3I88KV7WYXlpKXFLZyYa4ZVJFBrDxcX197dr0AIklOvfcd1KnJpmQpEB +TMtwqosKXfbd1oq/c3DABPTdOPiJAzjXoBIyiLJ8Vr/YZZMpBWN127wKtqvu0Zp/ +nGuWKDgMGasG91gDeePLvb9EPvWEvCaVGgIZTt1G4Ov07ooBJSbVGL3U41n+p2My ++i/XmXa+PgZX4pdHTR0CAwEAATANBgkqhkiG9w0BAQsFAAOCAYEAd++Wen6l8Ifj +4h3p/y16PhSsWJWuJ4wdNYy3/GM84S26wGjzlEEwiW76HpH6VJzPOiBAeWnFKE83 +hFyetEIxgJeIPbcs9ZP/Uoh8GZH9tRISBSN9Hgk2Slr9llo4t1H0g/XTgA5HqMQU +9YydlBh43G7Vw3FVwh09OM6poNOGQKNc/tq2/QdKeUMtyBbLWpRmjH5XcCT35fbn +ZiVOUldqSHD4kKrFO4nJYXZyipRbcXybsLiX9GP0GLemc3IgIvOXyJ2RPp06o/SJ +pzlMlkcAfLJaSuEW57xRakhuNK7m051TKKzJzIEX+NFYOVdafFHS8VwGrYsdrFvD +72tMfu+Fu55y3awdWWGc6YlaGogZiuMnJkvQphwgn+5qE/7CGEckoKEsH601rqIZ +muaIc85+nEcHJeijd/ZlBN9zeltjFoMuqTUENgmv8+tUAdVm/UMY9Vjme6b43ydP +uv6DS02+k9z8toxXworLiPr94BGaiGV1NxgwZKLZigYJt/Fi2Qte -----END CERTIFICATE----- diff --git a/testdata/remote-threaded.tdir/unbound_server.key b/testdata/remote-threaded.tdir/unbound_server.key index 4256c421dd0d..370a7bbb2f22 100644 --- a/testdata/remote-threaded.tdir/unbound_server.key +++ b/testdata/remote-threaded.tdir/unbound_server.key @@ -1,15 +1,39 @@ -----BEGIN RSA PRIVATE KEY----- -MIICWwIBAAKBgQC3F7Jsv2u01pLL9rFnjsMU/IaCFUIz/624DcaE84Z4gjMl5kWA -3axQcqul1wlwSrbKwrony+d9hH/+MX0tZwvl8w3OmhmOAiaQ+SHCsIuOjVwQjX0s -RLB61Pz5+PAiVvnPa9JIYB5QrK6DVEsxIHj8MOc5JKORrnESsFDh6yeMeQIDAQAB -AoGAAuWoGBprTOA8UGfl5LqYkaNxSWumsYXxLMFjC8WCsjN1NbtQDDr1uAwodSZS -6ujzvX+ZTHnofs7y64XC8k34HTOCD2zlW7kijWbT8YjRYFU6o9F5zUGD9RCan0ds -sVscT2psLSzfdsmFAcbmnGdxYkXk2PC1FHtaqExxehralGUCQQDcqrg9uQKXlhQi -XAaPr8SiWvtRm2a9IMMZkRfUWZclPHq6fCWNuUaCD+cTat4wAuqeknAz33VEosw3 -fXGsok//AkEA1GjIHXrOcSlpfVJb6NeOBugjRtZ7ZDT5gbtnMS9ob0qntKV6saaL -CNmJwuD9Q3XkU5j1+uHvYGP2NzcJd2CjhwJACV0hNlVMe9w9fHvFN4Gw6WbM9ViP -0oS6YrJafYNTu5vGZXVxLoNnL4u3NYa6aPUmuZXjNwBLfJ8f5VboZPf6RwJAINd2 -oYA8bSi/A755MX4qmozH74r4Fx1Nuq5UHTm8RwDe/0Javx8F/j9MWpJY9lZDEF3l -In5OebPa/NyInSmW/wJAZuP9aRn0nDBkHYri++1A7NykMiJ/nH0mDECbnk+wxx0S -LwqIetBhxb8eQwMg45+iAH7CHAMQ8BQuF/nFE6eotg== +MIIG5AIBAAKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI +0x41iG32a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+Nqq +GRS7XVQ24vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Z +uh9MDgotaBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8K +WaBe1ca4TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5 +FzUReSXZuTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xP +q6O9UPj4+nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XL +A5UoZgRzXgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP +7kFZSngxdy1+A/bNAgMBAAECggGBALpTOIqQwVg4CFBylL/a8K1IWJTI/I65sklf +XxYL7G7SB2HlEJ//z+E+F0+S4Vlao1vyLQ5QkgE82pAUB8FoMWvY1qF0Y8A5wtm6 +iZSGk4OLK488ZbT8Ii9i+AGKgPe2XbVxsJwj8N4k7Zooqec9hz73Up8ATEWJkRz7 +2u7oMGG4z91E0PULA64dOi3l/vOQe5w/Aa+CwVbAWtI05o7kMvQEBMDJn6C7CByo +MB5op9wueJMnz7PM7hns+U7Dy6oE4ljuolJUy51bDzFWwoM54cRoQqLFNHd8JVQj +WxldCkbfF43iyprlsEcUrTyUjtdA+ZeiG39vg/mtdmgNpGmdupHJZQvSuG8IcVlz +O+eMSeQS1QXPD6Ik8UK4SU0h+zOl8xIWtRrsxQuh4fnTN40udm/YUWl/6gOebsBI +IrVLlKGqJSfB3tMjpCRqdTzJ0dA9keVpkqm2ugZkxEf1+/efq/rFIQ2pUBLCqNTN +qpNqruK8y8FphP30I2uI4Ej2UIB8AQKBwQDd2Yptj2FyDyaXCycsyde0wYkNyzGU +dRnzdibfHnMZwjgTjwAwgIUBVIS8H0/z7ZJQKN7osJfddMrtjJtYYUk9g/dCpHXs +bNh2QSoWah3FdzNGuWd0iRf9+LFxhjAAMo/FS8zFJAJKrFsBdCGTfFUMdsLC0bjr +YjiWBuvV72uKf8XIZX5KIZruKdWBBcWukcb21R1UDyFYyXRBsly5XHaIYKZql3km +7pV7MKWO0IYgHbHIqGUqPQlzZ/lkunS1jKECgcEA23wHffD6Ou9/x3okPx2AWpTr +gh8rgqbyo6hQkBW5Y90Wz824cqaYebZDaBR/xlVx/YwjKkohv8Bde2lpH/ZxRZ1Z +5Sk2s6GJ/vU0L9RsJZgCgj4L6Coal1NMxuZtCXAlnOpiCdxSZgfqbshbTVz30KsG +ZJG361Cua1ScdAHxlZBxT52/1Sm0zRC2hnxL7h4qo7Idmtzs40LAJvYOKekR0pPN +oWeJfra7vgx/jVNvMFWoOoSLpidVO4g+ot4ery6tAoHAdW3rCic1C2zdnmH28Iw+ +s50l8Lk3mz+I5wgJd1zkzCO0DxZIoWPGA3g7cmCYr6N3KRsZMs4W9NAXgjpFGDkW +zYsG3K21BdpvkdjYcFjnPVjlOXB2RIc0vehf9Jl02wXoeCSxVUDEPcaRvWk9RJYx +ZpGOchUU7vNkxHURbIJ4yCzuAi9G8/Jp0dsu+kaV5tufF5SjG5WOrzKjaQsCbdN1 +oqaWMCHRrTvov/Z2C+xwsptFOdN5CSyZzg6hQiI4GMlBAoHAXyb6KINcOEi0YMp3 +BFXJ23tMTnEs78tozcKeipigcsbaqORK3omS+NEnj+uzKUzJyl4CsMbKstK2tFYS +mSTCHqgE3PBtIpsZtEqhgUraR8IK9GPpzZDTTl9ynZgwFTNlWw3RyuyVXF56J+T8 +kCGJ3hEHCHqT/ZRQyX85BKIDFhA0z4tYKxWVqIFiYBNq56R0X9tMMmMs36mEnF93 +7Ht6mowxTZQRa7nU0qOgeKh/P7ki4Zus3y+WJ+T9IqahLtlRAoHBAIhqMrcxSAB8 +RpB9jukJlAnidw2jCMPgrFE8tP0khhVvGrXMldxAUsMKntDIo8dGCnG1KTcWDI0O +jepvSPHSsxVLFugL79h0eVIS5z4huW48i9xgU8VlHdgAcgEPIAOFcOw2BCu/s0Vp +O+MM/EyUOdo3NsibB3qc/GJI6iNBYS7AljYEVo6rXo5V/MZvZUF4vClen6Obzsre +MTTb+4sJjfqleWuvr1XNMeu2mBfXBQkWGZP1byBK0MvD/aQ2PWq92A== -----END RSA PRIVATE KEY----- diff --git a/testdata/remote-threaded.tdir/unbound_server.pem b/testdata/remote-threaded.tdir/unbound_server.pem index aeda3ff11882..986807310f2b 100644 --- a/testdata/remote-threaded.tdir/unbound_server.pem +++ b/testdata/remote-threaded.tdir/unbound_server.pem @@ -1,11 +1,22 @@ -----BEGIN CERTIFICATE----- -MIIBmzCCAQQCCQDsNJ1UmphEFzANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwd1 -bmJvdW5kMB4XDTA4MDkxMTA5MDk0MFoXDTI4MDUyOTA5MDk0MFowEjEQMA4GA1UE -AxMHdW5ib3VuZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtxeybL9rtNaS -y/axZ47DFPyGghVCM/+tuA3GhPOGeIIzJeZFgN2sUHKrpdcJcEq2ysK6J8vnfYR/ -/jF9LWcL5fMNzpoZjgImkPkhwrCLjo1cEI19LESwetT8+fjwIlb5z2vSSGAeUKyu -g1RLMSB4/DDnOSSjka5xErBQ4esnjHkCAwEAATANBgkqhkiG9w0BAQUFAAOBgQAZ -9N0lnLENs4JMvPS+mn8C5m9bkkFITd32IiLjf0zgYpIUbFXH6XaEr9GNZBUG8feG -l/6WRXnbnVSblI5odQ4XxGZ9inYY6qtW30uv76HvoKp+QZ1c3460ddR8NauhcCHH -Z7S+QbLXi+r2JAhpPozZCjBHlRD0ixzA1mKQTJhJZg== +MIIDqzCCAhMCFBHWXeQ6ZIa9QcQbXLFfC6tj+KA+MA0GCSqGSIb3DQEBCwUAMBIx +EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjI5WhcNNDAwMzI1MTMzMjI5 +WjASMRAwDgYDVQQDDAd1bmJvdW5kMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIB +igKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI0x41iG32 +a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+NqqGRS7XVQ2 +4vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Zuh9MDgot +aBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8KWaBe1ca4 +TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5FzUReSXZ +uTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xPq6O9UPj4 ++nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XLA5UoZgRz +XgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP7kFZSngx +dy1+A/bNAgMBAAEwDQYJKoZIhvcNAQELBQADggGBABunf93MKaCUHiZgnoOTinsW +84/EgInrgtKzAyH+BhnKkJOhhR0kkIAx5d9BpDlaSiRTACFon9moWCgDIIsK/Ar7 +JE0Kln9cV//wiiNoFU0O4mnzyGUIMvlaEX6QHMJJQYvL05+w/3AAcf5XmMJtR5ca +fJ8FqvGC34b2WxX9lTQoyT52sRt+1KnQikiMEnEyAdKktMG+MwKsFDdOwDXyZhZg +XZhRrfX3/NVJolqB6EahjWIGXDeKuSSKZVtCyib6LskyeMzN5lcRfvubKDdlqFVF +qlD7rHBsKhQUWK/IO64mGf7y/de+CgHtED5vDvr/p2uj/9sABATfbrOQR3W/Of25 +sLBj4OEfrJ7lX8hQgFaxkMI3x6VFT3W8dTCp7xnQgb6bgROWB5fNEZ9jk/gjSRmD +yIU+r0UbKe5kBk/CmZVFXL2TyJ92V5NYEQh8V4DGy19qZ6u/XKYyNJL4ocs35GGe +CA8SBuyrmdhx38h1RHErR2Skzadi1S7MwGf1y431fQ== -----END CERTIFICATE----- diff --git a/testdata/rpz_axfr.rpl b/testdata/rpz_axfr.rpl index b5b84bfd3af9..f5736361631e 100644 --- a/testdata/rpz_axfr.rpl +++ b/testdata/rpz_axfr.rpl @@ -3,6 +3,7 @@ server: module-config: "respip validator iterator" target-fetch-policy: "0 0 0 0 0" qname-minimisation: no + rrset-roundrobin: no rpz: name: "rpz.example.com." diff --git a/testdata/rpz_ixfr.rpl b/testdata/rpz_ixfr.rpl index 3f7cb3d3561e..ca2b6233562f 100644 --- a/testdata/rpz_ixfr.rpl +++ b/testdata/rpz_ixfr.rpl @@ -3,6 +3,7 @@ server: module-config: "respip validator iterator" target-fetch-policy: "0 0 0 0 0" qname-minimisation: no + rrset-roundrobin: no rpz: name: "rpz.example.com." diff --git a/testdata/rrset_updated.rpl b/testdata/rrset_updated.rpl index d36ab8cc88a7..55da56bac074 100644 --- a/testdata/rrset_updated.rpl +++ b/testdata/rrset_updated.rpl @@ -2,6 +2,7 @@ ; config options go here. server: minimal-responses: no + rrset-roundrobin: no forward-zone: name: "." forward-addr: 216.0.0.1 CONFIG_END diff --git a/testdata/ssl_req_order.tdir/unbound_server.key b/testdata/ssl_req_order.tdir/unbound_server.key index 4256c421dd0d..370a7bbb2f22 100644 --- a/testdata/ssl_req_order.tdir/unbound_server.key +++ b/testdata/ssl_req_order.tdir/unbound_server.key @@ -1,15 +1,39 @@ -----BEGIN RSA PRIVATE KEY----- -MIICWwIBAAKBgQC3F7Jsv2u01pLL9rFnjsMU/IaCFUIz/624DcaE84Z4gjMl5kWA -3axQcqul1wlwSrbKwrony+d9hH/+MX0tZwvl8w3OmhmOAiaQ+SHCsIuOjVwQjX0s -RLB61Pz5+PAiVvnPa9JIYB5QrK6DVEsxIHj8MOc5JKORrnESsFDh6yeMeQIDAQAB -AoGAAuWoGBprTOA8UGfl5LqYkaNxSWumsYXxLMFjC8WCsjN1NbtQDDr1uAwodSZS -6ujzvX+ZTHnofs7y64XC8k34HTOCD2zlW7kijWbT8YjRYFU6o9F5zUGD9RCan0ds -sVscT2psLSzfdsmFAcbmnGdxYkXk2PC1FHtaqExxehralGUCQQDcqrg9uQKXlhQi -XAaPr8SiWvtRm2a9IMMZkRfUWZclPHq6fCWNuUaCD+cTat4wAuqeknAz33VEosw3 -fXGsok//AkEA1GjIHXrOcSlpfVJb6NeOBugjRtZ7ZDT5gbtnMS9ob0qntKV6saaL -CNmJwuD9Q3XkU5j1+uHvYGP2NzcJd2CjhwJACV0hNlVMe9w9fHvFN4Gw6WbM9ViP -0oS6YrJafYNTu5vGZXVxLoNnL4u3NYa6aPUmuZXjNwBLfJ8f5VboZPf6RwJAINd2 -oYA8bSi/A755MX4qmozH74r4Fx1Nuq5UHTm8RwDe/0Javx8F/j9MWpJY9lZDEF3l -In5OebPa/NyInSmW/wJAZuP9aRn0nDBkHYri++1A7NykMiJ/nH0mDECbnk+wxx0S -LwqIetBhxb8eQwMg45+iAH7CHAMQ8BQuF/nFE6eotg== +MIIG5AIBAAKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI +0x41iG32a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+Nqq +GRS7XVQ24vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Z +uh9MDgotaBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8K +WaBe1ca4TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5 +FzUReSXZuTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xP +q6O9UPj4+nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XL +A5UoZgRzXgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP +7kFZSngxdy1+A/bNAgMBAAECggGBALpTOIqQwVg4CFBylL/a8K1IWJTI/I65sklf +XxYL7G7SB2HlEJ//z+E+F0+S4Vlao1vyLQ5QkgE82pAUB8FoMWvY1qF0Y8A5wtm6 +iZSGk4OLK488ZbT8Ii9i+AGKgPe2XbVxsJwj8N4k7Zooqec9hz73Up8ATEWJkRz7 +2u7oMGG4z91E0PULA64dOi3l/vOQe5w/Aa+CwVbAWtI05o7kMvQEBMDJn6C7CByo +MB5op9wueJMnz7PM7hns+U7Dy6oE4ljuolJUy51bDzFWwoM54cRoQqLFNHd8JVQj +WxldCkbfF43iyprlsEcUrTyUjtdA+ZeiG39vg/mtdmgNpGmdupHJZQvSuG8IcVlz +O+eMSeQS1QXPD6Ik8UK4SU0h+zOl8xIWtRrsxQuh4fnTN40udm/YUWl/6gOebsBI +IrVLlKGqJSfB3tMjpCRqdTzJ0dA9keVpkqm2ugZkxEf1+/efq/rFIQ2pUBLCqNTN +qpNqruK8y8FphP30I2uI4Ej2UIB8AQKBwQDd2Yptj2FyDyaXCycsyde0wYkNyzGU +dRnzdibfHnMZwjgTjwAwgIUBVIS8H0/z7ZJQKN7osJfddMrtjJtYYUk9g/dCpHXs +bNh2QSoWah3FdzNGuWd0iRf9+LFxhjAAMo/FS8zFJAJKrFsBdCGTfFUMdsLC0bjr +YjiWBuvV72uKf8XIZX5KIZruKdWBBcWukcb21R1UDyFYyXRBsly5XHaIYKZql3km +7pV7MKWO0IYgHbHIqGUqPQlzZ/lkunS1jKECgcEA23wHffD6Ou9/x3okPx2AWpTr +gh8rgqbyo6hQkBW5Y90Wz824cqaYebZDaBR/xlVx/YwjKkohv8Bde2lpH/ZxRZ1Z +5Sk2s6GJ/vU0L9RsJZgCgj4L6Coal1NMxuZtCXAlnOpiCdxSZgfqbshbTVz30KsG +ZJG361Cua1ScdAHxlZBxT52/1Sm0zRC2hnxL7h4qo7Idmtzs40LAJvYOKekR0pPN +oWeJfra7vgx/jVNvMFWoOoSLpidVO4g+ot4ery6tAoHAdW3rCic1C2zdnmH28Iw+ +s50l8Lk3mz+I5wgJd1zkzCO0DxZIoWPGA3g7cmCYr6N3KRsZMs4W9NAXgjpFGDkW +zYsG3K21BdpvkdjYcFjnPVjlOXB2RIc0vehf9Jl02wXoeCSxVUDEPcaRvWk9RJYx +ZpGOchUU7vNkxHURbIJ4yCzuAi9G8/Jp0dsu+kaV5tufF5SjG5WOrzKjaQsCbdN1 +oqaWMCHRrTvov/Z2C+xwsptFOdN5CSyZzg6hQiI4GMlBAoHAXyb6KINcOEi0YMp3 +BFXJ23tMTnEs78tozcKeipigcsbaqORK3omS+NEnj+uzKUzJyl4CsMbKstK2tFYS +mSTCHqgE3PBtIpsZtEqhgUraR8IK9GPpzZDTTl9ynZgwFTNlWw3RyuyVXF56J+T8 +kCGJ3hEHCHqT/ZRQyX85BKIDFhA0z4tYKxWVqIFiYBNq56R0X9tMMmMs36mEnF93 +7Ht6mowxTZQRa7nU0qOgeKh/P7ki4Zus3y+WJ+T9IqahLtlRAoHBAIhqMrcxSAB8 +RpB9jukJlAnidw2jCMPgrFE8tP0khhVvGrXMldxAUsMKntDIo8dGCnG1KTcWDI0O +jepvSPHSsxVLFugL79h0eVIS5z4huW48i9xgU8VlHdgAcgEPIAOFcOw2BCu/s0Vp +O+MM/EyUOdo3NsibB3qc/GJI6iNBYS7AljYEVo6rXo5V/MZvZUF4vClen6Obzsre +MTTb+4sJjfqleWuvr1XNMeu2mBfXBQkWGZP1byBK0MvD/aQ2PWq92A== -----END RSA PRIVATE KEY----- diff --git a/testdata/ssl_req_order.tdir/unbound_server.pem b/testdata/ssl_req_order.tdir/unbound_server.pem index aeda3ff11882..986807310f2b 100644 --- a/testdata/ssl_req_order.tdir/unbound_server.pem +++ b/testdata/ssl_req_order.tdir/unbound_server.pem @@ -1,11 +1,22 @@ -----BEGIN CERTIFICATE----- -MIIBmzCCAQQCCQDsNJ1UmphEFzANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwd1 -bmJvdW5kMB4XDTA4MDkxMTA5MDk0MFoXDTI4MDUyOTA5MDk0MFowEjEQMA4GA1UE -AxMHdW5ib3VuZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtxeybL9rtNaS -y/axZ47DFPyGghVCM/+tuA3GhPOGeIIzJeZFgN2sUHKrpdcJcEq2ysK6J8vnfYR/ -/jF9LWcL5fMNzpoZjgImkPkhwrCLjo1cEI19LESwetT8+fjwIlb5z2vSSGAeUKyu -g1RLMSB4/DDnOSSjka5xErBQ4esnjHkCAwEAATANBgkqhkiG9w0BAQUFAAOBgQAZ -9N0lnLENs4JMvPS+mn8C5m9bkkFITd32IiLjf0zgYpIUbFXH6XaEr9GNZBUG8feG -l/6WRXnbnVSblI5odQ4XxGZ9inYY6qtW30uv76HvoKp+QZ1c3460ddR8NauhcCHH -Z7S+QbLXi+r2JAhpPozZCjBHlRD0ixzA1mKQTJhJZg== +MIIDqzCCAhMCFBHWXeQ6ZIa9QcQbXLFfC6tj+KA+MA0GCSqGSIb3DQEBCwUAMBIx +EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjI5WhcNNDAwMzI1MTMzMjI5 +WjASMRAwDgYDVQQDDAd1bmJvdW5kMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIB +igKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI0x41iG32 +a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+NqqGRS7XVQ2 +4vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Zuh9MDgot +aBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8KWaBe1ca4 +TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5FzUReSXZ +uTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xPq6O9UPj4 ++nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XLA5UoZgRz +XgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP7kFZSngx +dy1+A/bNAgMBAAEwDQYJKoZIhvcNAQELBQADggGBABunf93MKaCUHiZgnoOTinsW +84/EgInrgtKzAyH+BhnKkJOhhR0kkIAx5d9BpDlaSiRTACFon9moWCgDIIsK/Ar7 +JE0Kln9cV//wiiNoFU0O4mnzyGUIMvlaEX6QHMJJQYvL05+w/3AAcf5XmMJtR5ca +fJ8FqvGC34b2WxX9lTQoyT52sRt+1KnQikiMEnEyAdKktMG+MwKsFDdOwDXyZhZg +XZhRrfX3/NVJolqB6EahjWIGXDeKuSSKZVtCyib6LskyeMzN5lcRfvubKDdlqFVF +qlD7rHBsKhQUWK/IO64mGf7y/de+CgHtED5vDvr/p2uj/9sABATfbrOQR3W/Of25 +sLBj4OEfrJ7lX8hQgFaxkMI3x6VFT3W8dTCp7xnQgb6bgROWB5fNEZ9jk/gjSRmD +yIU+r0UbKe5kBk/CmZVFXL2TyJ92V5NYEQh8V4DGy19qZ6u/XKYyNJL4ocs35GGe +CA8SBuyrmdhx38h1RHErR2Skzadi1S7MwGf1y431fQ== -----END CERTIFICATE----- diff --git a/testdata/ssl_req_timeout.tdir/unbound_server.key b/testdata/ssl_req_timeout.tdir/unbound_server.key index 4256c421dd0d..370a7bbb2f22 100644 --- a/testdata/ssl_req_timeout.tdir/unbound_server.key +++ b/testdata/ssl_req_timeout.tdir/unbound_server.key @@ -1,15 +1,39 @@ -----BEGIN RSA PRIVATE KEY----- -MIICWwIBAAKBgQC3F7Jsv2u01pLL9rFnjsMU/IaCFUIz/624DcaE84Z4gjMl5kWA -3axQcqul1wlwSrbKwrony+d9hH/+MX0tZwvl8w3OmhmOAiaQ+SHCsIuOjVwQjX0s -RLB61Pz5+PAiVvnPa9JIYB5QrK6DVEsxIHj8MOc5JKORrnESsFDh6yeMeQIDAQAB -AoGAAuWoGBprTOA8UGfl5LqYkaNxSWumsYXxLMFjC8WCsjN1NbtQDDr1uAwodSZS -6ujzvX+ZTHnofs7y64XC8k34HTOCD2zlW7kijWbT8YjRYFU6o9F5zUGD9RCan0ds -sVscT2psLSzfdsmFAcbmnGdxYkXk2PC1FHtaqExxehralGUCQQDcqrg9uQKXlhQi -XAaPr8SiWvtRm2a9IMMZkRfUWZclPHq6fCWNuUaCD+cTat4wAuqeknAz33VEosw3 -fXGsok//AkEA1GjIHXrOcSlpfVJb6NeOBugjRtZ7ZDT5gbtnMS9ob0qntKV6saaL -CNmJwuD9Q3XkU5j1+uHvYGP2NzcJd2CjhwJACV0hNlVMe9w9fHvFN4Gw6WbM9ViP -0oS6YrJafYNTu5vGZXVxLoNnL4u3NYa6aPUmuZXjNwBLfJ8f5VboZPf6RwJAINd2 -oYA8bSi/A755MX4qmozH74r4Fx1Nuq5UHTm8RwDe/0Javx8F/j9MWpJY9lZDEF3l -In5OebPa/NyInSmW/wJAZuP9aRn0nDBkHYri++1A7NykMiJ/nH0mDECbnk+wxx0S -LwqIetBhxb8eQwMg45+iAH7CHAMQ8BQuF/nFE6eotg== +MIIG5AIBAAKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI +0x41iG32a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+Nqq +GRS7XVQ24vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Z +uh9MDgotaBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8K +WaBe1ca4TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5 +FzUReSXZuTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xP +q6O9UPj4+nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XL +A5UoZgRzXgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP +7kFZSngxdy1+A/bNAgMBAAECggGBALpTOIqQwVg4CFBylL/a8K1IWJTI/I65sklf +XxYL7G7SB2HlEJ//z+E+F0+S4Vlao1vyLQ5QkgE82pAUB8FoMWvY1qF0Y8A5wtm6 +iZSGk4OLK488ZbT8Ii9i+AGKgPe2XbVxsJwj8N4k7Zooqec9hz73Up8ATEWJkRz7 +2u7oMGG4z91E0PULA64dOi3l/vOQe5w/Aa+CwVbAWtI05o7kMvQEBMDJn6C7CByo +MB5op9wueJMnz7PM7hns+U7Dy6oE4ljuolJUy51bDzFWwoM54cRoQqLFNHd8JVQj +WxldCkbfF43iyprlsEcUrTyUjtdA+ZeiG39vg/mtdmgNpGmdupHJZQvSuG8IcVlz +O+eMSeQS1QXPD6Ik8UK4SU0h+zOl8xIWtRrsxQuh4fnTN40udm/YUWl/6gOebsBI +IrVLlKGqJSfB3tMjpCRqdTzJ0dA9keVpkqm2ugZkxEf1+/efq/rFIQ2pUBLCqNTN +qpNqruK8y8FphP30I2uI4Ej2UIB8AQKBwQDd2Yptj2FyDyaXCycsyde0wYkNyzGU +dRnzdibfHnMZwjgTjwAwgIUBVIS8H0/z7ZJQKN7osJfddMrtjJtYYUk9g/dCpHXs +bNh2QSoWah3FdzNGuWd0iRf9+LFxhjAAMo/FS8zFJAJKrFsBdCGTfFUMdsLC0bjr +YjiWBuvV72uKf8XIZX5KIZruKdWBBcWukcb21R1UDyFYyXRBsly5XHaIYKZql3km +7pV7MKWO0IYgHbHIqGUqPQlzZ/lkunS1jKECgcEA23wHffD6Ou9/x3okPx2AWpTr +gh8rgqbyo6hQkBW5Y90Wz824cqaYebZDaBR/xlVx/YwjKkohv8Bde2lpH/ZxRZ1Z +5Sk2s6GJ/vU0L9RsJZgCgj4L6Coal1NMxuZtCXAlnOpiCdxSZgfqbshbTVz30KsG +ZJG361Cua1ScdAHxlZBxT52/1Sm0zRC2hnxL7h4qo7Idmtzs40LAJvYOKekR0pPN +oWeJfra7vgx/jVNvMFWoOoSLpidVO4g+ot4ery6tAoHAdW3rCic1C2zdnmH28Iw+ +s50l8Lk3mz+I5wgJd1zkzCO0DxZIoWPGA3g7cmCYr6N3KRsZMs4W9NAXgjpFGDkW +zYsG3K21BdpvkdjYcFjnPVjlOXB2RIc0vehf9Jl02wXoeCSxVUDEPcaRvWk9RJYx +ZpGOchUU7vNkxHURbIJ4yCzuAi9G8/Jp0dsu+kaV5tufF5SjG5WOrzKjaQsCbdN1 +oqaWMCHRrTvov/Z2C+xwsptFOdN5CSyZzg6hQiI4GMlBAoHAXyb6KINcOEi0YMp3 +BFXJ23tMTnEs78tozcKeipigcsbaqORK3omS+NEnj+uzKUzJyl4CsMbKstK2tFYS +mSTCHqgE3PBtIpsZtEqhgUraR8IK9GPpzZDTTl9ynZgwFTNlWw3RyuyVXF56J+T8 +kCGJ3hEHCHqT/ZRQyX85BKIDFhA0z4tYKxWVqIFiYBNq56R0X9tMMmMs36mEnF93 +7Ht6mowxTZQRa7nU0qOgeKh/P7ki4Zus3y+WJ+T9IqahLtlRAoHBAIhqMrcxSAB8 +RpB9jukJlAnidw2jCMPgrFE8tP0khhVvGrXMldxAUsMKntDIo8dGCnG1KTcWDI0O +jepvSPHSsxVLFugL79h0eVIS5z4huW48i9xgU8VlHdgAcgEPIAOFcOw2BCu/s0Vp +O+MM/EyUOdo3NsibB3qc/GJI6iNBYS7AljYEVo6rXo5V/MZvZUF4vClen6Obzsre +MTTb+4sJjfqleWuvr1XNMeu2mBfXBQkWGZP1byBK0MvD/aQ2PWq92A== -----END RSA PRIVATE KEY----- diff --git a/testdata/ssl_req_timeout.tdir/unbound_server.pem b/testdata/ssl_req_timeout.tdir/unbound_server.pem index aeda3ff11882..986807310f2b 100644 --- a/testdata/ssl_req_timeout.tdir/unbound_server.pem +++ b/testdata/ssl_req_timeout.tdir/unbound_server.pem @@ -1,11 +1,22 @@ -----BEGIN CERTIFICATE----- -MIIBmzCCAQQCCQDsNJ1UmphEFzANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwd1 -bmJvdW5kMB4XDTA4MDkxMTA5MDk0MFoXDTI4MDUyOTA5MDk0MFowEjEQMA4GA1UE -AxMHdW5ib3VuZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtxeybL9rtNaS -y/axZ47DFPyGghVCM/+tuA3GhPOGeIIzJeZFgN2sUHKrpdcJcEq2ysK6J8vnfYR/ -/jF9LWcL5fMNzpoZjgImkPkhwrCLjo1cEI19LESwetT8+fjwIlb5z2vSSGAeUKyu -g1RLMSB4/DDnOSSjka5xErBQ4esnjHkCAwEAATANBgkqhkiG9w0BAQUFAAOBgQAZ -9N0lnLENs4JMvPS+mn8C5m9bkkFITd32IiLjf0zgYpIUbFXH6XaEr9GNZBUG8feG -l/6WRXnbnVSblI5odQ4XxGZ9inYY6qtW30uv76HvoKp+QZ1c3460ddR8NauhcCHH -Z7S+QbLXi+r2JAhpPozZCjBHlRD0ixzA1mKQTJhJZg== +MIIDqzCCAhMCFBHWXeQ6ZIa9QcQbXLFfC6tj+KA+MA0GCSqGSIb3DQEBCwUAMBIx +EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjI5WhcNNDAwMzI1MTMzMjI5 +WjASMRAwDgYDVQQDDAd1bmJvdW5kMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIB +igKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI0x41iG32 +a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+NqqGRS7XVQ2 +4vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Zuh9MDgot +aBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8KWaBe1ca4 +TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5FzUReSXZ +uTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xPq6O9UPj4 ++nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XLA5UoZgRz +XgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP7kFZSngx +dy1+A/bNAgMBAAEwDQYJKoZIhvcNAQELBQADggGBABunf93MKaCUHiZgnoOTinsW +84/EgInrgtKzAyH+BhnKkJOhhR0kkIAx5d9BpDlaSiRTACFon9moWCgDIIsK/Ar7 +JE0Kln9cV//wiiNoFU0O4mnzyGUIMvlaEX6QHMJJQYvL05+w/3AAcf5XmMJtR5ca +fJ8FqvGC34b2WxX9lTQoyT52sRt+1KnQikiMEnEyAdKktMG+MwKsFDdOwDXyZhZg +XZhRrfX3/NVJolqB6EahjWIGXDeKuSSKZVtCyib6LskyeMzN5lcRfvubKDdlqFVF +qlD7rHBsKhQUWK/IO64mGf7y/de+CgHtED5vDvr/p2uj/9sABATfbrOQR3W/Of25 +sLBj4OEfrJ7lX8hQgFaxkMI3x6VFT3W8dTCp7xnQgb6bgROWB5fNEZ9jk/gjSRmD +yIU+r0UbKe5kBk/CmZVFXL2TyJ92V5NYEQh8V4DGy19qZ6u/XKYyNJL4ocs35GGe +CA8SBuyrmdhx38h1RHErR2Skzadi1S7MwGf1y431fQ== -----END CERTIFICATE----- diff --git a/testdata/stream_ssl.tdir/unbound_control.key b/testdata/stream_ssl.tdir/unbound_control.key index d7c43a06bb58..753a4ef6162e 100644 --- a/testdata/stream_ssl.tdir/unbound_control.key +++ b/testdata/stream_ssl.tdir/unbound_control.key @@ -1,15 +1,39 @@ -----BEGIN RSA PRIVATE KEY----- -MIICXAIBAAKBgQDD6DogNCsSeEa1u99+6PUVbGzjMzzei9MIK6s94+zcpp7OAOBa -rzPA0vlyuNtUsEN3qwPomQQQmIgbT7OXkzC1wqioxwa609xoL8oW/I7e336rEyvH -ST6JwUdIg0Lzg/USJ81eTwMnzYSd4Bpsqr9eP33ubaR7Gh/6o76loLOlcQIDAQAB -AoGAFT3e35MIgI4uDJJ8X0RfHp2NCO2LUg4TKbWical/C0W9vlR1/x80G1pE1d2Z -WotqJVWTrOq6eBox19RCgtLg2wPGk9uD62+9SDT37heWFlUCElWq50pQG6k9ThiG -DDypkZyZ/52+DdWybiaQJkuK6O5qQXuNAtVJMpghu4GnHAECQQDsupnZUQDpapzr -4FC4MSkL2+A1PRt6g4VhwoqOpJXaHfVnH6F7AwUuOLNwGdR5Cvv70pfJ7Jqg8L2m -Kxyl5bORAkEA09rn34YQ0pHJdHidbl2kInIuYTz09+TO3LWwan17nISH9aaYvVDr -p9x1B4Qzw9qyxT9oll7ze/5Rw/7C3AQj4QJAT2B2a+b8bkgAXBs4FbruL3rHoDJg -P2FQXSpVOWU4lg2LlsuFYvDtUMVUbZdLplanjZXcral3Y9W1Ub2M+ped8QJAYQN+ -aRpge7ys7vwIw7B36Bo3aOncF+ScYe+FkM5Tm7II/JHEofT7ZQwMP1vnxIlSkgbe -YvWqNB6a3NC99LikoQJBAM4UhDdRg63Tr6Idky6CQaH///zAN7nArJfffKGWFdw9 -DKrWpNqvYZtX/cfEJucKcRCm5YL8CKFYbQy4VoCxUcE= +MIIG4gIBAAKCAYEAstEp+Pyh8XGrtZ77A4FhYjvbeB3dMa7Q2rGWxobzlA9przhA +1aChAvUtCOAuM+rB6NTNB8YWfZJbQHawyMNpmC77cg6vXLYCGUQHZyAqidN049RJ +F5T7j4N8Vniv17LiRdr0S6swy4PRvEnIPPV43EQHZqC5jVvHsKkhIfmBF/Dj5TXR +ypeawWV/m5jeU6/4HRYMfytBZdO1mPXuWLh0lgbQ4SCbgrOUVD3rniMk1yZIbQOm +vlDHYqekjDb/vOW2KxUQLG04aZMJ1mWfdbwG0CKQkSjISEDZ1l76vhM6mTM0fwXb +IvyFZ9yPPCle1mF5aSlxS2cmGuGVSRQaw8XF9fe3a9ACJJTr33HdSpyaZkKRAUzL +cKqLCl323daKv3NwwAT03Tj4iQM416ASMoiyfFa/2GWTKQVjddu8Crar7tGaf5xr +lig4DBmrBvdYA3njy72/RD71hLwmlRoCGU7dRuDr9O6KASUm1Ri91ONZ/qdjMvov +15l2vj4GV+KXR00dAgMBAAECggGAHepIL1N0dEQkCdpy+/8lH54L9WhpnOo2HqAf +LU9eaKK7d4jdr9+TkD8cLaPzltPrZNxVALvu/0sA4SP6J1wpyj/x6P7z73qzly5+ +Xo5PD4fEwmi9YaiW/UduAblnEZrnp/AddptJKoL/D5T4XtpiQddPtael4zQ7kB57 +YIexRSQTvEDovA/o3/nvA0TrzOxfgd4ycQP3iOWGN/TMzyLsvjydrUwbOB567iz9 +whL3Etdgvnwh5Sz2blbFfH+nAR8ctvFFz+osPvuIVR21VMEI6wm7kTpSNnQ6sh/c +lrLb/bTADn4g7z/LpIZJ+MrLvyEcoqValrLYeFBhM9CV8woPxvkO2P3pU47HVGax +tC7GV6a/kt5RoKFd/TNdiA3OC7NGZtaeXv9VkPf4fVwBtSO9d5ZZXTGEynDD/rUQ +U4KFJe6OD23APjse08HiiKqTPhsOneOONU67iqoaTdIkT2R4EdlkVEDpXVtWb+G9 +Q+IqYzVljlzuyHrhWXLJw/FMa2aBAoHBAOnZbi4gGpH+P6886WDWVgIlTccuXoyc +Mg9QQYk9UDeXxL0AizR5bZy49Sduegz9vkHpAiZARQsUnizHjZ8YlRcrmn4t6tx3 +ahTIKAjdprnxJfYINM580j8CGbXvX5LhIlm3O267D0Op+co3+7Ujy+cjsIuFQrP+ +1MqMgXSeBjzC1APivmps7HeFE+4w0k2PfN5wSMDNCzLo99PZuUG5XZ93OVOS5dpN +b+WskdcD8NOoJy/X/5A08veEI/jYO/DyqQKBwQDDwUQCOWf41ecvJLtBHKmEnHDz +ftzHino9DRKG8a9XaN4rmetnoWEaM2vHGX3pf3mwH+dAe8vJdAQueDhBKYeEpm6C +TYNOpou1+Zs5s99BilCTNYo8fkMOAyqwRwmz9zgHS6QxXuPwsghKefLJGt6o6RFF +tfWVTfLlYJ+I3GQe3ySsk3wjVz4oUTKiyiq5+KzD+HhEkS7u+RQ7Z0ZI2xd2cF8Y +aN2hjKDpcOiFf3CDoqka5D1qMNLgIHO52AHww1UCgcA1h7o7AMpURRka6hyaODY0 +A4oMYEbwdQjYjIyT998W+rzkbu1us6UtzQEBZ760npkgyU/epbOoV63lnkCC/MOU +LD0PST+L/CHiY/cWIHb79YG1EifUZKpUFg0Aoq0EGFkepF0MefGCkbRGYA5UZr9U +R80wAu9D+L+JJiS0J0BSRF74DL196zUuHt5zFeXuLzxsRtPAnq9DliS08BACRYZy +7H3I7cWD9Vn5/0jbKWHFcaaWwyETR6uekTcSzZzbCRECgcBeoE3/xUA9SSk34Mmj +7/cB4522Ft0imA3+9RK/qJTZ7Bd5fC4PKjOGNtUiqW/0L2rjeIiQ40bfWvWqgPKw +jSK1PL6uvkl6+4cNsFsYyZpiVDoe7wKju2UuoNlB3RUTqa2r2STFuNj2wRjA57I1 +BIgdnox65jqQsd14g/yaa+75/WP9CE45xzKEyrtvdcqxm0Pod3OrsYK+gikFjiar +kT0GQ8u0QPzh2tjt/2ZnIfOBrl+QYERP0MofDZDjhUdq2wECgcB0Lu841+yP5cdR +qbJhXO4zJNh7oWNcJlOuQp3ZMNFrA1oHpe9pmLukiROOy01k9WxIMQDzU5GSqRv3 +VLkYOIcbhJ3kClKAcM3j95SkKbU2H5/RENb3Ck52xtl4pNU1x/3PnVFZfDVuuHO9 +MZ9YBcIeK98MyP2jr5JtFKnOyPE7xKq0IHIhXadpbc2wjje5FtZ1cUtMyEECCXNa +C1TpXebHGyXGpY9WdWXhjdE/1jPvfS+uO5WyuDpYPr339gsdq1g= -----END RSA PRIVATE KEY----- diff --git a/testdata/stream_ssl.tdir/unbound_control.pem b/testdata/stream_ssl.tdir/unbound_control.pem index 8f1ba87f1cdd..a1edf7017f1d 100644 --- a/testdata/stream_ssl.tdir/unbound_control.pem +++ b/testdata/stream_ssl.tdir/unbound_control.pem @@ -1,11 +1,22 @@ -----BEGIN CERTIFICATE----- -MIIBozCCAQwCCQD6XaN6FzW/4DANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwd1 -bmJvdW5kMB4XDTA4MDkxMTA5MDk0MFoXDTI4MDUyOTA5MDk0MFowGjEYMBYGA1UE -AxMPdW5ib3VuZC1jb250cm9sMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDD -6DogNCsSeEa1u99+6PUVbGzjMzzei9MIK6s94+zcpp7OAOBarzPA0vlyuNtUsEN3 -qwPomQQQmIgbT7OXkzC1wqioxwa609xoL8oW/I7e336rEyvHST6JwUdIg0Lzg/US -J81eTwMnzYSd4Bpsqr9eP33ubaR7Gh/6o76loLOlcQIDAQABMA0GCSqGSIb3DQEB -BQUAA4GBAGFAXmaQHuFgAuc6HVhYZJdToxLBhfxGpot4oZNjcb1Cdoz3OL34MU1B -9E5psj2PpGPIi8/RwoqBtAJHJ+J5cWngo03o4ZmdwKNSzaxlp141z/3rUtFqEHEC -iO6gPCT3U7dt6MyC7r6vdMqyW6aldP3CtwD0gQziKAMoj+TAfAcq +MIIDszCCAhsCFGD5193whHQ2bVdzbaQfdf1gc4SkMA0GCSqGSIb3DQEBCwUAMBIx +EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjMwWhcNNDAwMzI1MTMzMjMw +WjAaMRgwFgYDVQQDDA91bmJvdW5kLWNvbnRyb2wwggGiMA0GCSqGSIb3DQEBAQUA +A4IBjwAwggGKAoIBgQCy0Sn4/KHxcau1nvsDgWFiO9t4Hd0xrtDasZbGhvOUD2mv +OEDVoKEC9S0I4C4z6sHo1M0HxhZ9kltAdrDIw2mYLvtyDq9ctgIZRAdnICqJ03Tj +1EkXlPuPg3xWeK/XsuJF2vRLqzDLg9G8Scg89XjcRAdmoLmNW8ewqSEh+YEX8OPl +NdHKl5rBZX+bmN5Tr/gdFgx/K0Fl07WY9e5YuHSWBtDhIJuCs5RUPeueIyTXJkht +A6a+UMdip6SMNv+85bYrFRAsbThpkwnWZZ91vAbQIpCRKMhIQNnWXvq+EzqZMzR/ +Bdsi/IVn3I88KV7WYXlpKXFLZyYa4ZVJFBrDxcX197dr0AIklOvfcd1KnJpmQpEB +TMtwqosKXfbd1oq/c3DABPTdOPiJAzjXoBIyiLJ8Vr/YZZMpBWN127wKtqvu0Zp/ +nGuWKDgMGasG91gDeePLvb9EPvWEvCaVGgIZTt1G4Ov07ooBJSbVGL3U41n+p2My ++i/XmXa+PgZX4pdHTR0CAwEAATANBgkqhkiG9w0BAQsFAAOCAYEAd++Wen6l8Ifj +4h3p/y16PhSsWJWuJ4wdNYy3/GM84S26wGjzlEEwiW76HpH6VJzPOiBAeWnFKE83 +hFyetEIxgJeIPbcs9ZP/Uoh8GZH9tRISBSN9Hgk2Slr9llo4t1H0g/XTgA5HqMQU +9YydlBh43G7Vw3FVwh09OM6poNOGQKNc/tq2/QdKeUMtyBbLWpRmjH5XcCT35fbn +ZiVOUldqSHD4kKrFO4nJYXZyipRbcXybsLiX9GP0GLemc3IgIvOXyJ2RPp06o/SJ +pzlMlkcAfLJaSuEW57xRakhuNK7m051TKKzJzIEX+NFYOVdafFHS8VwGrYsdrFvD +72tMfu+Fu55y3awdWWGc6YlaGogZiuMnJkvQphwgn+5qE/7CGEckoKEsH601rqIZ +muaIc85+nEcHJeijd/ZlBN9zeltjFoMuqTUENgmv8+tUAdVm/UMY9Vjme6b43ydP +uv6DS02+k9z8toxXworLiPr94BGaiGV1NxgwZKLZigYJt/Fi2Qte -----END CERTIFICATE----- diff --git a/testdata/stream_ssl.tdir/unbound_server.key b/testdata/stream_ssl.tdir/unbound_server.key index 4256c421dd0d..370a7bbb2f22 100644 --- a/testdata/stream_ssl.tdir/unbound_server.key +++ b/testdata/stream_ssl.tdir/unbound_server.key @@ -1,15 +1,39 @@ -----BEGIN RSA PRIVATE KEY----- -MIICWwIBAAKBgQC3F7Jsv2u01pLL9rFnjsMU/IaCFUIz/624DcaE84Z4gjMl5kWA -3axQcqul1wlwSrbKwrony+d9hH/+MX0tZwvl8w3OmhmOAiaQ+SHCsIuOjVwQjX0s -RLB61Pz5+PAiVvnPa9JIYB5QrK6DVEsxIHj8MOc5JKORrnESsFDh6yeMeQIDAQAB -AoGAAuWoGBprTOA8UGfl5LqYkaNxSWumsYXxLMFjC8WCsjN1NbtQDDr1uAwodSZS -6ujzvX+ZTHnofs7y64XC8k34HTOCD2zlW7kijWbT8YjRYFU6o9F5zUGD9RCan0ds -sVscT2psLSzfdsmFAcbmnGdxYkXk2PC1FHtaqExxehralGUCQQDcqrg9uQKXlhQi -XAaPr8SiWvtRm2a9IMMZkRfUWZclPHq6fCWNuUaCD+cTat4wAuqeknAz33VEosw3 -fXGsok//AkEA1GjIHXrOcSlpfVJb6NeOBugjRtZ7ZDT5gbtnMS9ob0qntKV6saaL -CNmJwuD9Q3XkU5j1+uHvYGP2NzcJd2CjhwJACV0hNlVMe9w9fHvFN4Gw6WbM9ViP -0oS6YrJafYNTu5vGZXVxLoNnL4u3NYa6aPUmuZXjNwBLfJ8f5VboZPf6RwJAINd2 -oYA8bSi/A755MX4qmozH74r4Fx1Nuq5UHTm8RwDe/0Javx8F/j9MWpJY9lZDEF3l -In5OebPa/NyInSmW/wJAZuP9aRn0nDBkHYri++1A7NykMiJ/nH0mDECbnk+wxx0S -LwqIetBhxb8eQwMg45+iAH7CHAMQ8BQuF/nFE6eotg== +MIIG5AIBAAKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI +0x41iG32a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+Nqq +GRS7XVQ24vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Z +uh9MDgotaBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8K +WaBe1ca4TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5 +FzUReSXZuTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xP +q6O9UPj4+nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XL +A5UoZgRzXgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP +7kFZSngxdy1+A/bNAgMBAAECggGBALpTOIqQwVg4CFBylL/a8K1IWJTI/I65sklf +XxYL7G7SB2HlEJ//z+E+F0+S4Vlao1vyLQ5QkgE82pAUB8FoMWvY1qF0Y8A5wtm6 +iZSGk4OLK488ZbT8Ii9i+AGKgPe2XbVxsJwj8N4k7Zooqec9hz73Up8ATEWJkRz7 +2u7oMGG4z91E0PULA64dOi3l/vOQe5w/Aa+CwVbAWtI05o7kMvQEBMDJn6C7CByo +MB5op9wueJMnz7PM7hns+U7Dy6oE4ljuolJUy51bDzFWwoM54cRoQqLFNHd8JVQj +WxldCkbfF43iyprlsEcUrTyUjtdA+ZeiG39vg/mtdmgNpGmdupHJZQvSuG8IcVlz +O+eMSeQS1QXPD6Ik8UK4SU0h+zOl8xIWtRrsxQuh4fnTN40udm/YUWl/6gOebsBI +IrVLlKGqJSfB3tMjpCRqdTzJ0dA9keVpkqm2ugZkxEf1+/efq/rFIQ2pUBLCqNTN +qpNqruK8y8FphP30I2uI4Ej2UIB8AQKBwQDd2Yptj2FyDyaXCycsyde0wYkNyzGU +dRnzdibfHnMZwjgTjwAwgIUBVIS8H0/z7ZJQKN7osJfddMrtjJtYYUk9g/dCpHXs +bNh2QSoWah3FdzNGuWd0iRf9+LFxhjAAMo/FS8zFJAJKrFsBdCGTfFUMdsLC0bjr +YjiWBuvV72uKf8XIZX5KIZruKdWBBcWukcb21R1UDyFYyXRBsly5XHaIYKZql3km +7pV7MKWO0IYgHbHIqGUqPQlzZ/lkunS1jKECgcEA23wHffD6Ou9/x3okPx2AWpTr +gh8rgqbyo6hQkBW5Y90Wz824cqaYebZDaBR/xlVx/YwjKkohv8Bde2lpH/ZxRZ1Z +5Sk2s6GJ/vU0L9RsJZgCgj4L6Coal1NMxuZtCXAlnOpiCdxSZgfqbshbTVz30KsG +ZJG361Cua1ScdAHxlZBxT52/1Sm0zRC2hnxL7h4qo7Idmtzs40LAJvYOKekR0pPN +oWeJfra7vgx/jVNvMFWoOoSLpidVO4g+ot4ery6tAoHAdW3rCic1C2zdnmH28Iw+ +s50l8Lk3mz+I5wgJd1zkzCO0DxZIoWPGA3g7cmCYr6N3KRsZMs4W9NAXgjpFGDkW +zYsG3K21BdpvkdjYcFjnPVjlOXB2RIc0vehf9Jl02wXoeCSxVUDEPcaRvWk9RJYx +ZpGOchUU7vNkxHURbIJ4yCzuAi9G8/Jp0dsu+kaV5tufF5SjG5WOrzKjaQsCbdN1 +oqaWMCHRrTvov/Z2C+xwsptFOdN5CSyZzg6hQiI4GMlBAoHAXyb6KINcOEi0YMp3 +BFXJ23tMTnEs78tozcKeipigcsbaqORK3omS+NEnj+uzKUzJyl4CsMbKstK2tFYS +mSTCHqgE3PBtIpsZtEqhgUraR8IK9GPpzZDTTl9ynZgwFTNlWw3RyuyVXF56J+T8 +kCGJ3hEHCHqT/ZRQyX85BKIDFhA0z4tYKxWVqIFiYBNq56R0X9tMMmMs36mEnF93 +7Ht6mowxTZQRa7nU0qOgeKh/P7ki4Zus3y+WJ+T9IqahLtlRAoHBAIhqMrcxSAB8 +RpB9jukJlAnidw2jCMPgrFE8tP0khhVvGrXMldxAUsMKntDIo8dGCnG1KTcWDI0O +jepvSPHSsxVLFugL79h0eVIS5z4huW48i9xgU8VlHdgAcgEPIAOFcOw2BCu/s0Vp +O+MM/EyUOdo3NsibB3qc/GJI6iNBYS7AljYEVo6rXo5V/MZvZUF4vClen6Obzsre +MTTb+4sJjfqleWuvr1XNMeu2mBfXBQkWGZP1byBK0MvD/aQ2PWq92A== -----END RSA PRIVATE KEY----- diff --git a/testdata/stream_ssl.tdir/unbound_server.pem b/testdata/stream_ssl.tdir/unbound_server.pem index aeda3ff11882..986807310f2b 100644 --- a/testdata/stream_ssl.tdir/unbound_server.pem +++ b/testdata/stream_ssl.tdir/unbound_server.pem @@ -1,11 +1,22 @@ -----BEGIN CERTIFICATE----- -MIIBmzCCAQQCCQDsNJ1UmphEFzANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwd1 -bmJvdW5kMB4XDTA4MDkxMTA5MDk0MFoXDTI4MDUyOTA5MDk0MFowEjEQMA4GA1UE -AxMHdW5ib3VuZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtxeybL9rtNaS -y/axZ47DFPyGghVCM/+tuA3GhPOGeIIzJeZFgN2sUHKrpdcJcEq2ysK6J8vnfYR/ -/jF9LWcL5fMNzpoZjgImkPkhwrCLjo1cEI19LESwetT8+fjwIlb5z2vSSGAeUKyu -g1RLMSB4/DDnOSSjka5xErBQ4esnjHkCAwEAATANBgkqhkiG9w0BAQUFAAOBgQAZ -9N0lnLENs4JMvPS+mn8C5m9bkkFITd32IiLjf0zgYpIUbFXH6XaEr9GNZBUG8feG -l/6WRXnbnVSblI5odQ4XxGZ9inYY6qtW30uv76HvoKp+QZ1c3460ddR8NauhcCHH -Z7S+QbLXi+r2JAhpPozZCjBHlRD0ixzA1mKQTJhJZg== +MIIDqzCCAhMCFBHWXeQ6ZIa9QcQbXLFfC6tj+KA+MA0GCSqGSIb3DQEBCwUAMBIx +EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjI5WhcNNDAwMzI1MTMzMjI5 +WjASMRAwDgYDVQQDDAd1bmJvdW5kMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIB +igKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI0x41iG32 +a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+NqqGRS7XVQ2 +4vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Zuh9MDgot +aBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8KWaBe1ca4 +TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5FzUReSXZ +uTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xPq6O9UPj4 ++nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XLA5UoZgRz +XgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP7kFZSngx +dy1+A/bNAgMBAAEwDQYJKoZIhvcNAQELBQADggGBABunf93MKaCUHiZgnoOTinsW +84/EgInrgtKzAyH+BhnKkJOhhR0kkIAx5d9BpDlaSiRTACFon9moWCgDIIsK/Ar7 +JE0Kln9cV//wiiNoFU0O4mnzyGUIMvlaEX6QHMJJQYvL05+w/3AAcf5XmMJtR5ca +fJ8FqvGC34b2WxX9lTQoyT52sRt+1KnQikiMEnEyAdKktMG+MwKsFDdOwDXyZhZg +XZhRrfX3/NVJolqB6EahjWIGXDeKuSSKZVtCyib6LskyeMzN5lcRfvubKDdlqFVF +qlD7rHBsKhQUWK/IO64mGf7y/de+CgHtED5vDvr/p2uj/9sABATfbrOQR3W/Of25 +sLBj4OEfrJ7lX8hQgFaxkMI3x6VFT3W8dTCp7xnQgb6bgROWB5fNEZ9jk/gjSRmD +yIU+r0UbKe5kBk/CmZVFXL2TyJ92V5NYEQh8V4DGy19qZ6u/XKYyNJL4ocs35GGe +CA8SBuyrmdhx38h1RHErR2Skzadi1S7MwGf1y431fQ== -----END CERTIFICATE----- diff --git a/testdata/val_any.rpl b/testdata/val_any.rpl index 058f44925ad1..4ce195134926 100644 --- a/testdata/val_any.rpl +++ b/testdata/val_any.rpl @@ -7,6 +7,7 @@ server: qname-minimisation: "no" fake-sha1: yes trust-anchor-signaling: no + rrset-roundrobin: no stub-zone: name: "." diff --git a/testdata/val_any_dname.rpl b/testdata/val_any_dname.rpl index 3957f7bae579..6ab3cded7d5a 100644 --- a/testdata/val_any_dname.rpl +++ b/testdata/val_any_dname.rpl @@ -7,6 +7,7 @@ server: qname-minimisation: "no" fake-sha1: yes trust-anchor-signaling: no + rrset-roundrobin: no stub-zone: name: "." diff --git a/testdata/val_nsec3_b3_optout.rpl b/testdata/val_nsec3_b3_optout.rpl index 0b0569201e5f..9d84be974185 100644 --- a/testdata/val_nsec3_b3_optout.rpl +++ b/testdata/val_nsec3_b3_optout.rpl @@ -1,12 +1,13 @@ ; config options server: - trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" + trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" val-override-date: "20120420235959" target-fetch-policy: "0 0 0 0 0" qname-minimisation: "no" fake-sha1: yes trust-anchor-signaling: no minimal-responses: no + rrset-roundrobin: no stub-zone: name: "." diff --git a/testdata/val_nsec3_b3_optout_negcache.rpl b/testdata/val_nsec3_b3_optout_negcache.rpl index f8ef6f87df90..497a8591a6c1 100644 --- a/testdata/val_nsec3_b3_optout_negcache.rpl +++ b/testdata/val_nsec3_b3_optout_negcache.rpl @@ -1,12 +1,13 @@ ; config options server: - trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" + trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" val-override-date: "20120420235959" target-fetch-policy: "0 0 0 0 0" qname-minimisation: "no" fake-sha1: yes trust-anchor-signaling: no minimal-responses: no + rrset-roundrobin: no stub-zone: name: "." diff --git a/testdata/val_nsec3_b3_optout_noce.rpl b/testdata/val_nsec3_b3_optout_noce.rpl index ddcd4c01a3d7..c5601e3862df 100644 --- a/testdata/val_nsec3_b3_optout_noce.rpl +++ b/testdata/val_nsec3_b3_optout_noce.rpl @@ -1,11 +1,12 @@ ; config options server: - trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" + trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" val-override-date: "20120420235959" target-fetch-policy: "0 0 0 0 0" qname-minimisation: "no" fake-sha1: yes trust-anchor-signaling: no + rrset-roundrobin: no stub-zone: name: "." diff --git a/testdata/val_nsec3_b3_optout_nonc.rpl b/testdata/val_nsec3_b3_optout_nonc.rpl index c4b044e3399e..53e8898de154 100644 --- a/testdata/val_nsec3_b3_optout_nonc.rpl +++ b/testdata/val_nsec3_b3_optout_nonc.rpl @@ -1,6 +1,6 @@ ; config options server: - trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" + trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" val-override-date: "20120420235959" target-fetch-policy: "0 0 0 0 0" qname-minimisation: "no" diff --git a/testdata/val_nsec3_b4_wild.rpl b/testdata/val_nsec3_b4_wild.rpl index db205ab232e0..8bf3a546628f 100644 --- a/testdata/val_nsec3_b4_wild.rpl +++ b/testdata/val_nsec3_b4_wild.rpl @@ -1,11 +1,12 @@ ; config options server: - trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" + trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" val-override-date: "20120420235959" target-fetch-policy: "0 0 0 0 0" qname-minimisation: "no" fake-sha1: yes trust-anchor-signaling: no + rrset-roundrobin: no stub-zone: name: "." diff --git a/testdata/val_nsec3_b5_wcnodata.rpl b/testdata/val_nsec3_b5_wcnodata.rpl index a10d6b75ae8a..c8be6a48f4f1 100644 --- a/testdata/val_nsec3_b5_wcnodata.rpl +++ b/testdata/val_nsec3_b5_wcnodata.rpl @@ -1,6 +1,6 @@ ; config options server: - trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" + trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" val-override-date: "20120420235959" target-fetch-policy: "0 0 0 0 0" qname-minimisation: "no" diff --git a/testdata/val_nsec3_b5_wcnodata_noce.rpl b/testdata/val_nsec3_b5_wcnodata_noce.rpl index f35eae18dd25..fdd175f9e6b3 100644 --- a/testdata/val_nsec3_b5_wcnodata_noce.rpl +++ b/testdata/val_nsec3_b5_wcnodata_noce.rpl @@ -1,6 +1,6 @@ ; config options server: - trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" + trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" val-override-date: "20120420235959" target-fetch-policy: "0 0 0 0 0" qname-minimisation: "no" diff --git a/testdata/val_nsec3_b5_wcnodata_nonc.rpl b/testdata/val_nsec3_b5_wcnodata_nonc.rpl index e4c58c62a65c..6c35ead1339e 100644 --- a/testdata/val_nsec3_b5_wcnodata_nonc.rpl +++ b/testdata/val_nsec3_b5_wcnodata_nonc.rpl @@ -1,6 +1,6 @@ ; config options server: - trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" + trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" val-override-date: "20120420235959" target-fetch-policy: "0 0 0 0 0" qname-minimisation: "no" diff --git a/testdata/val_nsec3_b5_wcnodata_nowc.rpl b/testdata/val_nsec3_b5_wcnodata_nowc.rpl index 27f68d6149fa..8e972ccc83fe 100644 --- a/testdata/val_nsec3_b5_wcnodata_nowc.rpl +++ b/testdata/val_nsec3_b5_wcnodata_nowc.rpl @@ -1,6 +1,6 @@ ; config options server: - trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" + trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" val-override-date: "20120420235959" target-fetch-policy: "0 0 0 0 0" qname-minimisation: "no" diff --git a/testdata/val_nsec3_wcany.rpl b/testdata/val_nsec3_wcany.rpl index 24bdaeb182ce..b653f6bde5e6 100644 --- a/testdata/val_nsec3_wcany.rpl +++ b/testdata/val_nsec3_wcany.rpl @@ -7,6 +7,7 @@ server: qname-minimisation: "no" fake-sha1: yes trust-anchor-signaling: no + rrset-roundrobin: no stub-zone: name: "." diff --git a/testdata/val_nx_nsec3_collision.rpl b/testdata/val_nx_nsec3_collision.rpl index 41cd0d6e7b47..8ff7e4b069b6 100644 --- a/testdata/val_nx_nsec3_collision.rpl +++ b/testdata/val_nx_nsec3_collision.rpl @@ -7,6 +7,7 @@ server: qname-minimisation: "no" fake-sha1: yes trust-anchor-signaling: no + rrset-roundrobin: no stub-zone: name: "." diff --git a/testdata/val_refer_unsignadd.rpl b/testdata/val_refer_unsignadd.rpl index 90e0f0421b4c..4d073016fce7 100644 --- a/testdata/val_refer_unsignadd.rpl +++ b/testdata/val_refer_unsignadd.rpl @@ -9,6 +9,7 @@ server: qname-minimisation: "no" fake-sha1: yes trust-anchor-signaling: no + rrset-roundrobin: no stub-zone: name: "." diff --git a/testdata/val_referglue.rpl b/testdata/val_referglue.rpl index dd7e7de91b25..54b7671567d0 100644 --- a/testdata/val_referglue.rpl +++ b/testdata/val_referglue.rpl @@ -10,6 +10,7 @@ server: fake-sha1: yes trust-anchor-signaling: no minimal-responses: no + rrset-roundrobin: no stub-zone: name: "." diff --git a/testdata/val_twocname.rpl b/testdata/val_twocname.rpl index d8e8cf3165da..bc7c3bcb20d5 100644 --- a/testdata/val_twocname.rpl +++ b/testdata/val_twocname.rpl @@ -5,6 +5,7 @@ server: fake-sha1: yes trust-anchor-signaling: no minimal-responses: no + rrset-roundrobin: no forward-zone: name: "." diff --git a/util/config_file.c b/util/config_file.c index 52ca5a184618..0e9ee471b1bb 100644 --- a/util/config_file.c +++ b/util/config_file.c @@ -116,6 +116,7 @@ config_create(void) cfg->ssl_upstream = 0; cfg->tls_cert_bundle = NULL; cfg->tls_win_cert = 0; + cfg->tls_use_sni = 1; cfg->use_syslog = 1; cfg->log_identity = NULL; /* changed later with argv[0] */ cfg->log_time_ascii = 0; @@ -186,6 +187,7 @@ config_create(void) cfg->so_reuseport = REUSEPORT_DEFAULT; cfg->ip_transparent = 0; cfg->ip_freebind = 0; + cfg->ip_dscp = 0; cfg->num_ifs = 0; cfg->ifs = NULL; cfg->num_out_ifs = 0; @@ -266,13 +268,14 @@ config_create(void) cfg->unblock_lan_zones = 0; cfg->insecure_lan_zones = 0; cfg->python_script = NULL; + cfg->dynlib_file = NULL; cfg->remote_control_enable = 0; cfg->control_ifs.first = NULL; cfg->control_ifs.last = NULL; cfg->control_port = UNBOUND_CONTROL_PORT; cfg->control_use_cert = 1; cfg->minimal_responses = 1; - cfg->rrset_roundrobin = 0; + cfg->rrset_roundrobin = 1; cfg->unknown_server_time_limit = 376; cfg->max_udp_size = 4096; if(!(cfg->server_key_file = strdup(RUN_DIR"/unbound_server.key"))) @@ -295,6 +298,8 @@ config_create(void) if(!(cfg->dnstap_socket_path = strdup(DNSTAP_SOCKET_PATH))) goto error_exit; #endif + cfg->dnstap_bidirectional = 1; + cfg->dnstap_tls = 1; cfg->disable_dnssec_lame_check = 0; cfg->ip_ratelimit = 0; cfg->ratelimit = 0; @@ -335,6 +340,7 @@ config_create(void) if(!(cfg->redis_server_host = strdup("127.0.0.1"))) goto error_exit; cfg->redis_timeout = 100; cfg->redis_server_port = 6379; + cfg->redis_expire_records = 0; #endif /* USE_REDIS */ #endif /* USE_CACHEDB */ #ifdef USE_IPSET @@ -504,6 +510,7 @@ int config_set_option(struct config_file* cfg, const char* opt, else S_STRLIST_APPEND("tls-session-ticket-keys:", tls_session_ticket_keys) else S_STR("tls-ciphers:", tls_ciphers) else S_STR("tls-ciphersuites:", tls_ciphersuites) + else S_YNO("tls-use-sni:", tls_use_sni) else S_YNO("interface-automatic:", if_automatic) else S_YNO("use-systemd:", use_systemd) else S_YNO("do-daemonize:", do_daemonize) @@ -523,6 +530,7 @@ int config_set_option(struct config_file* cfg, const char* opt, else S_YNO("so-reuseport:", so_reuseport) else S_YNO("ip-transparent:", ip_transparent) else S_YNO("ip-freebind:", ip_freebind) + else S_NUMBER_OR_ZERO("ip-dscp:", ip_dscp) else S_MEMSIZE("rrset-cache-size:", rrset_cache_size) else S_POW2("rrset-cache-slabs:", rrset_cache_slabs) else S_YNO("prefetch:", prefetch) @@ -622,6 +630,7 @@ int config_set_option(struct config_file* cfg, const char* opt, else S_STR("control-cert-file:", control_cert_file) else S_STR("module-config:", module_conf) else S_STRLIST("python-script:", python_script) + else S_STRLIST("dynlib-file:", dynlib_file) else S_YNO("disable-dnssec-lame-check:", disable_dnssec_lame_check) #ifdef CLIENT_SUBNET /* Can't set max subnet prefix here, since that value is used when @@ -631,7 +640,15 @@ int config_set_option(struct config_file* cfg, const char* opt, #endif #ifdef USE_DNSTAP else S_YNO("dnstap-enable:", dnstap) + else S_YNO("dnstap-bidirectional:", dnstap_bidirectional) else S_STR("dnstap-socket-path:", dnstap_socket_path) + else S_STR("dnstap-ip:", dnstap_ip) + else S_YNO("dnstap-tls:", dnstap_tls) + else S_STR("dnstap-tls-server-name:", dnstap_tls_server_name) + else S_STR("dnstap-tls-cert-bundle:", dnstap_tls_cert_bundle) + else S_STR("dnstap-tls-client-key-file:", dnstap_tls_client_key_file) + else S_STR("dnstap-tls-client-cert-file:", + dnstap_tls_client_cert_file) else S_YNO("dnstap-send-identity:", dnstap_send_identity) else S_YNO("dnstap-send-version:", dnstap_send_version) else S_STR("dnstap-identity:", dnstap_identity) @@ -915,6 +932,7 @@ config_get_option(struct config_file* cfg, const char* opt, else O_YNO(opt, "so-reuseport", so_reuseport) else O_YNO(opt, "ip-transparent", ip_transparent) else O_YNO(opt, "ip-freebind", ip_freebind) + else O_DEC(opt, "ip-dscp", ip_dscp) else O_MEM(opt, "rrset-cache-size", rrset_cache_size) else O_DEC(opt, "rrset-cache-slabs", rrset_cache_slabs) else O_YNO(opt, "prefetch-key", prefetch_key) @@ -949,6 +967,7 @@ config_get_option(struct config_file* cfg, const char* opt, else O_LST(opt, "tls-session-ticket-keys", tls_session_ticket_keys.first) else O_STR(opt, "tls-ciphers", tls_ciphers) else O_STR(opt, "tls-ciphersuites", tls_ciphersuites) + else O_YNO(opt, "tls-use-sni", tls_use_sni) else O_YNO(opt, "use-systemd", use_systemd) else O_YNO(opt, "do-daemonize", do_daemonize) else O_STR(opt, "chroot", chrootdir) @@ -1038,7 +1057,16 @@ config_get_option(struct config_file* cfg, const char* opt, #endif #ifdef USE_DNSTAP else O_YNO(opt, "dnstap-enable", dnstap) + else O_YNO(opt, "dnstap-bidirectional", dnstap_bidirectional) else O_STR(opt, "dnstap-socket-path", dnstap_socket_path) + else O_STR(opt, "dnstap-ip", dnstap_ip) + else O_YNO(opt, "dnstap-tls", dnstap_tls) + else O_STR(opt, "dnstap-tls-server-name", dnstap_tls_server_name) + else O_STR(opt, "dnstap-tls-cert-bundle", dnstap_tls_cert_bundle) + else O_STR(opt, "dnstap-tls-client-key-file", + dnstap_tls_client_key_file) + else O_STR(opt, "dnstap-tls-client-cert-file", + dnstap_tls_client_cert_file) else O_YNO(opt, "dnstap-send-identity", dnstap_send_identity) else O_YNO(opt, "dnstap-send-version", dnstap_send_version) else O_STR(opt, "dnstap-identity", dnstap_identity) @@ -1076,6 +1104,7 @@ config_get_option(struct config_file* cfg, const char* opt, else O_YNO(opt, "insecure-lan-zones", insecure_lan_zones) else O_DEC(opt, "max-udp-size", max_udp_size) else O_LST(opt, "python-script", python_script) + else O_LST(opt, "dynlib-file", dynlib_file) else O_YNO(opt, "disable-dnssec-lame-check", disable_dnssec_lame_check) else O_DEC(opt, "ip-ratelimit", ip_ratelimit) else O_DEC(opt, "ratelimit", ratelimit) @@ -1116,6 +1145,7 @@ config_get_option(struct config_file* cfg, const char* opt, else O_STR(opt, "redis-server-host", redis_server_host) else O_DEC(opt, "redis-server-port", redis_server_port) else O_DEC(opt, "redis-timeout", redis_timeout) + else O_YNO(opt, "redis-expire-records", redis_expire_records) #endif /* USE_REDIS */ #endif /* USE_CACHEDB */ #ifdef USE_IPSET @@ -1458,11 +1488,17 @@ config_delete(struct config_file* cfg) free(cfg->dns64_prefix); config_delstrlist(cfg->dns64_ignore_aaaa); free(cfg->dnstap_socket_path); + free(cfg->dnstap_ip); + free(cfg->dnstap_tls_server_name); + free(cfg->dnstap_tls_cert_bundle); + free(cfg->dnstap_tls_client_key_file); + free(cfg->dnstap_tls_client_cert_file); free(cfg->dnstap_identity); free(cfg->dnstap_version); config_deldblstrlist(cfg->ratelimit_for_domain); config_deldblstrlist(cfg->ratelimit_below_domain); config_delstrlist(cfg->python_script); + config_delstrlist(cfg->dynlib_file); #ifdef USE_IPSECMOD free(cfg->ipsecmod_hook); config_delstrlist(cfg->ipsecmod_whitelist); @@ -1509,6 +1545,11 @@ int cfg_mark_ports(const char* str, int allow, int* avail, int num) { char* mid = strchr(str, '-'); +#ifdef DISABLE_EXPLICIT_PORT_RANDOMISATION + log_warn("Explicit port randomisation disabled, ignoring " + "outgoing-port-permit and outgoing-port-avoid configuration " + "options"); +#endif if(!mid) { int port = atoi(str); if(port == 0 && strcmp(str, "0") != 0) { diff --git a/util/config_file.h b/util/config_file.h index 8739ca2ae1e8..66e5025d05b2 100644 --- a/util/config_file.h +++ b/util/config_file.h @@ -85,6 +85,8 @@ struct config_file { int do_ip4; /** do ip6 query support. */ int do_ip6; + /** prefer ip4 upstream queries. */ + int prefer_ip4; /** prefer ip6 upstream queries. */ int prefer_ip6; /** do udp query support. */ @@ -126,6 +128,8 @@ struct config_file { char* tls_ciphers; /** TLS chiphersuites (TLSv1.3) */ char* tls_ciphersuites; + /** if SNI is to be used */ + int tls_use_sni; /** outgoing port range number of ports (per thread) */ int outgoing_num_ports; @@ -186,6 +190,8 @@ struct config_file { int ip_transparent; /** IP_FREEBIND socket option request on port 53 sockets */ int ip_freebind; + /** IP_TOS socket option requested on port 53 sockets */ + int ip_dscp; /** number of interfaces to open. If 0 default all interfaces. */ int num_ifs; @@ -444,6 +450,9 @@ struct config_file { /** Python script file */ struct config_strlist* python_script; + /** Dynamic library file */ + struct config_strlist* dynlib_file; + /** Use systemd socket activation. */ int use_systemd; @@ -472,8 +481,22 @@ struct config_file { /** true to enable dnstap support */ int dnstap; + /** using bidirectional frame streams if true */ + int dnstap_bidirectional; /** dnstap socket path */ char* dnstap_socket_path; + /** dnstap IP */ + char* dnstap_ip; + /** dnstap TLS enable */ + int dnstap_tls; + /** dnstap tls server authentication name */ + char* dnstap_tls_server_name; + /** dnstap server cert bundle */ + char* dnstap_tls_cert_bundle; + /** dnstap client key for client authentication */ + char* dnstap_tls_client_key_file; + /** dnstap client cert for client authentication */ + char* dnstap_tls_client_cert_file; /** true to send "identity" via dnstap */ int dnstap_send_identity; /** true to send "version" via dnstap */ @@ -582,6 +605,8 @@ struct config_file { int redis_server_port; /** timeout (in ms) for communication with the redis server */ int redis_timeout; + /** set timeout on redis records based on DNS response ttl */ + int redis_expire_records; #endif #endif diff --git a/util/configlexer.c b/util/configlexer.c index 7178eb5d0099..004b334cffad 100644 --- a/util/configlexer.c +++ b/util/configlexer.c @@ -354,8 +354,8 @@ static void yynoreturn yy_fatal_error ( const char* msg ); (yy_hold_char) = *yy_cp; \ *yy_cp = '\0'; \ (yy_c_buf_p) = yy_cp; -#define YY_NUM_RULES 302 -#define YY_END_OF_BUFFER 303 +#define YY_NUM_RULES 323 +#define YY_END_OF_BUFFER 324 /* This struct is not used in this scanner, but its presence is necessary. */ struct yy_trans_info @@ -363,336 +363,353 @@ struct yy_trans_info flex_int32_t yy_verify; flex_int32_t yy_nxt; }; -static const flex_int16_t yy_accept[2986] = +static const flex_int16_t yy_accept[3137] = { 0, - 1, 1, 284, 284, 288, 288, 292, 292, 296, 296, - 1, 1, 303, 300, 1, 282, 282, 301, 2, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 301, 284, 285, 285, 286, 301, 288, 289, 289, - 290, 301, 295, 292, 293, 293, 294, 301, 296, 297, - 297, 298, 301, 299, 283, 2, 287, 299, 301, 300, - 0, 1, 2, 2, 2, 2, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 284, 0, 288, 0, 295, 0, 292, 296, 0, 299, - 0, 2, 2, 299, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 299, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 112, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 120, 300, 300, 300, 300, - 300, 300, 300, 299, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 96, 300, - 300, 300, 300, 300, 300, 8, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 113, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 125, 300, 299, 300, 300, 300, - - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 277, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 299, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 54, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 222, 300, 14, 15, 300, 18, 17, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 119, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 206, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 3, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 299, 300, 300, 300, 300, 300, 300, - 300, 272, 300, 300, 271, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 291, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - - 300, 300, 300, 57, 300, 246, 300, 300, 300, 300, - 300, 300, 300, 300, 278, 279, 300, 300, 300, 300, - 300, 58, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 116, 300, 300, - 300, 300, 300, 300, 300, 300, 195, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 20, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 144, 300, 300, 291, 300, - - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 94, - 300, 300, 300, 300, 300, 300, 300, 254, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 167, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 143, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - - 300, 300, 300, 300, 93, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 31, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 32, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 55, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 118, 300, 300, 300, 300, - 300, 111, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 56, 300, 300, 300, - - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 168, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 45, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 237, 300, 300, 300, - - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 49, 300, 50, 300, 300, 300, - 300, 300, 97, 300, 98, 300, 300, 300, 300, 95, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 7, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 215, 300, 300, 300, - 300, 146, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 46, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 187, 300, 186, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 16, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 59, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 194, - - 300, 300, 300, 300, 300, 300, 100, 300, 99, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 178, - 300, 300, 300, 300, 300, 300, 300, 300, 126, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 78, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 82, 300, - - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 53, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 181, 182, 300, 300, 300, 248, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 6, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 252, - 300, 300, 300, 300, 300, 300, 273, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 41, 300, 300, - - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 43, 300, 300, 300, 300, 300, 300, 300, 300, 174, - 300, 300, 300, 121, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 199, 300, 175, 300, 300, 300, - 212, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 44, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 123, 105, 300, - 106, 300, 300, 300, 104, 300, 300, 300, 300, 300, - 300, 300, 300, 141, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 236, 300, 300, 300, 300, - - 300, 300, 300, 300, 176, 300, 300, 300, 300, 300, - 179, 300, 185, 300, 300, 300, 300, 300, 211, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 92, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 117, 300, 300, 300, 300, 300, 300, 51, 300, - 300, 300, 25, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 19, 300, 300, 300, 300, 300, 300, 26, - 35, 300, 151, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - - 300, 300, 67, 69, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 256, 300, 300, - 300, 223, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 107, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 140, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 267, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 145, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 205, - - 300, 300, 300, 300, 300, 300, 300, 300, 276, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 162, 300, 300, 300, 300, 300, 300, 300, 300, 101, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 157, - 300, 169, 300, 300, 300, 300, 300, 129, 300, 300, - 300, 300, 300, 88, 300, 300, 300, 300, 197, 300, - 300, 300, 300, 300, 300, 213, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 228, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 122, 300, - - 300, 300, 300, 300, 300, 300, 300, 300, 300, 161, - 300, 300, 300, 300, 300, 70, 71, 300, 300, 300, - 300, 300, 52, 300, 300, 300, 300, 300, 77, 170, - 300, 188, 300, 216, 300, 300, 180, 249, 300, 300, - 300, 300, 300, 63, 300, 172, 300, 300, 300, 300, - 300, 9, 300, 300, 300, 91, 300, 300, 300, 300, - 241, 300, 300, 300, 196, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 160, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 147, 300, 255, 300, 300, - 300, 300, 227, 300, 300, 300, 300, 300, 300, 300, - 300, 207, 300, 300, 300, 300, 247, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 270, 300, 171, 300, 300, 300, 300, 300, 300, - 300, 62, 64, 300, 300, 300, 300, 300, 300, 300, - 90, 300, 300, 300, 300, 239, 300, 300, 300, 251, - - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 201, 33, 27, 29, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 34, 300, 28, 30, 300, 300, - 300, 300, 300, 300, 300, 300, 87, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 203, 200, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 61, 300, 300, 124, 300, 108, 300, 300, 300, 300, - 300, 300, 300, 300, 142, 13, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 265, 300, 268, 300, 300, - - 300, 300, 300, 300, 300, 300, 300, 300, 12, 300, - 300, 21, 300, 300, 300, 245, 300, 300, 300, 253, - 300, 300, 300, 65, 300, 209, 300, 300, 300, 300, - 202, 300, 300, 60, 300, 300, 300, 300, 22, 300, - 42, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 156, 155, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 204, 198, 300, 214, 300, 300, - 257, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 72, 300, 300, 300, 240, - - 300, 300, 300, 300, 184, 300, 300, 300, 300, 208, - 300, 300, 300, 300, 300, 300, 300, 300, 274, 275, - 153, 300, 300, 66, 300, 300, 300, 300, 163, 300, - 300, 102, 103, 300, 300, 300, 300, 148, 300, 150, - 300, 189, 300, 300, 300, 300, 154, 300, 300, 217, - 300, 300, 300, 300, 300, 300, 300, 131, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 224, - 300, 300, 300, 23, 300, 250, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 190, 300, 300, - 238, 300, 269, 300, 183, 300, 300, 300, 300, 47, - - 300, 300, 300, 300, 4, 300, 300, 300, 115, 130, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 220, 36, - 37, 300, 300, 300, 300, 300, 300, 300, 258, 300, - 300, 300, 300, 300, 300, 226, 300, 300, 300, 193, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 75, - 300, 48, 244, 300, 221, 300, 300, 300, 300, 11, - 300, 300, 300, 300, 300, 114, 300, 300, 300, 300, - 191, 79, 300, 39, 300, 300, 300, 300, 300, 300, - 300, 300, 159, 300, 300, 300, 300, 300, 133, 300, - - 300, 300, 300, 300, 300, 300, 300, 300, 225, 127, - 300, 300, 109, 110, 300, 300, 300, 81, 85, 80, - 300, 73, 300, 300, 300, 300, 300, 10, 300, 300, - 300, 242, 300, 300, 300, 300, 281, 38, 300, 300, - 300, 300, 300, 158, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 86, 84, 300, 74, 266, 300, 300, 300, - 300, 300, 300, 300, 177, 300, 300, 300, 300, 300, - 192, 300, 300, 300, 300, 300, 300, 300, 300, 149, - 68, 300, 300, 300, 300, 300, 259, 300, 300, 300, - - 300, 300, 300, 300, 128, 300, 83, 134, 135, 138, - 139, 136, 137, 76, 300, 243, 300, 300, 300, 300, - 152, 300, 300, 300, 300, 300, 219, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 165, 164, 40, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 89, 300, 218, - 300, 235, 263, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 5, 300, 300, 210, 300, 300, 264, - 300, 300, 300, 300, 300, 300, 300, 300, 24, 300, - - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 300, 132, 300, 300, 300, 300, 300, - 300, 300, 300, 166, 300, 173, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 260, 300, 300, 300, 300, - 300, 300, 300, 300, 300, 300, 300, 300, 300, 300, - 300, 300, 300, 280, 300, 300, 231, 300, 300, 300, - 300, 300, 261, 300, 300, 300, 300, 300, 300, 262, - 300, 300, 300, 229, 300, 232, 233, 300, 300, 300, - 300, 300, 230, 234, 0 + 1, 1, 297, 297, 301, 301, 305, 305, 309, 309, + 1, 1, 313, 313, 317, 317, 324, 321, 1, 295, + 295, 322, 2, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 322, 297, 298, 298, 299, + 322, 301, 302, 302, 303, 322, 308, 305, 306, 306, + 307, 322, 309, 310, 310, 311, 322, 320, 296, 2, + 300, 320, 322, 316, 313, 314, 314, 315, 322, 317, + 318, 318, 319, 322, 321, 0, 1, 2, 2, 2, + 2, 321, 321, 321, 321, 321, 321, 321, 321, 321, + + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 297, 0, 301, 0, + 308, 0, 305, 309, 0, 320, 0, 2, 2, 320, + 316, 0, 313, 317, 0, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 320, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 115, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 123, + 321, 321, 321, 321, 321, 321, 321, 320, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 99, 321, 321, 321, 321, 321, + 321, 8, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 116, 321, 321, 321, 321, 321, 321, 321, 321, 321, + + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 128, 321, 320, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 290, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 320, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 57, 321, 321, 321, 321, + + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 227, 321, 14, 15, 321, 19, 18, 321, 321, 211, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 122, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 209, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + + 321, 321, 321, 3, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 320, 321, 321, + 321, 321, 321, 321, 321, 284, 321, 321, 283, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 304, 321, 321, + 321, 321, 321, 321, 321, 56, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 60, 321, 258, 321, 321, 321, 321, 321, + 321, 321, 321, 291, 292, 321, 321, 321, 321, 321, + 61, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 119, 321, 321, + 321, 321, 321, 321, 321, 321, 198, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + + 321, 321, 321, 321, 321, 321, 321, 21, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 147, 321, 321, 320, + 304, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 97, 321, 321, 321, 321, 321, 321, 321, 266, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 170, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + + 321, 321, 321, 321, 321, 321, 321, 321, 321, 146, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 96, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 32, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 33, + + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 58, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 121, 320, 321, 321, 321, 321, + 321, 114, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 59, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 231, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 171, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + + 321, 321, 47, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 249, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 51, 321, 52, 321, 321, 321, 321, 321, 100, + 321, 101, 321, 321, 321, 321, 98, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 7, 321, 320, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 220, 321, 321, 321, 321, + 149, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 232, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 48, 321, 321, 321, 321, + + 321, 321, 321, 321, 321, 321, 321, 321, 321, 190, + 321, 189, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 16, 17, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 62, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 197, 321, 321, 321, 321, + 321, 321, 103, 321, 102, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 181, 321, 321, 321, + + 321, 321, 321, 321, 321, 129, 320, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 81, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 210, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 85, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 55, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + + 321, 321, 321, 184, 185, 321, 321, 321, 260, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 6, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 264, 321, 321, 321, 321, 321, 321, + 285, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 42, 321, 321, 321, 321, 44, 321, 321, 321, + 321, 321, 321, 321, 321, 45, 321, 321, 321, 321, + 321, 321, 321, 320, 321, 177, 321, 321, 321, 124, + + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 202, 321, 178, 321, 321, 321, 217, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 46, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 126, 108, 321, + 109, 321, 321, 321, 107, 321, 321, 321, 321, 321, + 321, 321, 321, 144, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 248, 321, 321, 321, + 321, 321, 321, 321, 321, 179, 321, 321, 321, 321, + 321, 182, 321, 188, 321, 321, 321, 321, 321, 216, + + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 95, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 120, 321, 321, 321, 321, 321, 321, + 53, 321, 321, 321, 26, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 20, 321, 321, 321, 321, 321, + 321, 27, 36, 321, 154, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 320, 321, + 321, 321, 321, 321, 321, 70, 72, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + + 268, 321, 321, 321, 321, 228, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 110, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 143, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 279, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 148, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 208, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 288, 321, 321, + + 321, 321, 321, 321, 321, 321, 321, 321, 321, 165, + 321, 321, 321, 321, 321, 321, 321, 321, 104, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 160, 321, + 172, 321, 321, 321, 321, 320, 321, 132, 321, 321, + 321, 321, 321, 91, 321, 321, 321, 321, 200, 321, + 321, 321, 321, 321, 321, 218, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 240, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 125, 321, 321, 321, 321, 321, 321, 321, + + 321, 321, 321, 164, 321, 321, 321, 321, 321, 321, + 73, 74, 321, 321, 321, 321, 321, 54, 321, 321, + 321, 321, 321, 80, 173, 321, 191, 321, 221, 321, + 321, 183, 261, 321, 321, 321, 321, 321, 66, 321, + 175, 321, 321, 321, 321, 321, 9, 321, 321, 321, + 94, 321, 321, 321, 321, 253, 321, 321, 321, 321, + 199, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + + 321, 321, 321, 321, 321, 321, 320, 321, 321, 321, + 321, 163, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 150, 321, 267, 321, 321, 321, 321, 321, + 239, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 212, 321, 321, 321, 321, 259, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 282, 321, 174, 321, 321, 321, 321, + 321, 321, 321, 65, 67, 321, 321, 321, 321, 321, + 321, 321, 93, 321, 321, 321, 321, 251, 321, 321, + + 321, 321, 263, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 204, 34, 28, 30, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 35, 321, 29, + 31, 321, 321, 321, 321, 321, 321, 321, 321, 90, + 321, 321, 321, 321, 321, 321, 320, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 206, 203, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 64, 321, + 321, 127, 321, 111, 321, 321, 321, 321, 321, 321, + 321, 321, 145, 312, 13, 321, 321, 321, 321, 321, + + 321, 321, 321, 321, 277, 321, 280, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 12, 321, 321, + 22, 321, 321, 321, 257, 321, 321, 321, 321, 265, + 321, 321, 321, 68, 321, 214, 321, 321, 321, 321, + 205, 321, 321, 63, 321, 321, 321, 321, 23, 321, + 43, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 159, 158, 312, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 207, 201, 321, 219, 321, + 321, 269, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 75, 321, 321, 321, 252, 321, 321, 321, 321, 187, + 321, 321, 321, 321, 213, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 286, 287, 156, 321, 321, 69, + 321, 321, 321, 321, 166, 321, 321, 105, 106, 321, + 321, 321, 321, 151, 321, 153, 321, 192, 321, 321, + 321, 321, 157, 321, 321, 222, 321, 321, 321, 321, + 321, 321, 321, 134, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 230, 321, 321, 321, + 321, 321, 321, 321, 24, 321, 262, 321, 321, 321, + + 321, 321, 321, 321, 321, 321, 321, 321, 193, 321, + 321, 250, 321, 281, 321, 186, 321, 321, 321, 321, + 49, 321, 321, 321, 321, 4, 321, 321, 321, 321, + 118, 133, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 225, 37, 38, 321, 321, 321, 321, 321, 321, 321, + 270, 321, 321, 321, 321, 321, 321, 321, 238, 321, + 321, 321, 321, 321, 321, 321, 196, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 78, 321, 50, 256, + 321, 226, 321, 321, 321, 321, 11, 321, 321, 321, + + 321, 321, 321, 117, 321, 321, 321, 321, 194, 82, + 321, 40, 321, 321, 321, 321, 321, 321, 321, 321, + 162, 321, 321, 321, 321, 321, 136, 321, 321, 321, + 321, 229, 321, 321, 321, 321, 321, 237, 321, 321, + 321, 321, 130, 321, 321, 112, 113, 321, 321, 321, + 84, 88, 83, 321, 76, 321, 321, 321, 321, 321, + 10, 321, 321, 321, 254, 289, 321, 321, 321, 321, + 294, 39, 321, 321, 321, 321, 321, 161, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + + 89, 87, 321, 77, 278, 321, 321, 321, 321, 321, + 321, 321, 180, 321, 321, 321, 321, 321, 195, 321, + 321, 321, 321, 321, 321, 321, 321, 152, 71, 321, + 321, 321, 321, 321, 271, 321, 321, 321, 321, 321, + 321, 321, 234, 321, 321, 233, 131, 321, 86, 137, + 138, 141, 142, 139, 140, 79, 321, 255, 321, 321, + 321, 321, 155, 321, 321, 321, 321, 321, 224, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 168, 167, 41, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 321, 321, 92, 321, 223, 321, 247, 275, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 5, 321, 321, 215, 321, 321, 276, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 235, 25, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + 321, 236, 321, 321, 321, 135, 321, 321, 321, 321, + 321, 321, 321, 321, 169, 321, 176, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 272, 321, 321, 321, + 321, 321, 321, 321, 321, 321, 321, 321, 321, 321, + + 321, 321, 321, 321, 293, 321, 321, 243, 321, 321, + 321, 321, 321, 273, 321, 321, 321, 321, 321, 321, + 274, 321, 321, 321, 241, 321, 244, 245, 321, 321, + 321, 321, 321, 242, 246, 0 } ; static const YY_CHAR yy_ec[256] = @@ -738,1619 +755,1704 @@ static const YY_CHAR yy_meta[67] = 1, 1, 1, 1, 1, 1 } ; -static const flex_int16_t yy_base[3000] = +static const flex_int16_t yy_base[3155] = { 0, 0, 0, 64, 67, 70, 72, 78, 84, 89, 92, - 131, 137, 508, 418, 96, 8475, 8475, 8475, 109, 171, - 85, 142, 215, 83, 117, 152, 207, 50, 110, 75, - 167, 231, 112, 275, 121, 327, 368, 243, 258, 259, - 170, 321, 382, 8475, 8475, 8475, 104, 341, 8475, 8475, - 8475, 147, 337, 362, 8475, 8475, 8475, 342, 295, 8475, - 8475, 8475, 160, 291, 8475, 355, 8475, 177, 346, 201, - 371, 115, 0, 386, 0, 0, 160, 162, 199, 204, - 188, 169, 323, 222, 256, 267, 378, 278, 292, 279, - 366, 367, 369, 409, 340, 380, 325, 397, 377, 424, - - 404, 407, 433, 439, 413, 408, 370, 434, 226, 445, - 450, 447, 457, 472, 460, 477, 461, 479, 471, 497, - 485, 248, 492, 512, 504, 242, 502, 531, 527, 519, - 521, 529, 520, 558, 539, 559, 543, 547, 563, 557, - 180, 164, 138, 231, 122, 531, 158, 79, 501, 66, - 608, 612, 0, 580, 584, 321, 587, 594, 607, 602, - 585, 598, 603, 614, 604, 626, 632, 623, 638, 627, - 599, 653, 697, 636, 639, 642, 652, 649, 651, 672, - 677, 682, 675, 678, 698, 676, 702, 714, 729, 721, - 712, 715, 696, 742, 755, 741, 740, 756, 757, 744, - - 759, 758, 769, 777, 768, 767, 406, 771, 772, 779, - 773, 776, 792, 800, 795, 796, 793, 826, 806, 807, - 827, 808, 819, 823, 820, 824, 838, 846, 836, 822, - 837, 850, 840, 865, 849, 852, 871, 456, 867, 879, - 876, 857, 882, 869, 864, 889, 884, 896, 890, 894, - 905, 910, 914, 907, 903, 906, 908, 911, 921, 924, - 932, 933, 937, 942, 173, 940, 953, 956, 928, 935, - 962, 964, 952, 977, 959, 979, 976, 980, 989, 981, - 985, 992, 974, 984, 997, 986, 995, 1011, 1007, 1023, - 1012, 1031, 1015, 1041, 1016, 1020, 1037, 1024, 1080, 1026, - - 1038, 1043, 1074, 1046, 1053, 1057, 1083, 1087, 1075, 1091, - 1088, 1112, 1114, 1090, 1104, 1119, 1113, 1124, 1122, 1118, - 1132, 1127, 1138, 1159, 8475, 1143, 1148, 1149, 1161, 1167, - 1179, 1154, 1194, 1164, 1176, 1190, 1174, 1187, 1199, 1247, - 1196, 1201, 1203, 1217, 1211, 8475, 1252, 1219, 1297, 1238, - 1242, 1261, 1256, 1237, 1257, 1277, 1245, 1275, 1246, 1279, - 1281, 1293, 1319, 1295, 1290, 1315, 1314, 1320, 1333, 1336, - 1343, 1331, 1337, 1339, 1338, 1330, 1345, 1354, 1288, 1347, - 1352, 1357, 1363, 1381, 1365, 1387, 1384, 1370, 1378, 1382, - 1395, 1388, 1410, 1390, 1416, 1420, 1414, 1408, 1415, 1425, - - 1434, 1422, 1433, 1443, 1442, 1207, 1440, 1449, 1463, 1412, - 1452, 1451, 1447, 1470, 1472, 1483, 1461, 1467, 1478, 1474, - 1482, 1494, 1491, 1480, 1501, 1495, 1514, 1502, 8475, 1519, - 1505, 1509, 1518, 1511, 1522, 8475, 1530, 1532, 1541, 1540, - 1547, 1542, 1557, 1546, 1570, 1536, 1558, 1549, 1575, 1566, - 1568, 1585, 1574, 1587, 1582, 1569, 1596, 1589, 1591, 1602, - 1595, 1601, 1597, 1647, 8475, 1605, 1627, 1631, 1622, 1629, - 1656, 1672, 1644, 1638, 1662, 1670, 1690, 1675, 1689, 1680, - 1637, 1697, 1684, 1700, 1699, 1708, 1706, 1696, 1707, 1705, - 1704, 1719, 1724, 1737, 8475, 1735, 1741, 1649, 1740, 1734, - - 1731, 1746, 1742, 1736, 1751, 1761, 1773, 1772, 1759, 1758, - 1771, 1794, 1778, 1788, 1779, 1777, 1798, 1805, 1807, 1795, - 1814, 1800, 1797, 1812, 1801, 1829, 1831, 1838, 1815, 1834, - 1839, 1827, 1840, 1842, 1847, 1828, 1830, 1855, 1865, 1858, - 1850, 1875, 1861, 1888, 1879, 1873, 1891, 1878, 1889, 1883, - 1892, 1893, 1895, 1912, 8475, 1917, 1904, 1926, 1931, 1928, - 1934, 1936, 1916, 1920, 1939, 1954, 1943, 1922, 1945, 1962, - 1955, 1960, 1968, 1966, 1956, 1973, 1982, 1992, 1983, 1975, - 1970, 1994, 1997, 1991, 2004, 2011, 2012, 2016, 2007, 2009, - 2006, 2032, 2010, 2019, 2035, 2030, 2041, 2038, 2048, 2037, - - 2046, 2049, 2079, 2059, 2036, 2068, 2063, 2069, 2062, 2065, - 2073, 2075, 2081, 2089, 2095, 2096, 2088, 2097, 2086, 2092, - 2102, 2110, 2122, 2106, 2115, 2116, 2117, 2130, 2128, 2124, - 2132, 2147, 2126, 2142, 2157, 2144, 2141, 2153, 2162, 2173, - 2154, 2163, 2175, 2172, 2181, 2187, 2190, 2191, 2180, 2197, - 2192, 2202, 2203, 2199, 2205, 2217, 2223, 2219, 2225, 2221, - 2226, 2214, 2242, 2248, 2245, 2246, 8475, 2232, 2261, 2238, - 2260, 2254, 2243, 2253, 2279, 2269, 2276, 2272, 2267, 2280, - 2323, 8475, 2274, 8475, 8475, 2285, 8475, 8475, 2288, 2303, - 2295, 2310, 2312, 2319, 2322, 2307, 2317, 2334, 2291, 2381, - - 2316, 2330, 2346, 2338, 2350, 2367, 2368, 2369, 2359, 2378, - 2371, 2384, 2402, 2390, 2377, 2394, 2414, 2403, 2405, 2417, - 2421, 2416, 2419, 2427, 2420, 2430, 2434, 2440, 2432, 2436, - 2471, 8475, 2448, 2467, 2473, 2465, 2477, 2475, 2468, 2476, - 2479, 2481, 2480, 2464, 2485, 2486, 2491, 2487, 2507, 2511, - 2494, 2503, 8475, 2514, 2515, 2520, 2517, 2528, 2527, 2521, - 2536, 2530, 2543, 2533, 2544, 2549, 2546, 2558, 2550, 2575, - 8475, 2566, 2569, 2560, 2577, 2563, 2579, 2580, 2576, 2590, - 2588, 2589, 2614, 2601, 2602, 2625, 2613, 2611, 2615, 2616, - 2626, 2617, 2628, 2635, 2627, 2642, 2636, 2657, 2644, 2645, - - 2649, 2646, 2675, 2663, 2680, 2659, 2685, 2686, 2678, 2669, - 2691, 2692, 2687, 2698, 2690, 2707, 2671, 2709, 2705, 2700, - 2701, 2713, 2716, 2723, 2714, 2735, 2732, 2724, 2725, 2737, - 2734, 8475, 2730, 2741, 8475, 2743, 2744, 2790, 2775, 2773, - 2752, 2778, 2758, 2782, 2781, 2798, 2792, 2800, 2789, 2804, - 2803, 2817, 2831, 2810, 2821, 2822, 2826, 2823, 2852, 2856, - 2854, 282, 2857, 2833, 2842, 2847, 2892, 2860, 2859, 2862, - 2863, 2867, 2896, 2869, 2883, 2886, 2888, 2908, 2910, 8475, - 2890, 2913, 2902, 2909, 2931, 2925, 2923, 2935, 2937, 2938, - 2936, 2947, 2932, 2948, 2940, 2941, 2950, 2949, 2957, 2963, - - 2973, 2968, 2991, 8475, 2976, 8475, 2975, 2974, 2977, 2984, - 2987, 2993, 3002, 3004, 8475, 8475, 3010, 3013, 3016, 3018, - 3011, 8475, 3012, 3046, 3026, 3044, 3034, 3032, 3038, 3037, - 3043, 3065, 3042, 3068, 3051, 3067, 3070, 8475, 3073, 3059, - 3077, 3083, 3071, 3085, 3086, 3069, 8475, 3095, 3089, 3096, - 3111, 3119, 3112, 3106, 3117, 3125, 3109, 3115, 3110, 3128, - 3122, 3145, 3146, 3138, 3151, 3154, 3150, 8475, 3142, 3144, - 3155, 3158, 3166, 3165, 3167, 3157, 3177, 3185, 3168, 3171, - 3184, 3178, 3172, 3173, 3193, 3204, 3210, 3194, 3200, 3205, - 641, 3201, 3216, 3199, 3222, 8475, 3211, 3229, 61, 3228, - - 3224, 3221, 3245, 3244, 3234, 3238, 3227, 3264, 3257, 3261, - 3265, 3254, 3259, 3271, 3252, 3256, 3280, 3278, 3277, 8475, - 3282, 3285, 3283, 3291, 3302, 3295, 3311, 8475, 3312, 3314, - 3310, 3307, 3328, 3318, 3323, 3342, 3334, 3344, 3340, 3337, - 8475, 3360, 3357, 3361, 3345, 3363, 3369, 3370, 3367, 3371, - 3358, 3387, 3376, 3374, 3390, 3388, 3384, 3392, 3406, 3401, - 3400, 3403, 3413, 8475, 3426, 3411, 3427, 3404, 3431, 3429, - 3460, 3438, 3432, 3448, 3443, 3484, 3451, 3458, 3447, 3468, - 3472, 3473, 3453, 3474, 3478, 3485, 3481, 3513, 3512, 3498, - 3504, 3519, 3506, 3516, 3509, 3520, 3471, 3532, 3530, 3533, - - 3557, 3551, 218, 3543, 8475, 3559, 3541, 3540, 3560, 3594, - 3570, 3583, 3568, 3590, 3584, 3586, 3587, 3579, 3606, 3600, - 3598, 3611, 3604, 3613, 3602, 3617, 3619, 3445, 3621, 3623, - 3635, 8475, 3638, 3647, 3634, 3645, 3655, 3639, 3656, 3657, - 3662, 3649, 3650, 3660, 3668, 3672, 3673, 3685, 3669, 3689, - 3674, 8475, 3700, 3694, 3699, 3701, 3702, 3708, 3717, 3723, - 3720, 3696, 3705, 3727, 3726, 8475, 3747, 3748, 3740, 3751, - 3746, 3737, 3749, 3757, 3738, 8475, 3742, 3736, 3753, 3773, - 3764, 8475, 3776, 3774, 3772, 3769, 3763, 3775, 3778, 3787, - 3784, 3795, 3805, 3798, 3789, 3818, 8475, 3808, 3829, 3799, - - 3819, 3822, 3824, 3816, 3844, 3855, 3839, 3834, 3847, 3849, - 3856, 3845, 3843, 3861, 3868, 3866, 3872, 3858, 8475, 3883, - 3874, 3880, 3901, 3899, 3890, 3893, 3886, 3904, 3895, 3907, - 3900, 3917, 3918, 3928, 3929, 3935, 3920, 3941, 3945, 3934, - 3947, 3930, 3961, 3957, 3959, 3968, 3970, 8475, 3958, 3975, - 3972, 3964, 3973, 3974, 3976, 3991, 3984, 3986, 3985, 3993, - 3996, 4027, 4029, 4005, 4032, 4009, 4011, 4017, 4034, 4016, - 4020, 4019, 4046, 4043, 4023, 4050, 4044, 4045, 4070, 4055, - 4060, 4061, 4062, 4069, 4064, 4071, 4067, 4089, 4072, 4093, - 4095, 4098, 4090, 4096, 4091, 4122, 8475, 4110, 4094, 4106, - - 4118, 4135, 4133, 4119, 4125, 4130, 4139, 4146, 4152, 4127, - 4145, 4149, 4153, 4158, 8475, 4157, 8475, 4160, 4159, 4177, - 4187, 4168, 8475, 4189, 8475, 4190, 4192, 4182, 4183, 8475, - 4191, 4180, 4197, 4202, 4186, 4210, 4213, 4207, 4208, 4235, - 4220, 4226, 4217, 4244, 4229, 4228, 4247, 4233, 4223, 4250, - 4237, 4260, 4256, 4255, 4263, 4270, 4271, 8475, 4280, 4268, - 4277, 4281, 4282, 4285, 4298, 4287, 4295, 4297, 4293, 4306, - 4312, 4319, 4325, 4336, 4314, 4340, 8475, 4329, 4345, 4328, - 4344, 8475, 4346, 4338, 4348, 4352, 4354, 4342, 4367, 4361, - 4357, 4371, 4366, 4393, 4395, 4387, 4388, 4398, 4375, 4401, - - 4406, 4402, 4415, 4417, 4410, 4427, 4408, 4422, 4420, 4426, - 4433, 4455, 4456, 4447, 4460, 4434, 4453, 4441, 4459, 4444, - 4445, 4449, 4461, 4463, 4466, 4468, 4499, 4480, 4483, 4484, - 4485, 8475, 4470, 4489, 4496, 4512, 4502, 4504, 4495, 4497, - 4505, 4520, 4527, 4539, 4522, 8475, 4537, 8475, 4528, 4540, - 4550, 4556, 4546, 4541, 4560, 4569, 4561, 4562, 4566, 4567, - 4573, 4575, 4586, 4578, 4594, 4598, 4587, 4604, 4589, 4599, - 4593, 4596, 4601, 4615, 8475, 4616, 4622, 4628, 4619, 4623, - 4642, 4650, 4636, 4634, 4637, 4639, 4676, 8475, 4646, 4655, - 4659, 4675, 4688, 4671, 4690, 4693, 4686, 4698, 4694, 8475, - - 4679, 4682, 4706, 4692, 4701, 4716, 8475, 4687, 8475, 4711, - 4715, 4721, 4726, 4723, 4727, 4725, 4731, 4744, 4746, 4751, - 4742, 4748, 4752, 4757, 4747, 4754, 4737, 4761, 4762, 8475, - 4724, 4763, 4781, 4786, 4788, 4789, 4787, 4775, 8475, 4784, - 4800, 4782, 4805, 4803, 4806, 4810, 4812, 4823, 4826, 4815, - 4809, 4836, 4828, 4825, 4839, 4841, 4844, 4848, 8475, 4849, - 4850, 4862, 4858, 4852, 4867, 4857, 4853, 4856, 4870, 4872, - 4877, 4883, 4881, 4880, 4896, 4889, 4886, 4887, 4903, 4917, - 4897, 4907, 4905, 4915, 4925, 4923, 4930, 4936, 4940, 4929, - 4941, 4942, 4934, 4938, 4946, 4947, 4952, 4957, 8475, 4976, - - 4954, 4980, 4958, 4974, 4988, 4989, 4985, 4979, 4975, 4994, - 4999, 5003, 8475, 5005, 4997, 5006, 5002, 5012, 5001, 5022, - 5016, 5021, 5034, 5018, 5045, 5032, 5029, 5054, 5037, 5033, - 8475, 8475, 5047, 5040, 5048, 8475, 5059, 5049, 5067, 5066, - 5056, 5072, 5078, 5079, 5063, 5090, 5074, 5080, 8475, 5093, - 5107, 5083, 5101, 5114, 5116, 5113, 5117, 5110, 5104, 5102, - 5120, 5123, 5115, 5112, 5135, 5150, 5134, 5137, 5151, 8475, - 5146, 5145, 5153, 5156, 5149, 5142, 8475, 5169, 5170, 5180, - 5178, 5175, 5185, 5192, 5190, 5179, 5177, 5201, 5194, 5202, - 5204, 5214, 5196, 5205, 5225, 5232, 5230, 8475, 5227, 5228, - - 5223, 5240, 5242, 5253, 5250, 5251, 5238, 5257, 5246, 5261, - 8475, 5256, 5270, 5260, 5254, 5280, 5271, 5281, 5278, 8475, - 5282, 5273, 5291, 8475, 5283, 5301, 5303, 5304, 5295, 5287, - 5305, 5307, 5310, 5317, 8475, 5319, 8475, 5322, 5321, 5334, - 8475, 5328, 5329, 5331, 5327, 5338, 5345, 5352, 5359, 5344, - 5360, 5348, 5351, 5372, 5368, 5385, 5367, 8475, 5389, 5365, - 5379, 5397, 5393, 5392, 5384, 5408, 5394, 8475, 8475, 5382, - 8475, 5411, 5406, 5410, 8475, 5403, 5409, 5432, 5425, 5438, - 5441, 5444, 5440, 8475, 5447, 5431, 5445, 5452, 5435, 5464, - 5465, 5468, 5437, 5467, 5478, 8475, 5466, 5473, 5460, 5471, - - 5479, 5493, 5503, 5490, 8475, 5509, 5500, 5501, 5513, 5515, - 8475, 5512, 8475, 5507, 5523, 5526, 5529, 5524, 8475, 5542, - 5533, 5554, 5535, 5550, 5562, 5552, 5558, 5548, 5553, 5506, - 5567, 5565, 5560, 8475, 5577, 5583, 5576, 5585, 5587, 5581, - 5588, 5593, 5604, 5603, 5607, 5605, 5608, 5615, 5612, 5613, - 5623, 8475, 5640, 5624, 5633, 5661, 5628, 5635, 8475, 5645, - 5653, 5660, 8475, 5646, 5643, 5662, 5666, 5651, 5664, 5667, - 5681, 5684, 8475, 5685, 5688, 5686, 5696, 5698, 5693, 8475, - 8475, 5712, 8475, 5708, 5694, 5692, 5719, 5711, 5723, 5677, - 5733, 5716, 5721, 5743, 5744, 5738, 5757, 5758, 5759, 5752, - - 5748, 5741, 8475, 8475, 5762, 5765, 5763, 5773, 5776, 5769, - 5779, 5792, 5789, 5800, 5795, 5793, 5807, 8475, 5805, 5790, - 5808, 8475, 5786, 5818, 5803, 5814, 5828, 5813, 5827, 5815, - 5840, 5832, 5841, 5822, 5839, 5838, 5856, 5849, 5845, 5852, - 8475, 5869, 5866, 5867, 5864, 5868, 5878, 5879, 5889, 5881, - 8475, 5883, 5880, 5896, 5890, 5895, 5905, 5910, 5915, 5920, - 5906, 5922, 5930, 5932, 5934, 5938, 8475, 5945, 5919, 5933, - 5928, 5951, 5952, 5937, 5954, 5955, 5963, 5959, 5964, 5975, - 5976, 5970, 5978, 5971, 5980, 8475, 5983, 5989, 5990, 5992, - 5977, 6000, 5991, 6007, 5993, 6005, 5998, 6010, 6028, 8475, - - 6011, 6016, 6015, 6037, 6044, 6026, 6032, 6033, 8475, 6046, - 6034, 6042, 6038, 6059, 6060, 6036, 6066, 6061, 6080, 6081, - 8475, 6071, 6085, 6086, 6075, 6079, 6093, 6098, 6069, 8475, - 6110, 6111, 6106, 6128, 6108, 6136, 6119, 6127, 6109, 6126, - 6137, 6135, 6138, 6141, 6143, 6131, 6154, 6162, 6156, 8475, - 6149, 8475, 6164, 6174, 6183, 6179, 6170, 8475, 6166, 6168, - 6185, 6171, 6194, 8475, 6187, 6189, 6193, 6206, 8475, 6201, - 6217, 6207, 6211, 6224, 6228, 8475, 6225, 6233, 6232, 6244, - 6245, 6241, 6234, 6242, 6235, 6239, 6238, 6266, 8475, 6254, - 6270, 6276, 6272, 6269, 6259, 6283, 6282, 6275, 8475, 6284, - - 6271, 6281, 6293, 6286, 6292, 6316, 6297, 6317, 6304, 8475, - 6309, 6324, 6300, 6318, 6328, 8475, 8475, 6319, 6331, 6334, - 6314, 6341, 8475, 6343, 6359, 6350, 6338, 6354, 8475, 8475, - 6366, 8475, 6353, 8475, 6358, 6357, 8475, 8475, 6370, 6352, - 6377, 6383, 6376, 8475, 6387, 8475, 6396, 6391, 6379, 6385, - 6389, 8475, 6398, 6399, 6401, 8475, 6404, 6425, 6406, 6412, - 8475, 6408, 6410, 6414, 8475, 6435, 6430, 6437, 6428, 6434, - 6440, 6447, 6439, 6444, 6438, 6455, 6448, 6473, 6479, 6481, - 6483, 6484, 6474, 6470, 6485, 6491, 6493, 6477, 6487, 6476, - 6482, 6502, 6503, 6507, 6524, 6516, 6519, 6521, 6520, 6513, - - 6530, 6517, 6518, 6536, 6541, 6526, 6546, 6529, 6543, 6547, - 6570, 6563, 6560, 6565, 8475, 6558, 6556, 6559, 6581, 6577, - 6590, 6596, 6589, 6600, 6605, 8475, 6609, 8475, 6611, 6597, - 6602, 6607, 8475, 6594, 6617, 6598, 6623, 6621, 6625, 6628, - 6648, 8475, 6631, 6629, 6650, 6654, 8475, 6652, 6660, 6647, - 6653, 6656, 6667, 6666, 6673, 6669, 6670, 6668, 6699, 6674, - 6686, 6687, 6688, 6698, 6690, 6700, 6701, 6717, 6705, 6721, - 6708, 8475, 6722, 8475, 6715, 6726, 6727, 6716, 6733, 6732, - 6737, 8475, 8475, 6735, 6754, 6740, 6743, 6751, 6761, 6767, - 8475, 6759, 6772, 6773, 6762, 8475, 6760, 6770, 6777, 8475, - - 6779, 6783, 6789, 6795, 6786, 6808, 6804, 6802, 6796, 6803, - 6814, 8475, 8475, 8475, 8475, 6820, 6806, 6824, 6813, 6830, - 6818, 6825, 6837, 6829, 8475, 6846, 8475, 8475, 6845, 6853, - 6835, 6854, 6852, 6847, 6856, 6855, 8475, 6869, 6862, 6870, - 6873, 6868, 6878, 6891, 6894, 6883, 6885, 6896, 6902, 6905, - 6889, 6908, 6909, 6914, 8475, 8475, 6911, 6917, 6916, 6927, - 6915, 6932, 6944, 6941, 6943, 6940, 6935, 6947, 6951, 6946, - 8475, 6952, 6960, 8475, 6953, 8475, 6961, 6964, 6968, 6976, - 6972, 6985, 6996, 6991, 8475, 8475, 6979, 6982, 6988, 7001, - 6992, 6995, 6990, 7010, 7014, 8475, 7015, 8475, 7016, 7022, - - 7020, 7019, 7040, 7045, 7050, 7039, 7043, 7047, 8475, 7046, - 7035, 8475, 7054, 7042, 7049, 8475, 7060, 7059, 7065, 8475, - 7068, 7076, 7079, 8475, 7089, 8475, 7070, 7088, 7082, 7101, - 8475, 7078, 7099, 8475, 7102, 7104, 7105, 7097, 8475, 7095, - 8475, 7092, 7114, 7117, 7123, 7115, 7133, 7121, 7120, 7122, - 7148, 7146, 7147, 8475, 8475, 7158, 7129, 7135, 7139, 7161, - 7169, 7143, 7150, 7171, 8475, 8475, 7175, 8475, 7164, 7173, - 8475, 7162, 7181, 7188, 7185, 7165, 7177, 7195, 7193, 7194, - 7208, 7223, 7200, 7201, 7224, 7228, 7230, 7233, 7210, 7236, - 7218, 7221, 7235, 7222, 7239, 8475, 7254, 7261, 7249, 8475, - - 7270, 7265, 7273, 7274, 8475, 7275, 7268, 7269, 7271, 8475, - 7266, 7282, 7281, 7294, 7295, 7318, 7301, 7306, 8475, 8475, - 8475, 7311, 7290, 8475, 7319, 7309, 7299, 7302, 8475, 7322, - 7313, 8475, 8475, 7307, 7326, 7328, 7344, 8475, 7342, 8475, - 7336, 8475, 7351, 7355, 7363, 7352, 8475, 7362, 7369, 8475, - 7365, 7366, 7368, 7371, 7379, 7358, 7381, 8475, 7349, 7396, - 7397, 7403, 7387, 7388, 7406, 7392, 7417, 7391, 7420, 8475, - 7408, 7407, 7419, 8475, 7421, 8475, 7418, 7428, 7436, 7433, - 7434, 7432, 7444, 7448, 7430, 7462, 7445, 8475, 7465, 7470, - 8475, 7455, 8475, 7473, 8475, 7458, 7468, 7471, 7481, 8475, - - 7488, 7479, 7467, 7477, 8475, 7492, 7491, 7502, 8475, 8475, - 7489, 7512, 7516, 7500, 7510, 7524, 7508, 7525, 7519, 7529, - 7513, 7536, 7515, 7535, 7539, 7541, 7542, 7549, 8475, 8475, - 8475, 7546, 7555, 7569, 7553, 7551, 7572, 7552, 8475, 7578, - 7579, 7568, 7593, 7573, 7589, 8475, 7592, 7582, 7585, 8475, - 7598, 7603, 7599, 7608, 7602, 7613, 7615, 7623, 7619, 8475, - 7627, 8475, 8475, 7614, 8475, 7610, 7616, 7617, 7635, 8475, - 7645, 7634, 7637, 7643, 7647, 8475, 7658, 7649, 7654, 7650, - 8475, 8475, 7656, 8475, 7667, 7663, 7664, 7676, 7674, 7672, - 7687, 7683, 8475, 7677, 7682, 7684, 7681, 7692, 8475, 7704, - - 7699, 7701, 7703, 7709, 7690, 7717, 7711, 7736, 8475, 8475, - 7720, 7724, 8475, 8475, 7722, 7742, 7739, 8475, 8475, 8475, - 7746, 8475, 7752, 7757, 7759, 7773, 7749, 8475, 7760, 7747, - 7761, 8475, 7758, 7762, 7772, 7781, 8475, 8475, 7766, 7776, - 7786, 7785, 7780, 8475, 7779, 7787, 7800, 7798, 7811, 7804, - 7810, 7817, 7835, 7821, 7807, 7818, 7820, 7831, 7834, 7824, - 7840, 7844, 8475, 8475, 7850, 8475, 8475, 7852, 7854, 7855, - 7857, 7864, 7865, 7869, 8475, 7863, 7873, 7866, 7862, 7858, - 8475, 7861, 7883, 7871, 7881, 7885, 7902, 7889, 7887, 8475, - 8475, 7888, 7892, 7891, 7908, 7893, 8475, 7920, 7930, 7912, - - 7922, 7913, 7910, 7918, 8475, 7931, 8475, 8475, 8475, 8475, - 8475, 8475, 8475, 8475, 7938, 8475, 7929, 7943, 7948, 7951, - 8475, 7937, 7953, 7959, 7947, 7952, 8475, 7949, 7970, 7977, - 7969, 7968, 7984, 7975, 7973, 7987, 7990, 7976, 7998, 7995, - 8000, 8002, 8475, 8475, 8475, 8004, 8003, 8021, 8015, 8026, - 8034, 8036, 8037, 8019, 8029, 8041, 8047, 8050, 8014, 8042, - 7957, 8040, 8053, 8058, 8045, 8051, 8059, 8475, 8068, 8475, - 8071, 8475, 8475, 8075, 8087, 8082, 8072, 8097, 8098, 8080, - 8092, 8077, 8101, 8475, 8085, 8093, 8475, 8108, 8099, 8475, - 8107, 8124, 8112, 8123, 8125, 8118, 8139, 8141, 8475, 8128, - - 8135, 8140, 8142, 8152, 8116, 8160, 8165, 8167, 8169, 8158, - 8181, 8178, 8184, 8182, 8475, 8179, 8171, 8186, 8176, 8188, - 8196, 8199, 8187, 8475, 8201, 8475, 8212, 8221, 8214, 8205, - 8216, 8223, 8237, 8220, 8227, 8475, 8229, 8241, 8234, 8243, - 8248, 8254, 8251, 8247, 8272, 8268, 8275, 8279, 8276, 8280, - 8265, 8285, 8269, 8475, 8289, 8278, 8475, 8286, 8293, 8282, - 8300, 8307, 8475, 8294, 8303, 8304, 8325, 8329, 8330, 8475, - 8332, 8333, 8331, 8475, 8334, 8475, 8475, 8335, 8317, 8324, - 8341, 8342, 8475, 8475, 8475, 8383, 8390, 8397, 8404, 8411, - 83, 8418, 8425, 8432, 8439, 8446, 8453, 8460, 8467 - + 131, 137, 112, 118, 123, 142, 476, 428, 96, 8937, + 8937, 8937, 160, 185, 116, 183, 229, 132, 175, 173, + 232, 50, 66, 120, 263, 275, 145, 319, 134, 371, + 412, 286, 308, 283, 126, 237, 419, 8937, 8937, 8937, + 95, 418, 8937, 8937, 8937, 186, 394, 423, 8937, 8937, + 8937, 258, 366, 8937, 8937, 8937, 104, 347, 8937, 266, + 8937, 167, 349, 346, 376, 8937, 8937, 8937, 356, 303, + 8937, 8937, 8937, 146, 281, 368, 234, 0, 388, 0, + 0, 291, 270, 235, 193, 259, 339, 367, 340, 177, + + 226, 395, 373, 384, 377, 368, 410, 411, 309, 429, + 357, 408, 438, 444, 416, 458, 455, 443, 467, 480, + 471, 452, 469, 479, 484, 501, 489, 498, 494, 505, + 513, 528, 500, 514, 523, 540, 363, 522, 519, 554, + 539, 250, 549, 573, 571, 566, 550, 535, 576, 600, + 585, 558, 595, 586, 601, 603, 273, 179, 268, 205, + 208, 648, 241, 194, 187, 180, 654, 660, 0, 605, + 138, 664, 168, 128, 341, 609, 652, 639, 644, 654, + 653, 655, 646, 668, 667, 650, 666, 673, 651, 680, + 697, 256, 706, 750, 703, 696, 692, 710, 712, 701, + + 694, 723, 716, 724, 731, 707, 740, 730, 756, 757, + 798, 758, 749, 776, 290, 767, 805, 325, 760, 779, + 806, 787, 783, 807, 810, 814, 786, 809, 817, 801, + 824, 825, 819, 840, 850, 849, 841, 843, 842, 865, + 861, 845, 860, 851, 876, 877, 880, 874, 879, 897, + 883, 891, 886, 910, 889, 914, 900, 901, 916, 919, + 935, 925, 929, 909, 928, 922, 938, 937, 920, 946, + 927, 943, 968, 961, 964, 973, 956, 960, 958, 965, + 978, 972, 987, 991, 988, 980, 187, 984, 1003, 1008, + 996, 995, 1013, 1015, 1011, 1017, 1030, 1014, 1032, 1031, + + 1037, 1041, 1047, 1029, 1054, 1043, 1049, 1044, 1039, 1050, + 1066, 1055, 1076, 1064, 1068, 1084, 1070, 1096, 1075, 1103, + 1098, 1092, 1135, 1097, 1090, 1100, 1136, 1115, 1109, 1134, + 1148, 1164, 1162, 1166, 1143, 1160, 1163, 1121, 1171, 1187, + 1179, 1190, 1185, 1110, 1180, 1189, 1206, 1208, 8937, 1198, + 1214, 1207, 1221, 1232, 1225, 1215, 1246, 1196, 1250, 1213, + 1140, 1234, 1266, 1314, 1254, 1223, 1253, 1257, 1271, 8937, + 1294, 1277, 1363, 1292, 1273, 1263, 1299, 1295, 1301, 1296, + 1318, 1312, 1259, 1323, 1309, 1332, 1357, 1344, 1354, 1360, + 1368, 1364, 1370, 1373, 1371, 1388, 1391, 1397, 1394, 1389, + + 1401, 1415, 1424, 1399, 1409, 1413, 1418, 1281, 1435, 1423, + 1430, 1438, 1441, 1416, 1447, 1451, 1453, 1461, 1462, 1468, + 1475, 1476, 1477, 1465, 1478, 1487, 1490, 1494, 1489, 1500, + 1502, 1386, 1514, 1510, 1506, 1527, 1520, 1516, 1511, 1525, + 1534, 1544, 1528, 1529, 1517, 1536, 1557, 1561, 1552, 1567, + 1569, 1556, 1572, 1426, 8937, 1580, 1576, 1578, 1584, 1562, + 1590, 8937, 1592, 1594, 1601, 1595, 1589, 1611, 1613, 1609, + 1619, 1628, 1620, 1617, 1638, 1629, 1640, 1653, 1637, 1647, + 1641, 1639, 1658, 1664, 1657, 1668, 1659, 1674, 1670, 1720, + 8937, 1661, 1667, 1688, 1684, 1689, 1700, 1724, 1708, 1717, + + 1738, 1716, 1763, 1743, 1711, 1748, 1742, 1773, 1751, 1778, + 1765, 1760, 1767, 1718, 1761, 1786, 1784, 1758, 1781, 1806, + 8937, 1788, 1798, 1819, 1804, 1807, 1808, 1803, 1811, 1608, + 1824, 1823, 1830, 1813, 1837, 1846, 1833, 1847, 1840, 1853, + 1844, 1850, 1857, 1863, 1859, 1854, 1887, 1881, 1861, 1869, + 1896, 1876, 1898, 1904, 1906, 1886, 1897, 1905, 1890, 1903, + 1912, 1913, 1893, 1922, 1924, 1917, 1925, 1908, 1942, 1930, + 1927, 1943, 1932, 1955, 1944, 1959, 1954, 1949, 1956, 1973, + 1952, 1969, 8937, 1985, 1982, 1992, 1994, 1996, 1999, 2003, + 1988, 1979, 2000, 2019, 2009, 1990, 2013, 2024, 2023, 2022, + + 2030, 2031, 2021, 2046, 2041, 2055, 2053, 2040, 2057, 2047, + 2060, 2058, 2067, 2073, 2059, 2097, 2068, 2080, 2091, 2082, + 2079, 2090, 2100, 2092, 2088, 2094, 2126, 2109, 2118, 2108, + 2146, 2121, 2106, 2132, 2123, 2141, 2133, 2136, 2137, 2147, + 2145, 2152, 2158, 2167, 2160, 2168, 2159, 2161, 2172, 2181, + 2195, 2186, 2179, 2178, 2182, 2194, 2199, 2203, 2202, 2213, + 2214, 2207, 2221, 2215, 2234, 2218, 2225, 2239, 2244, 2240, + 2250, 2241, 2248, 2246, 2263, 2252, 2267, 2268, 2278, 2265, + 2273, 2279, 2277, 2293, 2299, 2303, 2294, 2282, 2295, 2297, + 2296, 2319, 2327, 2331, 2323, 8937, 2314, 2344, 2320, 2338, + + 2337, 2318, 2330, 2356, 2345, 2354, 2350, 2357, 2346, 2408, + 8937, 2347, 8937, 8937, 2370, 8937, 8937, 2369, 2373, 8937, + 2385, 2376, 2394, 2406, 2414, 2405, 2381, 2397, 2402, 2409, + 2457, 2418, 2425, 2421, 2426, 2453, 2465, 2455, 2466, 2472, + 2470, 2463, 2474, 2495, 2479, 2503, 2496, 2488, 2506, 2489, + 2492, 2504, 2516, 2498, 2514, 2519, 2524, 2533, 2499, 2436, + 2544, 2529, 2557, 8937, 2548, 2523, 2559, 2556, 2563, 2562, + 2558, 2560, 2566, 2567, 2569, 2552, 2573, 2574, 2579, 2582, + 2590, 2594, 2608, 2588, 8937, 2601, 2603, 2587, 2613, 2614, + 2616, 2615, 2617, 2597, 2624, 2635, 2632, 2651, 2638, 2636, + + 2645, 2637, 2663, 8937, 2665, 2656, 2649, 2664, 2650, 2675, + 2679, 2662, 2680, 2676, 2681, 2682, 2687, 2691, 2641, 2706, + 2707, 2697, 2703, 2714, 2709, 2724, 2721, 2708, 2730, 2718, + 2732, 2733, 2727, 2742, 2743, 2757, 2767, 2744, 2769, 2748, + 2777, 2778, 2770, 2760, 2771, 2776, 2765, 2788, 2782, 2790, + 2784, 2787, 2804, 2792, 2807, 2803, 2817, 2828, 2809, 2829, + 2825, 2810, 2815, 2836, 2819, 8937, 2816, 2831, 8937, 2827, + 2843, 2889, 2849, 2853, 2846, 2866, 2844, 2875, 2870, 2868, + 2876, 2872, 2920, 2895, 2887, 2907, 2902, 2921, 2906, 2919, + 2916, 2914, 2925, 2931, 2943, 2880, 2947, 2954, 433, 2960, + + 2934, 2945, 2941, 2991, 2957, 2966, 2961, 2967, 2976, 2968, + 2974, 2993, 2989, 2994, 2985, 3018, 3003, 8937, 3019, 3012, + 3006, 3014, 3033, 3024, 3028, 8937, 3034, 3039, 3037, 3036, + 3049, 3038, 3054, 3042, 3063, 3051, 3055, 3064, 3070, 3066, + 3075, 3041, 8937, 3080, 8937, 3074, 3083, 3068, 3091, 3090, + 3094, 3106, 3107, 8937, 8937, 3115, 3104, 3121, 3129, 3114, + 8937, 3110, 3150, 3124, 3140, 3130, 3138, 3145, 3141, 3133, + 3147, 3168, 3149, 3171, 3160, 3173, 3165, 8937, 3177, 3163, + 3176, 3186, 3166, 3189, 3192, 3187, 8937, 3195, 3196, 3204, + 3188, 3217, 3211, 3207, 3224, 3228, 3214, 3216, 3213, 3239, + + 3223, 3250, 3251, 3243, 3244, 3252, 3258, 8937, 3246, 3241, + 3263, 3260, 3267, 3271, 3272, 3256, 3270, 3279, 3283, 3284, + 3275, 3288, 3277, 3308, 3310, 3297, 3309, 3317, 3299, 3305, + 3313, 91, 3303, 3320, 3315, 3306, 8937, 3324, 3328, 3330, + 115, 3335, 3338, 3342, 3355, 3357, 3359, 3344, 3368, 3372, + 3369, 3371, 3370, 3365, 3376, 3378, 3389, 3388, 3387, 3393, + 3392, 8937, 3385, 3395, 3400, 3398, 3417, 3406, 3427, 8937, + 3420, 3428, 3425, 3437, 3435, 3434, 3436, 3452, 3431, 3451, + 3462, 3453, 3465, 3469, 3470, 3463, 8937, 3483, 3479, 3480, + 3466, 3490, 3487, 3493, 3473, 3501, 3500, 3509, 3508, 3498, + + 3512, 3507, 3510, 3515, 3532, 3525, 3527, 3529, 3535, 8937, + 3546, 3530, 3541, 3553, 3543, 3559, 3554, 3583, 3550, 3565, + 3562, 3584, 3608, 3574, 3588, 3599, 3602, 3593, 3596, 3609, + 3614, 3623, 3606, 3618, 3636, 3644, 3632, 3624, 3629, 3633, + 3656, 3581, 3650, 3662, 3667, 3665, 3669, 3692, 3671, 3686, + 3664, 8937, 3678, 3688, 3689, 3684, 3722, 3705, 3696, 3699, + 3711, 3715, 3702, 3717, 3713, 3748, 3745, 3739, 3741, 3751, + 3743, 3744, 3732, 3733, 3759, 3503, 3752, 3761, 3760, 8937, + 3766, 3771, 3773, 3772, 3790, 3775, 3797, 3800, 3799, 3784, + 3785, 3807, 3789, 3810, 3794, 3815, 3816, 3821, 3811, 8937, + + 3827, 3824, 3840, 3832, 3844, 3847, 3848, 3856, 3857, 3859, + 3817, 3854, 3862, 3850, 8937, 3870, 3873, 3874, 3875, 3883, + 3876, 3867, 3893, 3884, 8937, 3894, 3887, 3885, 3903, 3918, + 3910, 8937, 3920, 3912, 3897, 3911, 3913, 3915, 3924, 3921, + 3930, 3931, 3951, 3946, 3938, 3957, 8937, 3944, 3969, 3948, + 3958, 3964, 3960, 3965, 3982, 3990, 3977, 3979, 3988, 8937, + 3984, 3999, 3994, 4019, 3991, 4007, 4013, 4011, 4015, 4017, + 4018, 4021, 8937, 4022, 4034, 4037, 4038, 4047, 4049, 4050, + 4058, 4044, 4053, 4043, 4060, 4066, 4070, 4068, 4079, 4083, + 4074, 4082, 4097, 4090, 4101, 4087, 4099, 4106, 4095, 4109, + + 4122, 4126, 8937, 4112, 4117, 4128, 4113, 4115, 4130, 4134, + 4142, 4132, 4138, 4155, 4148, 4144, 4181, 4183, 4147, 4165, + 4158, 4161, 4175, 4186, 4176, 4178, 4179, 4201, 4194, 4174, + 4214, 4193, 4209, 4219, 4204, 4210, 4211, 4213, 4220, 4222, + 4218, 4247, 4241, 4239, 4235, 4252, 4249, 4259, 4240, 4246, + 4245, 4281, 8937, 4266, 4264, 4250, 4268, 4278, 4289, 4292, + 4303, 4286, 4291, 4302, 4295, 4305, 4313, 4317, 4318, 4322, + 4312, 8937, 4319, 8937, 4320, 4343, 4324, 4328, 4330, 8937, + 4342, 8937, 4351, 4353, 4340, 4345, 8937, 4355, 4339, 4362, + 4372, 4364, 4363, 4368, 4369, 4378, 4375, 4385, 4386, 4382, + + 4383, 4406, 4401, 4398, 4412, 4403, 4393, 4419, 4402, 4425, + 4405, 4429, 4432, 4428, 4433, 8937, 4437, 4435, 4430, 4444, + 4449, 4452, 4445, 4460, 4472, 4453, 4462, 4474, 4476, 4464, + 4488, 4487, 4491, 4478, 4499, 8937, 4493, 4502, 4494, 4500, + 8937, 4511, 4504, 4521, 4523, 4518, 4512, 4520, 4533, 4540, + 4519, 4542, 4538, 4568, 4517, 4548, 4563, 8937, 4543, 4551, + 4562, 4569, 4561, 4578, 4579, 4575, 4590, 4597, 4589, 4595, + 4592, 4585, 4580, 4612, 4602, 4625, 4618, 4630, 4603, 4627, + 4628, 4629, 4620, 4613, 4616, 4635, 4637, 4646, 4654, 4655, + 4653, 4647, 4650, 4657, 4648, 8937, 4672, 4659, 4678, 4686, + + 4673, 4675, 4677, 4685, 4681, 4692, 4684, 4711, 4705, 8937, + 4709, 8937, 4700, 4719, 4726, 4731, 4727, 4715, 4732, 4737, + 4728, 4738, 4740, 4756, 4744, 4753, 4764, 4751, 4765, 4766, + 4749, 4779, 4762, 4768, 4767, 4772, 4771, 4791, 8937, 8937, + 4780, 4792, 4814, 4795, 4807, 4812, 4820, 4819, 4818, 4806, + 4832, 4809, 4825, 8937, 4842, 4834, 4838, 4852, 4845, 4846, + 4863, 4871, 4862, 4873, 4868, 8937, 4850, 4861, 4876, 4865, + 4890, 4886, 8937, 4877, 8937, 4887, 4888, 4900, 4901, 4869, + 4898, 4902, 4904, 4919, 4926, 4927, 4917, 4923, 4912, 4924, + 4922, 4934, 4929, 4933, 4936, 4944, 8937, 4948, 4938, 4960, + + 4961, 4965, 4967, 4968, 4953, 8937, 4969, 4963, 4973, 4979, + 4974, 4983, 4984, 4993, 5005, 4997, 5003, 4995, 4996, 5022, + 5006, 5001, 5020, 5021, 5024, 5031, 8937, 5030, 5028, 5043, + 5040, 5032, 5048, 5049, 5036, 5038, 5051, 5054, 5061, 5063, + 5064, 5062, 5065, 5077, 5075, 5078, 5101, 5089, 5088, 5085, + 5091, 5087, 8937, 5100, 5104, 5090, 5121, 5118, 5125, 5122, + 5129, 5116, 5138, 5140, 5130, 5133, 5139, 5158, 5147, 5152, + 8937, 5149, 5146, 5163, 5144, 5167, 5172, 5174, 5178, 5182, + 5194, 5168, 5173, 5185, 5184, 8937, 5192, 5189, 5196, 5211, + 5199, 5191, 5215, 5209, 5216, 5217, 5201, 5231, 5219, 5223, + + 5246, 5248, 5233, 8937, 8937, 5252, 5230, 5254, 8937, 5256, + 5240, 5267, 5268, 5249, 5262, 5264, 5260, 5258, 5285, 5273, + 5287, 8937, 5288, 5283, 5281, 5295, 5310, 5311, 5307, 5304, + 5308, 5296, 5300, 5306, 5321, 5314, 5313, 5341, 5326, 5330, + 5327, 5334, 5351, 8937, 5336, 5338, 5345, 5352, 5343, 5358, + 8937, 5348, 5376, 5375, 5377, 5364, 5384, 5379, 5392, 5372, + 5382, 5378, 5405, 5394, 5398, 5389, 5411, 5407, 5401, 5428, + 5423, 8937, 5421, 5420, 5413, 5435, 8937, 5442, 5449, 5448, + 5451, 5438, 5447, 5454, 5456, 8937, 5455, 5457, 5458, 5446, + 5473, 5450, 5485, 5481, 5475, 8937, 5477, 5476, 5491, 8937, + + 5498, 5504, 5490, 5492, 5500, 5511, 5503, 5502, 5515, 5517, + 8937, 5519, 8937, 5530, 5523, 5536, 8937, 5527, 5528, 5538, + 5541, 5547, 5544, 5553, 5542, 5552, 5555, 5550, 5560, 5554, + 5557, 5584, 5595, 5574, 5582, 5576, 5579, 8937, 5596, 5580, + 5590, 5603, 5601, 5600, 5611, 5609, 5602, 8937, 8937, 5613, + 8937, 5630, 5618, 5627, 8937, 5629, 5635, 5651, 5631, 5646, + 5650, 5653, 5655, 8937, 5657, 5645, 5661, 5665, 5659, 5662, + 5673, 5675, 5684, 5671, 5686, 5698, 8937, 5679, 5691, 5705, + 5689, 5695, 5706, 5714, 5700, 8937, 5716, 5727, 5722, 5730, + 5731, 8937, 5728, 8937, 5732, 5736, 5739, 5758, 5734, 8937, + + 5766, 5755, 5752, 5744, 5771, 5772, 5778, 5779, 5763, 5780, + 5791, 5787, 5762, 5786, 8937, 5785, 5795, 5788, 5815, 5802, + 5803, 5825, 5819, 5826, 5814, 5829, 5833, 5822, 5838, 5846, + 5831, 5830, 5836, 8937, 5859, 5867, 5849, 5880, 5873, 5865, + 8937, 5866, 5874, 5883, 8937, 5872, 5864, 5881, 5887, 5895, + 5898, 5902, 5905, 5906, 8937, 5908, 5911, 5904, 5922, 5925, + 5917, 8937, 8937, 5936, 8937, 5931, 5933, 5944, 5943, 5914, + 5953, 5965, 5958, 5968, 5954, 5970, 5971, 5964, 5957, 6007, + 5907, 5983, 5969, 5982, 5985, 8937, 8937, 5987, 6010, 5999, + 5993, 6012, 6003, 6000, 6021, 6014, 6022, 6024, 6026, 6027, + + 8937, 6029, 6035, 6039, 6037, 8937, 6034, 6042, 6044, 6050, + 6063, 6054, 6060, 6053, 6070, 6056, 6079, 6081, 6074, 6083, + 6087, 6084, 6090, 6093, 6091, 6101, 6107, 8937, 6114, 6102, + 6105, 6103, 6111, 6118, 6106, 6130, 6123, 8937, 6128, 6139, + 6147, 6153, 6145, 6146, 6148, 6162, 6159, 6165, 6166, 6155, + 6175, 6182, 6177, 6173, 8937, 6179, 6187, 6190, 6185, 6196, + 6198, 6200, 6199, 6195, 6201, 6205, 6211, 6215, 6229, 6217, + 6221, 6222, 6214, 8937, 6234, 6235, 6226, 6250, 6237, 6246, + 6248, 6253, 6259, 6249, 6256, 6265, 6267, 8937, 6270, 6262, + 6272, 6289, 6274, 6281, 6283, 6276, 6292, 8937, 6302, 6286, + + 6297, 6295, 6303, 6305, 6299, 6327, 6326, 6336, 6339, 8937, + 6329, 6340, 6344, 6312, 6333, 6353, 6356, 6317, 8937, 6370, + 6372, 6363, 6352, 6360, 6387, 6380, 6384, 6366, 6379, 6393, + 6386, 6394, 6400, 6401, 6411, 6399, 6405, 6413, 8937, 6404, + 8937, 6406, 6428, 6439, 6434, 6436, 6426, 8937, 6431, 6433, + 6445, 6442, 6450, 8937, 6452, 6438, 6456, 6455, 8937, 6475, + 6480, 6468, 6477, 6487, 6491, 8937, 6490, 6493, 6494, 6498, + 6502, 6497, 6500, 6495, 6507, 6501, 6516, 6512, 6510, 6515, + 6518, 6536, 8937, 6540, 6543, 6547, 6545, 6539, 6529, 6551, + 6552, 6556, 8937, 6557, 6533, 6534, 6571, 6560, 6566, 6583, + + 6570, 6584, 6574, 8937, 6582, 6579, 6597, 6604, 6599, 6598, + 8937, 8937, 6589, 6613, 6605, 6610, 6617, 8937, 6616, 6628, + 6621, 6638, 6630, 8937, 8937, 6642, 8937, 6631, 8937, 6632, + 6634, 8937, 8937, 6647, 6627, 6651, 6657, 6664, 8937, 6667, + 8937, 6673, 6669, 6655, 6659, 6680, 8937, 6668, 6663, 6672, + 8937, 6679, 6697, 6683, 6678, 8937, 6703, 6706, 6692, 6686, + 8937, 6715, 6717, 6713, 6705, 6712, 6720, 6724, 6708, 6727, + 6734, 6732, 6735, 6751, 6757, 6758, 6760, 6763, 6753, 6748, + 6762, 6768, 6770, 6764, 6774, 6752, 6761, 6781, 6783, 6800, + 6805, 6795, 6797, 6804, 6803, 6787, 6812, 6796, 6798, 6819, + + 6826, 6794, 6821, 6824, 6825, 6836, 6828, 6853, 6847, 6842, + 6843, 8937, 6848, 6838, 6855, 6868, 6845, 6874, 6883, 6873, + 6889, 6890, 8937, 6893, 8937, 6895, 6881, 6886, 6884, 6877, + 8937, 6882, 6907, 6905, 6908, 6922, 6913, 6910, 6916, 6920, + 6923, 6943, 8937, 6942, 6924, 6939, 6945, 8937, 6947, 6953, + 6949, 6959, 6954, 6963, 6964, 6966, 6969, 6960, 6962, 6992, + 6995, 7002, 6980, 6986, 6981, 6994, 6983, 6996, 7009, 7013, + 7017, 7018, 7024, 8937, 7012, 8937, 7023, 7019, 7021, 7029, + 7030, 7034, 7036, 8937, 8937, 7044, 7050, 7052, 7051, 7056, + 7067, 7065, 8937, 7057, 7071, 7068, 7060, 8937, 7070, 7083, + + 7084, 7086, 8937, 7078, 7079, 7105, 7089, 7095, 7107, 7113, + 7099, 7111, 7112, 7119, 8937, 8937, 8937, 8937, 7120, 7101, + 7125, 7116, 7131, 7128, 7133, 7149, 7138, 8937, 7157, 8937, + 8937, 7154, 7156, 7148, 7158, 7160, 7147, 7164, 7169, 8937, + 7152, 7165, 7193, 7184, 7178, 7182, 7201, 7195, 7203, 7188, + 7189, 7007, 7205, 7211, 7204, 7209, 7213, 7217, 8937, 8937, + 7229, 7218, 7220, 7248, 7222, 7246, 7238, 7226, 7253, 7250, + 7249, 7244, 7254, 7239, 7266, 7268, 7265, 7271, 8937, 7267, + 7261, 8937, 7278, 8937, 7269, 7295, 7284, 7291, 7294, 7297, + 7307, 7305, 8937, 8937, 8937, 7293, 7289, 7296, 7313, 7318, + + 7316, 7311, 7319, 7328, 8937, 7329, 8937, 7330, 7345, 7348, + 7333, 7356, 7359, 7364, 7361, 7354, 7360, 8937, 7357, 7355, + 8937, 7363, 7382, 7383, 8937, 7372, 7352, 7378, 7380, 8937, + 7401, 7399, 7397, 8937, 7404, 8937, 7386, 7407, 7405, 7416, + 8937, 7388, 7413, 8937, 7418, 7419, 7424, 7409, 8937, 7420, + 8937, 7428, 7437, 7441, 7450, 7443, 7452, 7440, 7439, 7445, + 7461, 7460, 7467, 8937, 8937, 73, 7478, 7466, 7454, 7456, + 7484, 7468, 7472, 7487, 7482, 8937, 8937, 7495, 8937, 7488, + 7499, 8937, 7479, 7505, 7506, 7503, 7514, 7510, 7516, 7498, + 7513, 7524, 7539, 7530, 7526, 7541, 7559, 7533, 7556, 7557, + + 7560, 7563, 7566, 7546, 7565, 7554, 7569, 7571, 7555, 7579, + 8937, 7578, 7597, 7585, 8937, 7604, 7601, 7609, 7605, 8937, + 7611, 7606, 7607, 7612, 8937, 7596, 7613, 7625, 7635, 7630, + 7651, 7634, 7640, 7646, 8937, 8937, 8937, 7648, 7654, 8937, + 7655, 7652, 7633, 7641, 8937, 7656, 7657, 8937, 8937, 7662, + 7661, 7671, 7668, 8937, 7678, 8937, 7673, 8937, 7696, 7697, + 7698, 7695, 8937, 7703, 7705, 8937, 7707, 7710, 7711, 7718, + 7692, 7721, 7715, 8937, 7746, 7738, 7739, 7749, 7732, 7741, + 7730, 7747, 7737, 7761, 7733, 7762, 8937, 7759, 7764, 7767, + 7774, 7765, 7766, 7777, 8937, 7783, 8937, 7782, 7785, 7796, + + 7778, 7790, 7788, 7805, 7811, 7792, 7803, 7801, 8937, 7821, + 7826, 8937, 7808, 8937, 7831, 8937, 7823, 7825, 7828, 7832, + 8937, 7836, 7822, 7834, 7827, 8937, 7850, 7848, 7853, 7860, + 8937, 8937, 7847, 7870, 7871, 7859, 7879, 7882, 7863, 7885, + 7880, 7884, 7868, 7875, 7873, 7889, 7894, 7896, 7902, 7912, + 8937, 8937, 8937, 7910, 7897, 7930, 7926, 7924, 7935, 7915, + 8937, 7929, 7936, 7938, 7928, 7940, 7941, 7945, 8937, 7952, + 7948, 7921, 7956, 7950, 7957, 7962, 8937, 7978, 7980, 7977, + 7967, 7983, 7987, 7990, 7992, 7994, 8937, 7995, 8937, 8937, + 7993, 8937, 7975, 7979, 7989, 8017, 8937, 8000, 8009, 8005, + + 8004, 8029, 8030, 8937, 8038, 8014, 8016, 8032, 8937, 8937, + 8042, 8937, 8046, 8043, 8033, 8054, 8039, 8045, 8055, 8058, + 8937, 8056, 8057, 8062, 8059, 8073, 8937, 8060, 8069, 8072, + 8081, 8937, 8075, 8089, 8094, 8070, 8102, 8937, 8104, 8090, + 8118, 8117, 8937, 8103, 8113, 8937, 8937, 8114, 8124, 8121, + 8937, 8937, 8937, 8127, 8937, 8133, 8144, 8148, 8157, 8131, + 8937, 8159, 8143, 8149, 8937, 8937, 8145, 8146, 8162, 8164, + 8937, 8937, 8152, 8171, 8170, 8160, 8153, 8937, 8181, 8173, + 8184, 8183, 8202, 8188, 8201, 8204, 8219, 8212, 8193, 8207, + 8196, 8220, 8227, 8223, 8221, 8229, 8230, 8235, 8237, 8233, + + 8937, 8937, 8241, 8937, 8937, 8251, 8253, 8255, 8258, 8261, + 8266, 8267, 8937, 8262, 8270, 8263, 8264, 8254, 8937, 8256, + 8273, 8269, 8279, 8283, 8285, 8289, 8287, 8937, 8937, 8290, + 8302, 8294, 8306, 8291, 8937, 8312, 8328, 8310, 8321, 8311, + 8322, 8325, 8937, 8337, 8318, 8937, 8937, 8329, 8937, 8937, + 8937, 8937, 8937, 8937, 8937, 8937, 8347, 8937, 8333, 8358, + 8359, 8361, 8937, 8339, 8354, 8365, 8352, 8364, 8937, 8353, + 8371, 8370, 8381, 8379, 8386, 8380, 8385, 8397, 8368, 8391, + 8402, 8392, 8410, 8405, 8403, 8420, 8937, 8937, 8937, 8413, + 8414, 8433, 8429, 8435, 8444, 8436, 8439, 8432, 8428, 8443, + + 8452, 8453, 8442, 8449, 8473, 8460, 8465, 8476, 8462, 8483, + 8471, 8469, 8490, 8937, 8478, 8937, 8479, 8937, 8937, 8495, + 8498, 8494, 8492, 8512, 8517, 8500, 8503, 8504, 8513, 8528, + 8532, 8937, 8515, 8526, 8937, 8520, 8529, 8937, 8531, 8530, + 8545, 8539, 8541, 8548, 8544, 8560, 8569, 8937, 8937, 8550, + 8556, 8561, 8582, 8579, 8590, 8585, 8588, 8594, 8595, 8583, + 8603, 8937, 8589, 8609, 8604, 8937, 8601, 8606, 8611, 8615, + 8616, 8613, 8620, 8610, 8937, 8643, 8937, 8619, 8642, 8648, + 8630, 8636, 8645, 8659, 8662, 8652, 8937, 8647, 8663, 8669, + 8676, 8682, 8679, 8686, 8678, 8668, 8694, 8696, 8701, 8695, + + 8700, 8689, 8709, 8711, 8937, 8712, 8713, 8937, 8726, 8728, + 8718, 8723, 8716, 8937, 8719, 8729, 8735, 8746, 8749, 8744, + 8937, 8752, 8761, 8756, 8937, 8760, 8937, 8937, 8762, 8753, + 8758, 8766, 8768, 8937, 8937, 8937, 8817, 8824, 8831, 8838, + 8845, 8852, 8859, 102, 8866, 8873, 8880, 8887, 8894, 8901, + 8908, 8915, 8922, 8929 } ; -static const flex_int16_t yy_def[3000] = +static const flex_int16_t yy_def[3155] = { 0, - 2985, 1, 2986, 2986, 2987, 2987, 2988, 2988, 2989, 2989, - 2990, 2990, 2985, 2991, 2985, 2985, 2985, 2985, 2992, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2993, 2985, 2985, 2985, 2993, 2994, 2985, 2985, - 2985, 2994, 2995, 2985, 2985, 2985, 2985, 2995, 2996, 2985, - 2985, 2985, 2996, 2997, 2985, 2998, 2985, 2997, 2997, 2991, - 2991, 2985, 2999, 2992, 2999, 2992, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2993, 2993, 2994, 2994, 2995, 2995, 2985, 2996, 2996, 2997, - 2997, 2998, 2998, 2997, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2997, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2985, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2985, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2997, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2985, 2991, - 2991, 2991, 2991, 2991, 2991, 2985, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2985, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2985, 2991, 2997, 2991, 2991, 2991, - - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2985, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2997, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2985, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2985, 2991, 2985, 2985, 2991, 2985, 2985, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2985, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2985, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2985, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2997, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2985, 2991, 2991, 2985, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2985, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - - 2991, 2991, 2991, 2985, 2991, 2985, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2985, 2985, 2991, 2991, 2991, 2991, - 2991, 2985, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2985, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2985, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2985, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2985, 2991, 2991, 2997, 2991, - - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2985, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2985, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2985, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2985, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - - 2991, 2991, 2991, 2991, 2985, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2985, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2985, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2985, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2985, 2991, 2991, 2991, 2991, - 2991, 2985, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2985, 2991, 2991, 2991, - - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2985, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2985, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2985, 2991, 2991, 2991, - - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2985, 2991, 2985, 2991, 2991, 2991, - 2991, 2991, 2985, 2991, 2985, 2991, 2991, 2991, 2991, 2985, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2985, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2985, 2991, 2991, 2991, - 2991, 2985, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2985, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2985, 2991, 2985, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2985, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2985, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2985, - - 2991, 2991, 2991, 2991, 2991, 2991, 2985, 2991, 2985, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2985, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2985, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2985, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2985, 2991, - - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2985, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2985, 2985, 2991, 2991, 2991, 2985, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2985, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2985, - 2991, 2991, 2991, 2991, 2991, 2991, 2985, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2985, 2991, 2991, - - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2985, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2985, - 2991, 2991, 2991, 2985, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2985, 2991, 2985, 2991, 2991, 2991, - 2985, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2985, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2985, 2985, 2991, - 2985, 2991, 2991, 2991, 2985, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2985, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2985, 2991, 2991, 2991, 2991, - - 2991, 2991, 2991, 2991, 2985, 2991, 2991, 2991, 2991, 2991, - 2985, 2991, 2985, 2991, 2991, 2991, 2991, 2991, 2985, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2985, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2985, 2991, 2991, 2991, 2991, 2991, 2991, 2985, 2991, - 2991, 2991, 2985, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2985, 2991, 2991, 2991, 2991, 2991, 2991, 2985, - 2985, 2991, 2985, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - - 2991, 2991, 2985, 2985, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2985, 2991, 2991, - 2991, 2985, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2985, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2985, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2985, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2985, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2985, - - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2985, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2985, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2985, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2985, - 2991, 2985, 2991, 2991, 2991, 2991, 2991, 2985, 2991, 2991, - 2991, 2991, 2991, 2985, 2991, 2991, 2991, 2991, 2985, 2991, - 2991, 2991, 2991, 2991, 2991, 2985, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2985, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2985, 2991, - - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2985, - 2991, 2991, 2991, 2991, 2991, 2985, 2985, 2991, 2991, 2991, - 2991, 2991, 2985, 2991, 2991, 2991, 2991, 2991, 2985, 2985, - 2991, 2985, 2991, 2985, 2991, 2991, 2985, 2985, 2991, 2991, - 2991, 2991, 2991, 2985, 2991, 2985, 2991, 2991, 2991, 2991, - 2991, 2985, 2991, 2991, 2991, 2985, 2991, 2991, 2991, 2991, - 2985, 2991, 2991, 2991, 2985, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2985, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2985, 2991, 2985, 2991, 2991, - 2991, 2991, 2985, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2985, 2991, 2991, 2991, 2991, 2985, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2985, 2991, 2985, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2985, 2985, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2985, 2991, 2991, 2991, 2991, 2985, 2991, 2991, 2991, 2985, - - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2985, 2985, 2985, 2985, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2985, 2991, 2985, 2985, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2985, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2985, 2985, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2985, 2991, 2991, 2985, 2991, 2985, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2985, 2985, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2985, 2991, 2985, 2991, 2991, - - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2985, 2991, - 2991, 2985, 2991, 2991, 2991, 2985, 2991, 2991, 2991, 2985, - 2991, 2991, 2991, 2985, 2991, 2985, 2991, 2991, 2991, 2991, - 2985, 2991, 2991, 2985, 2991, 2991, 2991, 2991, 2985, 2991, - 2985, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2985, 2985, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2985, 2985, 2991, 2985, 2991, 2991, - 2985, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2985, 2991, 2991, 2991, 2985, - - 2991, 2991, 2991, 2991, 2985, 2991, 2991, 2991, 2991, 2985, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2985, 2985, - 2985, 2991, 2991, 2985, 2991, 2991, 2991, 2991, 2985, 2991, - 2991, 2985, 2985, 2991, 2991, 2991, 2991, 2985, 2991, 2985, - 2991, 2985, 2991, 2991, 2991, 2991, 2985, 2991, 2991, 2985, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2985, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2985, - 2991, 2991, 2991, 2985, 2991, 2985, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2985, 2991, 2991, - 2985, 2991, 2985, 2991, 2985, 2991, 2991, 2991, 2991, 2985, - - 2991, 2991, 2991, 2991, 2985, 2991, 2991, 2991, 2985, 2985, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2985, 2985, - 2985, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2985, 2991, - 2991, 2991, 2991, 2991, 2991, 2985, 2991, 2991, 2991, 2985, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2985, - 2991, 2985, 2985, 2991, 2985, 2991, 2991, 2991, 2991, 2985, - 2991, 2991, 2991, 2991, 2991, 2985, 2991, 2991, 2991, 2991, - 2985, 2985, 2991, 2985, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2985, 2991, 2991, 2991, 2991, 2991, 2985, 2991, - - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2985, 2985, - 2991, 2991, 2985, 2985, 2991, 2991, 2991, 2985, 2985, 2985, - 2991, 2985, 2991, 2991, 2991, 2991, 2991, 2985, 2991, 2991, - 2991, 2985, 2991, 2991, 2991, 2991, 2985, 2985, 2991, 2991, - 2991, 2991, 2991, 2985, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2985, 2985, 2991, 2985, 2985, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2985, 2991, 2991, 2991, 2991, 2991, - 2985, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2985, - 2985, 2991, 2991, 2991, 2991, 2991, 2985, 2991, 2991, 2991, - - 2991, 2991, 2991, 2991, 2985, 2991, 2985, 2985, 2985, 2985, - 2985, 2985, 2985, 2985, 2991, 2985, 2991, 2991, 2991, 2991, - 2985, 2991, 2991, 2991, 2991, 2991, 2985, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2985, 2985, 2985, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2985, 2991, 2985, - 2991, 2985, 2985, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2985, 2991, 2991, 2985, 2991, 2991, 2985, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2985, 2991, - - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2985, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2985, 2991, 2985, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2985, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, - 2991, 2991, 2991, 2985, 2991, 2991, 2985, 2991, 2991, 2991, - 2991, 2991, 2985, 2991, 2991, 2991, 2991, 2991, 2991, 2985, - 2991, 2991, 2991, 2985, 2991, 2985, 2985, 2991, 2991, 2991, - 2991, 2991, 2985, 2985, 0, 2985, 2985, 2985, 2985, 2985, - 2985, 2985, 2985, 2985, 2985, 2985, 2985, 2985, 2985 - + 3136, 1, 3137, 3137, 3138, 3138, 3139, 3139, 3140, 3140, + 3141, 3141, 3142, 3142, 3143, 3143, 3136, 3144, 3136, 3136, + 3136, 3136, 3145, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3146, 3136, 3136, 3136, + 3146, 3147, 3136, 3136, 3136, 3147, 3148, 3136, 3136, 3136, + 3136, 3148, 3149, 3136, 3136, 3136, 3149, 3150, 3136, 3151, + 3136, 3150, 3150, 3152, 3136, 3136, 3136, 3136, 3152, 3153, + 3136, 3136, 3136, 3153, 3144, 3144, 3136, 3154, 3145, 3154, + 3145, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3146, 3146, 3147, 3147, + 3148, 3148, 3136, 3149, 3149, 3150, 3150, 3151, 3151, 3150, + 3152, 3152, 3136, 3153, 3153, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3150, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3136, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3136, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3150, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3136, 3144, 3144, 3144, 3144, 3144, + 3144, 3136, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3136, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3136, 3144, 3150, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3136, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3150, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3136, 3144, 3144, 3144, 3144, + + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3136, 3144, 3136, 3136, 3144, 3136, 3136, 3144, 3144, 3136, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3136, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3136, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + + 3144, 3144, 3144, 3136, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3150, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3136, 3144, 3144, 3136, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3136, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3136, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3136, 3144, 3136, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3136, 3136, 3144, 3144, 3144, 3144, 3144, + 3136, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3136, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3136, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3136, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3136, 3144, 3144, 3150, + 3150, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3136, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3136, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3136, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3136, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3136, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3136, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3136, + + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3136, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3136, 3150, 3144, 3144, 3144, 3144, + 3144, 3136, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3136, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3136, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3136, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + + 3144, 3144, 3136, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3136, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3136, 3144, 3136, 3144, 3144, 3144, 3144, 3144, 3136, + 3144, 3136, 3144, 3144, 3144, 3144, 3136, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3136, 3144, 3150, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3136, 3144, 3144, 3144, 3144, + 3136, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3136, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3136, 3144, 3144, 3144, 3144, + + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3136, + 3144, 3136, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3136, 3136, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3136, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3136, 3144, 3144, 3144, 3144, + 3144, 3144, 3136, 3144, 3136, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3136, 3144, 3144, 3144, + + 3144, 3144, 3144, 3144, 3144, 3136, 3150, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3136, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3136, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3136, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3136, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + + 3144, 3144, 3144, 3136, 3136, 3144, 3144, 3144, 3136, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3136, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3136, 3144, 3144, 3144, 3144, 3144, 3144, + 3136, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3136, 3144, 3144, 3144, 3144, 3136, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3136, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3150, 3144, 3136, 3144, 3144, 3144, 3136, + + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3136, 3144, 3136, 3144, 3144, 3144, 3136, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3136, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3136, 3136, 3144, + 3136, 3144, 3144, 3144, 3136, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3136, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3136, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3136, 3144, 3144, 3144, 3144, + 3144, 3136, 3144, 3136, 3144, 3144, 3144, 3144, 3144, 3136, + + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3136, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3136, 3144, 3144, 3144, 3144, 3144, 3144, + 3136, 3144, 3144, 3144, 3136, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3136, 3144, 3144, 3144, 3144, 3144, + 3144, 3136, 3136, 3144, 3136, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3150, 3144, + 3144, 3144, 3144, 3144, 3144, 3136, 3136, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + + 3136, 3144, 3144, 3144, 3144, 3136, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3136, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3136, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3136, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3136, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3136, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3136, 3144, 3144, + + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3136, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3136, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3136, 3144, + 3136, 3144, 3144, 3144, 3144, 3150, 3144, 3136, 3144, 3144, + 3144, 3144, 3144, 3136, 3144, 3144, 3144, 3144, 3136, 3144, + 3144, 3144, 3144, 3144, 3144, 3136, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3136, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3136, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + + 3144, 3144, 3144, 3136, 3144, 3144, 3144, 3144, 3144, 3144, + 3136, 3136, 3144, 3144, 3144, 3144, 3144, 3136, 3144, 3144, + 3144, 3144, 3144, 3136, 3136, 3144, 3136, 3144, 3136, 3144, + 3144, 3136, 3136, 3144, 3144, 3144, 3144, 3144, 3136, 3144, + 3136, 3144, 3144, 3144, 3144, 3144, 3136, 3144, 3144, 3144, + 3136, 3144, 3144, 3144, 3144, 3136, 3144, 3144, 3144, 3144, + 3136, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + + 3144, 3144, 3144, 3144, 3144, 3144, 3150, 3144, 3144, 3144, + 3144, 3136, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3136, 3144, 3136, 3144, 3144, 3144, 3144, 3144, + 3136, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3136, 3144, 3144, 3144, 3144, 3136, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3136, 3144, 3136, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3136, 3136, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3136, 3144, 3144, 3144, 3144, 3136, 3144, 3144, + + 3144, 3144, 3136, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3136, 3136, 3136, 3136, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3136, 3144, 3136, + 3136, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3136, + 3144, 3144, 3144, 3144, 3144, 3144, 3150, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3136, 3136, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3136, 3144, + 3144, 3136, 3144, 3136, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3136, 3136, 3136, 3144, 3144, 3144, 3144, 3144, + + 3144, 3144, 3144, 3144, 3136, 3144, 3136, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3136, 3144, 3144, + 3136, 3144, 3144, 3144, 3136, 3144, 3144, 3144, 3144, 3136, + 3144, 3144, 3144, 3136, 3144, 3136, 3144, 3144, 3144, 3144, + 3136, 3144, 3144, 3136, 3144, 3144, 3144, 3144, 3136, 3144, + 3136, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3136, 3136, 3150, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3136, 3136, 3144, 3136, 3144, + 3144, 3136, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3136, 3144, 3144, 3144, 3136, 3144, 3144, 3144, 3144, 3136, + 3144, 3144, 3144, 3144, 3136, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3136, 3136, 3136, 3144, 3144, 3136, + 3144, 3144, 3144, 3144, 3136, 3144, 3144, 3136, 3136, 3144, + 3144, 3144, 3144, 3136, 3144, 3136, 3144, 3136, 3144, 3144, + 3144, 3144, 3136, 3144, 3144, 3136, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3136, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3136, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3136, 3144, 3136, 3144, 3144, 3144, + + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3136, 3144, + 3144, 3136, 3144, 3136, 3144, 3136, 3144, 3144, 3144, 3144, + 3136, 3144, 3144, 3144, 3144, 3136, 3144, 3144, 3144, 3144, + 3136, 3136, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3136, 3136, 3136, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3136, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3136, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3136, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3136, 3144, 3136, 3136, + 3144, 3136, 3144, 3144, 3144, 3144, 3136, 3144, 3144, 3144, + + 3144, 3144, 3144, 3136, 3144, 3144, 3144, 3144, 3136, 3136, + 3144, 3136, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3136, 3144, 3144, 3144, 3144, 3144, 3136, 3144, 3144, 3144, + 3144, 3136, 3144, 3144, 3144, 3144, 3144, 3136, 3144, 3144, + 3144, 3144, 3136, 3144, 3144, 3136, 3136, 3144, 3144, 3144, + 3136, 3136, 3136, 3144, 3136, 3144, 3144, 3144, 3144, 3144, + 3136, 3144, 3144, 3144, 3136, 3136, 3144, 3144, 3144, 3144, + 3136, 3136, 3144, 3144, 3144, 3144, 3144, 3136, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + + 3136, 3136, 3144, 3136, 3136, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3136, 3144, 3144, 3144, 3144, 3144, 3136, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3136, 3136, 3144, + 3144, 3144, 3144, 3144, 3136, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3136, 3144, 3144, 3136, 3136, 3144, 3136, 3136, + 3136, 3136, 3136, 3136, 3136, 3136, 3144, 3136, 3144, 3144, + 3144, 3144, 3136, 3144, 3144, 3144, 3144, 3144, 3136, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3136, 3136, 3136, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3136, 3144, 3136, 3144, 3136, 3136, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3136, 3144, 3144, 3136, 3144, 3144, 3136, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3136, 3136, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + 3144, 3136, 3144, 3144, 3144, 3136, 3144, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3136, 3144, 3136, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3136, 3144, 3144, 3144, + 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, 3144, + + 3144, 3144, 3144, 3144, 3136, 3144, 3144, 3136, 3144, 3144, + 3144, 3144, 3144, 3136, 3144, 3144, 3144, 3144, 3144, 3144, + 3136, 3144, 3144, 3144, 3136, 3144, 3136, 3136, 3144, 3144, + 3144, 3144, 3144, 3136, 3136, 0, 3136, 3136, 3136, 3136, + 3136, 3136, 3136, 3136, 3136, 3136, 3136, 3136, 3136, 3136, + 3136, 3136, 3136, 3136 } ; -static const flex_int16_t yy_nxt[8542] = +static const flex_int16_t yy_nxt[9004] = { 0, - 14, 15, 16, 17, 18, 19, 18, 14, 14, 14, - 14, 14, 18, 20, 21, 22, 23, 24, 25, 14, - 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, - 36, 37, 38, 39, 40, 14, 14, 14, 41, 42, - 20, 21, 22, 23, 24, 25, 14, 26, 27, 28, - 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, - 39, 40, 14, 14, 14, 41, 44, 45, 46, 44, - 45, 46, 49, 50, 49, 50, 51, 102, 51, 54, - 55, 56, 57, 70, 18, 54, 55, 56, 57, 71, - 18, 60, 61, 62, 60, 61, 62, 72, 82, 92, - - 151, 73, 104, 47, 102, 151, 47, 141, 141, 52, - 75, 52, 75, 75, 71, 75, 72, 58, 149, 93, - 73, 75, 71, 58, 71, 82, 92, 103, 63, 104, - 94, 63, 15, 16, 17, 65, 66, 67, 15, 16, - 17, 65, 66, 67, 95, 112, 93, 118, 76, 71, - 143, 71, 68, 143, 103, 83, 71, 94, 68, 147, - 71, 146, 84, 148, 148, 96, 85, 141, 141, 86, - 69, 95, 112, 97, 118, 155, 69, 144, 156, 68, - 105, 71, 83, 375, 160, 68, 77, 78, 106, 84, - 79, 71, 96, 85, 107, 80, 86, 140, 108, 71, - - 97, 71, 155, 154, 81, 156, 71, 105, 71, 71, - 71, 160, 71, 77, 78, 106, 151, 79, 157, 142, - 159, 107, 80, 98, 140, 108, 99, 71, 158, 1290, - 154, 81, 87, 100, 143, 101, 88, 143, 71, 89, - 71, 90, 91, 71, 109, 157, 71, 159, 110, 224, - 98, 202, 163, 99, 71, 158, 129, 71, 130, 87, - 100, 71, 101, 88, 111, 71, 89, 131, 90, 91, - 71, 109, 137, 132, 133, 110, 138, 164, 202, 163, - 139, 71, 71, 129, 134, 130, 218, 71, 135, 136, - 1042, 111, 113, 165, 131, 71, 114, 71, 71, 137, - - 132, 133, 115, 138, 164, 116, 71, 139, 169, 170, - 172, 134, 117, 218, 71, 135, 136, 71, 71, 113, - 165, 71, 70, 114, 70, 70, 171, 70, 246, 115, - 151, 71, 116, 70, 149, 169, 170, 172, 161, 117, - 119, 182, 247, 145, 120, 145, 145, 150, 145, 150, - 150, 162, 150, 171, 121, 122, 75, 123, 75, 75, - 71, 75, 71, 147, 71, 161, 71, 119, 182, 247, - 180, 120, 70, 173, 70, 70, 146, 70, 162, 71, - 144, 121, 122, 70, 123, 124, 200, 75, 125, 75, - 75, 174, 75, 175, 153, 126, 166, 180, 75, 127, - - 128, 176, 167, 184, 168, 71, 71, 71, 71, 71, - 181, 189, 124, 200, 183, 125, 71, 71, 174, 71, - 175, 142, 126, 166, 313, 76, 127, 128, 176, 167, - 184, 168, 177, 178, 199, 190, 71, 181, 191, 185, - 179, 183, 186, 71, 197, 71, 71, 71, 71, 198, - 192, 313, 71, 201, 194, 187, 188, 71, 195, 177, - 178, 199, 190, 71, 203, 191, 185, 179, 346, 186, - 193, 197, 71, 71, 196, 204, 198, 192, 71, 205, - 201, 194, 187, 188, 71, 195, 71, 206, 207, 71, - 208, 203, 212, 211, 209, 71, 71, 193, 210, 71, - - 71, 196, 204, 213, 148, 148, 205, 2985, 2985, 2985, - 71, 71, 217, 214, 206, 207, 71, 208, 71, 212, - 211, 209, 215, 219, 71, 210, 225, 220, 216, 223, - 213, 71, 145, 2985, 145, 145, 71, 145, 221, 217, - 214, 71, 222, 71, 226, 2985, 229, 231, 234, 215, - 219, 71, 232, 225, 220, 216, 223, 230, 71, 71, - 71, 227, 233, 238, 228, 221, 71, 240, 71, 222, - 71, 226, 235, 229, 231, 234, 239, 241, 71, 232, - 242, 236, 71, 243, 230, 2985, 71, 2985, 227, 233, - 238, 228, 2985, 237, 240, 244, 71, 71, 71, 235, - - 2985, 245, 71, 239, 241, 253, 264, 242, 236, 150, - 243, 150, 150, 75, 150, 75, 75, 248, 75, 151, - 237, 249, 244, 71, 71, 252, 71, 250, 245, 254, - 255, 256, 253, 71, 251, 2985, 257, 71, 71, 259, - 263, 71, 71, 71, 248, 260, 71, 258, 249, 273, - 1170, 153, 252, 71, 250, 262, 254, 255, 256, 275, - 261, 251, 71, 257, 265, 71, 71, 263, 266, 276, - 274, 71, 260, 277, 258, 71, 273, 71, 71, 279, - 71, 71, 262, 278, 2985, 267, 275, 261, 71, 2985, - 71, 71, 71, 281, 2985, 266, 276, 274, 2985, 282, - - 277, 283, 2985, 297, 2985, 284, 287, 280, 2985, 2985, - 278, 71, 267, 268, 71, 71, 71, 71, 269, 288, - 281, 71, 285, 270, 2985, 286, 282, 2985, 283, 271, - 272, 289, 284, 287, 280, 71, 71, 71, 294, 2985, - 268, 71, 290, 296, 295, 269, 288, 291, 301, 285, - 270, 71, 286, 71, 71, 298, 271, 272, 289, 292, - 71, 293, 299, 303, 304, 294, 307, 2985, 71, 290, - 296, 295, 302, 300, 291, 308, 309, 306, 305, 71, - 71, 71, 298, 71, 310, 2985, 292, 311, 293, 2985, - 315, 2985, 312, 317, 71, 71, 71, 71, 71, 302, - - 300, 318, 308, 314, 306, 305, 71, 71, 71, 319, - 71, 71, 71, 316, 311, 71, 71, 315, 71, 312, - 317, 320, 321, 326, 322, 323, 330, 333, 318, 2985, - 314, 71, 71, 324, 71, 71, 319, 327, 325, 71, - 316, 338, 329, 328, 339, 71, 71, 71, 320, 321, - 326, 322, 323, 331, 332, 335, 334, 340, 71, 71, - 336, 71, 71, 71, 327, 71, 71, 337, 338, 329, - 328, 341, 342, 343, 347, 71, 71, 71, 344, 71, - 331, 332, 335, 334, 345, 71, 349, 336, 71, 71, - 350, 71, 352, 354, 337, 355, 71, 348, 341, 353, - - 343, 360, 2985, 71, 71, 344, 71, 351, 151, 356, - 71, 345, 361, 358, 364, 71, 357, 350, 71, 352, - 354, 71, 355, 71, 348, 359, 353, 362, 71, 71, - 365, 363, 366, 71, 351, 71, 356, 368, 367, 371, - 358, 369, 71, 357, 71, 71, 71, 71, 372, 71, - 71, 373, 359, 71, 362, 374, 379, 365, 363, 366, - 71, 370, 380, 71, 368, 367, 377, 71, 369, 378, - 376, 71, 71, 383, 71, 372, 71, 381, 373, 71, - 382, 71, 374, 379, 384, 385, 386, 388, 370, 380, - 387, 71, 71, 377, 391, 71, 378, 376, 71, 393, - - 383, 71, 392, 71, 381, 389, 394, 382, 398, 2985, - 2985, 397, 385, 71, 395, 71, 71, 387, 71, 71, - 71, 391, 390, 71, 71, 71, 399, 408, 71, 392, - 396, 71, 389, 394, 71, 398, 71, 400, 397, 401, - 407, 395, 402, 2985, 403, 404, 71, 417, 410, 390, - 71, 71, 409, 399, 71, 71, 405, 396, 2985, 71, - 419, 423, 71, 71, 400, 71, 401, 407, 418, 402, - 71, 403, 404, 406, 417, 410, 71, 71, 424, 409, - 71, 425, 71, 405, 2985, 71, 2985, 419, 423, 420, - 430, 421, 71, 2985, 428, 418, 71, 426, 427, 429, - - 406, 411, 436, 2985, 412, 424, 2985, 422, 425, 413, - 414, 415, 416, 71, 71, 433, 420, 430, 421, 71, - 431, 437, 71, 432, 426, 427, 71, 71, 411, 71, - 71, 412, 438, 434, 422, 435, 413, 414, 415, 416, - 439, 440, 433, 71, 2985, 445, 441, 431, 437, 442, - 432, 71, 71, 71, 444, 2985, 451, 71, 71, 438, - 434, 71, 435, 71, 443, 450, 71, 439, 440, 2985, - 2985, 71, 446, 441, 447, 449, 442, 71, 452, 2985, - 457, 444, 71, 448, 453, 462, 465, 71, 71, 463, - 454, 443, 450, 71, 455, 2985, 456, 464, 71, 446, - - 71, 447, 449, 71, 466, 452, 71, 457, 2985, 458, - 448, 453, 462, 71, 467, 71, 463, 454, 71, 555, - 468, 455, 459, 456, 469, 460, 71, 461, 477, 71, - 479, 466, 470, 71, 478, 71, 458, 481, 71, 2985, - 71, 467, 71, 2985, 480, 484, 71, 468, 2985, 459, - 71, 469, 460, 502, 461, 477, 71, 479, 71, 470, - 471, 478, 472, 493, 481, 492, 500, 482, 494, 2985, - 497, 480, 484, 495, 496, 473, 151, 71, 474, 2985, - 475, 71, 476, 483, 71, 71, 71, 471, 498, 472, - 493, 71, 492, 500, 482, 71, 71, 497, 523, 524, - - 71, 496, 473, 2985, 499, 474, 501, 475, 2985, 476, - 483, 485, 486, 504, 71, 498, 71, 503, 71, 505, - 71, 487, 509, 488, 489, 490, 506, 71, 491, 71, - 508, 499, 71, 501, 71, 507, 71, 512, 485, 486, - 504, 511, 2985, 514, 503, 519, 505, 510, 487, 509, - 488, 489, 490, 71, 71, 491, 515, 508, 71, 71, - 513, 517, 507, 516, 512, 518, 2985, 520, 511, 71, - 71, 522, 71, 521, 510, 71, 71, 71, 71, 525, - 526, 531, 71, 515, 71, 527, 71, 513, 517, 528, - 516, 71, 518, 71, 520, 529, 71, 534, 522, 2985, - - 521, 535, 71, 532, 71, 536, 525, 526, 531, 71, - 537, 543, 527, 530, 539, 547, 528, 71, 533, 559, - 71, 71, 529, 71, 534, 538, 71, 71, 535, 71, - 532, 540, 536, 544, 71, 546, 545, 537, 543, 551, - 530, 539, 541, 549, 542, 533, 2985, 71, 548, 71, - 550, 71, 538, 71, 71, 71, 553, 556, 540, 71, - 544, 71, 546, 545, 71, 552, 551, 554, 560, 541, - 549, 542, 71, 71, 557, 548, 558, 550, 561, 71, - 562, 71, 71, 553, 556, 567, 71, 563, 71, 564, - 71, 71, 552, 574, 554, 560, 565, 571, 570, 568, - - 71, 557, 71, 558, 566, 561, 71, 562, 569, 71, - 572, 71, 567, 71, 563, 573, 564, 71, 575, 71, - 574, 71, 71, 565, 571, 570, 568, 577, 576, 581, - 71, 566, 579, 71, 71, 569, 578, 572, 580, 582, - 71, 71, 573, 583, 71, 575, 584, 589, 71, 591, - 71, 596, 2985, 71, 577, 576, 581, 71, 71, 579, - 585, 71, 586, 578, 587, 580, 582, 588, 590, 71, - 583, 71, 593, 584, 592, 71, 598, 2985, 596, 71, - 71, 71, 599, 601, 597, 71, 71, 585, 71, 586, - 594, 587, 602, 595, 588, 590, 71, 71, 600, 593, - - 604, 592, 607, 598, 605, 71, 609, 71, 71, 71, - 601, 597, 608, 71, 71, 603, 606, 594, 610, 611, - 595, 71, 614, 612, 71, 600, 71, 604, 71, 607, - 71, 605, 613, 609, 71, 71, 71, 623, 2985, 608, - 71, 71, 603, 606, 71, 610, 611, 625, 2985, 614, - 612, 2985, 2985, 626, 624, 632, 656, 627, 2985, 613, - 615, 71, 2985, 2985, 623, 616, 71, 617, 71, 640, - 71, 631, 628, 618, 625, 619, 71, 71, 620, 621, - 626, 624, 632, 71, 627, 622, 71, 615, 71, 629, - 633, 634, 616, 630, 617, 71, 640, 635, 631, 628, - - 618, 71, 619, 637, 638, 620, 621, 636, 2985, 71, - 641, 71, 622, 643, 71, 639, 629, 633, 634, 71, - 630, 642, 649, 71, 2985, 650, 644, 647, 71, 71, - 637, 638, 645, 646, 636, 71, 71, 641, 71, 71, - 643, 648, 639, 71, 71, 71, 71, 71, 642, 649, - 651, 652, 650, 644, 647, 653, 654, 655, 71, 645, - 646, 658, 659, 71, 657, 668, 662, 663, 648, 661, - 71, 667, 660, 71, 71, 71, 71, 651, 652, 71, - 151, 71, 653, 654, 655, 71, 664, 665, 658, 659, - 71, 657, 666, 662, 663, 669, 661, 71, 71, 660, - - 71, 670, 671, 672, 674, 673, 2985, 2985, 686, 684, - 71, 71, 71, 664, 665, 675, 71, 71, 71, 666, - 676, 681, 669, 680, 685, 683, 682, 71, 677, 671, - 672, 674, 673, 71, 71, 678, 71, 71, 679, 71, - 71, 687, 675, 688, 71, 689, 71, 676, 690, 691, - 680, 71, 683, 71, 71, 677, 692, 695, 693, 2985, - 694, 698, 678, 697, 696, 679, 71, 71, 71, 71, - 71, 699, 700, 71, 701, 690, 691, 71, 71, 71, - 702, 71, 2985, 692, 695, 693, 71, 694, 698, 71, - 697, 696, 703, 704, 71, 705, 706, 71, 699, 707, - - 71, 701, 712, 2985, 71, 2985, 708, 702, 711, 714, - 715, 709, 71, 713, 71, 710, 2985, 71, 71, 703, - 704, 716, 71, 706, 718, 719, 707, 71, 71, 712, - 71, 71, 71, 708, 71, 711, 714, 715, 709, 717, - 713, 720, 710, 71, 726, 723, 2985, 721, 716, 724, - 727, 71, 719, 725, 731, 71, 71, 732, 728, 71, - 730, 71, 2985, 738, 2985, 71, 717, 71, 720, 722, - 71, 726, 723, 71, 721, 71, 724, 727, 71, 729, - 725, 731, 71, 733, 71, 728, 734, 730, 735, 736, - 737, 739, 744, 71, 71, 71, 722, 740, 743, 71, - - 745, 71, 741, 742, 747, 71, 729, 71, 748, 71, - 733, 749, 71, 734, 71, 735, 736, 737, 739, 744, - 746, 71, 71, 752, 740, 743, 750, 745, 753, 751, - 71, 71, 754, 71, 755, 748, 71, 756, 757, 758, - 760, 759, 2985, 71, 767, 71, 71, 746, 71, 71, - 71, 71, 761, 750, 763, 71, 751, 764, 71, 754, - 2985, 755, 762, 765, 756, 757, 769, 760, 759, 71, - 768, 71, 772, 773, 71, 71, 71, 71, 766, 761, - 71, 763, 774, 776, 764, 71, 770, 71, 71, 762, - 765, 771, 777, 769, 775, 778, 782, 768, 71, 772, - - 773, 71, 71, 779, 71, 766, 780, 71, 71, 774, - 776, 783, 71, 781, 71, 785, 787, 784, 71, 777, - 71, 775, 778, 788, 786, 71, 789, 71, 71, 791, - 779, 71, 792, 780, 71, 71, 71, 790, 783, 793, - 781, 71, 785, 787, 784, 71, 796, 794, 795, 71, - 788, 786, 798, 789, 71, 71, 71, 802, 797, 792, - 805, 71, 799, 71, 790, 71, 793, 71, 803, 71, - 804, 71, 806, 796, 794, 795, 807, 800, 801, 798, - 71, 71, 810, 71, 802, 797, 71, 805, 808, 799, - 809, 813, 71, 71, 811, 803, 71, 804, 814, 806, - - 812, 71, 71, 807, 800, 801, 815, 816, 817, 810, - 818, 71, 71, 820, 71, 808, 819, 809, 813, 71, - 71, 811, 824, 823, 822, 814, 71, 812, 821, 71, - 71, 71, 825, 815, 816, 817, 71, 818, 71, 826, - 820, 71, 71, 819, 151, 827, 828, 831, 829, 824, - 823, 822, 830, 71, 832, 821, 71, 835, 71, 825, - 71, 833, 71, 837, 71, 71, 826, 836, 838, 834, - 839, 71, 827, 828, 831, 829, 840, 71, 841, 830, - 842, 71, 71, 843, 71, 71, 844, 71, 833, 845, - 837, 2985, 71, 71, 836, 846, 834, 839, 867, 71, - - 71, 855, 847, 840, 848, 841, 71, 842, 71, 857, - 843, 71, 849, 71, 856, 71, 845, 2985, 71, 71, - 2985, 858, 846, 859, 71, 861, 860, 71, 855, 847, - 71, 848, 862, 875, 71, 2985, 857, 864, 2985, 849, - 850, 856, 71, 865, 851, 863, 71, 852, 858, 71, - 859, 71, 861, 860, 853, 71, 71, 854, 71, 862, - 875, 71, 71, 876, 864, 879, 866, 850, 2985, 71, - 865, 851, 863, 71, 852, 878, 877, 71, 2985, 880, - 2985, 853, 882, 2985, 854, 71, 883, 881, 885, 71, - 876, 884, 879, 866, 868, 869, 2985, 870, 71, 886, - - 871, 889, 878, 877, 888, 872, 71, 71, 71, 882, - 71, 873, 874, 883, 881, 885, 71, 71, 884, 887, - 71, 868, 869, 71, 870, 890, 886, 871, 889, 71, - 891, 888, 872, 71, 895, 892, 893, 894, 873, 874, - 898, 71, 71, 896, 71, 897, 887, 902, 904, 903, - 899, 2985, 890, 71, 900, 71, 71, 891, 71, 71, - 71, 895, 892, 893, 894, 907, 71, 898, 901, 71, - 896, 71, 897, 71, 908, 71, 903, 899, 905, 71, - 909, 900, 910, 906, 911, 2985, 913, 71, 2985, 2985, - 912, 915, 907, 916, 918, 901, 914, 2985, 2985, 922, - - 917, 925, 919, 71, 71, 920, 71, 71, 2985, 910, - 71, 2985, 71, 913, 71, 71, 71, 912, 71, 71, - 71, 918, 921, 914, 71, 71, 71, 917, 923, 919, - 71, 924, 920, 71, 926, 927, 928, 929, 930, 2985, - 937, 2985, 71, 931, 932, 938, 71, 933, 2985, 921, - 71, 935, 2985, 71, 71, 923, 71, 939, 924, 71, - 71, 926, 927, 928, 929, 930, 71, 71, 936, 71, - 931, 932, 71, 934, 933, 71, 940, 941, 935, 942, - 946, 947, 71, 71, 939, 71, 943, 2985, 71, 71, - 944, 2985, 2985, 948, 949, 936, 950, 71, 945, 71, - - 934, 2985, 71, 940, 941, 71, 942, 946, 71, 955, - 953, 951, 952, 943, 71, 71, 71, 944, 71, 71, - 948, 949, 954, 950, 956, 945, 2985, 71, 71, 71, - 957, 958, 960, 959, 961, 962, 955, 953, 951, 952, - 71, 71, 964, 966, 965, 967, 963, 968, 2985, 954, - 71, 956, 71, 71, 71, 71, 71, 957, 958, 969, - 959, 961, 962, 970, 71, 71, 71, 71, 971, 964, - 966, 965, 967, 963, 71, 71, 973, 972, 976, 974, - 975, 71, 977, 71, 71, 71, 969, 979, 71, 978, - 970, 980, 981, 982, 983, 971, 71, 990, 71, 2985, - - 984, 992, 71, 973, 972, 976, 974, 975, 71, 987, - 71, 989, 994, 996, 71, 985, 978, 71, 980, 71, - 988, 983, 991, 986, 71, 71, 71, 984, 992, 71, - 71, 71, 995, 998, 993, 999, 987, 71, 989, 71, - 71, 1000, 985, 997, 71, 1002, 71, 988, 71, 991, - 986, 1001, 71, 71, 1005, 71, 2985, 1004, 1003, 995, - 998, 993, 151, 71, 71, 1006, 1007, 1008, 1000, 71, - 997, 71, 1002, 71, 71, 1009, 71, 1010, 1001, 1019, - 71, 1005, 71, 71, 1004, 1003, 2985, 2985, 1017, 1018, - 1020, 71, 1006, 1007, 1008, 1021, 1027, 71, 1022, 2985, - - 2985, 1028, 1009, 2985, 1010, 1011, 1019, 1012, 1023, 1025, - 2985, 1013, 71, 1014, 71, 1017, 1018, 71, 1015, 1030, - 71, 71, 1021, 1016, 1024, 1022, 1026, 1034, 71, 71, - 1029, 71, 1011, 2985, 1012, 1023, 1025, 71, 1013, 71, - 1014, 1038, 71, 71, 1031, 1015, 1030, 1035, 1032, 71, - 1016, 1024, 1037, 1026, 1034, 1036, 71, 1029, 1033, 1039, - 71, 71, 71, 1040, 1043, 71, 1041, 1044, 1038, 2985, - 71, 1031, 71, 1045, 1035, 1032, 1055, 1046, 2985, 1037, - 1058, 71, 1036, 2985, 1054, 1033, 71, 1057, 1056, 1060, - 2985, 71, 2985, 71, 1044, 71, 71, 1066, 71, 71, - - 1045, 71, 71, 1055, 1046, 1047, 71, 1058, 71, 1061, - 1048, 1054, 1049, 1059, 1057, 1056, 1060, 1062, 1050, 1063, - 1064, 2985, 71, 1051, 1052, 71, 1065, 71, 1067, 71, - 1053, 71, 1047, 1068, 1069, 71, 1061, 1048, 1070, 1049, - 1059, 71, 1071, 1076, 1062, 1050, 1063, 71, 71, 71, - 1051, 1052, 71, 1065, 1072, 1067, 1073, 1053, 1074, 2985, - 1068, 1069, 71, 1078, 71, 1079, 1075, 1081, 1077, 1071, - 71, 71, 1080, 1083, 71, 71, 71, 71, 1084, 71, - 71, 1072, 1082, 1073, 1085, 1074, 71, 71, 71, 71, - 1078, 1086, 1079, 1075, 1081, 1077, 71, 1087, 1088, 1080, - - 1083, 1090, 71, 2985, 1089, 1084, 1091, 71, 1092, 1082, - 1093, 1085, 71, 71, 71, 71, 71, 1094, 1086, 1096, - 1095, 1097, 2985, 71, 1087, 1101, 71, 1098, 1090, 1100, - 71, 1089, 71, 1091, 1099, 1092, 1102, 1093, 2985, 1106, - 1103, 71, 1107, 71, 1094, 2985, 1096, 1095, 1097, 71, - 71, 71, 71, 1104, 1098, 71, 1100, 71, 1105, 1108, - 1109, 1099, 1112, 1102, 1110, 71, 1106, 1103, 1111, 1107, - 1113, 71, 1114, 71, 1115, 1116, 71, 71, 1117, 2985, - 2985, 71, 71, 71, 1118, 71, 1108, 1109, 1120, 1112, - 71, 1110, 1121, 1127, 1122, 1111, 1119, 1113, 71, 1124, - - 1123, 1115, 1125, 1126, 71, 1117, 71, 71, 71, 71, - 71, 1118, 71, 1128, 1130, 1120, 71, 1129, 1131, 1121, - 1127, 1122, 71, 1119, 71, 71, 1124, 1123, 71, 1125, - 1126, 1132, 1135, 1133, 71, 71, 1134, 2985, 1136, 1137, - 1128, 1130, 1139, 1140, 1129, 71, 1138, 1141, 71, 71, - 71, 71, 1142, 1143, 71, 1144, 71, 1147, 71, 1135, - 1133, 71, 1150, 1134, 71, 1136, 1137, 71, 1145, 1139, - 1140, 1146, 1148, 1138, 1141, 1151, 1149, 71, 1152, 1162, - 1163, 71, 1144, 71, 71, 71, 1153, 1155, 1154, 71, - 71, 1158, 1156, 71, 71, 1145, 71, 71, 1146, 1148, - - 1157, 1159, 1151, 1149, 71, 71, 71, 71, 1160, 1161, - 71, 71, 71, 1153, 1155, 1154, 71, 71, 1158, 1156, - 1164, 1165, 1166, 71, 71, 1167, 1168, 1157, 1159, 1169, - 1173, 1171, 71, 71, 1184, 1160, 1161, 1172, 71, 71, - 71, 1176, 1175, 71, 71, 1179, 1182, 1164, 1165, 71, - 71, 1178, 1167, 1168, 1177, 71, 1169, 1173, 1171, 1174, - 71, 71, 1180, 71, 1172, 1181, 71, 71, 71, 1175, - 1183, 1185, 1179, 71, 1186, 1187, 2985, 71, 1178, 1192, - 1189, 1177, 1188, 71, 71, 1190, 1174, 1193, 1191, 1180, - 2985, 71, 1181, 71, 1197, 71, 71, 1183, 71, 1194, - - 71, 1186, 1187, 71, 71, 1195, 1192, 1189, 1196, 1188, - 71, 1198, 1190, 1199, 1193, 1191, 71, 71, 1200, 71, - 1201, 71, 71, 2985, 71, 1207, 1194, 1202, 1203, 1209, - 71, 1208, 1195, 1210, 71, 1196, 2985, 1204, 1198, 1205, - 1199, 71, 1206, 1211, 1213, 1200, 71, 1201, 1212, 71, - 71, 71, 1207, 71, 1202, 1203, 1209, 71, 1208, 1214, - 1210, 1216, 71, 1217, 1204, 1215, 1205, 71, 1218, 1206, - 1211, 1213, 1219, 71, 1220, 1212, 71, 1222, 1221, 71, - 1223, 71, 2985, 71, 71, 1224, 1214, 2985, 1216, 1228, - 1217, 1225, 1215, 1231, 1226, 1218, 71, 71, 1227, 71, - - 71, 1220, 71, 1230, 1222, 1221, 71, 1223, 71, 71, - 71, 1229, 1224, 71, 1232, 71, 1228, 1234, 1225, 1233, - 1231, 1226, 1235, 71, 1236, 1227, 71, 71, 1237, 71, - 1230, 71, 1238, 1241, 1240, 1239, 1244, 1242, 1229, 71, - 71, 1232, 71, 71, 1234, 71, 1233, 1243, 1245, 1235, - 71, 1236, 71, 1246, 1261, 1237, 1252, 1315, 1250, 1238, - 1265, 1240, 1239, 1244, 1242, 71, 71, 1247, 71, 1249, - 71, 71, 1248, 1251, 1243, 1245, 1259, 71, 1280, 1260, - 1246, 1262, 71, 1252, 71, 1250, 71, 71, 2985, 1263, - 71, 1266, 71, 2985, 1264, 1267, 1249, 71, 1268, 71, - - 1251, 1253, 2985, 1259, 1254, 1255, 1260, 71, 1262, 1256, - 71, 71, 71, 71, 1269, 1257, 1263, 71, 1266, 1258, - 71, 1264, 1267, 71, 71, 1268, 1270, 1271, 1253, 1272, - 1273, 1254, 1255, 1277, 1274, 1278, 1256, 71, 1276, 1281, - 1275, 1269, 1257, 71, 2985, 71, 1258, 1282, 71, 1283, - 1279, 71, 71, 1270, 1271, 71, 1272, 1273, 71, 71, - 1277, 1274, 1278, 2985, 1289, 1276, 1291, 1275, 1293, 71, - 1294, 71, 71, 2985, 1282, 1292, 1283, 1279, 1284, 71, - 71, 1295, 71, 1285, 2985, 1286, 1305, 1287, 2985, 1288, - 71, 1289, 2985, 1291, 1300, 1293, 71, 1294, 71, 71, - - 1299, 1296, 1292, 2985, 1298, 1284, 1297, 71, 1295, 71, - 1285, 1301, 1286, 1304, 1287, 1302, 1288, 1303, 71, 1306, - 1307, 1300, 71, 71, 1308, 71, 71, 1299, 1309, 71, - 1310, 1298, 1312, 71, 1311, 1317, 1314, 71, 1301, 71, - 1304, 71, 1302, 71, 1303, 71, 1306, 1307, 1316, 1318, - 71, 1308, 71, 1319, 1313, 1309, 71, 1310, 71, 1312, - 71, 1311, 71, 1314, 1320, 1321, 1322, 1323, 1325, 2985, - 1326, 1324, 1330, 71, 71, 1316, 1318, 71, 71, 1327, - 1319, 1313, 1328, 1329, 71, 2985, 71, 1332, 71, 71, - 1335, 1320, 1321, 1322, 71, 71, 71, 1326, 1324, 71, - - 1331, 71, 1334, 1336, 1337, 1333, 1327, 71, 71, 1328, - 1329, 71, 71, 71, 1332, 1338, 1340, 1335, 1341, 2985, - 2985, 1339, 1342, 1348, 71, 1343, 1347, 1331, 71, 1334, - 1336, 1337, 1333, 71, 1344, 71, 1345, 1346, 71, 71, - 71, 71, 1338, 1340, 71, 1341, 1349, 71, 1339, 1342, - 1348, 1350, 1343, 1347, 1351, 1352, 71, 1353, 1354, 71, - 1362, 1344, 71, 1345, 1346, 71, 71, 1355, 1356, 1358, - 1359, 1361, 1357, 1349, 1360, 71, 71, 71, 1350, 71, - 1363, 71, 1364, 1365, 1353, 71, 71, 71, 71, 1370, - 71, 1372, 71, 1369, 1355, 1356, 71, 1359, 1361, 1357, - - 1366, 1360, 71, 71, 1368, 1371, 1367, 2985, 71, 1364, - 1377, 71, 71, 71, 71, 71, 1370, 71, 1372, 1373, - 1369, 1374, 1376, 71, 1378, 1375, 71, 1366, 71, 1383, - 2985, 1368, 1371, 1367, 71, 1379, 1381, 71, 71, 1380, - 1384, 1382, 1385, 1387, 71, 2985, 1373, 71, 1374, 1376, - 1386, 1378, 1375, 1392, 1394, 71, 1383, 71, 71, 2985, - 1393, 71, 1379, 71, 2985, 1395, 1380, 1384, 71, 1385, - 1387, 1388, 1390, 71, 1389, 1391, 1397, 1386, 71, 1396, - 1392, 1398, 71, 71, 71, 1400, 71, 1393, 71, 1402, - 1403, 1399, 1395, 1411, 71, 71, 1401, 71, 1388, 1390, - - 71, 1389, 1391, 1397, 1405, 71, 1396, 71, 1398, 1404, - 1406, 71, 1400, 71, 1407, 1408, 1402, 1403, 1399, 71, - 1409, 2985, 71, 1401, 1410, 71, 1413, 1415, 1412, 71, - 2985, 1405, 71, 1414, 71, 2985, 1404, 1406, 71, 71, - 71, 1407, 1408, 71, 1416, 1418, 71, 1409, 1419, 1417, - 1421, 1410, 1420, 1413, 1415, 1412, 71, 71, 1423, 71, - 1414, 1424, 1422, 1426, 1428, 1425, 1429, 71, 71, 71, - 1432, 1416, 1418, 71, 71, 1419, 1417, 1421, 1427, 1420, - 71, 1430, 2985, 1431, 71, 1423, 71, 2985, 1424, 1422, - 1426, 1433, 1425, 1434, 1435, 1438, 71, 71, 71, 1436, - - 71, 1437, 1442, 71, 1439, 1427, 1441, 71, 1430, 71, - 1431, 71, 71, 71, 71, 71, 1440, 2985, 1433, 1443, - 1434, 1435, 1438, 71, 71, 71, 1436, 1444, 1437, 1442, - 71, 1439, 71, 1441, 1445, 71, 1447, 1449, 1453, 1446, - 1451, 1448, 1452, 1440, 71, 1450, 1443, 1455, 71, 1457, - 71, 1454, 1456, 1458, 1444, 71, 71, 1461, 71, 71, - 1459, 1460, 71, 1463, 1449, 1453, 71, 1451, 71, 1452, - 2985, 71, 1450, 71, 1455, 1462, 1457, 1464, 1454, 1456, - 1472, 2985, 71, 71, 71, 71, 1465, 1459, 1460, 71, - 1463, 1466, 1467, 1468, 71, 1469, 1474, 1470, 1471, 71, - - 71, 71, 1462, 71, 1473, 1475, 71, 1472, 71, 71, - 71, 71, 1476, 1465, 1477, 1478, 1480, 1479, 1466, 1467, - 1468, 1485, 1469, 1474, 1470, 1471, 1490, 1484, 71, 71, - 71, 1473, 71, 71, 71, 71, 1481, 71, 1486, 1476, - 1482, 1477, 1478, 1480, 1479, 71, 1487, 1488, 1485, 71, - 1489, 2985, 1491, 1483, 1484, 1492, 1493, 71, 71, 1496, - 1499, 71, 1494, 1481, 71, 1486, 71, 1482, 1495, 71, - 1500, 2985, 71, 1487, 71, 1497, 1503, 1489, 71, 1491, - 1483, 1498, 1492, 1493, 71, 71, 1496, 1501, 71, 1494, - 1504, 71, 71, 1502, 1505, 1495, 71, 71, 71, 71, - - 1506, 1507, 1497, 1503, 1509, 1508, 1512, 71, 1498, 2985, - 1510, 1511, 1513, 1516, 1501, 1515, 71, 1504, 1514, 71, - 1502, 71, 71, 2985, 1519, 71, 71, 1506, 71, 71, - 71, 71, 1508, 1512, 1520, 1530, 71, 1510, 1511, 1513, - 1516, 71, 1515, 1517, 1518, 1514, 71, 71, 1521, 71, - 1522, 1519, 71, 1523, 1524, 1526, 71, 1525, 1527, 71, - 1529, 1520, 71, 2985, 1528, 71, 1531, 71, 71, 1532, - 1517, 1518, 71, 1533, 71, 1521, 71, 1522, 1535, 1536, - 1523, 1524, 1526, 71, 1525, 1527, 71, 1529, 1538, 71, - 1534, 1528, 1539, 1531, 71, 71, 1532, 2985, 1540, 71, - - 1533, 1537, 71, 1541, 1547, 1535, 1536, 71, 1544, 71, - 71, 1546, 1542, 1543, 1550, 1538, 71, 1534, 2985, 71, - 71, 71, 1545, 1551, 71, 1540, 71, 1548, 1537, 1549, - 1541, 1547, 71, 1553, 71, 1544, 71, 71, 1546, 1542, - 1543, 1550, 1554, 1555, 1552, 71, 1556, 1557, 2985, 1545, - 1551, 71, 2985, 71, 1548, 1558, 1549, 1559, 71, 1560, - 1553, 1564, 1561, 1562, 71, 1565, 2985, 71, 71, 1554, - 1570, 1552, 1567, 1556, 1563, 71, 1569, 71, 2985, 71, - 1566, 71, 1558, 71, 71, 71, 1560, 71, 1564, 1561, - 1562, 71, 1565, 71, 1568, 1571, 71, 1570, 1572, 1567, - - 71, 1563, 1576, 1569, 1577, 71, 71, 1566, 1573, 1578, - 71, 1574, 1580, 1582, 71, 1579, 1581, 1586, 2985, 1583, - 2985, 1568, 1571, 1575, 2985, 1572, 71, 71, 1584, 2985, - 1585, 1577, 71, 1588, 71, 1573, 1578, 71, 1574, 1580, - 71, 71, 1579, 1581, 1587, 71, 1583, 71, 1592, 71, - 1575, 1590, 1589, 1599, 71, 1584, 71, 1585, 1591, 71, - 1588, 71, 1593, 1594, 1595, 71, 71, 1596, 2985, 1597, - 1598, 1587, 71, 71, 1601, 1592, 1600, 1602, 1590, 1589, - 71, 1603, 1613, 71, 71, 1591, 71, 1604, 71, 1605, - 1606, 1595, 71, 1607, 71, 71, 1597, 1598, 71, 71, - - 71, 1601, 71, 1600, 1602, 71, 1608, 71, 1603, 71, - 1611, 2985, 1609, 1615, 1604, 1610, 1605, 1606, 1612, 71, - 1607, 1614, 71, 71, 71, 1616, 1621, 1620, 71, 1617, - 1618, 1619, 2985, 2985, 71, 71, 71, 1611, 71, 1609, - 1615, 71, 1610, 71, 71, 1612, 1623, 1622, 1614, 2985, - 1626, 71, 1616, 1621, 1620, 1630, 1617, 1618, 1619, 71, - 1624, 71, 1631, 1625, 1627, 1629, 71, 71, 1632, 1628, - 1633, 1634, 2985, 1623, 1622, 1635, 71, 1626, 71, 71, - 71, 1636, 1630, 1639, 1640, 71, 1637, 1624, 2985, 71, - 1625, 1627, 1629, 1638, 1648, 71, 1628, 1633, 1634, 71, - - 71, 71, 1635, 1642, 1641, 71, 71, 1643, 71, 1644, - 1639, 1640, 71, 1637, 71, 1645, 1649, 71, 1646, 1647, - 1638, 1650, 1653, 1652, 1651, 71, 71, 2985, 71, 1654, - 1642, 1641, 71, 71, 1643, 71, 1644, 71, 71, 1655, - 71, 1658, 1645, 71, 1660, 1646, 1647, 1659, 1650, 1653, - 1652, 1651, 1657, 1656, 71, 71, 1654, 1664, 71, 1661, - 1665, 71, 71, 1662, 1666, 2985, 1655, 71, 1658, 1668, - 1667, 1660, 1671, 71, 1659, 71, 71, 1663, 71, 1657, - 1656, 71, 1672, 1669, 1664, 71, 1661, 1665, 1670, 71, - 1662, 1666, 1674, 1673, 71, 1675, 1668, 1667, 71, 1671, - - 1678, 1676, 1677, 1679, 1663, 1680, 2985, 1689, 1683, 1672, - 71, 1682, 1681, 1684, 71, 71, 1686, 1685, 71, 1674, - 1673, 71, 1687, 1688, 2985, 71, 71, 71, 1676, 71, - 1679, 71, 71, 71, 1689, 1683, 1711, 71, 1682, 1681, - 71, 1692, 1690, 1686, 1685, 71, 1691, 1693, 1694, 1687, - 71, 1696, 1695, 1700, 71, 71, 1698, 1697, 1701, 2985, - 71, 1707, 71, 71, 71, 71, 71, 1702, 1692, 1690, - 71, 1708, 1706, 1691, 1693, 1694, 71, 1699, 1696, 1695, - 1703, 71, 1704, 71, 1697, 71, 71, 71, 1705, 1709, - 71, 71, 1710, 71, 1702, 1712, 71, 1713, 1708, 1706, - - 71, 71, 71, 1714, 1699, 1715, 1716, 1703, 1717, 1704, - 1718, 1719, 1720, 1721, 71, 1705, 1709, 2985, 1724, 1710, - 71, 71, 1712, 71, 1713, 71, 71, 71, 71, 1722, - 1714, 1726, 1715, 1716, 1723, 1717, 1725, 1718, 1719, 71, - 1721, 1730, 71, 1731, 71, 71, 1729, 1727, 71, 71, - 1728, 71, 1732, 1735, 71, 1733, 1722, 1734, 1726, 1736, - 1737, 1723, 71, 1725, 71, 71, 1738, 71, 1730, 1740, - 1741, 1739, 1744, 1729, 1727, 71, 1742, 1728, 71, 1732, - 71, 1743, 1733, 71, 1734, 1745, 1736, 71, 71, 71, - 1746, 71, 71, 1738, 1749, 71, 71, 71, 1739, 1744, - - 1747, 71, 1748, 1742, 1750, 1751, 71, 1752, 1743, 71, - 1754, 71, 1745, 1753, 1757, 1758, 71, 1746, 1756, 71, - 71, 1749, 71, 1755, 1759, 71, 71, 1747, 71, 1748, - 1760, 1750, 1751, 1762, 1752, 71, 71, 1754, 1761, 1764, - 1753, 1757, 71, 1767, 71, 1756, 71, 1763, 1768, 1765, - 1755, 1766, 1769, 1771, 71, 1772, 71, 1760, 1775, 1777, - 1762, 1770, 71, 1776, 71, 1761, 1764, 1773, 71, 71, - 1767, 1774, 1778, 71, 1763, 71, 1765, 71, 1766, 71, - 71, 71, 1772, 1779, 1780, 71, 71, 1781, 1770, 1783, - 1776, 71, 1786, 71, 1773, 1782, 71, 71, 1774, 1778, - - 1784, 2985, 1785, 1787, 1788, 1789, 1793, 1791, 1801, 2985, - 1790, 1780, 1795, 71, 71, 71, 1783, 1796, 71, 71, - 1798, 2985, 1782, 1797, 71, 1799, 1792, 71, 71, 1785, - 1787, 1788, 1789, 71, 1791, 1794, 71, 1790, 71, 1800, - 71, 71, 71, 1802, 71, 71, 1805, 1798, 1803, 1811, - 1797, 71, 1799, 1792, 1804, 71, 1806, 71, 1807, 1813, - 71, 71, 1794, 1809, 1808, 1812, 1800, 1810, 71, 1815, - 1802, 71, 71, 71, 1818, 1803, 71, 1814, 1819, 71, - 1816, 1804, 1817, 1806, 71, 1807, 71, 71, 71, 1820, - 1809, 1808, 1812, 71, 1810, 71, 1815, 1822, 71, 1821, - - 1823, 1824, 71, 1825, 1814, 71, 71, 1816, 1827, 1817, - 1828, 71, 1826, 71, 1829, 1830, 1820, 71, 71, 71, - 1831, 1832, 71, 1833, 1822, 1834, 1821, 1823, 1824, 71, - 1825, 1836, 71, 1838, 1835, 1827, 1837, 1828, 1840, 1826, - 71, 71, 1830, 71, 1839, 1841, 71, 1831, 1843, 71, - 1842, 71, 71, 71, 71, 71, 71, 1844, 1836, 71, - 1838, 1835, 71, 1837, 1846, 1840, 1845, 1847, 1852, 1854, - 1851, 1839, 1841, 71, 71, 1843, 71, 1842, 1849, 1850, - 1853, 71, 2985, 1848, 71, 71, 1856, 1859, 71, 71, - 71, 1846, 71, 1845, 1847, 71, 1854, 1851, 1857, 1858, - - 1855, 1860, 1863, 1865, 2985, 1849, 1850, 1853, 71, 71, - 1848, 1867, 1864, 1856, 71, 1861, 71, 71, 71, 71, - 1862, 1870, 1872, 1871, 71, 1857, 1858, 1855, 1860, 71, - 1865, 71, 1866, 71, 1868, 71, 1869, 1873, 1867, 1864, - 71, 71, 1861, 71, 71, 1874, 1875, 1862, 1876, 1872, - 1871, 1877, 1880, 71, 1881, 1879, 1878, 1884, 1885, 1866, - 1882, 1868, 71, 1869, 71, 1883, 71, 71, 1889, 71, - 1888, 71, 1874, 1875, 1887, 1876, 1886, 71, 1877, 71, - 1890, 71, 1879, 1878, 1892, 71, 1891, 1894, 1896, 71, - 71, 1893, 71, 71, 1906, 71, 71, 1888, 1901, 71, - - 71, 1887, 1897, 1886, 1899, 1895, 1898, 1890, 1900, 71, - 71, 1892, 71, 1891, 1902, 1903, 1904, 71, 1893, 71, - 71, 71, 71, 1907, 1908, 1901, 71, 1905, 1909, 1897, - 71, 1899, 1895, 1898, 71, 1900, 1911, 1912, 1910, 1918, - 71, 1902, 71, 71, 71, 1913, 71, 1914, 1917, 71, - 1907, 1908, 1915, 1916, 1905, 1909, 71, 2985, 71, 1919, - 71, 71, 1920, 1911, 1912, 1910, 71, 71, 71, 1921, - 71, 1922, 1913, 71, 1914, 1917, 1923, 71, 1925, 1915, - 1916, 1924, 1926, 71, 71, 1928, 1919, 71, 1927, 1920, - 71, 71, 1929, 1930, 1941, 1933, 1921, 2985, 71, 71, - - 1934, 2985, 1931, 1923, 71, 1925, 71, 71, 1924, 1926, - 1935, 71, 1928, 1932, 1936, 1927, 1937, 1938, 71, 1940, - 1930, 71, 1933, 71, 71, 1939, 1942, 1934, 71, 1931, - 1945, 71, 71, 71, 1943, 1946, 71, 1935, 1944, 1947, - 1932, 1936, 71, 1937, 1938, 71, 1940, 71, 71, 71, - 71, 1949, 1939, 1942, 1948, 1950, 1951, 1945, 1955, 2985, - 1952, 1943, 1946, 1954, 71, 1944, 1953, 2985, 1957, 2985, - 71, 71, 1967, 1956, 71, 1961, 71, 71, 1949, 71, - 71, 1948, 1950, 71, 71, 1955, 71, 1952, 1958, 1959, - 1954, 71, 1960, 1953, 1962, 1957, 1963, 1966, 1965, 71, - - 1956, 1968, 1961, 71, 71, 71, 71, 71, 1970, 1964, - 71, 1969, 71, 1994, 1974, 1958, 1959, 71, 71, 1960, - 1971, 1962, 1972, 1963, 1966, 1965, 1973, 2985, 1968, 71, - 1976, 1975, 71, 1978, 1977, 1970, 1964, 1979, 1969, 71, - 71, 1974, 71, 1982, 1980, 71, 71, 1971, 71, 1972, - 1981, 71, 71, 1973, 71, 1983, 1984, 1976, 1975, 1985, - 1978, 1977, 71, 71, 1979, 71, 1986, 1988, 71, 1990, - 1982, 1980, 71, 1987, 71, 1991, 1989, 1981, 1992, 2985, - 1997, 71, 1983, 1984, 1995, 1993, 1985, 71, 2000, 71, - 1996, 71, 71, 71, 1988, 2004, 1990, 71, 2001, 71, - - 1987, 71, 1991, 1989, 71, 1992, 71, 1997, 1998, 1999, - 2005, 1995, 1993, 2003, 2002, 71, 71, 1996, 2006, 2009, - 71, 2011, 71, 2007, 71, 2001, 71, 71, 2012, 2010, - 2014, 2008, 71, 2013, 2985, 1998, 1999, 2005, 2018, 2985, - 2003, 2002, 71, 71, 71, 2006, 71, 71, 2011, 2022, - 2007, 71, 71, 2015, 71, 2012, 2010, 2014, 2008, 2023, - 2013, 2016, 71, 71, 2017, 2018, 2019, 71, 2020, 2024, - 2025, 2027, 71, 2021, 71, 2028, 2022, 2026, 2030, 71, - 2015, 2031, 71, 2029, 71, 71, 2023, 2985, 2016, 2050, - 71, 2017, 71, 2019, 2032, 2033, 2024, 2025, 2027, 71, - - 71, 71, 2028, 71, 2026, 71, 71, 2034, 2031, 2036, - 2029, 2035, 2037, 2039, 2041, 2040, 71, 2985, 2038, 2046, - 71, 2032, 2033, 71, 71, 71, 2044, 71, 2052, 2045, - 2042, 71, 71, 71, 2034, 71, 2036, 71, 2035, 2037, - 2039, 2041, 2040, 2043, 2049, 2038, 2046, 71, 2048, 2047, - 71, 71, 2053, 2044, 2051, 71, 2045, 2042, 71, 2054, - 71, 2055, 71, 2056, 2057, 2059, 2060, 2061, 2062, 2058, - 2043, 2049, 71, 2063, 2064, 2048, 2047, 71, 2065, 2053, - 71, 2051, 71, 71, 2068, 2069, 2054, 71, 2055, 2070, - 2056, 71, 2066, 2071, 2061, 2062, 71, 71, 71, 2073, - - 2063, 71, 71, 2067, 71, 2065, 2074, 2076, 71, 2072, - 2077, 2068, 71, 2075, 2078, 71, 2070, 2985, 71, 2066, - 2071, 2079, 2080, 2082, 2081, 71, 2985, 2089, 71, 71, - 2067, 71, 71, 2074, 71, 2083, 2072, 2077, 2084, 71, - 2075, 2085, 71, 2087, 71, 2086, 71, 71, 2079, 2080, - 2082, 2081, 71, 71, 71, 2088, 2090, 71, 2092, 2091, - 2093, 71, 2083, 2094, 2099, 2084, 71, 71, 2085, 2095, - 2087, 71, 2086, 2096, 2097, 2098, 2985, 71, 71, 71, - 71, 2985, 2088, 2090, 71, 2092, 2091, 2093, 71, 2100, - 2094, 71, 2110, 2985, 2985, 71, 2095, 2101, 2102, 2103, - - 2096, 2097, 2098, 71, 2104, 71, 71, 71, 71, 2105, - 2109, 2111, 2106, 2107, 2108, 2112, 2100, 71, 71, 71, - 71, 2113, 71, 2115, 2101, 2102, 2103, 2116, 71, 71, - 2114, 2104, 2117, 2118, 71, 71, 2105, 2109, 2111, 2106, - 2107, 2108, 2112, 2120, 71, 71, 2123, 2119, 2113, 71, - 2115, 2126, 2128, 2121, 71, 2124, 2122, 2114, 71, 71, - 2118, 71, 2125, 2129, 2130, 2127, 2132, 71, 2131, 71, - 2120, 71, 71, 71, 2119, 2134, 71, 71, 2126, 2128, - 2121, 2136, 2124, 2122, 71, 2133, 2135, 2137, 2138, 2125, - 71, 71, 2127, 71, 71, 2131, 2139, 2141, 71, 2140, - - 2143, 2144, 71, 71, 2146, 2152, 2149, 2147, 2136, 71, - 71, 2142, 2133, 2135, 71, 71, 71, 71, 2148, 71, - 2150, 2145, 71, 2139, 2141, 2154, 2140, 2143, 71, 71, - 71, 71, 71, 2149, 2147, 2151, 2153, 71, 2142, 71, - 2156, 2155, 2159, 2157, 71, 2148, 71, 2150, 2145, 71, - 71, 2158, 2154, 2160, 71, 71, 2161, 2162, 2165, 2163, - 2164, 2167, 2151, 2153, 2168, 71, 2166, 71, 2155, 2159, - 2157, 71, 71, 71, 2171, 71, 71, 71, 2158, 2172, - 2160, 71, 2173, 71, 2162, 71, 2163, 2164, 2167, 2169, - 2170, 2168, 2985, 2166, 2174, 2178, 2175, 2985, 71, 71, - - 71, 2171, 2179, 2180, 2182, 71, 2172, 2185, 71, 2173, - 71, 2176, 2181, 2177, 71, 2184, 2169, 2170, 71, 71, - 71, 2174, 2178, 2175, 71, 71, 2183, 2186, 2187, 2179, - 2180, 2182, 71, 2188, 2185, 2189, 2192, 71, 2176, 2181, - 2177, 2190, 2184, 2191, 2193, 71, 2194, 71, 71, 71, - 71, 2195, 2196, 2183, 2186, 2187, 2197, 2201, 71, 2198, - 2188, 2202, 2199, 2192, 2200, 71, 71, 71, 2190, 2203, - 71, 2193, 2204, 2194, 71, 71, 71, 71, 2195, 2196, - 71, 2205, 71, 2197, 2201, 2206, 2198, 2207, 71, 2199, - 2208, 2200, 2209, 71, 2213, 71, 2214, 2215, 2216, 2204, - - 2210, 71, 2211, 71, 2212, 71, 2985, 71, 2205, 71, - 71, 2218, 2206, 71, 2207, 2217, 2222, 2219, 71, 2209, - 2220, 2213, 71, 2214, 71, 2216, 71, 2210, 71, 2211, - 2221, 2212, 71, 71, 2223, 2225, 2226, 2228, 2218, 2224, - 71, 2227, 2217, 2222, 2219, 71, 71, 2220, 2229, 2230, - 71, 2231, 2232, 2233, 2985, 2235, 71, 2221, 2985, 2236, - 2234, 2223, 2225, 71, 71, 2237, 2224, 71, 2227, 2238, - 2240, 71, 71, 71, 71, 2229, 2230, 71, 71, 2239, - 71, 71, 2235, 71, 71, 2241, 2236, 2234, 2242, 2243, - 2244, 2245, 2237, 71, 2247, 2985, 2238, 2240, 71, 2246, - - 2248, 2249, 2253, 2250, 2256, 71, 2239, 2261, 71, 71, - 71, 71, 2241, 2251, 71, 71, 2243, 2244, 2245, 2252, - 71, 71, 71, 71, 2254, 71, 2246, 2248, 2249, 2253, - 2250, 71, 71, 2255, 2258, 2257, 71, 2259, 2262, 71, - 2251, 2260, 2263, 71, 2265, 2264, 2252, 2985, 71, 2266, - 2272, 2254, 2267, 71, 2268, 71, 71, 71, 71, 2269, - 2255, 2258, 2257, 71, 2259, 2262, 2270, 71, 2260, 2263, - 71, 2265, 2264, 71, 2271, 2273, 2266, 71, 2274, 2267, - 71, 2268, 71, 2275, 2276, 2277, 2269, 2278, 2282, 71, - 2279, 71, 71, 71, 2280, 2985, 71, 71, 71, 2283, - - 2281, 2271, 2273, 2284, 2285, 71, 2288, 2286, 2985, 71, - 2275, 2276, 2277, 2291, 2278, 71, 71, 2279, 71, 2287, - 2296, 2280, 71, 2290, 71, 2292, 71, 2281, 71, 2289, - 71, 2285, 2293, 2288, 2286, 71, 2294, 71, 71, 2295, - 71, 2297, 2300, 71, 2298, 71, 2287, 71, 2299, 71, - 2290, 71, 2292, 71, 2301, 2303, 2289, 2304, 2302, 2985, - 2985, 2305, 2308, 2294, 71, 2306, 2295, 71, 2297, 71, - 2307, 2298, 2309, 71, 71, 2299, 71, 71, 71, 71, - 2310, 2301, 2303, 71, 2304, 2302, 71, 71, 2305, 2308, - 2311, 2312, 2306, 2313, 71, 2314, 2315, 2307, 2316, 2309, - - 2317, 2321, 2318, 2985, 2319, 2985, 2320, 2310, 2323, 71, - 2324, 2322, 71, 71, 2325, 71, 71, 2311, 71, 2327, - 71, 71, 71, 71, 71, 2316, 71, 2317, 2321, 2318, - 71, 2319, 71, 2320, 2326, 2323, 2328, 2324, 2322, 2329, - 2331, 71, 71, 2330, 2332, 2333, 71, 2334, 2337, 2335, - 2336, 2985, 71, 2985, 2341, 71, 71, 71, 71, 71, - 71, 2326, 2338, 71, 2339, 71, 2329, 2331, 71, 71, - 2330, 2332, 2333, 2343, 2334, 71, 2335, 2336, 2340, 2342, - 71, 2341, 71, 2344, 2345, 71, 71, 2346, 2348, 2338, - 2349, 2339, 2347, 2985, 2350, 71, 2351, 71, 71, 71, - - 2343, 2355, 71, 2352, 71, 2340, 2342, 2353, 2985, 71, - 2344, 2345, 2356, 2354, 2346, 2348, 71, 2349, 2357, 2347, - 71, 2350, 2358, 2351, 2359, 2361, 2363, 2360, 71, 71, - 2352, 2985, 2365, 71, 2353, 71, 71, 71, 2362, 71, - 2354, 71, 2367, 2371, 71, 2357, 71, 2364, 71, 2358, - 71, 2359, 2361, 2363, 2360, 2366, 71, 2368, 2369, 2365, - 71, 2370, 71, 2372, 71, 2362, 2374, 71, 71, 2367, - 71, 2373, 2376, 2375, 2364, 2379, 2985, 2377, 2985, 2985, - 2385, 2387, 2366, 2378, 2368, 2369, 71, 71, 2370, 71, - 2372, 71, 71, 71, 2380, 71, 2381, 2383, 2373, 71, - - 2375, 2384, 2379, 2382, 2377, 71, 71, 71, 71, 71, - 2378, 2386, 71, 71, 2389, 2391, 2388, 2396, 2394, 2390, - 2398, 2380, 2392, 2381, 2383, 71, 71, 71, 2384, 71, - 2382, 2395, 2393, 2985, 2985, 2397, 2400, 71, 71, 71, - 71, 2389, 2391, 2388, 71, 2394, 2390, 71, 2403, 2392, - 2404, 2402, 2409, 2399, 71, 71, 71, 2401, 2395, 2393, - 71, 71, 2397, 2400, 2405, 71, 71, 2407, 2406, 2408, - 2410, 71, 71, 2412, 71, 2403, 71, 2404, 2402, 71, - 2399, 2411, 71, 2413, 2401, 2416, 2414, 2417, 2415, 2420, - 71, 2405, 2418, 71, 2407, 2406, 2408, 2410, 71, 71, - - 71, 71, 2419, 2421, 2422, 2423, 71, 2424, 2411, 71, - 2413, 71, 71, 2414, 2417, 2415, 71, 2425, 71, 2418, - 2426, 2427, 71, 2428, 2429, 71, 2431, 2430, 71, 2419, - 2421, 2422, 2423, 2432, 71, 71, 2434, 2985, 2435, 2437, - 2433, 71, 71, 71, 2425, 71, 2438, 71, 2427, 2439, - 2428, 2429, 71, 71, 2430, 2436, 2440, 71, 2441, 71, - 2432, 2444, 2442, 71, 71, 2435, 2437, 2433, 71, 71, - 2443, 2445, 2446, 2438, 71, 2449, 71, 2448, 2447, 2451, - 2454, 2985, 2436, 2440, 71, 71, 71, 2452, 2444, 2442, - 2455, 71, 71, 71, 71, 71, 2450, 2443, 2445, 2446, - - 2453, 71, 2449, 2460, 2448, 2447, 2451, 71, 71, 71, - 2456, 2457, 71, 2458, 2452, 2459, 2463, 71, 2462, 2461, - 2985, 2465, 71, 2450, 71, 2464, 2466, 2453, 71, 2468, - 71, 2469, 2472, 71, 2470, 71, 2467, 2456, 2457, 2471, - 2458, 71, 2459, 2463, 71, 2462, 2461, 71, 71, 2473, - 71, 2474, 2464, 71, 71, 71, 71, 2475, 2469, 2472, - 2476, 2477, 2478, 2467, 2985, 2985, 71, 2479, 2480, 2482, - 2481, 71, 2985, 2985, 71, 2483, 2473, 2484, 2485, 71, - 71, 2486, 71, 71, 2475, 71, 71, 2476, 2477, 2478, - 71, 71, 71, 2489, 2479, 2480, 2482, 2481, 2487, 71, - - 71, 2488, 2483, 71, 2484, 2485, 2490, 71, 2486, 2491, - 2493, 71, 2492, 2496, 2494, 71, 2498, 2499, 71, 2495, - 2489, 71, 2500, 2497, 71, 2487, 2985, 71, 2488, 71, - 71, 71, 2505, 2490, 71, 71, 2491, 2493, 2504, 2492, - 71, 2494, 2502, 2498, 2499, 2501, 2495, 2507, 2503, 71, - 2497, 2510, 2508, 71, 71, 71, 2506, 2509, 71, 71, - 2514, 71, 2985, 2511, 2512, 2504, 2985, 2513, 2516, 2502, - 2515, 2519, 2501, 2518, 71, 2503, 2517, 2520, 71, 71, - 2521, 71, 71, 2506, 71, 71, 71, 2514, 71, 71, - 2511, 2512, 2522, 71, 2513, 2516, 2523, 2515, 71, 71, - - 2518, 2524, 2525, 2517, 71, 2526, 2527, 71, 2528, 71, - 2530, 2985, 2531, 2529, 2532, 71, 2533, 71, 71, 2522, - 2534, 71, 2535, 2523, 2537, 2536, 2538, 71, 71, 2525, - 2539, 71, 2526, 2527, 71, 2540, 71, 2530, 71, 2531, - 71, 71, 2541, 71, 71, 2542, 2543, 2534, 2545, 2535, - 2544, 2537, 2536, 71, 71, 2546, 71, 2539, 2547, 71, - 71, 71, 71, 2548, 2551, 2549, 2557, 2552, 71, 2541, - 2550, 2553, 71, 2543, 71, 2545, 2555, 2544, 71, 2554, - 2556, 2985, 71, 2558, 2560, 71, 71, 71, 2561, 71, - 2548, 2551, 2559, 2557, 2552, 2567, 2563, 71, 2553, 2562, - - 71, 71, 2566, 71, 71, 2570, 2554, 2556, 71, 2568, - 71, 2560, 71, 2576, 71, 2561, 71, 2564, 2565, 2559, - 71, 2569, 2567, 2563, 71, 2571, 2562, 71, 2572, 2566, - 2573, 2575, 71, 71, 71, 2574, 2568, 2577, 2581, 71, - 71, 2578, 2985, 2579, 2564, 2565, 2580, 71, 2569, 71, - 2583, 2985, 2571, 2582, 2586, 2572, 2585, 71, 2575, 2584, - 71, 71, 71, 71, 2577, 2581, 2588, 71, 2578, 71, - 2579, 2587, 71, 2580, 71, 71, 2589, 2583, 71, 2590, - 2582, 2586, 2591, 2585, 2592, 2593, 2584, 2595, 71, 2596, - 2597, 2594, 2598, 71, 2600, 2985, 2599, 2601, 2587, 2985, - - 71, 2985, 2609, 2589, 71, 71, 2590, 71, 71, 71, - 71, 2592, 71, 71, 71, 2602, 2596, 2597, 2594, 2598, - 71, 71, 2603, 2599, 2601, 2604, 2606, 2607, 2608, 71, - 2605, 2610, 2613, 71, 71, 2611, 2612, 2615, 71, 2985, - 71, 71, 2602, 2614, 2616, 71, 71, 2617, 71, 2603, - 71, 2619, 71, 2606, 2607, 2608, 2636, 71, 71, 2613, - 2618, 71, 2611, 2612, 2615, 71, 2620, 71, 2622, 2621, - 2614, 2616, 2623, 2625, 2617, 71, 2624, 2629, 2630, 2626, - 2631, 71, 2627, 71, 2985, 2628, 2985, 2618, 71, 2634, - 71, 71, 2632, 2620, 71, 2622, 2621, 71, 2635, 2623, - - 2625, 71, 71, 2624, 71, 71, 2626, 71, 71, 2627, - 71, 2633, 2628, 2637, 2638, 2639, 2634, 2640, 71, 2632, - 71, 2641, 2643, 2642, 2644, 2635, 71, 71, 2645, 2985, - 71, 71, 2646, 2650, 2648, 71, 71, 2985, 2633, 2647, - 2637, 2638, 71, 2651, 2640, 71, 71, 71, 2641, 2643, - 2642, 2649, 2653, 2652, 2654, 2645, 71, 71, 71, 71, - 71, 2648, 2655, 2656, 2657, 2658, 2647, 71, 2659, 71, - 2651, 71, 71, 71, 2660, 71, 2661, 2662, 2649, 2653, - 2652, 2654, 2663, 71, 71, 2665, 2666, 71, 2664, 2655, - 2656, 2657, 2658, 2985, 71, 2659, 2667, 71, 2669, 2668, - - 2670, 71, 2672, 2661, 71, 2674, 71, 71, 2673, 71, - 71, 2671, 71, 2666, 2676, 2664, 71, 2675, 71, 2678, - 71, 2677, 2681, 2667, 2985, 2669, 2668, 71, 71, 2672, - 71, 71, 2674, 2679, 2680, 2673, 2682, 2684, 2671, 71, - 2683, 71, 2686, 2689, 2675, 2688, 2690, 71, 2677, 71, - 2687, 71, 71, 2693, 71, 71, 2685, 2694, 71, 2691, - 2679, 2680, 2695, 71, 71, 2699, 2700, 2683, 71, 2686, - 2696, 2692, 2688, 2690, 71, 71, 2698, 2687, 71, 2701, - 71, 71, 2702, 2685, 2694, 71, 2691, 2697, 71, 2695, - 71, 71, 71, 2700, 71, 2703, 2704, 2696, 2692, 2705, - - 2706, 2709, 2707, 2708, 2710, 2985, 2712, 71, 71, 2702, - 2713, 71, 71, 2711, 2697, 2714, 2715, 71, 71, 2717, - 2985, 71, 2703, 2704, 71, 2718, 2705, 2719, 71, 2707, - 2708, 71, 71, 2712, 2716, 2720, 2721, 71, 71, 2722, - 2711, 71, 71, 2715, 2724, 2723, 2717, 71, 2727, 71, - 2725, 2726, 71, 71, 71, 71, 71, 2728, 71, 2732, - 2729, 2716, 71, 2721, 2731, 2733, 71, 2736, 2737, 2730, - 2985, 2724, 2723, 71, 71, 2727, 71, 2725, 2726, 2738, - 2739, 2734, 71, 2741, 71, 2735, 71, 2729, 71, 71, - 2740, 2731, 2743, 71, 2736, 71, 2730, 71, 2742, 2744, - - 2745, 2748, 71, 71, 2985, 2749, 71, 2739, 2734, 2746, - 2750, 71, 2735, 71, 2747, 71, 71, 2740, 2756, 2743, - 71, 71, 71, 71, 2751, 2742, 71, 2745, 2748, 71, - 2752, 71, 2749, 2753, 2763, 2754, 2746, 2750, 71, 2755, - 71, 2747, 71, 71, 2759, 2756, 2757, 2758, 71, 2762, - 71, 2751, 2761, 2760, 2764, 2765, 71, 2752, 2766, 71, - 2753, 71, 2754, 71, 2767, 2774, 2755, 2768, 2769, 2770, - 2771, 2759, 2775, 2757, 2758, 71, 2762, 2776, 71, 2761, - 2760, 71, 2765, 2772, 2773, 71, 71, 2777, 71, 2780, - 2778, 71, 2774, 2781, 2779, 2783, 71, 71, 71, 71, - - 71, 71, 2784, 2782, 2776, 71, 2785, 2786, 2788, 2787, - 2790, 71, 71, 2789, 2777, 71, 2780, 2778, 71, 71, - 71, 2779, 2783, 2791, 71, 71, 71, 2793, 2798, 2784, - 2782, 2792, 2985, 2785, 2786, 2788, 2787, 71, 2794, 71, - 2789, 2795, 2796, 71, 2799, 2800, 71, 2797, 2802, 71, - 71, 2803, 2805, 2801, 2793, 2804, 71, 71, 2792, 71, - 71, 2806, 2807, 71, 2808, 2794, 2809, 2810, 2795, 2811, - 71, 2799, 2800, 71, 71, 2802, 2812, 2813, 2803, 71, - 2801, 2814, 2804, 71, 2815, 2816, 2818, 2817, 2806, 71, - 2819, 71, 2820, 71, 71, 2821, 71, 71, 2822, 2827, - - 71, 71, 71, 71, 71, 71, 2823, 2829, 71, 2824, - 71, 2815, 71, 2818, 2817, 2825, 2826, 2819, 2828, 2820, - 71, 2831, 71, 2832, 71, 2822, 71, 71, 71, 2830, - 71, 71, 71, 2823, 2829, 2833, 2824, 2834, 2835, 2836, - 2838, 71, 2825, 2826, 2837, 2828, 2839, 71, 2831, 71, - 2832, 71, 71, 2841, 2842, 2843, 2830, 71, 2840, 71, - 2844, 71, 2833, 2845, 2881, 2835, 2836, 2838, 71, 71, - 71, 2837, 2846, 2839, 2847, 2848, 71, 71, 2850, 2849, - 2841, 2842, 71, 2854, 2851, 2840, 71, 71, 71, 2985, - 71, 71, 71, 2852, 2853, 2855, 71, 2856, 71, 2846, - - 2857, 2847, 2848, 2985, 2858, 2850, 2849, 71, 71, 71, - 2854, 2851, 71, 2861, 71, 71, 71, 2859, 2860, 2865, - 2852, 2853, 2855, 71, 2856, 2862, 71, 2857, 2863, 71, - 2866, 2858, 2864, 2868, 71, 2867, 2869, 71, 2870, 71, - 2861, 71, 71, 71, 2859, 2860, 2865, 2871, 2872, 2873, - 2874, 2879, 2862, 71, 71, 2863, 2876, 2866, 71, 2864, - 71, 2875, 2867, 2869, 2877, 71, 2882, 2878, 71, 2880, - 2884, 2887, 2885, 71, 2871, 71, 71, 2874, 2879, 71, - 71, 71, 2886, 2876, 71, 2883, 71, 2890, 2875, 71, - 71, 2877, 71, 2882, 2878, 2888, 2880, 71, 71, 2885, - - 2891, 2889, 2892, 2893, 2894, 2895, 2896, 71, 2898, 2886, - 71, 71, 2883, 2899, 71, 2903, 71, 2897, 2900, 71, - 2985, 71, 2888, 2917, 71, 2901, 71, 2891, 2889, 2892, - 2893, 71, 71, 2896, 2902, 2898, 71, 71, 71, 2904, - 71, 2905, 2903, 2906, 2897, 2900, 71, 71, 2907, 2909, - 2908, 71, 2901, 2985, 2915, 71, 2910, 71, 2911, 2985, - 2912, 2902, 71, 71, 71, 2913, 2904, 71, 2905, 2916, - 2906, 2914, 2985, 2918, 71, 2907, 2909, 2908, 71, 71, - 71, 71, 2919, 2910, 2920, 2911, 2921, 2912, 2923, 2922, - 2924, 71, 2913, 2985, 2926, 2927, 2916, 71, 2914, 71, - - 2918, 2925, 2928, 2932, 71, 2929, 71, 2930, 71, 2919, - 71, 2920, 2934, 2921, 2935, 71, 2922, 71, 71, 2931, - 71, 71, 2927, 71, 2936, 71, 71, 71, 2925, 2928, - 2933, 2939, 2929, 2985, 2930, 71, 2940, 2944, 71, 2934, - 71, 2935, 2937, 2985, 71, 2938, 2931, 2941, 2942, 2985, - 2943, 71, 2945, 71, 2947, 71, 2949, 2933, 2939, 71, - 71, 2950, 71, 2940, 2944, 2948, 71, 2946, 71, 2937, - 2952, 2951, 2938, 71, 2941, 2942, 71, 2943, 2953, 2945, - 71, 2947, 71, 2949, 2954, 2955, 71, 71, 2950, 2956, - 71, 2957, 2948, 71, 2946, 2958, 2960, 2952, 2951, 2959, - - 2962, 2963, 2961, 2965, 71, 2953, 2970, 71, 71, 2964, - 2966, 71, 2955, 2967, 71, 71, 2956, 71, 71, 71, - 2969, 71, 2958, 2960, 71, 71, 2959, 2962, 71, 2961, - 2965, 2968, 71, 71, 2971, 2972, 2964, 2966, 2973, 71, - 2967, 2974, 71, 71, 2976, 2977, 71, 2969, 2981, 2975, - 2978, 2979, 2980, 2983, 2984, 2982, 71, 2985, 2968, 2985, - 2985, 2971, 2972, 71, 71, 2973, 2985, 2985, 71, 71, - 71, 71, 71, 71, 71, 2981, 2975, 2978, 2979, 2980, - 71, 71, 2982, 43, 43, 43, 43, 43, 43, 43, - 48, 48, 48, 48, 48, 48, 48, 53, 53, 53, - - 53, 53, 53, 53, 59, 59, 59, 59, 59, 59, - 59, 64, 64, 64, 64, 64, 64, 64, 74, 74, - 2985, 74, 74, 74, 74, 141, 141, 2985, 2985, 2985, - 141, 141, 143, 143, 2985, 2985, 143, 2985, 143, 145, - 2985, 2985, 2985, 2985, 2985, 145, 148, 148, 2985, 2985, - 2985, 148, 148, 150, 2985, 2985, 2985, 2985, 2985, 150, - 152, 152, 2985, 152, 152, 152, 152, 75, 75, 2985, - 75, 75, 75, 75, 13, 2985, 2985, 2985, 2985, 2985, - 2985, 2985, 2985, 2985, 2985, 2985, 2985, 2985, 2985, 2985, - 2985, 2985, 2985, 2985, 2985, 2985, 2985, 2985, 2985, 2985, - - 2985, 2985, 2985, 2985, 2985, 2985, 2985, 2985, 2985, 2985, - 2985, 2985, 2985, 2985, 2985, 2985, 2985, 2985, 2985, 2985, - 2985, 2985, 2985, 2985, 2985, 2985, 2985, 2985, 2985, 2985, - 2985, 2985, 2985, 2985, 2985, 2985, 2985, 2985, 2985, 2985, - 2985 + 18, 19, 20, 21, 22, 23, 22, 18, 18, 18, + 18, 18, 22, 24, 25, 26, 27, 28, 29, 18, + 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, + 40, 41, 42, 43, 44, 18, 18, 18, 45, 46, + 24, 25, 26, 27, 28, 29, 18, 30, 31, 32, + 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, + 43, 44, 18, 18, 18, 45, 48, 49, 50, 48, + 49, 50, 53, 54, 53, 54, 55, 118, 55, 58, + 59, 60, 61, 119, 22, 58, 59, 60, 61, 86, + 22, 64, 65, 66, 64, 65, 66, 87, 157, 157, + + 1219, 88, 85, 51, 118, 86, 51, 164, 164, 56, + 119, 56, 167, 75, 76, 77, 78, 62, 22, 75, + 76, 77, 78, 62, 22, 81, 82, 83, 67, 97, + 86, 67, 19, 20, 21, 69, 70, 71, 19, 20, + 21, 69, 70, 71, 81, 82, 83, 120, 108, 174, + 174, 79, 72, 156, 167, 86, 97, 79, 72, 86, + 134, 90, 84, 90, 90, 86, 90, 175, 109, 173, + 73, 86, 90, 86, 120, 108, 73, 172, 128, 72, + 156, 84, 157, 157, 86, 72, 112, 134, 110, 159, + 164, 164, 159, 170, 113, 109, 98, 399, 185, 91, + + 92, 93, 111, 99, 94, 128, 167, 100, 159, 95, + 101, 159, 86, 112, 86, 110, 86, 179, 96, 167, + 170, 113, 86, 98, 86, 185, 86, 92, 93, 111, + 99, 94, 86, 165, 100, 87, 95, 101, 85, 88, + 85, 85, 163, 85, 179, 96, 102, 162, 114, 85, + 103, 115, 186, 104, 178, 105, 106, 246, 116, 161, + 117, 161, 161, 286, 161, 86, 107, 90, 86, 90, + 90, 86, 90, 102, 86, 114, 121, 103, 115, 186, + 104, 178, 105, 106, 122, 116, 177, 117, 125, 86, + 123, 180, 126, 107, 124, 86, 153, 321, 86, 145, + + 154, 146, 86, 121, 155, 169, 176, 160, 127, 86, + 147, 122, 158, 177, 86, 125, 148, 123, 180, 126, + 86, 124, 86, 153, 149, 86, 145, 154, 146, 86, + 86, 155, 325, 176, 150, 127, 129, 147, 151, 152, + 130, 198, 175, 148, 174, 174, 131, 86, 86, 132, + 166, 149, 166, 166, 181, 166, 133, 171, 86, 171, + 171, 150, 171, 129, 86, 151, 152, 130, 198, 85, + 184, 85, 85, 131, 85, 194, 132, 173, 86, 86, + 85, 181, 182, 133, 135, 172, 167, 202, 136, 90, + 239, 90, 90, 195, 90, 183, 86, 184, 137, 138, + + 90, 139, 86, 190, 191, 165, 86, 86, 193, 182, + 86, 135, 86, 187, 202, 136, 86, 239, 192, 188, + 195, 189, 183, 86, 163, 137, 138, 91, 139, 140, + 190, 191, 141, 162, 86, 193, 196, 197, 203, 142, + 187, 1088, 206, 143, 144, 192, 188, 86, 189, 86, + 86, 86, 199, 200, 204, 86, 140, 160, 158, 141, + 201, 205, 211, 196, 197, 203, 142, 86, 86, 206, + 143, 144, 86, 207, 213, 3136, 208, 86, 221, 199, + 200, 204, 86, 86, 214, 222, 212, 201, 205, 209, + 210, 86, 3136, 3136, 86, 216, 3136, 86, 223, 217, + + 207, 213, 219, 208, 215, 221, 86, 220, 86, 224, + 86, 214, 222, 212, 226, 218, 209, 210, 86, 86, + 225, 229, 216, 86, 228, 223, 217, 234, 86, 219, + 227, 215, 233, 86, 220, 3136, 224, 86, 3136, 86, + 86, 226, 218, 230, 86, 231, 3136, 225, 229, 232, + 241, 228, 86, 86, 234, 235, 236, 227, 86, 233, + 240, 86, 86, 3136, 245, 237, 3136, 86, 255, 242, + 230, 238, 231, 247, 86, 261, 232, 241, 86, 86, + 243, 254, 235, 236, 244, 3136, 248, 240, 86, 86, + 251, 245, 237, 86, 253, 255, 242, 86, 238, 3136, + + 247, 252, 261, 249, 256, 86, 250, 243, 254, 260, + 86, 244, 86, 248, 257, 86, 263, 251, 264, 262, + 266, 253, 3136, 258, 86, 86, 267, 3136, 252, 265, + 249, 256, 3136, 250, 86, 259, 260, 3136, 3136, 86, + 86, 257, 86, 263, 167, 264, 262, 266, 86, 161, + 258, 161, 161, 267, 161, 166, 265, 166, 166, 268, + 166, 90, 259, 90, 90, 171, 90, 171, 171, 270, + 171, 271, 3136, 269, 272, 275, 274, 276, 86, 3136, + 281, 273, 279, 86, 278, 86, 282, 280, 283, 86, + 86, 86, 86, 86, 86, 277, 270, 284, 271, 169, + + 269, 272, 275, 274, 276, 86, 86, 86, 273, 279, + 285, 278, 86, 282, 280, 283, 295, 287, 3136, 86, + 296, 288, 277, 297, 284, 300, 301, 298, 3136, 299, + 302, 86, 304, 86, 307, 86, 86, 285, 289, 3136, + 86, 305, 86, 295, 3136, 86, 86, 296, 288, 86, + 297, 86, 300, 301, 298, 86, 299, 306, 303, 304, + 310, 307, 86, 86, 308, 289, 290, 309, 305, 86, + 86, 291, 3136, 311, 312, 318, 292, 3136, 3136, 86, + 322, 319, 293, 294, 306, 303, 327, 310, 86, 86, + 331, 308, 326, 290, 309, 86, 86, 86, 291, 86, + + 311, 312, 318, 292, 320, 335, 86, 322, 319, 293, + 294, 313, 323, 328, 314, 86, 315, 333, 86, 326, + 330, 334, 86, 324, 332, 86, 86, 329, 316, 3136, + 317, 320, 335, 338, 336, 337, 3136, 86, 313, 341, + 86, 314, 339, 315, 86, 86, 86, 330, 86, 86, + 324, 332, 3136, 86, 329, 316, 86, 317, 86, 340, + 338, 336, 337, 86, 86, 342, 341, 343, 345, 339, + 344, 346, 348, 3136, 347, 351, 352, 349, 350, 86, + 86, 86, 86, 354, 86, 353, 340, 357, 86, 86, + 86, 3136, 342, 363, 343, 345, 359, 344, 346, 86, + + 86, 347, 351, 352, 86, 350, 358, 355, 356, 3136, + 362, 360, 353, 86, 361, 86, 86, 364, 86, 86, + 365, 366, 86, 359, 367, 86, 3136, 368, 86, 369, + 86, 370, 373, 358, 355, 356, 86, 362, 360, 86, + 86, 361, 371, 374, 376, 377, 378, 365, 86, 86, + 384, 367, 381, 86, 368, 86, 369, 380, 86, 86, + 375, 167, 383, 382, 86, 372, 86, 86, 86, 379, + 374, 376, 377, 378, 86, 385, 86, 86, 386, 381, + 388, 387, 86, 389, 380, 86, 390, 375, 391, 383, + 382, 392, 372, 398, 395, 86, 379, 86, 393, 86, + + 86, 3136, 397, 86, 86, 386, 396, 86, 387, 394, + 389, 86, 86, 390, 400, 391, 401, 86, 392, 86, + 398, 402, 404, 86, 403, 393, 86, 86, 405, 397, + 86, 406, 407, 396, 86, 86, 394, 409, 408, 411, + 410, 400, 86, 401, 413, 412, 417, 86, 402, 404, + 86, 403, 86, 86, 86, 405, 86, 414, 406, 407, + 416, 418, 3136, 423, 422, 408, 3136, 410, 86, 86, + 86, 86, 412, 417, 415, 419, 86, 421, 86, 420, + 86, 424, 86, 86, 414, 425, 86, 416, 86, 86, + 423, 422, 426, 86, 86, 427, 3136, 429, 428, 433, + + 430, 415, 419, 86, 421, 86, 420, 86, 424, 86, + 434, 431, 425, 435, 86, 86, 436, 445, 443, 426, + 444, 3136, 427, 86, 429, 428, 433, 430, 432, 86, + 449, 86, 3136, 462, 450, 86, 86, 86, 431, 86, + 435, 468, 86, 436, 445, 443, 3136, 444, 86, 86, + 3136, 446, 491, 447, 86, 432, 437, 449, 451, 438, + 86, 450, 452, 453, 439, 440, 441, 442, 468, 448, + 459, 454, 3136, 86, 86, 86, 455, 456, 446, 86, + 447, 460, 86, 437, 461, 451, 438, 86, 463, 452, + 453, 439, 440, 441, 442, 457, 448, 459, 458, 86, + + 464, 86, 86, 86, 456, 86, 465, 466, 460, 467, + 86, 461, 469, 471, 477, 463, 470, 488, 86, 86, + 490, 472, 457, 473, 86, 458, 86, 464, 86, 86, + 475, 476, 474, 465, 466, 86, 467, 86, 478, 469, + 481, 483, 482, 470, 488, 86, 86, 86, 472, 479, + 473, 492, 86, 86, 86, 480, 504, 475, 476, 474, + 86, 484, 86, 489, 86, 478, 528, 481, 483, 482, + 520, 86, 3136, 86, 485, 521, 479, 486, 492, 487, + 505, 493, 480, 504, 506, 86, 503, 494, 484, 86, + 489, 495, 86, 86, 519, 555, 86, 507, 86, 496, + + 3136, 485, 86, 510, 486, 86, 487, 505, 493, 508, + 86, 506, 86, 503, 494, 3136, 86, 522, 495, 518, + 86, 519, 555, 525, 507, 509, 496, 497, 523, 498, + 510, 86, 524, 86, 167, 86, 508, 3136, 86, 526, + 86, 530, 499, 527, 522, 500, 518, 501, 86, 502, + 525, 86, 509, 86, 497, 523, 498, 86, 531, 524, + 3136, 529, 86, 3136, 532, 3136, 526, 3136, 530, 499, + 527, 86, 500, 533, 501, 3136, 502, 511, 512, 534, + 540, 538, 3136, 86, 541, 531, 535, 513, 529, 514, + 515, 516, 536, 86, 517, 537, 86, 539, 583, 86, + + 533, 545, 86, 86, 511, 512, 534, 86, 538, 86, + 86, 541, 86, 535, 513, 543, 514, 515, 516, 536, + 542, 517, 537, 544, 539, 86, 546, 86, 86, 547, + 86, 551, 548, 86, 549, 550, 86, 552, 86, 558, + 86, 553, 543, 563, 554, 3136, 559, 542, 86, 556, + 544, 561, 86, 546, 86, 86, 547, 86, 551, 548, + 606, 560, 86, 86, 552, 86, 558, 557, 553, 86, + 563, 554, 562, 559, 86, 564, 556, 86, 561, 566, + 86, 565, 567, 570, 574, 571, 86, 606, 560, 3136, + 86, 572, 86, 568, 557, 569, 576, 573, 575, 562, + + 86, 86, 564, 577, 86, 578, 566, 86, 565, 567, + 570, 579, 571, 581, 86, 86, 86, 86, 572, 586, + 568, 580, 569, 576, 573, 575, 86, 582, 86, 86, + 577, 584, 578, 86, 587, 585, 588, 3136, 579, 86, + 581, 86, 591, 589, 590, 86, 586, 597, 580, 86, + 86, 592, 595, 86, 582, 86, 86, 593, 584, 86, + 598, 596, 585, 588, 86, 594, 86, 86, 86, 591, + 589, 590, 599, 86, 597, 86, 601, 600, 592, 595, + 602, 3136, 3136, 86, 593, 605, 603, 598, 596, 604, + 3136, 86, 594, 607, 611, 86, 86, 3136, 609, 599, + + 86, 86, 617, 601, 600, 610, 86, 602, 86, 608, + 618, 86, 605, 603, 612, 86, 604, 86, 619, 86, + 607, 611, 613, 86, 614, 609, 615, 616, 86, 86, + 620, 86, 610, 86, 86, 621, 608, 618, 691, 622, + 86, 612, 623, 624, 626, 627, 625, 86, 86, 613, + 86, 614, 86, 615, 616, 629, 86, 620, 86, 86, + 630, 628, 621, 632, 633, 691, 622, 86, 86, 623, + 624, 626, 635, 625, 636, 634, 86, 86, 86, 86, + 86, 637, 629, 631, 638, 639, 86, 640, 628, 3136, + 632, 633, 86, 651, 652, 642, 86, 86, 86, 635, + + 86, 636, 634, 86, 653, 641, 86, 86, 637, 86, + 631, 638, 639, 86, 640, 654, 656, 655, 3136, 3136, + 651, 652, 642, 86, 3136, 3136, 667, 86, 86, 3136, + 3136, 653, 641, 643, 660, 659, 3136, 663, 644, 86, + 645, 657, 654, 656, 655, 658, 646, 86, 647, 676, + 86, 648, 649, 667, 3136, 86, 86, 86, 650, 86, + 643, 660, 659, 86, 663, 644, 661, 645, 657, 662, + 664, 666, 658, 646, 669, 647, 676, 86, 648, 649, + 665, 86, 86, 668, 674, 650, 670, 86, 671, 680, + 86, 672, 673, 661, 675, 677, 662, 86, 666, 86, + + 86, 669, 86, 678, 86, 679, 86, 665, 681, 683, + 668, 674, 86, 670, 684, 671, 680, 86, 672, 673, + 86, 675, 677, 86, 682, 86, 685, 86, 686, 689, + 678, 3136, 679, 695, 687, 681, 683, 167, 690, 688, + 692, 684, 86, 86, 694, 86, 86, 86, 693, 696, + 86, 682, 86, 697, 699, 686, 689, 698, 86, 3136, + 695, 687, 86, 86, 700, 690, 688, 692, 701, 86, + 702, 694, 86, 713, 704, 693, 86, 703, 705, 86, + 706, 714, 709, 86, 698, 86, 86, 707, 716, 86, + 708, 700, 86, 86, 710, 701, 86, 702, 86, 711, + + 86, 704, 86, 715, 703, 705, 712, 706, 86, 709, + 717, 718, 722, 719, 707, 86, 3136, 708, 720, 721, + 86, 724, 723, 725, 731, 86, 86, 726, 728, 86, + 727, 3136, 86, 712, 736, 86, 86, 86, 733, 722, + 730, 732, 86, 86, 86, 86, 721, 86, 724, 723, + 725, 86, 86, 729, 726, 728, 86, 727, 738, 734, + 737, 86, 735, 86, 86, 733, 86, 730, 732, 86, + 739, 86, 743, 746, 742, 740, 3136, 745, 748, 741, + 729, 86, 86, 86, 744, 738, 734, 737, 86, 735, + 747, 86, 750, 86, 86, 86, 749, 739, 86, 743, + + 746, 742, 740, 751, 745, 748, 741, 752, 86, 759, + 753, 744, 86, 755, 756, 3136, 758, 747, 86, 760, + 757, 86, 763, 749, 86, 764, 762, 86, 770, 86, + 751, 86, 754, 86, 752, 86, 759, 753, 86, 86, + 755, 756, 86, 758, 761, 765, 760, 757, 86, 763, + 767, 768, 86, 762, 766, 769, 772, 776, 86, 754, + 86, 86, 86, 86, 771, 773, 774, 779, 775, 86, + 86, 761, 765, 778, 781, 780, 783, 767, 768, 86, + 86, 766, 769, 772, 776, 86, 86, 777, 782, 791, + 3136, 771, 86, 786, 86, 775, 86, 86, 86, 86, + + 778, 796, 780, 783, 784, 787, 86, 86, 788, 785, + 792, 793, 86, 797, 777, 782, 800, 794, 86, 86, + 786, 86, 789, 790, 795, 802, 3136, 86, 796, 86, + 86, 86, 787, 86, 805, 788, 86, 792, 793, 86, + 797, 798, 801, 806, 794, 86, 807, 86, 86, 789, + 790, 795, 802, 803, 808, 809, 799, 86, 804, 815, + 86, 805, 86, 810, 3136, 86, 811, 812, 798, 801, + 806, 86, 86, 807, 816, 86, 86, 814, 813, 3136, + 86, 808, 809, 799, 86, 86, 86, 818, 817, 820, + 810, 86, 821, 811, 812, 819, 822, 86, 86, 86, + + 86, 816, 824, 826, 814, 813, 86, 86, 823, 827, + 829, 86, 825, 828, 818, 817, 820, 86, 86, 821, + 86, 86, 819, 822, 836, 86, 3136, 3136, 838, 830, + 826, 831, 832, 86, 86, 823, 827, 829, 86, 825, + 828, 86, 86, 833, 834, 835, 86, 837, 841, 840, + 839, 836, 86, 86, 86, 838, 830, 86, 831, 832, + 86, 843, 3136, 848, 86, 842, 846, 847, 844, 850, + 833, 834, 835, 86, 837, 841, 840, 839, 86, 86, + 86, 845, 849, 86, 851, 86, 854, 86, 843, 86, + 848, 86, 842, 846, 847, 844, 850, 853, 852, 855, + + 856, 857, 86, 862, 86, 3136, 86, 86, 845, 849, + 858, 851, 86, 854, 859, 3136, 86, 86, 86, 860, + 861, 86, 863, 864, 853, 852, 855, 856, 857, 865, + 862, 866, 167, 86, 86, 86, 86, 858, 86, 3136, + 867, 859, 86, 869, 870, 871, 860, 861, 868, 863, + 864, 872, 873, 86, 874, 876, 865, 86, 86, 86, + 877, 875, 86, 878, 3136, 879, 86, 867, 3136, 86, + 86, 870, 871, 880, 891, 868, 86, 86, 883, 873, + 881, 874, 876, 86, 86, 86, 86, 877, 875, 86, + 893, 894, 879, 86, 882, 86, 86, 3136, 3136, 892, + + 880, 891, 3136, 895, 896, 883, 3136, 881, 86, 86, + 897, 901, 86, 3136, 3136, 86, 904, 893, 894, 898, + 86, 882, 884, 902, 86, 885, 892, 899, 900, 886, + 895, 896, 887, 86, 903, 912, 86, 897, 901, 888, + 889, 86, 890, 941, 86, 86, 898, 86, 86, 884, + 902, 914, 885, 86, 899, 900, 886, 86, 913, 887, + 86, 903, 912, 915, 86, 86, 888, 889, 916, 890, + 905, 906, 917, 907, 919, 86, 908, 918, 914, 920, + 923, 909, 3136, 922, 3136, 913, 3136, 910, 911, 924, + 915, 926, 86, 3136, 86, 916, 86, 905, 906, 921, + + 907, 919, 86, 908, 86, 86, 920, 923, 909, 86, + 922, 86, 925, 86, 910, 911, 924, 927, 86, 929, + 928, 931, 930, 932, 933, 935, 921, 86, 86, 934, + 947, 86, 937, 940, 86, 86, 3136, 86, 86, 925, + 936, 943, 86, 86, 927, 86, 929, 928, 931, 930, + 932, 933, 935, 86, 938, 86, 934, 939, 86, 937, + 940, 942, 86, 86, 944, 946, 948, 936, 86, 945, + 950, 3136, 86, 949, 3136, 3136, 952, 951, 954, 955, + 953, 938, 957, 86, 939, 3136, 3136, 86, 942, 956, + 958, 86, 946, 959, 961, 86, 86, 86, 86, 86, + + 949, 86, 86, 952, 951, 86, 86, 953, 86, 957, + 960, 962, 86, 86, 963, 964, 956, 958, 86, 965, + 959, 86, 966, 968, 967, 3136, 86, 86, 3136, 86, + 969, 971, 972, 86, 974, 970, 86, 960, 962, 977, + 86, 963, 86, 973, 978, 975, 965, 86, 1000, 966, + 968, 967, 86, 86, 86, 86, 86, 969, 971, 972, + 976, 974, 970, 86, 979, 980, 982, 981, 987, 3136, + 973, 86, 975, 983, 86, 86, 86, 86, 984, 986, + 86, 989, 988, 990, 86, 3136, 985, 976, 86, 86, + 86, 979, 980, 982, 981, 86, 993, 995, 997, 3136, + + 983, 86, 86, 86, 86, 984, 986, 991, 989, 988, + 990, 992, 994, 985, 86, 86, 996, 998, 86, 86, + 86, 86, 999, 993, 995, 997, 86, 1001, 1003, 1004, + 86, 1002, 1005, 1008, 991, 1006, 86, 3136, 992, 994, + 1009, 1007, 86, 996, 998, 86, 86, 86, 86, 999, + 1011, 1010, 1012, 86, 1001, 1003, 1004, 86, 1002, 1005, + 86, 1014, 1006, 86, 1017, 1013, 86, 1009, 1007, 86, + 1019, 86, 86, 1015, 1018, 1016, 1020, 1011, 1010, 1012, + 1021, 86, 86, 86, 1022, 1023, 1024, 86, 1014, 1031, + 3136, 1025, 1013, 1028, 3136, 1026, 86, 1019, 1029, 86, + + 1015, 1030, 1016, 1027, 86, 1032, 86, 1021, 86, 86, + 86, 1035, 1034, 1024, 1033, 86, 86, 86, 1025, 1037, + 1028, 86, 1026, 86, 1036, 1029, 86, 86, 1030, 86, + 1027, 86, 1032, 1038, 1039, 1040, 1042, 3136, 1044, 1034, + 1041, 1033, 86, 86, 1045, 1043, 86, 1046, 86, 86, + 1048, 1036, 1049, 1047, 86, 86, 86, 1050, 86, 1051, + 1038, 1039, 1059, 1042, 86, 1044, 86, 167, 86, 1060, + 86, 1045, 1043, 1061, 1046, 86, 1052, 1048, 1062, 1049, + 1047, 1063, 86, 86, 1050, 86, 1051, 1085, 86, 1059, + 3136, 1064, 86, 1067, 1066, 3136, 1060, 1065, 1068, 3136, + + 1061, 3136, 3136, 1052, 1053, 86, 1054, 86, 1063, 86, + 1055, 86, 1056, 1072, 86, 86, 1071, 1057, 1064, 86, + 1067, 1066, 1058, 1073, 1065, 1068, 86, 1069, 86, 1075, + 1078, 1053, 1070, 1054, 86, 1074, 1079, 1055, 1076, 1056, + 1072, 86, 1080, 1071, 1057, 86, 86, 1081, 1077, 1058, + 1073, 1082, 1083, 86, 1086, 86, 1075, 1078, 86, 86, + 86, 1084, 1074, 1079, 86, 1076, 1087, 1089, 1090, 1080, + 86, 1092, 3136, 86, 1081, 1077, 1091, 3136, 1082, 1083, + 86, 1100, 86, 1101, 86, 1105, 86, 1102, 1084, 1104, + 3136, 1103, 3136, 86, 1106, 1090, 86, 1110, 1092, 86, + + 86, 3136, 3136, 1091, 1093, 86, 86, 86, 1100, 1094, + 1101, 1095, 1105, 86, 1102, 86, 1104, 1096, 1103, 1107, + 1108, 1106, 1097, 1098, 86, 1109, 1113, 1114, 86, 1099, + 86, 1093, 86, 86, 1111, 1112, 1094, 1115, 1095, 1116, + 1117, 1118, 86, 1123, 1096, 86, 1107, 1108, 1135, 1097, + 1098, 86, 1109, 86, 1114, 1120, 1099, 86, 86, 1119, + 1121, 1111, 1112, 86, 1115, 1122, 1116, 86, 1118, 1125, + 1124, 1126, 86, 86, 1127, 86, 86, 86, 86, 1130, + 86, 86, 1120, 1129, 1133, 1131, 1119, 1121, 86, 1128, + 86, 1132, 1122, 86, 86, 3136, 1125, 1124, 1126, 1139, + + 1137, 1127, 86, 86, 1134, 86, 1130, 86, 1136, 86, + 1129, 1133, 1131, 86, 86, 1138, 1128, 1140, 1132, 86, + 1141, 1142, 86, 1143, 1144, 1146, 1139, 1137, 3136, 86, + 86, 1134, 1145, 86, 1147, 1136, 1148, 1153, 1150, 1149, + 1154, 3136, 1138, 86, 1140, 86, 86, 1141, 1142, 86, + 1143, 1144, 1146, 86, 86, 1155, 1156, 1151, 1160, 1145, + 86, 1147, 1152, 86, 1153, 1150, 1149, 1154, 86, 86, + 1157, 1159, 86, 1158, 1161, 1162, 3136, 86, 1164, 86, + 86, 1163, 1155, 1156, 86, 1160, 86, 1165, 86, 86, + 1166, 1167, 1168, 1170, 1172, 1179, 1169, 1157, 1159, 86, + + 1158, 1161, 86, 1171, 86, 86, 1173, 86, 1163, 1174, + 86, 1175, 86, 1176, 1165, 86, 86, 1166, 1167, 1168, + 1170, 1172, 1178, 1169, 1177, 86, 86, 86, 86, 1180, + 1171, 86, 1181, 1173, 86, 86, 1174, 1182, 1175, 1183, + 1176, 1184, 3136, 86, 1185, 1187, 86, 1186, 1189, 1178, + 86, 1177, 86, 86, 1188, 86, 86, 1190, 1191, 1181, + 1192, 1193, 86, 86, 1182, 1195, 1183, 86, 1184, 1194, + 1198, 1185, 1187, 1197, 1186, 1189, 1196, 1199, 86, 1200, + 86, 1188, 86, 86, 3136, 86, 1203, 1192, 1193, 86, + 86, 86, 1201, 1202, 1205, 86, 1194, 86, 1206, 86, + + 1197, 1204, 86, 1196, 1199, 1208, 86, 1207, 1210, 86, + 86, 86, 1209, 1203, 86, 1211, 86, 1212, 86, 1201, + 1202, 1205, 86, 86, 1213, 1206, 1214, 86, 1204, 1215, + 1216, 1217, 1208, 1220, 1207, 1210, 86, 1218, 86, 1209, + 1225, 1221, 86, 1223, 86, 86, 1222, 86, 86, 86, + 3136, 1213, 86, 1214, 86, 1224, 86, 1216, 1217, 86, + 1220, 1227, 1226, 86, 1218, 1228, 1229, 86, 1221, 167, + 1223, 1232, 1230, 1222, 86, 1234, 1233, 86, 1231, 1235, + 3136, 86, 1224, 86, 3136, 1237, 1236, 1238, 1227, 1226, + 3136, 1239, 1228, 1229, 86, 1241, 86, 1247, 86, 1230, + + 3136, 3136, 1240, 1233, 86, 1231, 1244, 86, 86, 86, + 86, 86, 1237, 1236, 1238, 86, 1242, 86, 1239, 1243, + 1245, 1248, 1241, 1246, 86, 1250, 86, 86, 86, 1240, + 1249, 86, 86, 1244, 86, 1251, 1257, 86, 1252, 86, + 3136, 1258, 1259, 1242, 1253, 86, 1243, 1245, 1248, 1260, + 1246, 1263, 1250, 1254, 1261, 1255, 86, 1249, 1256, 86, + 1262, 1265, 1251, 1257, 86, 1252, 86, 86, 1258, 1259, + 86, 1253, 1266, 86, 86, 86, 86, 3136, 1263, 1267, + 1254, 1261, 1255, 1264, 1268, 1256, 1270, 1262, 1265, 1269, + 86, 86, 86, 1271, 1272, 1273, 1274, 1275, 1276, 1266, + + 1280, 86, 86, 1278, 86, 86, 1267, 1277, 86, 86, + 1264, 1268, 86, 1270, 1279, 1372, 1269, 1285, 86, 86, + 1271, 1272, 86, 1274, 1275, 1276, 86, 1280, 1281, 86, + 1278, 1282, 86, 1283, 1277, 1284, 1286, 86, 1287, 86, + 86, 1279, 86, 1288, 1285, 1289, 86, 86, 86, 86, + 1290, 86, 1291, 1295, 86, 1281, 1294, 1296, 1282, 1292, + 1283, 1293, 1284, 1286, 86, 1287, 86, 1297, 86, 86, + 1288, 86, 1289, 1298, 86, 1299, 1300, 1290, 1301, 1291, + 86, 1304, 86, 1294, 1296, 86, 1292, 1306, 1293, 86, + 1302, 1305, 86, 86, 1297, 1303, 3136, 1307, 86, 1314, + + 1298, 86, 1299, 1300, 86, 1301, 1316, 1333, 1304, 1315, + 1318, 3136, 3136, 86, 1306, 1317, 1320, 1319, 1305, 1323, + 86, 3136, 86, 86, 1307, 1308, 1314, 86, 1309, 1310, + 3136, 1321, 86, 1311, 1333, 86, 1315, 1318, 86, 1312, + 1322, 86, 1317, 1313, 1319, 86, 1323, 86, 86, 1325, + 1330, 1324, 1308, 86, 1329, 1309, 1310, 86, 1321, 1326, + 1311, 1327, 86, 86, 1328, 1331, 1312, 1322, 86, 1335, + 1313, 86, 86, 1332, 1336, 86, 1325, 1330, 1324, 3136, + 1334, 1329, 1337, 86, 1344, 1338, 1326, 1347, 1327, 86, + 3136, 1328, 1331, 3136, 1348, 86, 1345, 1346, 3136, 3136, + + 1332, 86, 3136, 86, 86, 1351, 86, 1334, 86, 1337, + 86, 1344, 1338, 1339, 1347, 1349, 1356, 86, 1340, 1350, + 1341, 1348, 1342, 86, 1343, 86, 1354, 86, 86, 1352, + 1355, 86, 1351, 1359, 1353, 86, 1358, 1357, 86, 1361, + 1339, 86, 1349, 1356, 86, 1340, 1350, 1341, 1360, 1342, + 86, 1343, 86, 1354, 86, 1362, 86, 1355, 1363, 1364, + 1359, 86, 1369, 1358, 1357, 1368, 1361, 1365, 1366, 1367, + 1370, 86, 86, 1374, 1375, 1360, 1371, 3136, 86, 1373, + 86, 1376, 86, 86, 86, 1363, 1364, 86, 1377, 1369, + 86, 86, 1368, 1379, 1365, 1366, 1367, 1370, 86, 86, + + 86, 1375, 1380, 1371, 1378, 86, 1373, 1381, 1376, 1382, + 86, 86, 86, 1383, 86, 1377, 1384, 1385, 1386, 1387, + 1379, 1388, 3136, 86, 86, 1389, 1390, 3136, 86, 86, + 3136, 1378, 1391, 86, 1381, 1393, 86, 1392, 86, 86, + 1383, 1394, 1395, 1384, 1385, 1386, 86, 1405, 1388, 86, + 86, 1396, 1389, 1390, 86, 86, 86, 1397, 1398, 1391, + 86, 1399, 1393, 86, 1392, 1401, 86, 1400, 1394, 1395, + 1403, 86, 1406, 1402, 1405, 1408, 1404, 1409, 1396, 86, + 1410, 1407, 1412, 86, 1397, 1398, 86, 86, 1399, 86, + 1415, 1411, 1401, 86, 1400, 86, 86, 1403, 86, 1406, + + 1402, 86, 1408, 1404, 1413, 1416, 86, 1414, 1407, 86, + 1421, 3136, 86, 86, 86, 86, 1417, 1415, 1411, 1419, + 1420, 1418, 86, 86, 86, 1422, 86, 1424, 1423, 1427, + 3136, 1413, 86, 167, 1414, 1428, 86, 1431, 1425, 1429, + 3136, 3136, 86, 1417, 1426, 1430, 1419, 1420, 1418, 86, + 86, 86, 86, 1432, 86, 1423, 1427, 86, 1436, 86, + 86, 1434, 1428, 86, 1431, 1425, 1429, 1433, 1435, 86, + 86, 1426, 1430, 1437, 1438, 1439, 1440, 86, 1442, 1443, + 1432, 1441, 3136, 86, 1444, 86, 1445, 86, 1434, 3136, + 86, 1454, 1446, 1452, 1433, 1435, 86, 86, 1451, 86, + + 1437, 1438, 1439, 86, 86, 1442, 1443, 1449, 86, 1447, + 1450, 1444, 1448, 1445, 1453, 1455, 86, 1456, 86, 1446, + 1452, 86, 1459, 86, 3136, 1451, 1457, 86, 1462, 86, + 86, 1458, 1463, 86, 1449, 1465, 1447, 1450, 86, 1448, + 3136, 1453, 1455, 1461, 1456, 1460, 86, 1464, 1467, 1459, + 86, 1470, 86, 1466, 86, 1462, 86, 86, 86, 1463, + 86, 86, 1465, 1471, 1468, 1474, 3136, 1469, 1475, 1477, + 1461, 3136, 1460, 86, 1464, 1467, 86, 86, 1470, 1472, + 1466, 1473, 86, 86, 1476, 1481, 86, 1478, 86, 86, + 1471, 1468, 86, 1479, 1469, 1475, 1477, 86, 1482, 86, + + 1483, 1480, 1492, 1485, 1484, 86, 1472, 86, 1473, 86, + 1486, 1476, 1481, 86, 1478, 1489, 1493, 1487, 86, 1488, + 1479, 86, 86, 1491, 1496, 1482, 86, 1483, 1480, 86, + 1485, 1484, 1490, 1497, 86, 1494, 86, 1486, 86, 1495, + 86, 1500, 1489, 1499, 1487, 86, 1488, 3136, 86, 1498, + 1491, 86, 86, 1502, 86, 1503, 86, 1501, 1505, 1490, + 1497, 86, 1494, 3136, 1504, 86, 1495, 86, 1500, 86, + 1499, 86, 1506, 86, 1507, 1508, 1498, 86, 1514, 1513, + 1502, 86, 1503, 86, 1501, 1505, 86, 86, 1509, 1515, + 1511, 1504, 1516, 1510, 86, 1512, 1517, 86, 3136, 1506, + + 86, 1507, 1508, 1518, 86, 1514, 1513, 1519, 1522, 1521, + 1520, 1523, 1524, 86, 86, 86, 1515, 86, 86, 1516, + 86, 1525, 86, 1517, 1526, 86, 1528, 1527, 3136, 3136, + 1518, 3136, 86, 86, 1519, 1529, 1521, 1520, 1523, 1524, + 86, 1530, 1531, 86, 1532, 1535, 1533, 1539, 86, 86, + 86, 1526, 86, 86, 1527, 1534, 1537, 86, 86, 86, + 1536, 86, 1529, 1538, 1540, 1543, 1541, 1544, 1530, 1531, + 1545, 1532, 1535, 1533, 86, 1542, 3136, 1551, 86, 86, + 86, 1550, 1534, 1537, 86, 86, 86, 1536, 86, 86, + 1538, 86, 1543, 1541, 1544, 1546, 1549, 1545, 86, 1547, + + 1552, 1554, 1542, 86, 1551, 86, 1553, 86, 1550, 1555, + 1556, 1560, 1548, 1557, 3136, 3136, 1558, 86, 3136, 1559, + 86, 1561, 1546, 1549, 1566, 86, 1547, 1552, 86, 1565, + 86, 86, 3136, 1553, 86, 1571, 1555, 1570, 1560, 1548, + 1557, 86, 86, 1558, 86, 1562, 1559, 1563, 1561, 1567, + 1564, 86, 86, 1568, 1573, 3136, 86, 86, 86, 86, + 1569, 86, 1572, 86, 1570, 1575, 1574, 86, 1576, 86, + 1578, 1579, 1562, 1577, 1563, 3136, 1567, 1564, 86, 86, + 1568, 86, 86, 1580, 86, 1581, 1585, 1569, 1587, 1572, + 86, 1582, 86, 1574, 86, 1576, 1583, 1578, 1579, 1584, + + 1577, 86, 86, 86, 1586, 1597, 1588, 86, 86, 1590, + 1580, 86, 1581, 1585, 86, 1587, 1589, 86, 1582, 1592, + 1591, 86, 86, 1583, 86, 86, 1584, 1593, 1594, 1595, + 1596, 1586, 86, 1588, 1599, 1598, 1590, 86, 1600, 1601, + 86, 86, 86, 1589, 86, 86, 1592, 1591, 1603, 1606, + 1605, 86, 1602, 3136, 1593, 1594, 1595, 1596, 86, 1604, + 1608, 1599, 1598, 1607, 86, 1600, 1601, 86, 86, 86, + 1609, 86, 86, 1614, 167, 1603, 86, 1605, 1612, 1602, + 1610, 1611, 1613, 86, 86, 1616, 1604, 1608, 86, 1615, + 1607, 86, 86, 1619, 1617, 1618, 1620, 1609, 1623, 86, + + 1614, 86, 1621, 86, 1622, 1612, 1625, 1610, 1611, 1613, + 1624, 86, 1616, 86, 1627, 86, 1615, 86, 1629, 1626, + 1619, 1617, 1618, 1620, 1645, 1628, 86, 86, 1630, 1621, + 86, 1622, 86, 86, 1632, 3136, 1633, 1624, 86, 86, + 1631, 86, 1635, 86, 1634, 1629, 1626, 1636, 1637, 1639, + 86, 86, 1628, 1638, 3136, 1630, 86, 86, 86, 86, + 86, 1632, 86, 1633, 1649, 1646, 1640, 1631, 1650, 1635, + 1641, 1634, 86, 1653, 1636, 1637, 1639, 86, 1647, 86, + 1638, 86, 86, 1642, 1652, 1654, 1643, 86, 1656, 3136, + 86, 1649, 1646, 1640, 1648, 1650, 1655, 1641, 1644, 1651, + + 86, 86, 86, 1657, 1658, 1647, 1659, 86, 86, 1665, + 1642, 1652, 1663, 1643, 86, 1656, 1662, 86, 86, 86, + 1660, 1648, 1661, 1655, 86, 1644, 1651, 1664, 86, 86, + 1657, 86, 1666, 1659, 86, 1667, 86, 1668, 1669, 1663, + 1671, 86, 86, 1662, 1670, 1674, 1672, 1660, 1675, 1661, + 1673, 86, 86, 3136, 1664, 86, 3136, 86, 3136, 86, + 1681, 1676, 1667, 1677, 86, 1669, 86, 86, 86, 86, + 1678, 1670, 1674, 1672, 86, 1675, 86, 1673, 1679, 1682, + 1680, 1685, 1683, 1684, 1686, 86, 86, 86, 1676, 86, + 1677, 1687, 86, 86, 86, 1688, 86, 1678, 86, 1689, + + 1690, 1691, 1694, 1696, 3136, 1679, 1682, 1680, 1685, 1683, + 1684, 86, 86, 1692, 86, 1693, 86, 86, 1687, 1695, + 86, 3136, 1688, 86, 86, 86, 1689, 1690, 1691, 1694, + 1696, 86, 1697, 1699, 1703, 1698, 1700, 1702, 1704, 86, + 1692, 1701, 1693, 1705, 86, 1707, 1695, 1708, 86, 1709, + 86, 1706, 3136, 1710, 86, 3136, 1721, 1712, 86, 1697, + 1699, 1703, 1698, 1700, 1702, 86, 86, 86, 1701, 1711, + 86, 86, 1707, 1713, 1708, 1714, 86, 86, 1706, 86, + 1710, 1715, 1717, 86, 1712, 1716, 1718, 1720, 86, 1719, + 86, 1722, 86, 1724, 1723, 86, 1711, 1725, 1726, 1727, + + 1713, 86, 1714, 86, 86, 86, 86, 86, 1715, 1717, + 86, 86, 1716, 1718, 1720, 1728, 1719, 1729, 86, 86, + 1724, 1723, 1730, 1732, 1725, 1726, 1727, 1731, 1733, 1734, + 86, 86, 1743, 1735, 86, 1739, 1740, 1744, 3136, 1742, + 1737, 3136, 1728, 1738, 1729, 86, 86, 1736, 86, 1730, + 1732, 86, 1749, 86, 1731, 1733, 1734, 86, 86, 86, + 1735, 1746, 1739, 1740, 86, 1741, 1742, 1737, 1745, 1748, + 1738, 86, 1747, 86, 1736, 1751, 1750, 86, 1752, 1753, + 1754, 86, 1756, 1758, 86, 86, 1755, 1757, 1746, 86, + 1759, 86, 1741, 1762, 1768, 1745, 1748, 1763, 3136, 1747, + + 86, 86, 86, 1750, 86, 1760, 1753, 86, 86, 1756, + 86, 1761, 86, 1755, 1757, 86, 86, 1759, 1764, 1765, + 1766, 1768, 1767, 1769, 1763, 86, 86, 86, 1770, 86, + 1771, 1772, 1760, 1774, 1775, 1777, 1782, 86, 1761, 86, + 86, 86, 1776, 86, 1778, 1764, 1765, 1766, 3136, 1767, + 1769, 86, 1773, 1780, 1779, 1770, 86, 1771, 86, 1781, + 1786, 86, 86, 86, 1784, 86, 86, 1783, 86, 1776, + 1787, 1778, 86, 86, 1785, 86, 1788, 86, 1789, 1773, + 1780, 1779, 1790, 86, 1791, 1796, 1781, 86, 1793, 1792, + 1795, 1784, 86, 1794, 1783, 3136, 1800, 1787, 1798, 86, + + 86, 1785, 86, 1788, 86, 1789, 86, 86, 167, 1790, + 1797, 1791, 86, 86, 1799, 1793, 1792, 1795, 86, 1801, + 1794, 1803, 86, 86, 1802, 1798, 1805, 1804, 1806, 1807, + 1808, 1809, 86, 1811, 86, 86, 86, 1797, 1810, 1812, + 86, 1799, 86, 1813, 86, 86, 1801, 1814, 1803, 1815, + 1816, 1802, 1817, 1805, 1804, 1806, 1818, 1808, 1809, 86, + 86, 86, 1819, 86, 1820, 1810, 1812, 86, 1821, 86, + 86, 86, 1822, 3136, 1814, 86, 1815, 86, 1825, 86, + 1826, 1823, 86, 1818, 1824, 1827, 1828, 86, 86, 1819, + 86, 1820, 1829, 86, 1830, 1821, 1831, 1838, 1839, 1822, + + 86, 86, 86, 86, 86, 1825, 1836, 1826, 1823, 1832, + 1833, 1824, 1827, 1828, 86, 1837, 86, 86, 1834, 1829, + 1840, 1830, 1843, 1831, 86, 1835, 86, 86, 86, 86, + 86, 1841, 1842, 1836, 1848, 1844, 1832, 1833, 1847, 86, + 86, 1849, 1837, 86, 1845, 1834, 1846, 1840, 1850, 1843, + 1851, 1855, 1835, 1852, 1857, 86, 1859, 86, 1841, 1842, + 86, 86, 1844, 1853, 86, 1847, 1854, 1858, 86, 86, + 1861, 1845, 86, 1846, 1856, 1850, 1860, 86, 86, 86, + 1852, 1862, 1863, 86, 1864, 86, 86, 1865, 86, 1867, + 1853, 86, 1874, 1854, 1858, 1866, 3136, 86, 1882, 1876, + + 1872, 1856, 86, 1860, 1877, 1873, 86, 86, 1862, 1863, + 1879, 86, 86, 86, 1865, 1878, 1875, 86, 1868, 1869, + 1870, 86, 1866, 86, 86, 1871, 1881, 1872, 86, 1886, + 86, 86, 1873, 86, 1880, 86, 1883, 1879, 86, 1887, + 86, 1884, 1878, 1875, 1888, 1868, 1869, 1870, 86, 1885, + 86, 1889, 1871, 1881, 86, 86, 86, 1890, 86, 1891, + 1892, 1880, 86, 1883, 1894, 1893, 1887, 1895, 1884, 86, + 86, 1888, 86, 1898, 1899, 1896, 1885, 1897, 1889, 86, + 1900, 1904, 1901, 1903, 1890, 86, 1891, 86, 86, 1902, + 1910, 86, 1893, 86, 1895, 86, 1905, 86, 1906, 86, + + 1898, 86, 1896, 86, 1897, 1909, 86, 86, 1904, 1901, + 1903, 1907, 86, 1911, 1912, 1908, 1902, 1913, 1914, 1915, + 86, 1916, 86, 1905, 86, 1906, 86, 86, 1918, 1917, + 1920, 1919, 1909, 1925, 86, 86, 1921, 1926, 1907, 86, + 1911, 1912, 1908, 86, 1922, 86, 86, 86, 1916, 86, + 86, 1923, 86, 86, 1924, 1918, 1917, 1920, 1919, 1927, + 86, 1928, 1933, 1921, 1934, 86, 86, 1929, 1931, 86, + 3136, 1922, 1932, 86, 1935, 86, 1941, 86, 1923, 1937, + 86, 1924, 86, 1930, 86, 1936, 1927, 86, 1928, 1933, + 86, 86, 1938, 1939, 1929, 1931, 1952, 86, 1940, 1932, + + 1942, 1935, 1943, 86, 1945, 1946, 1937, 1944, 1947, 1948, + 1930, 86, 1936, 1955, 86, 86, 86, 86, 86, 1938, + 1939, 86, 1949, 86, 1954, 1940, 1950, 1942, 86, 1943, + 1951, 86, 1946, 86, 1944, 1947, 1948, 86, 1953, 1957, + 86, 1956, 1958, 1959, 86, 1961, 86, 1962, 1960, 1949, + 86, 1954, 86, 1950, 1963, 1966, 1964, 1951, 1967, 86, + 86, 1965, 86, 1971, 1969, 1953, 1957, 86, 1956, 1958, + 1959, 3136, 1961, 1973, 86, 1960, 1968, 86, 1970, 1972, + 1976, 86, 1974, 1975, 1977, 86, 86, 86, 86, 86, + 86, 1969, 1978, 86, 86, 86, 86, 86, 1979, 1980, + + 1973, 1981, 1986, 1968, 1987, 1970, 1972, 1982, 1983, 1974, + 1975, 1977, 86, 1984, 86, 86, 86, 1985, 1989, 1991, + 167, 1990, 3136, 3136, 86, 1979, 1980, 3136, 1981, 86, + 86, 86, 1988, 1992, 1982, 1983, 1994, 86, 1993, 86, + 1984, 86, 86, 86, 1985, 1995, 1991, 1996, 1990, 1997, + 86, 1998, 1999, 2001, 86, 2000, 86, 2005, 86, 1988, + 1992, 2003, 86, 1994, 2006, 1993, 86, 86, 2002, 86, + 2004, 2008, 1995, 2011, 1996, 86, 1997, 86, 1998, 1999, + 86, 86, 2000, 86, 2005, 2010, 86, 2007, 2003, 86, + 2009, 86, 86, 86, 86, 2002, 86, 2004, 2008, 86, + + 2011, 2012, 2013, 2015, 2014, 2017, 2016, 3136, 3136, 2018, + 2020, 2021, 2010, 86, 2007, 86, 2022, 2009, 86, 86, + 2019, 86, 2023, 86, 2024, 2028, 2026, 2027, 2012, 86, + 2015, 2014, 2017, 2016, 86, 86, 2018, 2020, 2021, 86, + 86, 86, 86, 2022, 2025, 2029, 2030, 2019, 86, 2023, + 86, 2024, 86, 2026, 2027, 2031, 2032, 86, 2034, 2036, + 2035, 2033, 3136, 3136, 2037, 2038, 86, 3136, 86, 86, + 86, 2025, 2029, 2030, 86, 2039, 2040, 3136, 2043, 2041, + 2044, 3136, 2031, 2032, 86, 86, 2036, 2035, 2033, 86, + 86, 2037, 86, 2042, 86, 2045, 86, 2046, 86, 2047, + + 86, 86, 2039, 2040, 86, 2043, 2041, 2044, 2048, 2049, + 86, 2053, 86, 2050, 86, 2054, 2051, 2055, 86, 2056, + 2042, 2058, 2045, 86, 2046, 86, 2047, 2057, 86, 2052, + 86, 2059, 2060, 2061, 86, 2048, 2049, 86, 2053, 86, + 2050, 2062, 2054, 2051, 86, 86, 2056, 2064, 2058, 2066, + 2065, 3136, 2063, 86, 2057, 86, 2052, 2068, 2059, 2060, + 2061, 86, 2067, 2069, 2074, 2071, 86, 86, 2062, 86, + 86, 86, 2070, 86, 2064, 86, 2066, 2065, 86, 2063, + 2072, 2073, 2075, 86, 2068, 3136, 2077, 2084, 2076, 2067, + 2069, 86, 2071, 2080, 86, 2078, 2079, 86, 2082, 2070, + + 2088, 86, 86, 3136, 2083, 86, 2085, 2072, 2073, 2075, + 86, 86, 2081, 2077, 2084, 2076, 2086, 86, 86, 86, + 2080, 2087, 2078, 2079, 86, 86, 86, 86, 2089, 2090, + 86, 2083, 2092, 2085, 86, 2091, 2093, 3136, 3136, 2081, + 2094, 86, 86, 2086, 2095, 2098, 2099, 2103, 2087, 2096, + 3136, 2100, 2102, 86, 86, 2089, 2090, 2097, 86, 2101, + 3136, 86, 2091, 2093, 86, 86, 2104, 2094, 86, 86, + 86, 2095, 86, 2099, 2103, 86, 2096, 86, 2100, 2102, + 2105, 2107, 2108, 2106, 2097, 86, 2101, 2109, 86, 2112, + 2113, 2114, 2110, 2104, 2111, 3136, 2117, 2116, 86, 2119, + + 2115, 3136, 2118, 86, 86, 86, 86, 2105, 2107, 2108, + 2106, 86, 86, 86, 2149, 3136, 2112, 2113, 2114, 86, + 86, 2111, 86, 2117, 2116, 2120, 86, 2115, 2121, 2118, + 2122, 2123, 2125, 2124, 86, 2126, 2127, 86, 2130, 2128, + 3136, 86, 2129, 86, 86, 86, 86, 86, 3136, 2133, + 86, 2137, 2120, 86, 2131, 2121, 86, 2122, 2123, 2125, + 2124, 86, 2126, 2127, 86, 2130, 2128, 2132, 2134, 2129, + 86, 2135, 86, 2136, 2138, 86, 2133, 2139, 2137, 2140, + 2141, 2131, 86, 86, 2151, 2142, 2143, 3136, 2144, 2145, + 2150, 2146, 86, 86, 2132, 2134, 167, 86, 2135, 2154, + + 2136, 2138, 2152, 86, 86, 2159, 2140, 86, 86, 86, + 86, 2151, 2142, 2143, 2147, 2144, 2145, 2153, 2146, 2148, + 2158, 86, 86, 2155, 86, 2160, 86, 2161, 2163, 2152, + 2162, 2164, 86, 3136, 2168, 2165, 2166, 2156, 86, 86, + 3136, 3136, 86, 2167, 2153, 2169, 86, 2158, 2157, 86, + 2155, 86, 2160, 86, 2161, 2171, 3136, 2162, 2164, 2174, + 86, 86, 2165, 86, 2156, 86, 86, 2170, 86, 2172, + 2167, 2173, 2169, 86, 86, 2157, 86, 2176, 86, 2175, + 2177, 86, 2171, 86, 2178, 2180, 2174, 2181, 2179, 86, + 2182, 2183, 86, 86, 2170, 86, 2172, 2184, 2173, 86, + + 2186, 2185, 86, 3136, 2176, 3136, 2175, 2177, 2188, 86, + 2190, 2178, 2180, 86, 2181, 2179, 2191, 2182, 86, 2193, + 86, 2189, 86, 86, 2184, 2187, 86, 2186, 2185, 86, + 86, 2192, 86, 2195, 2194, 2188, 2196, 2190, 2197, 2200, + 86, 86, 86, 2191, 86, 86, 86, 2198, 2189, 2199, + 86, 2204, 2187, 86, 2201, 2203, 2202, 86, 2192, 3136, + 2195, 2194, 86, 2196, 2205, 2197, 2200, 86, 2206, 86, + 2207, 2211, 2208, 2209, 2198, 2210, 2199, 2212, 86, 3136, + 2214, 2201, 2203, 2202, 86, 86, 86, 86, 2215, 2218, + 2219, 2205, 86, 2213, 86, 2206, 2220, 2207, 86, 2208, + + 2209, 86, 2210, 2216, 86, 86, 2217, 2214, 2224, 2223, + 2225, 2227, 86, 2229, 86, 2215, 86, 2219, 86, 2221, + 2213, 86, 2222, 2220, 86, 2228, 86, 2232, 2231, 86, + 2216, 2226, 2230, 2217, 86, 86, 2223, 86, 86, 86, + 86, 2233, 2235, 2234, 86, 2237, 2221, 2239, 2236, 2222, + 86, 2238, 2228, 86, 86, 2231, 86, 2240, 2226, 2230, + 86, 86, 2241, 2244, 2243, 86, 2245, 2242, 86, 2235, + 2234, 2247, 2237, 86, 86, 2236, 86, 3136, 2238, 2251, + 2248, 2246, 3136, 2249, 2240, 86, 2256, 86, 86, 86, + 2244, 2243, 86, 2245, 2242, 86, 2250, 2253, 86, 2254, + + 2258, 86, 2252, 2259, 86, 2255, 86, 2248, 2246, 86, + 2249, 86, 2257, 86, 2261, 86, 2263, 3136, 2262, 2260, + 86, 2264, 86, 2250, 2253, 86, 2254, 2258, 86, 2252, + 2259, 86, 2255, 2265, 86, 2266, 86, 2267, 86, 2257, + 2268, 86, 86, 2263, 86, 2262, 2260, 2269, 2264, 2277, + 2270, 86, 3136, 2274, 2271, 2281, 86, 2275, 2278, 2285, + 2265, 2276, 2266, 3136, 2267, 86, 86, 2268, 86, 2272, + 3136, 2273, 86, 2280, 2269, 86, 2277, 2270, 86, 86, + 2274, 2271, 2281, 86, 2275, 2278, 2279, 2282, 2276, 2283, + 2284, 86, 86, 2286, 2287, 86, 2272, 2288, 2273, 86, + + 2280, 2289, 86, 2290, 2291, 86, 2298, 2293, 2292, 86, + 3136, 86, 2299, 2279, 2282, 2294, 2283, 2284, 86, 86, + 2286, 2295, 2296, 86, 2288, 86, 86, 2302, 2289, 2300, + 2290, 2291, 86, 86, 2293, 2292, 2301, 2297, 86, 86, + 86, 2303, 2294, 86, 86, 86, 2304, 2305, 2295, 2296, + 86, 3136, 86, 2307, 2302, 2306, 2300, 2312, 2308, 2310, + 2309, 2311, 3136, 2301, 2297, 86, 2316, 86, 2303, 2313, + 86, 2314, 86, 86, 2305, 167, 2315, 86, 86, 2318, + 2307, 86, 2306, 2317, 86, 2308, 2310, 2309, 2311, 86, + 2319, 86, 3136, 2316, 86, 86, 2313, 2320, 2314, 2323, + + 2321, 2322, 2325, 2315, 2324, 2328, 2318, 86, 2326, 2329, + 2317, 2327, 2331, 3136, 86, 3136, 86, 2319, 2330, 86, + 2333, 2332, 2338, 2337, 2320, 2334, 86, 2321, 2322, 86, + 86, 2324, 86, 86, 86, 2326, 86, 86, 2327, 86, + 86, 86, 2335, 2336, 2339, 2330, 86, 2333, 2332, 86, + 2337, 86, 2334, 2340, 86, 86, 2341, 86, 2342, 2343, + 2345, 2346, 2344, 3136, 2348, 2351, 2352, 2347, 86, 2335, + 2336, 2339, 86, 86, 2350, 86, 2354, 2357, 86, 86, + 2340, 2349, 86, 2341, 86, 2342, 86, 2345, 2346, 2344, + 86, 86, 2351, 2352, 2347, 86, 86, 2353, 2355, 86, + + 2356, 2350, 2358, 2354, 2359, 86, 2360, 2361, 2349, 86, + 86, 2363, 2365, 86, 2362, 2366, 3136, 3136, 86, 2364, + 2368, 86, 86, 86, 2353, 2355, 2367, 2356, 86, 2358, + 2370, 2359, 2371, 2360, 2361, 2372, 86, 86, 86, 2365, + 3136, 2362, 2366, 86, 86, 2373, 2364, 2368, 2369, 86, + 2374, 2375, 86, 2367, 2376, 86, 86, 2370, 2378, 2371, + 86, 2377, 2379, 3136, 2380, 2381, 86, 86, 2382, 86, + 86, 86, 2373, 86, 2383, 2369, 2384, 86, 2375, 2385, + 2386, 86, 2387, 2388, 2393, 2378, 86, 2392, 2377, 2379, + 86, 2380, 2381, 2389, 86, 2382, 86, 2390, 86, 2391, + + 2394, 2383, 86, 86, 2395, 2397, 86, 86, 86, 2387, + 2388, 86, 86, 2396, 2392, 2398, 2401, 86, 86, 86, + 2389, 2399, 86, 2400, 2390, 86, 2391, 2394, 2402, 2403, + 2404, 86, 2397, 2406, 2409, 2405, 86, 2407, 2408, 3136, + 2396, 3136, 86, 2401, 86, 86, 3136, 86, 2399, 2412, + 2400, 86, 86, 2410, 86, 2402, 86, 2404, 2411, 86, + 2406, 2409, 2405, 86, 2407, 2408, 86, 2413, 2414, 2415, + 2416, 86, 2417, 86, 86, 2418, 2412, 2419, 2420, 2421, + 2410, 2422, 3136, 2423, 2426, 2411, 3136, 86, 2424, 2427, + 86, 86, 86, 2428, 2413, 2414, 86, 86, 2425, 86, + + 86, 86, 86, 86, 2419, 2420, 2421, 86, 2422, 86, + 2423, 2426, 2430, 86, 2429, 2424, 2427, 2431, 2432, 2436, + 86, 2433, 86, 2434, 3136, 2425, 86, 2435, 2438, 2437, + 2439, 2440, 2442, 86, 86, 86, 86, 86, 3136, 86, + 3136, 2429, 86, 86, 86, 2432, 2436, 2441, 2433, 2444, + 2434, 86, 2447, 2443, 2435, 2438, 2437, 2439, 86, 2442, + 86, 2445, 2446, 86, 86, 86, 2448, 167, 2449, 2450, + 2451, 2456, 2453, 3136, 2441, 86, 2444, 86, 2452, 2447, + 2443, 86, 86, 2455, 86, 2459, 86, 86, 2445, 2446, + 2454, 2457, 86, 2448, 86, 2449, 2450, 2451, 2456, 2453, + + 2458, 2460, 3136, 2461, 2467, 2452, 2462, 86, 2463, 2465, + 2455, 2464, 86, 86, 2468, 2466, 86, 2454, 2457, 3136, + 86, 86, 86, 86, 2474, 86, 3136, 2458, 86, 86, + 2461, 2467, 86, 2462, 86, 2463, 2465, 2469, 2464, 2470, + 2471, 2468, 2466, 2472, 86, 2473, 86, 86, 2475, 86, + 2476, 2474, 86, 2477, 2479, 86, 2478, 2482, 2480, 86, + 2481, 86, 86, 86, 2469, 2484, 2470, 2471, 2483, 3136, + 2472, 3136, 2473, 2487, 2493, 2475, 3136, 2476, 86, 2485, + 2477, 86, 86, 2478, 86, 2480, 86, 2481, 86, 2486, + 2488, 2492, 86, 86, 2489, 2483, 2490, 2491, 86, 86, + + 2487, 86, 86, 86, 2494, 86, 2485, 2495, 86, 2496, + 2497, 2500, 2499, 2498, 2571, 2501, 2486, 2488, 2492, 86, + 86, 2489, 86, 2490, 2491, 86, 2503, 2504, 2502, 2505, + 3136, 86, 2506, 86, 86, 86, 2507, 2497, 2500, 2499, + 2498, 86, 2501, 2508, 2509, 2511, 86, 2513, 86, 3136, + 2510, 86, 86, 2503, 2504, 2502, 86, 86, 86, 2506, + 86, 2512, 86, 86, 2518, 2517, 2514, 2515, 86, 86, + 2508, 2509, 2511, 86, 2513, 86, 2516, 2510, 2519, 2521, + 2525, 2522, 3136, 86, 2523, 2526, 2520, 2524, 2512, 86, + 86, 86, 2517, 2514, 2515, 86, 86, 2527, 2530, 86, + + 2532, 2534, 2531, 2516, 86, 2519, 86, 86, 2522, 86, + 86, 2523, 2526, 2520, 2524, 2528, 2529, 86, 86, 2536, + 2538, 2533, 86, 86, 2527, 86, 2535, 2532, 86, 2531, + 2537, 2541, 3136, 2542, 86, 2543, 2540, 2544, 86, 2539, + 86, 2545, 2528, 2529, 86, 3136, 86, 2538, 2533, 2547, + 86, 86, 86, 2535, 2548, 86, 2546, 2537, 86, 86, + 2542, 2549, 2543, 2540, 86, 2550, 2539, 86, 2545, 2551, + 86, 2552, 86, 2553, 2554, 2555, 2547, 86, 2557, 2560, + 2556, 2548, 2561, 2546, 3136, 2558, 86, 86, 86, 2559, + 2564, 86, 2550, 86, 2565, 86, 86, 86, 2552, 86, + + 2553, 2554, 2555, 86, 86, 2557, 2560, 2556, 86, 2561, + 2562, 2563, 2558, 2566, 2567, 3136, 2559, 86, 2569, 2570, + 2568, 86, 2572, 86, 2573, 2576, 2575, 86, 86, 2577, + 2579, 2574, 86, 2586, 86, 2580, 3136, 2562, 2563, 2583, + 167, 2567, 86, 86, 86, 2569, 2570, 2568, 86, 2572, + 86, 2573, 86, 2575, 2578, 2581, 86, 86, 2574, 86, + 2582, 86, 2580, 2584, 2585, 86, 2583, 2588, 86, 2587, + 2589, 2590, 2592, 2593, 2591, 2594, 2598, 86, 86, 3136, + 3136, 2578, 2595, 86, 2597, 86, 2600, 86, 86, 86, + 2584, 2585, 86, 86, 2588, 2596, 2587, 2589, 2590, 2592, + + 86, 2591, 2599, 2598, 86, 86, 86, 86, 86, 2595, + 86, 2597, 2601, 2600, 2602, 2604, 2603, 86, 2605, 3136, + 2606, 2609, 2596, 86, 2608, 2611, 2607, 2610, 86, 2599, + 86, 2615, 86, 86, 86, 86, 86, 2613, 2614, 2601, + 3136, 2602, 2604, 2603, 86, 2605, 86, 2606, 2609, 2612, + 86, 2608, 86, 2607, 2610, 86, 2617, 86, 86, 2616, + 2620, 2619, 2618, 2622, 2613, 2614, 2623, 86, 86, 86, + 2621, 2624, 86, 2625, 2626, 3136, 2612, 2627, 2628, 2630, + 2629, 3136, 2634, 2617, 86, 2633, 2616, 86, 2619, 2618, + 2635, 86, 2636, 86, 86, 86, 86, 2621, 86, 86, + + 86, 2626, 86, 86, 2627, 2628, 2630, 2629, 2631, 2634, + 2632, 86, 2633, 2637, 2639, 2638, 2640, 86, 2641, 86, + 2646, 86, 86, 2644, 2642, 86, 2647, 86, 2645, 2643, + 2648, 2649, 3136, 3136, 2651, 2631, 86, 2632, 86, 2650, + 86, 2639, 2638, 86, 86, 2641, 86, 2646, 86, 2654, + 2652, 2642, 86, 2647, 2655, 86, 2643, 86, 86, 86, + 2653, 2651, 2656, 86, 2658, 2659, 2650, 86, 2662, 2660, + 2657, 2661, 2663, 3136, 3136, 2671, 86, 2652, 86, 86, + 86, 2655, 86, 2664, 86, 2665, 2668, 2653, 2669, 86, + 2666, 86, 2659, 86, 2674, 86, 2660, 2657, 2661, 86, + + 86, 2667, 2670, 2673, 3136, 86, 86, 86, 2676, 2672, + 2664, 86, 2675, 2668, 2677, 2669, 2678, 86, 86, 2680, + 2679, 86, 3136, 86, 2686, 2687, 86, 86, 2667, 2670, + 2673, 2683, 2681, 2682, 86, 2676, 2672, 86, 86, 2675, + 2684, 2677, 86, 2678, 86, 86, 2680, 2679, 2685, 86, + 2688, 2686, 86, 86, 2689, 86, 2691, 2692, 2683, 2681, + 2682, 2693, 2690, 86, 2696, 86, 2694, 2684, 2697, 86, + 2698, 2695, 86, 2699, 2702, 2685, 2700, 2688, 86, 2701, + 86, 2689, 2703, 2691, 2692, 86, 2704, 2707, 2693, 2690, + 2709, 2696, 2706, 86, 86, 86, 86, 2698, 86, 86, + + 2699, 2702, 86, 2700, 86, 86, 2701, 2705, 86, 2703, + 86, 2708, 2710, 2704, 2707, 2711, 2712, 86, 86, 2706, + 2713, 2714, 2715, 2716, 86, 2721, 2720, 2717, 2718, 3136, + 3136, 3136, 3136, 2719, 2705, 86, 86, 3136, 2708, 2710, + 86, 2722, 2711, 86, 86, 86, 86, 2713, 86, 2715, + 86, 86, 86, 2720, 2717, 2718, 2723, 2724, 2725, 2727, + 2719, 2728, 2729, 2726, 86, 2730, 2731, 2732, 2722, 86, + 2734, 2735, 86, 86, 86, 2741, 3136, 2736, 2733, 86, + 86, 2737, 2739, 2723, 2724, 86, 2727, 86, 2728, 2729, + 86, 86, 2730, 86, 86, 86, 86, 2734, 2735, 2738, + + 86, 86, 2742, 2740, 2736, 2733, 2743, 86, 2737, 2739, + 86, 2746, 86, 2744, 2745, 3136, 2747, 86, 2749, 2751, + 2748, 2750, 2752, 2753, 2755, 3136, 2738, 3136, 3136, 2742, + 2740, 86, 2757, 2743, 86, 86, 86, 86, 2746, 2754, + 2744, 2745, 86, 2747, 86, 2749, 86, 2748, 2750, 86, + 86, 2755, 2756, 2758, 86, 2759, 2760, 86, 3136, 2757, + 86, 2761, 2762, 2764, 2765, 2763, 2754, 2766, 2767, 86, + 2768, 86, 86, 3136, 2769, 2770, 86, 86, 86, 2756, + 86, 2771, 2759, 2760, 2772, 86, 86, 2773, 86, 2762, + 2764, 2765, 2763, 2775, 2766, 2777, 2774, 2768, 86, 2781, + + 86, 86, 2770, 86, 86, 86, 86, 2778, 2771, 2776, + 2779, 2772, 2780, 86, 2773, 2787, 86, 86, 2782, 2783, + 2775, 86, 86, 2774, 86, 2784, 2781, 86, 2785, 86, + 2786, 86, 2788, 2789, 2778, 86, 2776, 2779, 2790, 2780, + 86, 2791, 86, 2792, 86, 2782, 2783, 86, 2797, 2796, + 86, 2793, 2784, 2794, 2798, 2785, 2795, 2786, 2800, 2788, + 86, 86, 86, 2801, 86, 86, 86, 86, 2791, 2799, + 86, 86, 2804, 86, 2802, 86, 2796, 2806, 2793, 2805, + 2794, 2798, 2817, 2795, 2803, 2800, 86, 86, 2807, 86, + 2801, 2809, 86, 2808, 2810, 2811, 2799, 2812, 86, 86, + + 2816, 2802, 86, 2814, 2818, 2815, 2805, 86, 2821, 86, + 86, 2803, 86, 2819, 86, 2807, 2813, 2822, 86, 86, + 2808, 86, 2811, 86, 86, 2823, 2820, 2816, 86, 2825, + 2814, 2818, 2815, 86, 2824, 86, 86, 2826, 2827, 2828, + 2819, 86, 2829, 2813, 2822, 2830, 2831, 2835, 2832, 86, + 3136, 86, 2823, 2820, 86, 2833, 2825, 2838, 2841, 2834, + 86, 2824, 2843, 86, 3136, 86, 2828, 86, 86, 86, + 2836, 2837, 2830, 2831, 86, 86, 2839, 86, 2840, 86, + 86, 2842, 2833, 2845, 86, 2841, 2834, 86, 2844, 86, + 2846, 86, 2847, 2849, 2848, 86, 86, 2836, 2837, 2851, + + 2850, 86, 2852, 2839, 2853, 2840, 86, 2855, 2842, 2857, + 2845, 2854, 2861, 2858, 86, 2844, 86, 86, 86, 86, + 2849, 2848, 86, 2859, 2856, 2864, 86, 2850, 86, 86, + 2860, 86, 86, 86, 86, 2862, 2857, 2863, 2854, 86, + 2858, 2865, 2866, 86, 86, 2867, 2868, 2869, 86, 2870, + 2859, 2856, 2864, 86, 2871, 86, 86, 2860, 2872, 2874, + 2873, 2875, 2862, 2876, 2863, 2877, 3136, 2878, 86, 86, + 3136, 86, 86, 2868, 2869, 2879, 2870, 86, 86, 2882, + 2885, 86, 86, 2883, 86, 86, 2874, 2873, 2880, 2881, + 2876, 2884, 2877, 86, 86, 86, 86, 86, 86, 86, + + 2886, 86, 2879, 2893, 2887, 2889, 2882, 2885, 86, 86, + 2883, 86, 86, 2888, 86, 2880, 2881, 2890, 2884, 2894, + 86, 2895, 2896, 2891, 2892, 2897, 2901, 2886, 86, 86, + 2893, 2887, 2889, 86, 2898, 2899, 2902, 2903, 2900, 2904, + 2888, 86, 86, 86, 2890, 2905, 2894, 2912, 2895, 2896, + 2891, 2892, 86, 86, 2906, 2907, 86, 86, 2908, 2909, + 86, 2898, 2899, 86, 2903, 2900, 86, 2910, 2911, 3136, + 86, 2913, 86, 2914, 2912, 2915, 2919, 2916, 2917, 2918, + 2924, 2923, 86, 86, 86, 86, 2922, 86, 86, 2920, + 2921, 86, 86, 3136, 2926, 2928, 86, 2927, 86, 86, + + 2914, 86, 2915, 86, 2916, 2917, 2918, 2924, 2923, 86, + 86, 2925, 86, 2922, 2929, 2930, 2920, 2921, 2931, 2936, + 86, 2926, 86, 86, 2927, 2932, 2934, 86, 2933, 2939, + 2937, 2935, 86, 2943, 2938, 86, 2944, 2940, 2925, 3136, + 86, 86, 2930, 86, 2941, 2931, 86, 2946, 2945, 2947, + 2948, 86, 2932, 2949, 2942, 2933, 2939, 2937, 86, 86, + 86, 2938, 86, 2950, 2940, 2951, 86, 2952, 86, 86, + 2953, 2941, 86, 2954, 86, 2945, 86, 2948, 2955, 2956, + 86, 2942, 2958, 2957, 2959, 2963, 2961, 2962, 2960, 3136, + 86, 3136, 86, 86, 86, 86, 2964, 86, 2967, 2969, + + 86, 86, 86, 86, 2965, 86, 86, 2966, 86, 86, + 2957, 2959, 86, 2961, 2962, 2960, 2968, 2971, 86, 2973, + 2970, 2974, 86, 2964, 86, 2967, 86, 2975, 86, 86, + 86, 2965, 2972, 86, 2966, 2976, 2977, 3136, 2978, 2983, + 3136, 86, 2979, 2968, 2971, 86, 2973, 2970, 2974, 86, + 86, 86, 2980, 2981, 2975, 2982, 2984, 86, 2986, 2972, + 86, 86, 2985, 2977, 86, 2978, 2983, 86, 86, 2979, + 2987, 2988, 86, 2989, 2990, 2991, 86, 3136, 86, 2980, + 2981, 2992, 2982, 2984, 2993, 2986, 86, 2997, 2995, 2985, + 2994, 86, 86, 86, 2996, 2998, 3004, 86, 86, 3000, + + 86, 2990, 2991, 86, 86, 3001, 2999, 86, 2992, 86, + 86, 2993, 3136, 3007, 2997, 2995, 3002, 2994, 86, 86, + 86, 2996, 2998, 3004, 86, 86, 3000, 3003, 3005, 3006, + 86, 86, 3001, 2999, 3008, 3010, 86, 3011, 3009, 3012, + 3007, 86, 86, 3002, 86, 3014, 3013, 3016, 3018, 86, + 3015, 3019, 86, 86, 3003, 3005, 3006, 3017, 3022, 86, + 3021, 3008, 3010, 3020, 3011, 3009, 3012, 86, 86, 3023, + 3024, 86, 86, 3013, 86, 86, 3026, 3015, 86, 3025, + 3027, 86, 86, 86, 3017, 3022, 3028, 3021, 86, 3029, + 3020, 86, 86, 3030, 3031, 3032, 3023, 3024, 3033, 86, + + 3034, 86, 3035, 3026, 86, 3036, 3025, 3038, 86, 3037, + 86, 3039, 86, 3028, 3040, 86, 3029, 86, 86, 3042, + 3030, 3031, 86, 3041, 3043, 3033, 3044, 3034, 3045, 86, + 3047, 86, 3036, 86, 86, 3046, 3037, 86, 3039, 86, + 3048, 3040, 86, 86, 3049, 3053, 3052, 3055, 3050, 3136, + 3041, 86, 86, 3044, 86, 3045, 86, 3047, 3051, 86, + 3136, 3060, 3046, 3054, 3057, 86, 3058, 86, 86, 86, + 86, 86, 3053, 3052, 3055, 3050, 3056, 3061, 86, 3059, + 86, 3062, 3063, 86, 86, 3051, 3064, 86, 3060, 86, + 3054, 3057, 3065, 3058, 3066, 86, 3067, 3068, 3069, 86, + + 86, 3075, 3136, 3056, 3061, 3070, 3059, 3136, 86, 3063, + 3074, 3071, 3072, 3064, 3073, 3136, 3077, 3078, 86, 3065, + 3083, 86, 86, 3067, 86, 3069, 3076, 86, 86, 86, + 3080, 3087, 3070, 86, 86, 3085, 3136, 3079, 3071, 3072, + 86, 3073, 86, 86, 3078, 86, 3081, 3082, 86, 86, + 86, 3084, 86, 3076, 86, 86, 3086, 3080, 86, 86, + 3136, 3091, 3085, 3088, 3079, 3090, 3089, 3092, 3136, 86, + 3093, 3136, 3094, 3081, 3082, 86, 3098, 3096, 3084, 3095, + 3105, 86, 86, 3086, 86, 3097, 86, 86, 3091, 3100, + 3088, 86, 3090, 3089, 3092, 3101, 3102, 3093, 86, 3094, + + 3099, 86, 86, 3098, 3096, 3103, 3095, 86, 86, 3104, + 3107, 3106, 3097, 3108, 3109, 86, 3100, 86, 86, 3110, + 3111, 86, 3101, 3102, 3114, 86, 3112, 3099, 86, 3120, + 3136, 3121, 3103, 86, 86, 86, 3104, 3107, 3106, 86, + 86, 3109, 3113, 3116, 3115, 3117, 3110, 3111, 86, 3118, + 86, 86, 86, 3112, 3119, 86, 3120, 86, 86, 3124, + 3122, 3125, 86, 3126, 3127, 86, 3123, 86, 86, 3113, + 3116, 3115, 3117, 3128, 86, 3129, 3118, 3130, 3134, 3131, + 3135, 3119, 3136, 86, 3132, 86, 3124, 3122, 86, 3133, + 3126, 86, 86, 3123, 3136, 86, 3136, 86, 3136, 86, + + 86, 86, 3129, 3136, 3130, 86, 3131, 86, 3136, 3136, + 3136, 3132, 3136, 3136, 3136, 3136, 3133, 47, 47, 47, + 47, 47, 47, 47, 52, 52, 52, 52, 52, 52, + 52, 57, 57, 57, 57, 57, 57, 57, 63, 63, + 63, 63, 63, 63, 63, 68, 68, 68, 68, 68, + 68, 68, 74, 74, 74, 74, 74, 74, 74, 80, + 80, 80, 80, 80, 80, 80, 89, 89, 3136, 89, + 89, 89, 89, 157, 157, 3136, 3136, 3136, 157, 157, + 159, 159, 3136, 3136, 159, 3136, 159, 161, 3136, 3136, + 3136, 3136, 3136, 161, 164, 164, 3136, 3136, 3136, 164, + + 164, 166, 3136, 3136, 3136, 3136, 3136, 166, 168, 168, + 3136, 168, 168, 168, 168, 171, 3136, 3136, 3136, 3136, + 3136, 171, 174, 174, 3136, 3136, 3136, 174, 174, 90, + 90, 3136, 90, 90, 90, 90, 17, 3136, 3136, 3136, + 3136, 3136, 3136, 3136, 3136, 3136, 3136, 3136, 3136, 3136, + 3136, 3136, 3136, 3136, 3136, 3136, 3136, 3136, 3136, 3136, + 3136, 3136, 3136, 3136, 3136, 3136, 3136, 3136, 3136, 3136, + 3136, 3136, 3136, 3136, 3136, 3136, 3136, 3136, 3136, 3136, + 3136, 3136, 3136, 3136, 3136, 3136, 3136, 3136, 3136, 3136, + 3136, 3136, 3136, 3136, 3136, 3136, 3136, 3136, 3136, 3136, + + 3136, 3136, 3136 } ; -static const flex_int16_t yy_chk[8542] = +static const flex_int16_t yy_chk[9004] = { 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, @@ -2359,939 +2461,990 @@ static const flex_int16_t yy_chk[8542] = 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 3, 3, 3, 4, - 4, 4, 5, 5, 6, 6, 5, 28, 6, 7, - 7, 7, 7, 2991, 7, 8, 8, 8, 8, 28, - 8, 9, 9, 9, 10, 10, 10, 15, 21, 24, - - 999, 15, 30, 3, 28, 150, 4, 47, 47, 5, - 19, 6, 19, 19, 30, 19, 72, 7, 148, 24, - 72, 19, 24, 8, 21, 21, 24, 29, 9, 30, - 25, 10, 11, 11, 11, 11, 11, 11, 12, 12, - 12, 12, 12, 12, 25, 33, 24, 35, 19, 29, - 52, 33, 11, 52, 29, 22, 25, 25, 12, 147, - 35, 145, 22, 63, 63, 26, 22, 142, 142, 22, - 11, 25, 33, 26, 35, 77, 12, 143, 78, 11, - 31, 22, 22, 265, 82, 12, 20, 20, 31, 22, - 20, 26, 26, 22, 31, 20, 22, 41, 31, 77, - - 26, 78, 77, 68, 20, 78, 31, 31, 82, 41, - 20, 82, 265, 20, 20, 31, 68, 20, 79, 141, - 81, 31, 20, 27, 41, 31, 27, 81, 80, 1103, - 68, 20, 23, 27, 144, 27, 23, 144, 79, 23, - 70, 23, 23, 80, 32, 79, 27, 81, 32, 126, - 27, 109, 84, 27, 23, 80, 38, 1103, 38, 23, - 27, 84, 27, 23, 32, 109, 23, 38, 23, 23, - 32, 32, 40, 38, 39, 32, 40, 85, 109, 84, - 40, 126, 38, 38, 39, 38, 122, 122, 39, 39, - 862, 32, 34, 86, 38, 85, 34, 39, 40, 40, - - 38, 39, 34, 40, 85, 34, 86, 40, 88, 88, - 90, 39, 34, 122, 34, 39, 39, 88, 90, 34, - 86, 862, 42, 34, 42, 42, 89, 42, 156, 34, - 64, 89, 34, 42, 59, 88, 88, 90, 83, 34, - 36, 97, 156, 58, 36, 58, 58, 69, 58, 69, - 69, 83, 69, 89, 36, 36, 66, 36, 66, 66, - 156, 66, 83, 54, 97, 83, 36, 36, 97, 156, - 95, 36, 71, 91, 71, 71, 53, 71, 83, 95, - 48, 36, 36, 71, 36, 37, 107, 74, 37, 74, - 74, 91, 74, 92, 66, 37, 87, 95, 74, 37, - - 37, 93, 87, 99, 87, 91, 92, 37, 93, 107, - 96, 101, 37, 107, 98, 37, 99, 87, 91, 96, - 92, 43, 37, 87, 207, 74, 37, 37, 93, 87, - 99, 87, 94, 94, 106, 101, 98, 96, 102, 100, - 94, 98, 100, 101, 105, 207, 102, 106, 94, 105, - 103, 207, 105, 108, 104, 100, 100, 14, 104, 94, - 94, 106, 101, 100, 110, 102, 100, 94, 238, 100, - 103, 105, 103, 108, 104, 111, 105, 103, 104, 112, - 108, 104, 100, 100, 110, 104, 112, 113, 114, 111, - 115, 110, 118, 117, 116, 238, 113, 103, 116, 115, - - 117, 104, 111, 119, 149, 149, 112, 13, 0, 0, - 119, 114, 121, 120, 113, 114, 116, 115, 118, 118, - 117, 116, 120, 123, 121, 116, 127, 124, 120, 125, - 119, 123, 146, 0, 146, 146, 120, 146, 124, 121, - 120, 127, 124, 125, 128, 0, 129, 130, 133, 120, - 123, 124, 131, 127, 124, 120, 125, 129, 130, 133, - 131, 128, 132, 135, 128, 124, 129, 137, 132, 124, - 128, 128, 134, 129, 130, 133, 136, 138, 135, 131, - 139, 134, 137, 140, 129, 0, 138, 0, 128, 132, - 135, 128, 0, 134, 137, 154, 140, 134, 136, 134, - - 0, 155, 139, 136, 138, 161, 171, 139, 134, 151, - 140, 151, 151, 152, 151, 152, 152, 157, 152, 154, - 134, 158, 154, 155, 161, 160, 157, 159, 155, 162, - 163, 164, 161, 158, 159, 0, 165, 162, 171, 167, - 170, 160, 163, 165, 157, 167, 159, 166, 158, 174, - 991, 152, 160, 164, 159, 169, 162, 163, 164, 176, - 168, 159, 168, 165, 172, 166, 170, 170, 172, 177, - 175, 167, 167, 178, 166, 174, 174, 169, 175, 180, - 991, 176, 169, 179, 0, 172, 176, 168, 178, 0, - 179, 177, 172, 181, 0, 172, 177, 175, 0, 182, - - 178, 183, 0, 193, 0, 184, 186, 180, 0, 0, - 179, 180, 172, 173, 183, 186, 181, 184, 173, 187, - 181, 182, 185, 173, 0, 185, 182, 0, 183, 173, - 173, 188, 184, 186, 180, 193, 173, 185, 190, 0, - 173, 187, 189, 192, 191, 173, 187, 189, 196, 185, - 173, 191, 185, 188, 192, 194, 173, 173, 188, 189, - 190, 189, 195, 198, 199, 190, 201, 0, 189, 189, - 192, 191, 197, 195, 189, 202, 203, 200, 199, 197, - 196, 194, 194, 200, 204, 0, 189, 205, 189, 0, - 209, 0, 206, 211, 195, 198, 199, 202, 201, 197, - - 195, 212, 202, 208, 200, 199, 206, 205, 203, 213, - 208, 209, 211, 210, 205, 212, 204, 209, 210, 206, - 211, 214, 215, 219, 216, 217, 223, 225, 212, 0, - 208, 213, 217, 218, 215, 216, 213, 220, 218, 214, - 210, 230, 222, 221, 231, 219, 220, 222, 214, 215, - 219, 216, 217, 224, 224, 227, 226, 232, 223, 225, - 228, 230, 224, 226, 220, 218, 221, 229, 230, 222, - 221, 233, 234, 235, 239, 229, 231, 227, 236, 233, - 224, 224, 227, 226, 237, 228, 240, 228, 235, 232, - 241, 236, 242, 244, 229, 245, 242, 239, 233, 243, - - 235, 250, 0, 245, 234, 236, 239, 241, 244, 246, - 237, 237, 251, 248, 254, 241, 247, 241, 240, 242, - 244, 243, 245, 247, 239, 249, 243, 252, 246, 249, - 255, 253, 256, 250, 241, 248, 246, 258, 257, 261, - 248, 259, 255, 247, 251, 256, 254, 257, 262, 252, - 258, 263, 249, 253, 252, 264, 269, 255, 253, 256, - 259, 260, 270, 260, 258, 257, 267, 269, 259, 268, - 266, 261, 262, 273, 270, 262, 263, 271, 263, 266, - 272, 264, 264, 269, 274, 275, 276, 278, 260, 270, - 277, 273, 267, 267, 280, 268, 268, 266, 275, 282, - - 273, 271, 281, 272, 271, 279, 283, 272, 287, 0, - 0, 286, 275, 283, 284, 277, 274, 277, 276, 278, - 280, 280, 279, 284, 281, 286, 288, 296, 279, 281, - 285, 282, 279, 283, 287, 287, 285, 289, 286, 290, - 295, 284, 291, 0, 292, 293, 289, 300, 298, 279, - 288, 291, 297, 288, 293, 295, 294, 285, 0, 296, - 302, 304, 290, 298, 289, 300, 290, 295, 301, 291, - 292, 292, 293, 294, 300, 298, 297, 301, 305, 297, - 294, 306, 302, 294, 0, 304, 0, 302, 304, 303, - 309, 303, 305, 0, 308, 301, 306, 307, 307, 308, - - 294, 299, 314, 0, 299, 305, 0, 303, 306, 299, - 299, 299, 299, 303, 309, 311, 303, 309, 303, 299, - 310, 315, 307, 310, 307, 307, 308, 311, 299, 314, - 310, 299, 316, 312, 303, 313, 299, 299, 299, 299, - 317, 318, 311, 315, 0, 323, 319, 310, 315, 320, - 310, 312, 317, 313, 322, 0, 328, 320, 316, 316, - 312, 319, 313, 318, 321, 327, 322, 317, 318, 0, - 0, 321, 324, 319, 324, 326, 320, 323, 329, 0, - 332, 322, 326, 324, 330, 334, 337, 327, 328, 335, - 330, 321, 327, 332, 331, 0, 331, 336, 324, 324, - - 329, 324, 326, 334, 338, 329, 330, 332, 0, 333, - 324, 330, 334, 337, 339, 335, 335, 330, 331, 406, - 339, 331, 333, 331, 339, 333, 338, 333, 341, 336, - 343, 338, 339, 333, 342, 341, 333, 345, 339, 0, - 342, 339, 343, 0, 344, 348, 406, 339, 0, 333, - 345, 339, 333, 359, 333, 341, 344, 343, 348, 339, - 340, 342, 340, 351, 345, 350, 357, 347, 352, 0, - 354, 344, 348, 352, 353, 340, 354, 350, 340, 0, - 340, 351, 340, 347, 357, 359, 340, 340, 355, 340, - 351, 347, 350, 357, 347, 353, 355, 354, 379, 379, - - 352, 353, 340, 0, 356, 340, 358, 340, 0, 340, - 347, 349, 349, 361, 358, 355, 356, 360, 360, 362, - 361, 349, 365, 349, 349, 349, 363, 379, 349, 365, - 364, 356, 362, 358, 364, 363, 349, 368, 349, 349, - 361, 367, 0, 370, 360, 375, 362, 366, 349, 365, - 349, 349, 349, 367, 366, 349, 371, 364, 363, 368, - 369, 373, 363, 372, 368, 374, 0, 376, 367, 376, - 372, 378, 369, 377, 366, 370, 373, 375, 374, 380, - 381, 385, 371, 371, 377, 382, 380, 369, 373, 383, - 372, 381, 374, 378, 376, 384, 382, 387, 378, 0, - - 377, 388, 383, 386, 385, 389, 380, 381, 385, 388, - 390, 394, 382, 384, 392, 398, 383, 389, 386, 410, - 384, 390, 384, 387, 387, 391, 386, 392, 388, 394, - 386, 393, 389, 395, 391, 397, 396, 390, 394, 402, - 384, 392, 393, 400, 393, 386, 0, 398, 399, 393, - 401, 410, 391, 397, 399, 395, 404, 407, 393, 396, - 395, 402, 397, 396, 400, 403, 402, 405, 411, 393, - 400, 393, 403, 401, 408, 399, 409, 401, 412, 407, - 413, 405, 404, 404, 407, 417, 413, 414, 408, 415, - 412, 411, 403, 424, 405, 411, 416, 421, 420, 418, - - 417, 408, 409, 409, 416, 412, 418, 413, 419, 414, - 422, 415, 417, 420, 414, 423, 415, 419, 425, 424, - 424, 421, 416, 416, 421, 420, 418, 427, 426, 432, - 423, 416, 430, 422, 426, 419, 428, 422, 431, 433, - 425, 428, 423, 434, 431, 425, 435, 440, 432, 442, - 434, 446, 0, 427, 427, 426, 432, 433, 430, 430, - 437, 435, 437, 428, 438, 431, 433, 439, 441, 437, - 434, 438, 444, 435, 443, 446, 448, 0, 446, 440, - 439, 442, 449, 451, 447, 444, 441, 437, 448, 437, - 445, 438, 452, 445, 439, 441, 443, 447, 450, 444, - - 453, 443, 456, 448, 454, 450, 458, 451, 456, 445, - 451, 447, 457, 453, 449, 452, 455, 445, 459, 460, - 445, 455, 463, 461, 452, 450, 454, 453, 458, 456, - 459, 454, 462, 458, 461, 457, 463, 466, 0, 457, - 462, 460, 452, 455, 466, 459, 460, 468, 0, 463, - 461, 0, 0, 469, 467, 474, 498, 470, 0, 462, - 464, 469, 0, 0, 466, 464, 467, 464, 470, 481, - 468, 473, 471, 464, 468, 464, 481, 474, 464, 464, - 469, 467, 474, 473, 470, 464, 464, 464, 498, 472, - 475, 476, 464, 472, 464, 471, 481, 477, 473, 471, - - 464, 475, 464, 478, 479, 464, 464, 477, 0, 476, - 482, 472, 464, 484, 478, 480, 472, 475, 476, 480, - 472, 483, 490, 483, 0, 491, 485, 488, 479, 477, - 478, 479, 486, 487, 477, 488, 482, 482, 485, 484, - 484, 489, 480, 491, 490, 487, 489, 486, 483, 490, - 492, 493, 491, 485, 488, 494, 496, 497, 492, 486, - 487, 500, 501, 493, 499, 510, 504, 505, 489, 503, - 501, 509, 502, 500, 496, 504, 494, 492, 493, 499, - 497, 503, 494, 496, 497, 502, 506, 507, 500, 501, - 505, 499, 508, 504, 505, 511, 503, 510, 509, 502, - - 506, 512, 513, 514, 516, 515, 0, 0, 525, 523, - 511, 508, 507, 506, 507, 517, 516, 513, 515, 508, - 518, 521, 511, 520, 524, 522, 521, 514, 519, 513, - 514, 516, 515, 512, 520, 519, 523, 517, 519, 522, - 525, 526, 517, 527, 518, 528, 519, 518, 529, 530, - 520, 524, 522, 521, 529, 519, 531, 534, 532, 0, - 533, 537, 519, 536, 535, 519, 532, 536, 526, 537, - 527, 538, 539, 530, 540, 529, 530, 528, 531, 533, - 541, 534, 0, 531, 534, 532, 535, 533, 537, 541, - 536, 535, 542, 543, 538, 544, 545, 540, 538, 546, - - 543, 540, 549, 0, 539, 0, 547, 541, 548, 551, - 552, 547, 546, 550, 542, 547, 0, 548, 545, 542, - 543, 553, 550, 545, 556, 557, 546, 544, 549, 549, - 547, 551, 552, 547, 553, 548, 551, 552, 547, 554, - 550, 558, 547, 557, 563, 560, 0, 559, 553, 561, - 564, 554, 557, 562, 568, 563, 556, 569, 565, 564, - 567, 568, 0, 575, 0, 558, 554, 560, 558, 559, - 559, 563, 560, 561, 559, 562, 561, 564, 565, 566, - 562, 568, 567, 570, 569, 565, 571, 567, 572, 573, - 574, 576, 580, 566, 571, 575, 559, 577, 579, 572, - - 581, 570, 578, 578, 583, 574, 566, 573, 584, 581, - 570, 585, 576, 571, 580, 572, 573, 574, 576, 580, - 582, 577, 579, 588, 577, 579, 586, 581, 588, 587, - 584, 578, 589, 582, 590, 584, 583, 591, 591, 592, - 594, 593, 0, 585, 600, 591, 589, 582, 590, 593, - 586, 587, 595, 586, 597, 588, 587, 598, 594, 589, - 0, 590, 596, 599, 591, 591, 602, 594, 593, 596, - 601, 592, 604, 605, 595, 605, 600, 598, 599, 595, - 597, 597, 606, 608, 598, 601, 603, 599, 602, 596, - 599, 603, 609, 602, 607, 610, 614, 601, 604, 604, - - 605, 609, 607, 611, 610, 599, 612, 606, 608, 606, - 608, 615, 611, 613, 612, 617, 619, 616, 603, 609, - 613, 607, 610, 620, 618, 619, 621, 617, 614, 623, - 611, 620, 624, 612, 615, 616, 618, 622, 615, 625, - 613, 621, 617, 619, 616, 624, 628, 626, 627, 622, - 620, 618, 630, 621, 625, 626, 627, 633, 629, 624, - 636, 623, 631, 630, 622, 633, 625, 629, 634, 628, - 635, 631, 637, 628, 626, 627, 638, 632, 632, 630, - 637, 634, 641, 636, 633, 629, 632, 636, 639, 631, - 640, 644, 638, 641, 642, 634, 635, 635, 645, 637, - - 643, 639, 642, 638, 632, 632, 646, 647, 648, 641, - 649, 644, 640, 651, 643, 639, 650, 640, 644, 649, - 645, 642, 655, 654, 653, 645, 646, 643, 652, 647, - 648, 651, 656, 646, 647, 648, 650, 649, 654, 657, - 651, 652, 653, 650, 655, 658, 659, 662, 660, 655, - 654, 653, 661, 662, 663, 652, 656, 665, 658, 656, - 660, 664, 657, 668, 659, 661, 657, 666, 669, 664, - 670, 668, 658, 659, 662, 660, 671, 670, 672, 661, - 673, 663, 673, 674, 665, 666, 675, 664, 664, 676, - 668, 0, 674, 672, 666, 677, 664, 670, 699, 671, - - 669, 683, 678, 671, 679, 672, 679, 673, 676, 689, - 674, 678, 680, 683, 686, 677, 676, 0, 675, 680, - 0, 690, 677, 691, 686, 693, 692, 689, 683, 678, - 699, 679, 694, 701, 691, 0, 689, 696, 0, 680, - 681, 686, 690, 697, 681, 695, 696, 681, 690, 692, - 691, 693, 693, 692, 681, 701, 697, 681, 694, 694, - 701, 695, 681, 702, 696, 705, 698, 681, 0, 702, - 697, 681, 695, 698, 681, 704, 703, 704, 0, 706, - 0, 681, 708, 0, 681, 703, 709, 707, 711, 705, - 702, 710, 705, 698, 700, 700, 0, 700, 709, 712, - - 700, 715, 704, 703, 714, 700, 706, 707, 708, 708, - 711, 700, 700, 709, 707, 711, 715, 710, 710, 713, - 700, 700, 700, 712, 700, 716, 712, 700, 715, 714, - 717, 714, 700, 716, 721, 718, 719, 720, 700, 700, - 724, 713, 718, 722, 719, 723, 713, 728, 730, 729, - 725, 0, 716, 717, 726, 722, 720, 717, 723, 725, - 721, 721, 718, 719, 720, 733, 724, 724, 727, 726, - 722, 729, 723, 727, 734, 730, 729, 725, 731, 728, - 735, 726, 736, 731, 737, 0, 739, 733, 0, 0, - 738, 741, 733, 742, 744, 727, 740, 0, 0, 748, - - 743, 751, 745, 744, 736, 746, 734, 739, 0, 736, - 731, 0, 735, 739, 738, 740, 737, 738, 741, 743, - 742, 744, 747, 740, 745, 746, 748, 743, 749, 745, - 747, 750, 746, 751, 752, 754, 755, 756, 757, 0, - 764, 0, 752, 758, 759, 764, 749, 760, 0, 747, - 750, 762, 0, 754, 755, 749, 757, 765, 750, 756, - 760, 752, 754, 755, 756, 757, 759, 758, 763, 762, - 758, 759, 764, 761, 760, 761, 766, 767, 762, 768, - 772, 773, 763, 765, 765, 767, 769, 0, 766, 769, - 770, 0, 0, 774, 775, 763, 776, 768, 770, 774, - - 761, 0, 776, 766, 767, 772, 768, 772, 773, 781, - 779, 777, 778, 769, 770, 779, 775, 770, 777, 778, - 774, 775, 780, 776, 782, 770, 0, 781, 782, 780, - 783, 784, 786, 785, 787, 788, 781, 779, 777, 778, - 784, 785, 790, 792, 791, 793, 789, 794, 0, 780, - 788, 782, 787, 783, 789, 790, 792, 783, 784, 795, - 785, 787, 788, 796, 786, 791, 795, 793, 797, 790, - 792, 791, 793, 789, 794, 797, 799, 798, 802, 800, - 801, 796, 803, 799, 800, 802, 795, 805, 801, 804, - 796, 806, 807, 808, 809, 797, 798, 815, 806, 0, - - 810, 817, 804, 799, 798, 802, 800, 801, 810, 812, - 817, 814, 819, 821, 803, 811, 804, 809, 806, 805, - 813, 809, 816, 811, 807, 808, 813, 810, 817, 815, - 811, 812, 820, 823, 818, 824, 812, 814, 814, 820, - 821, 825, 811, 822, 819, 827, 816, 813, 818, 816, - 811, 826, 822, 825, 830, 823, 0, 829, 828, 820, - 823, 818, 824, 828, 829, 831, 833, 834, 825, 833, - 822, 827, 827, 831, 826, 836, 830, 837, 826, 841, - 834, 830, 836, 837, 829, 828, 0, 0, 839, 840, - 842, 841, 831, 833, 834, 843, 849, 843, 844, 0, - - 0, 849, 836, 0, 837, 838, 841, 838, 845, 847, - 0, 838, 840, 838, 839, 839, 840, 842, 838, 851, - 845, 844, 843, 838, 846, 844, 848, 854, 849, 838, - 850, 847, 838, 0, 838, 845, 847, 846, 838, 848, - 838, 858, 851, 850, 852, 838, 851, 855, 853, 854, - 838, 846, 857, 848, 854, 856, 852, 850, 853, 859, - 855, 856, 858, 860, 863, 857, 861, 864, 858, 0, - 853, 852, 864, 865, 855, 853, 869, 866, 0, 857, - 872, 865, 856, 0, 868, 853, 866, 871, 870, 874, - 0, 859, 0, 861, 864, 860, 863, 881, 869, 868, - - 865, 870, 871, 869, 866, 867, 872, 872, 874, 875, - 867, 868, 867, 873, 871, 870, 874, 876, 867, 877, - 878, 0, 875, 867, 867, 876, 879, 877, 882, 881, - 867, 867, 867, 883, 884, 873, 875, 867, 885, 867, - 873, 883, 886, 891, 876, 867, 877, 878, 884, 879, - 867, 867, 882, 879, 887, 882, 888, 867, 889, 0, - 883, 884, 887, 893, 886, 894, 890, 896, 892, 886, - 885, 893, 895, 898, 888, 891, 889, 890, 899, 895, - 896, 887, 897, 888, 900, 889, 892, 894, 898, 897, - 893, 901, 894, 890, 896, 892, 899, 902, 903, 895, - - 898, 907, 900, 0, 905, 899, 908, 902, 909, 897, - 910, 900, 901, 908, 907, 905, 909, 911, 901, 913, - 912, 914, 0, 910, 902, 920, 911, 917, 907, 919, - 903, 905, 912, 908, 918, 909, 921, 910, 0, 925, - 923, 913, 925, 914, 911, 0, 913, 912, 914, 917, - 921, 923, 918, 924, 917, 919, 919, 920, 924, 926, - 927, 918, 930, 921, 928, 925, 925, 923, 929, 925, - 931, 928, 932, 927, 933, 934, 930, 929, 935, 0, - 0, 933, 931, 926, 936, 924, 926, 927, 939, 930, - 935, 928, 940, 946, 941, 929, 937, 931, 940, 943, - - 942, 933, 944, 945, 932, 935, 936, 934, 946, 937, - 943, 936, 939, 948, 950, 939, 941, 949, 951, 940, - 946, 941, 942, 937, 944, 945, 943, 942, 949, 944, - 945, 952, 955, 953, 948, 950, 954, 0, 956, 957, - 948, 950, 959, 960, 949, 954, 958, 961, 957, 959, - 951, 953, 962, 963, 958, 964, 955, 967, 952, 955, - 953, 961, 971, 954, 956, 956, 957, 960, 965, 959, - 960, 966, 969, 958, 961, 972, 970, 964, 973, 983, - 984, 969, 964, 970, 962, 963, 974, 976, 975, 967, - 965, 979, 977, 966, 971, 965, 976, 972, 966, 969, - - 978, 980, 972, 970, 974, 973, 975, 979, 981, 982, - 980, 983, 984, 974, 976, 975, 977, 982, 979, 977, - 985, 986, 987, 981, 978, 988, 989, 978, 980, 990, - 994, 992, 985, 988, 1007, 981, 982, 993, 994, 989, - 992, 998, 997, 986, 990, 1002, 1005, 985, 986, 987, - 997, 1001, 988, 989, 1000, 993, 990, 994, 992, 995, - 1002, 995, 1003, 1001, 993, 1004, 1007, 1000, 998, 997, - 1006, 1008, 1002, 1005, 1009, 1010, 0, 1006, 1001, 1015, - 1012, 1000, 1011, 1004, 1003, 1013, 995, 1016, 1014, 1003, - 0, 1015, 1004, 1012, 1021, 1016, 1009, 1006, 1013, 1017, - - 1010, 1009, 1010, 1008, 1011, 1018, 1015, 1012, 1019, 1011, - 1014, 1022, 1013, 1023, 1016, 1014, 1019, 1018, 1024, 1017, - 1025, 1021, 1023, 0, 1022, 1029, 1017, 1026, 1027, 1031, - 1024, 1030, 1018, 1032, 1026, 1019, 0, 1027, 1022, 1027, - 1023, 1025, 1027, 1033, 1035, 1024, 1032, 1025, 1034, 1031, - 1027, 1029, 1029, 1030, 1026, 1027, 1031, 1034, 1030, 1036, - 1032, 1038, 1035, 1039, 1027, 1037, 1027, 1033, 1040, 1027, - 1033, 1035, 1042, 1037, 1043, 1034, 1040, 1045, 1044, 1039, - 1046, 1036, 0, 1038, 1045, 1047, 1036, 0, 1038, 1051, - 1039, 1048, 1037, 1054, 1049, 1040, 1043, 1051, 1050, 1042, - - 1044, 1043, 1046, 1053, 1045, 1044, 1049, 1046, 1047, 1048, - 1050, 1052, 1047, 1054, 1055, 1053, 1051, 1057, 1048, 1056, - 1054, 1049, 1058, 1057, 1059, 1050, 1052, 1056, 1060, 1055, - 1053, 1058, 1061, 1065, 1063, 1062, 1068, 1066, 1052, 1061, - 1060, 1055, 1062, 1068, 1057, 1059, 1056, 1067, 1069, 1058, - 1066, 1059, 1063, 1070, 1079, 1060, 1075, 1128, 1073, 1061, - 1083, 1063, 1062, 1068, 1066, 1065, 1067, 1071, 1070, 1072, - 1069, 1073, 1071, 1074, 1067, 1069, 1077, 1072, 1097, 1078, - 1070, 1080, 1075, 1075, 1128, 1073, 1079, 1074, 0, 1081, - 1077, 1084, 1083, 0, 1082, 1085, 1072, 1078, 1086, 1071, - - 1074, 1076, 0, 1077, 1076, 1076, 1078, 1080, 1080, 1076, - 1097, 1081, 1082, 1084, 1087, 1076, 1081, 1085, 1084, 1076, - 1087, 1082, 1085, 1076, 1086, 1086, 1088, 1089, 1076, 1089, - 1090, 1076, 1076, 1094, 1091, 1095, 1076, 1090, 1093, 1098, - 1092, 1087, 1076, 1091, 0, 1093, 1076, 1099, 1095, 1100, - 1096, 1089, 1088, 1088, 1089, 1094, 1089, 1090, 1092, 1096, - 1094, 1091, 1095, 0, 1102, 1093, 1104, 1092, 1107, 1099, - 1108, 1098, 1100, 0, 1099, 1106, 1100, 1096, 1101, 1108, - 1107, 1109, 1104, 1101, 0, 1101, 1118, 1101, 0, 1101, - 1102, 1102, 0, 1104, 1113, 1107, 1101, 1108, 1106, 1109, - - 1112, 1110, 1106, 0, 1111, 1101, 1110, 1113, 1109, 1111, - 1101, 1114, 1101, 1117, 1101, 1115, 1101, 1116, 1118, 1119, - 1120, 1113, 1112, 1115, 1121, 1116, 1117, 1112, 1122, 1114, - 1123, 1111, 1125, 1110, 1124, 1130, 1127, 1121, 1114, 1120, - 1117, 1125, 1115, 1123, 1116, 1119, 1119, 1120, 1129, 1131, - 1122, 1121, 1124, 1133, 1126, 1122, 1126, 1123, 1127, 1125, - 1129, 1124, 1130, 1127, 1134, 1135, 1136, 1137, 1139, 0, - 1140, 1138, 1144, 1135, 1131, 1129, 1131, 1133, 1138, 1141, - 1133, 1126, 1142, 1143, 1136, 0, 1134, 1146, 1142, 1143, - 1149, 1134, 1135, 1136, 1137, 1139, 1140, 1140, 1138, 1144, - - 1145, 1141, 1148, 1150, 1151, 1147, 1141, 1145, 1149, 1142, - 1143, 1146, 1147, 1151, 1146, 1153, 1155, 1149, 1156, 0, - 0, 1154, 1157, 1163, 1148, 1158, 1162, 1145, 1150, 1148, - 1150, 1151, 1147, 1154, 1159, 1162, 1160, 1161, 1155, 1153, - 1156, 1157, 1153, 1155, 1163, 1156, 1164, 1158, 1154, 1157, - 1163, 1165, 1158, 1162, 1167, 1168, 1159, 1169, 1170, 1161, - 1179, 1159, 1160, 1160, 1161, 1165, 1164, 1171, 1172, 1174, - 1175, 1178, 1173, 1164, 1177, 1178, 1172, 1175, 1165, 1169, - 1180, 1177, 1181, 1183, 1169, 1171, 1167, 1168, 1173, 1187, - 1170, 1189, 1179, 1186, 1171, 1172, 1174, 1175, 1178, 1173, - - 1184, 1177, 1187, 1181, 1185, 1188, 1184, 0, 1186, 1181, - 1194, 1185, 1180, 1184, 1188, 1183, 1187, 1189, 1189, 1190, - 1186, 1191, 1193, 1191, 1195, 1192, 1190, 1184, 1195, 1200, - 0, 1185, 1188, 1184, 1192, 1196, 1199, 1194, 1200, 1198, - 1201, 1199, 1202, 1204, 1193, 0, 1190, 1198, 1191, 1193, - 1203, 1195, 1192, 1207, 1209, 1204, 1200, 1196, 1201, 0, - 1208, 1202, 1196, 1203, 0, 1210, 1198, 1201, 1199, 1202, - 1204, 1205, 1206, 1208, 1205, 1206, 1212, 1203, 1207, 1211, - 1207, 1213, 1213, 1205, 1212, 1215, 1209, 1208, 1210, 1217, - 1218, 1214, 1210, 1227, 1206, 1211, 1216, 1218, 1205, 1206, - - 1214, 1205, 1206, 1212, 1221, 1216, 1211, 1215, 1213, 1220, - 1222, 1217, 1215, 1221, 1223, 1224, 1217, 1218, 1214, 1222, - 1225, 0, 1220, 1216, 1226, 1227, 1229, 1231, 1228, 1225, - 0, 1221, 1226, 1230, 1229, 0, 1220, 1222, 1224, 1231, - 1223, 1223, 1224, 1228, 1232, 1234, 1230, 1225, 1235, 1233, - 1237, 1226, 1236, 1229, 1231, 1228, 1232, 1233, 1239, 1237, - 1230, 1240, 1238, 1242, 1244, 1241, 1245, 1234, 1235, 1242, - 1249, 1232, 1234, 1240, 1236, 1235, 1233, 1237, 1243, 1236, - 1238, 1246, 0, 1247, 1239, 1239, 1241, 0, 1240, 1238, - 1242, 1250, 1241, 1251, 1252, 1255, 1244, 1249, 1245, 1253, - - 1243, 1254, 1259, 1252, 1256, 1243, 1258, 1246, 1246, 1247, - 1247, 1251, 1253, 1254, 1250, 1255, 1257, 0, 1250, 1260, - 1251, 1252, 1255, 1257, 1259, 1258, 1253, 1261, 1254, 1259, - 1256, 1256, 1260, 1258, 1262, 1261, 1263, 1264, 1268, 1262, - 1266, 1263, 1267, 1257, 1264, 1265, 1260, 1270, 1266, 1272, - 1267, 1269, 1271, 1273, 1261, 1270, 1268, 1276, 1272, 1271, - 1274, 1275, 1275, 1278, 1264, 1268, 1262, 1266, 1263, 1267, - 0, 1265, 1265, 1269, 1270, 1277, 1272, 1279, 1269, 1271, - 1287, 0, 1274, 1277, 1278, 1273, 1280, 1274, 1275, 1276, - 1278, 1281, 1282, 1283, 1280, 1284, 1289, 1285, 1286, 1281, - - 1282, 1283, 1277, 1285, 1288, 1290, 1287, 1287, 1284, 1279, - 1286, 1289, 1291, 1280, 1292, 1293, 1295, 1294, 1281, 1282, - 1283, 1299, 1284, 1289, 1285, 1286, 1304, 1298, 1288, 1293, - 1295, 1288, 1290, 1299, 1291, 1294, 1296, 1292, 1300, 1291, - 1296, 1292, 1293, 1295, 1294, 1300, 1301, 1302, 1299, 1298, - 1303, 0, 1305, 1296, 1298, 1306, 1307, 1301, 1304, 1310, - 1313, 1296, 1308, 1296, 1305, 1300, 1310, 1296, 1309, 1306, - 1314, 0, 1303, 1301, 1302, 1311, 1319, 1303, 1307, 1305, - 1296, 1312, 1306, 1307, 1311, 1308, 1310, 1316, 1312, 1308, - 1320, 1309, 1313, 1318, 1321, 1309, 1316, 1314, 1319, 1318, - - 1322, 1324, 1311, 1319, 1327, 1326, 1331, 1322, 1312, 0, - 1328, 1329, 1332, 1335, 1316, 1334, 1320, 1320, 1333, 1332, - 1318, 1328, 1329, 0, 1338, 1335, 1321, 1322, 1324, 1326, - 1331, 1327, 1326, 1331, 1339, 1349, 1333, 1328, 1329, 1332, - 1335, 1334, 1334, 1336, 1337, 1333, 1338, 1339, 1340, 1336, - 1341, 1338, 1337, 1342, 1343, 1345, 1343, 1344, 1346, 1341, - 1348, 1339, 1349, 0, 1347, 1342, 1350, 1346, 1345, 1351, - 1336, 1337, 1348, 1352, 1340, 1340, 1351, 1341, 1354, 1355, - 1342, 1343, 1345, 1344, 1344, 1346, 1347, 1348, 1357, 1350, - 1353, 1347, 1359, 1350, 1354, 1353, 1351, 0, 1360, 1352, - - 1352, 1356, 1355, 1361, 1366, 1354, 1355, 1360, 1363, 1356, - 1357, 1365, 1362, 1362, 1369, 1357, 1361, 1353, 0, 1359, - 1362, 1363, 1364, 1370, 1364, 1360, 1366, 1367, 1356, 1368, - 1361, 1366, 1369, 1372, 1367, 1363, 1368, 1365, 1365, 1362, - 1362, 1369, 1373, 1374, 1371, 1370, 1375, 1376, 0, 1364, - 1370, 1371, 0, 1375, 1367, 1378, 1368, 1379, 1372, 1380, - 1372, 1385, 1381, 1383, 1373, 1386, 0, 1380, 1378, 1373, - 1391, 1371, 1388, 1375, 1384, 1374, 1390, 1384, 0, 1376, - 1387, 1388, 1378, 1381, 1379, 1383, 1380, 1385, 1385, 1381, - 1383, 1386, 1386, 1387, 1389, 1392, 1391, 1391, 1393, 1388, - - 1390, 1384, 1395, 1390, 1396, 1393, 1389, 1387, 1394, 1397, - 1392, 1394, 1399, 1401, 1399, 1398, 1400, 1405, 0, 1402, - 0, 1389, 1392, 1394, 0, 1393, 1396, 1397, 1403, 0, - 1404, 1396, 1394, 1407, 1395, 1394, 1397, 1398, 1394, 1399, - 1400, 1402, 1398, 1400, 1406, 1401, 1402, 1407, 1411, 1405, - 1394, 1409, 1408, 1418, 1403, 1403, 1404, 1404, 1410, 1409, - 1407, 1408, 1412, 1413, 1414, 1410, 1406, 1415, 0, 1416, - 1417, 1406, 1411, 1416, 1420, 1411, 1419, 1421, 1409, 1408, - 1418, 1422, 1433, 1420, 1421, 1410, 1414, 1423, 1422, 1424, - 1425, 1414, 1417, 1426, 1412, 1413, 1416, 1417, 1419, 1415, - - 1423, 1420, 1424, 1419, 1421, 1425, 1427, 1426, 1422, 1433, - 1430, 0, 1428, 1435, 1423, 1429, 1424, 1425, 1431, 1428, - 1426, 1434, 1429, 1430, 1431, 1436, 1441, 1440, 1434, 1437, - 1438, 1439, 0, 0, 1439, 1435, 1440, 1430, 1427, 1428, - 1435, 1437, 1429, 1438, 1441, 1431, 1443, 1442, 1434, 0, - 1445, 1436, 1436, 1441, 1440, 1450, 1437, 1438, 1439, 1442, - 1444, 1445, 1451, 1444, 1447, 1449, 1443, 1449, 1452, 1447, - 1453, 1454, 0, 1443, 1442, 1455, 1447, 1445, 1444, 1450, - 1454, 1456, 1450, 1459, 1460, 1453, 1457, 1444, 0, 1451, - 1444, 1447, 1449, 1458, 1467, 1452, 1447, 1453, 1454, 1455, - - 1457, 1458, 1455, 1462, 1461, 1459, 1460, 1463, 1456, 1464, - 1459, 1460, 1461, 1457, 1462, 1465, 1468, 1464, 1465, 1466, - 1458, 1469, 1472, 1471, 1470, 1463, 1467, 0, 1469, 1473, - 1462, 1461, 1471, 1465, 1463, 1472, 1464, 1466, 1470, 1474, - 1473, 1478, 1465, 1468, 1480, 1465, 1466, 1479, 1469, 1472, - 1471, 1470, 1477, 1476, 1474, 1476, 1473, 1483, 1479, 1481, - 1483, 1477, 1480, 1482, 1484, 0, 1474, 1478, 1478, 1486, - 1485, 1480, 1489, 1484, 1479, 1483, 1485, 1482, 1486, 1477, - 1476, 1481, 1490, 1487, 1483, 1489, 1481, 1483, 1487, 1482, - 1482, 1484, 1492, 1491, 1490, 1493, 1486, 1485, 1491, 1489, - - 1496, 1494, 1495, 1497, 1482, 1498, 0, 1508, 1502, 1490, - 1494, 1501, 1499, 1503, 1492, 1487, 1505, 1504, 1501, 1492, - 1491, 1502, 1505, 1506, 0, 1497, 1508, 1493, 1494, 1495, - 1497, 1504, 1496, 1499, 1508, 1502, 1531, 1498, 1501, 1499, - 1505, 1512, 1510, 1505, 1504, 1503, 1511, 1513, 1514, 1505, - 1510, 1516, 1515, 1519, 1511, 1506, 1518, 1517, 1520, 0, - 1512, 1526, 1514, 1531, 1516, 1513, 1515, 1521, 1512, 1510, - 1517, 1527, 1525, 1511, 1513, 1514, 1527, 1518, 1516, 1515, - 1522, 1521, 1523, 1518, 1517, 1519, 1525, 1522, 1524, 1528, - 1520, 1523, 1529, 1526, 1521, 1532, 1524, 1533, 1527, 1525, - - 1528, 1529, 1532, 1534, 1518, 1535, 1536, 1522, 1537, 1523, - 1538, 1540, 1541, 1542, 1538, 1524, 1528, 0, 1545, 1529, - 1533, 1542, 1532, 1540, 1533, 1534, 1537, 1535, 1536, 1543, - 1534, 1547, 1535, 1536, 1544, 1537, 1546, 1538, 1540, 1541, - 1542, 1551, 1544, 1552, 1543, 1545, 1550, 1548, 1551, 1546, - 1549, 1547, 1553, 1556, 1550, 1554, 1543, 1555, 1547, 1557, - 1558, 1544, 1548, 1546, 1554, 1549, 1560, 1553, 1551, 1562, - 1563, 1561, 1566, 1550, 1548, 1552, 1564, 1549, 1555, 1553, - 1556, 1565, 1554, 1557, 1555, 1567, 1557, 1558, 1560, 1561, - 1568, 1564, 1567, 1560, 1571, 1568, 1566, 1563, 1561, 1566, - - 1569, 1562, 1570, 1564, 1572, 1573, 1565, 1574, 1565, 1569, - 1576, 1570, 1567, 1575, 1578, 1579, 1571, 1568, 1577, 1574, - 1573, 1571, 1572, 1576, 1580, 1577, 1578, 1569, 1576, 1570, - 1581, 1572, 1573, 1583, 1574, 1575, 1581, 1576, 1582, 1585, - 1575, 1578, 1579, 1587, 1583, 1577, 1582, 1584, 1588, 1586, - 1576, 1586, 1589, 1591, 1584, 1592, 1580, 1581, 1595, 1597, - 1583, 1590, 1586, 1596, 1585, 1582, 1585, 1593, 1590, 1587, - 1587, 1594, 1598, 1593, 1584, 1588, 1586, 1594, 1586, 1589, - 1591, 1592, 1592, 1600, 1601, 1595, 1596, 1602, 1590, 1604, - 1596, 1597, 1607, 1601, 1593, 1603, 1598, 1603, 1594, 1598, - - 1605, 0, 1606, 1608, 1608, 1608, 1611, 1609, 1619, 0, - 1608, 1601, 1614, 1604, 1609, 1600, 1604, 1614, 1608, 1602, - 1616, 0, 1603, 1615, 1607, 1617, 1610, 1605, 1606, 1606, - 1608, 1608, 1608, 1610, 1609, 1612, 1615, 1608, 1611, 1618, - 1619, 1617, 1612, 1620, 1614, 1616, 1623, 1616, 1621, 1629, - 1615, 1618, 1617, 1610, 1622, 1621, 1624, 1624, 1625, 1633, - 1622, 1620, 1612, 1627, 1626, 1630, 1618, 1628, 1627, 1635, - 1620, 1626, 1630, 1623, 1639, 1621, 1629, 1634, 1640, 1634, - 1637, 1622, 1638, 1624, 1625, 1625, 1633, 1635, 1638, 1641, - 1627, 1626, 1630, 1628, 1628, 1641, 1635, 1643, 1637, 1642, - - 1644, 1645, 1645, 1646, 1634, 1640, 1639, 1637, 1648, 1638, - 1650, 1642, 1647, 1647, 1651, 1652, 1641, 1643, 1644, 1648, - 1653, 1654, 1652, 1655, 1643, 1656, 1642, 1644, 1645, 1646, - 1646, 1658, 1650, 1660, 1657, 1648, 1659, 1650, 1662, 1647, - 1653, 1660, 1652, 1659, 1661, 1663, 1651, 1653, 1665, 1658, - 1664, 1664, 1656, 1654, 1663, 1655, 1657, 1666, 1658, 1661, - 1660, 1657, 1662, 1659, 1668, 1662, 1667, 1669, 1674, 1676, - 1673, 1661, 1663, 1667, 1665, 1665, 1668, 1664, 1671, 1672, - 1675, 1676, 0, 1669, 1672, 1671, 1679, 1682, 1675, 1666, - 1669, 1668, 1673, 1667, 1669, 1674, 1676, 1673, 1680, 1681, - - 1678, 1683, 1685, 1687, 0, 1671, 1672, 1675, 1678, 1679, - 1669, 1689, 1686, 1679, 1682, 1684, 1687, 1681, 1686, 1680, - 1684, 1692, 1694, 1693, 1683, 1680, 1681, 1678, 1683, 1685, - 1687, 1684, 1688, 1689, 1690, 1693, 1691, 1695, 1689, 1686, - 1688, 1690, 1684, 1691, 1694, 1696, 1697, 1684, 1699, 1694, - 1693, 1700, 1702, 1692, 1703, 1701, 1700, 1705, 1706, 1688, - 1704, 1690, 1701, 1691, 1695, 1704, 1699, 1700, 1710, 1697, - 1709, 1696, 1696, 1697, 1708, 1699, 1707, 1707, 1700, 1702, - 1712, 1703, 1701, 1700, 1714, 1709, 1713, 1716, 1718, 1705, - 1706, 1715, 1704, 1715, 1730, 1712, 1708, 1709, 1725, 1714, - - 1710, 1708, 1719, 1707, 1722, 1717, 1721, 1712, 1723, 1713, - 1717, 1714, 1722, 1713, 1726, 1727, 1728, 1719, 1715, 1716, - 1718, 1721, 1725, 1731, 1732, 1725, 1730, 1729, 1733, 1719, - 1723, 1722, 1717, 1721, 1729, 1723, 1736, 1738, 1734, 1745, - 1726, 1726, 1727, 1728, 1731, 1739, 1732, 1740, 1744, 1733, - 1731, 1732, 1742, 1743, 1729, 1733, 1734, 0, 1736, 1746, - 1739, 1738, 1747, 1736, 1738, 1734, 1745, 1742, 1743, 1748, - 1744, 1749, 1739, 1740, 1740, 1744, 1750, 1746, 1752, 1742, - 1743, 1751, 1753, 1750, 1747, 1755, 1746, 1752, 1754, 1747, - 1753, 1748, 1756, 1757, 1770, 1760, 1748, 0, 1749, 1751, - - 1761, 0, 1759, 1750, 1760, 1752, 1757, 1755, 1751, 1753, - 1762, 1754, 1755, 1759, 1763, 1754, 1764, 1765, 1761, 1767, - 1757, 1770, 1760, 1765, 1756, 1766, 1772, 1761, 1759, 1759, - 1776, 1764, 1763, 1767, 1773, 1777, 1762, 1762, 1774, 1778, - 1759, 1763, 1776, 1764, 1765, 1773, 1767, 1766, 1777, 1774, - 1772, 1780, 1766, 1772, 1779, 1781, 1782, 1776, 1787, 0, - 1783, 1773, 1777, 1786, 1779, 1774, 1785, 0, 1789, 0, - 1786, 1778, 1799, 1788, 1789, 1793, 1793, 1780, 1780, 1783, - 1781, 1779, 1781, 1782, 1787, 1787, 1785, 1783, 1790, 1791, - 1786, 1788, 1792, 1785, 1794, 1789, 1795, 1798, 1797, 1799, - - 1788, 1800, 1793, 1790, 1791, 1797, 1794, 1792, 1802, 1795, - 1800, 1801, 1798, 1830, 1807, 1790, 1791, 1795, 1801, 1792, - 1803, 1794, 1804, 1795, 1798, 1797, 1806, 0, 1800, 1804, - 1809, 1808, 1802, 1812, 1810, 1802, 1795, 1814, 1801, 1807, - 1808, 1807, 1803, 1817, 1815, 1830, 1814, 1803, 1806, 1804, - 1816, 1812, 1809, 1806, 1810, 1818, 1820, 1809, 1808, 1821, - 1812, 1810, 1815, 1818, 1814, 1816, 1822, 1824, 1817, 1826, - 1817, 1815, 1821, 1823, 1823, 1827, 1825, 1816, 1828, 0, - 1833, 1820, 1818, 1820, 1831, 1829, 1821, 1828, 1837, 1824, - 1832, 1826, 1829, 1822, 1824, 1841, 1826, 1827, 1838, 1833, - - 1823, 1825, 1827, 1825, 1832, 1828, 1831, 1833, 1835, 1836, - 1842, 1831, 1829, 1840, 1839, 1837, 1835, 1832, 1843, 1845, - 1840, 1847, 1836, 1844, 1838, 1838, 1839, 1841, 1848, 1846, - 1850, 1844, 1842, 1849, 0, 1835, 1836, 1842, 1854, 0, - 1840, 1839, 1844, 1843, 1846, 1843, 1845, 1847, 1847, 1857, - 1844, 1849, 1850, 1851, 1848, 1848, 1846, 1850, 1844, 1858, - 1849, 1853, 1851, 1854, 1853, 1854, 1855, 1857, 1856, 1860, - 1861, 1864, 1855, 1856, 1858, 1865, 1857, 1862, 1867, 1853, - 1851, 1868, 1865, 1866, 1860, 1864, 1858, 0, 1853, 1890, - 1868, 1853, 1861, 1855, 1869, 1870, 1860, 1861, 1864, 1862, - - 1856, 1866, 1865, 1869, 1862, 1867, 1870, 1871, 1868, 1874, - 1866, 1872, 1875, 1877, 1879, 1878, 1890, 0, 1876, 1886, - 1871, 1869, 1870, 1872, 1874, 1876, 1884, 1875, 1892, 1885, - 1882, 1886, 1879, 1885, 1871, 1877, 1874, 1878, 1872, 1875, - 1877, 1879, 1878, 1882, 1889, 1876, 1886, 1884, 1888, 1887, - 1888, 1882, 1893, 1884, 1891, 1892, 1885, 1882, 1887, 1894, - 1893, 1895, 1889, 1896, 1897, 1898, 1899, 1900, 1901, 1897, - 1882, 1889, 1891, 1902, 1905, 1888, 1887, 1896, 1906, 1893, - 1902, 1891, 1894, 1895, 1907, 1908, 1894, 1901, 1895, 1909, - 1896, 1900, 1906, 1910, 1900, 1901, 1897, 1898, 1899, 1912, - - 1902, 1905, 1907, 1906, 1906, 1906, 1913, 1915, 1910, 1911, - 1916, 1907, 1908, 1914, 1917, 1909, 1909, 0, 1911, 1906, - 1910, 1919, 1920, 1923, 1921, 1923, 0, 1930, 1913, 1920, - 1906, 1912, 1916, 1913, 1915, 1924, 1911, 1916, 1925, 1914, - 1914, 1926, 1925, 1928, 1919, 1927, 1917, 1921, 1919, 1920, - 1923, 1921, 1928, 1926, 1930, 1929, 1931, 1924, 1933, 1932, - 1934, 1934, 1924, 1935, 1940, 1925, 1929, 1927, 1926, 1936, - 1928, 1932, 1927, 1937, 1938, 1939, 0, 1936, 1935, 1931, - 1933, 0, 1929, 1931, 1939, 1933, 1932, 1934, 1938, 1942, - 1935, 1940, 1953, 0, 0, 1937, 1936, 1943, 1944, 1945, - - 1937, 1938, 1939, 1945, 1946, 1943, 1944, 1946, 1942, 1947, - 1952, 1954, 1948, 1949, 1950, 1955, 1942, 1947, 1948, 1953, - 1950, 1956, 1952, 1958, 1943, 1944, 1945, 1959, 1949, 1955, - 1957, 1946, 1960, 1961, 1956, 1954, 1947, 1952, 1954, 1948, - 1949, 1950, 1955, 1963, 1957, 1961, 1965, 1962, 1956, 1958, - 1958, 1969, 1971, 1964, 1959, 1966, 1964, 1957, 1969, 1960, - 1961, 1962, 1968, 1972, 1973, 1970, 1975, 1971, 1974, 1963, - 1963, 1964, 1970, 1965, 1962, 1977, 1974, 1966, 1969, 1971, - 1964, 1979, 1966, 1964, 1968, 1976, 1978, 1980, 1981, 1968, - 1972, 1973, 1970, 1975, 1976, 1974, 1982, 1984, 1978, 1983, - - 1987, 1988, 1977, 1979, 1990, 1995, 1993, 1991, 1979, 1982, - 1984, 1985, 1976, 1978, 1980, 1981, 1991, 1983, 1992, 1985, - 1994, 1989, 1987, 1982, 1984, 1997, 1983, 1987, 1988, 1989, - 1993, 1990, 1995, 1993, 1991, 1994, 1996, 1997, 1985, 1992, - 1999, 1998, 2003, 2001, 1996, 1992, 1994, 1994, 1989, 1998, - 2001, 2002, 1997, 2004, 2003, 2002, 2005, 2006, 2010, 2007, - 2008, 2012, 1994, 1996, 2013, 2006, 2011, 1999, 1998, 2003, - 2001, 2007, 2008, 2011, 2016, 2016, 2004, 2013, 2002, 2017, - 2004, 2012, 2018, 2005, 2006, 2010, 2007, 2008, 2012, 2014, - 2015, 2013, 0, 2011, 2019, 2022, 2020, 0, 2014, 2015, - - 2018, 2016, 2023, 2024, 2026, 2017, 2017, 2029, 2029, 2018, - 2022, 2020, 2025, 2020, 2025, 2028, 2014, 2015, 2026, 2019, - 2020, 2019, 2022, 2020, 2023, 2024, 2027, 2031, 2032, 2023, - 2024, 2026, 2027, 2033, 2029, 2034, 2037, 2028, 2020, 2025, - 2020, 2035, 2028, 2036, 2038, 2033, 2039, 2035, 2039, 2031, - 2032, 2040, 2041, 2027, 2031, 2032, 2042, 2046, 2037, 2043, - 2033, 2047, 2044, 2037, 2045, 2040, 2038, 2034, 2035, 2048, - 2046, 2038, 2049, 2039, 2042, 2036, 2041, 2043, 2040, 2041, - 2044, 2051, 2045, 2042, 2046, 2053, 2043, 2054, 2051, 2044, - 2055, 2045, 2056, 2047, 2059, 2049, 2060, 2061, 2062, 2049, - - 2056, 2048, 2057, 2053, 2057, 2059, 0, 2060, 2051, 2057, - 2062, 2065, 2053, 2054, 2054, 2063, 2070, 2066, 2056, 2056, - 2067, 2059, 2055, 2060, 2061, 2062, 2065, 2056, 2066, 2057, - 2068, 2057, 2067, 2063, 2071, 2073, 2074, 2077, 2065, 2072, - 2070, 2075, 2063, 2070, 2066, 2068, 2072, 2067, 2078, 2079, - 2073, 2080, 2081, 2082, 0, 2084, 2071, 2068, 0, 2085, - 2083, 2071, 2073, 2074, 2077, 2086, 2072, 2075, 2075, 2087, - 2090, 2079, 2078, 2083, 2085, 2078, 2079, 2087, 2086, 2088, - 2082, 2084, 2084, 2080, 2081, 2091, 2085, 2083, 2092, 2093, - 2094, 2095, 2086, 2090, 2097, 0, 2087, 2090, 2095, 2096, - - 2098, 2100, 2104, 2101, 2107, 2088, 2088, 2113, 2094, 2091, - 2101, 2093, 2091, 2102, 2098, 2092, 2093, 2094, 2095, 2103, - 2102, 2097, 2096, 2100, 2105, 2104, 2096, 2098, 2100, 2104, - 2101, 2105, 2103, 2106, 2109, 2108, 2107, 2111, 2114, 2113, - 2102, 2112, 2115, 2109, 2119, 2118, 2103, 0, 2111, 2120, - 2127, 2105, 2121, 2121, 2122, 2106, 2108, 2114, 2118, 2124, - 2106, 2109, 2108, 2112, 2111, 2114, 2125, 2115, 2112, 2115, - 2119, 2119, 2118, 2120, 2126, 2128, 2120, 2127, 2131, 2121, - 2122, 2122, 2124, 2133, 2135, 2136, 2124, 2139, 2143, 2126, - 2140, 2140, 2133, 2128, 2141, 0, 2136, 2135, 2125, 2145, - - 2142, 2126, 2128, 2147, 2148, 2131, 2151, 2149, 0, 2139, - 2133, 2135, 2136, 2155, 2139, 2143, 2141, 2140, 2149, 2150, - 2162, 2141, 2142, 2154, 2150, 2157, 2145, 2142, 2151, 2153, - 2148, 2148, 2158, 2151, 2149, 2147, 2159, 2153, 2154, 2160, - 2155, 2163, 2167, 2157, 2164, 2159, 2150, 2162, 2166, 2163, - 2154, 2160, 2157, 2164, 2168, 2170, 2153, 2171, 2169, 0, - 0, 2172, 2175, 2159, 2158, 2173, 2160, 2169, 2163, 2167, - 2174, 2164, 2176, 2170, 2166, 2166, 2168, 2175, 2173, 2171, - 2177, 2168, 2170, 2174, 2171, 2169, 2172, 2177, 2172, 2175, - 2178, 2179, 2173, 2180, 2176, 2181, 2182, 2174, 2183, 2176, - - 2184, 2188, 2185, 0, 2186, 0, 2187, 2177, 2190, 2184, - 2191, 2189, 2178, 2183, 2192, 2190, 2188, 2178, 2179, 2194, - 2180, 2191, 2181, 2182, 2185, 2183, 2189, 2184, 2188, 2185, - 2186, 2186, 2187, 2187, 2193, 2190, 2195, 2191, 2189, 2196, - 2198, 2192, 2193, 2197, 2199, 2200, 2194, 2201, 2204, 2202, - 2203, 0, 2200, 0, 2208, 2196, 2202, 2203, 2197, 2199, - 2198, 2193, 2205, 2195, 2206, 2206, 2196, 2198, 2208, 2201, - 2197, 2199, 2200, 2210, 2201, 2204, 2202, 2203, 2207, 2209, - 2205, 2208, 2209, 2211, 2212, 2207, 2210, 2213, 2216, 2205, - 2217, 2206, 2214, 0, 2218, 2217, 2219, 2216, 2218, 2213, - - 2210, 2223, 2212, 2220, 2214, 2207, 2209, 2221, 0, 2211, - 2211, 2212, 2224, 2222, 2213, 2216, 2220, 2217, 2225, 2214, - 2219, 2218, 2227, 2219, 2229, 2231, 2234, 2230, 2223, 2221, - 2220, 0, 2236, 2234, 2221, 2222, 2230, 2236, 2232, 2224, - 2222, 2231, 2238, 2243, 2225, 2225, 2232, 2235, 2227, 2227, - 2229, 2229, 2231, 2234, 2230, 2237, 2235, 2239, 2240, 2236, - 2238, 2241, 2237, 2244, 2239, 2232, 2246, 2240, 2244, 2238, - 2243, 2245, 2249, 2248, 2235, 2252, 0, 2250, 0, 0, - 2258, 2260, 2237, 2251, 2239, 2240, 2250, 2241, 2241, 2245, - 2244, 2248, 2251, 2246, 2253, 2252, 2254, 2256, 2245, 2249, - - 2248, 2257, 2252, 2255, 2250, 2254, 2253, 2258, 2256, 2257, - 2251, 2259, 2255, 2260, 2262, 2264, 2261, 2269, 2267, 2263, - 2271, 2253, 2265, 2254, 2256, 2261, 2262, 2263, 2257, 2265, - 2255, 2268, 2266, 0, 0, 2270, 2275, 2264, 2259, 2266, - 2267, 2262, 2264, 2261, 2269, 2267, 2263, 2271, 2278, 2265, - 2279, 2277, 2286, 2273, 2275, 2278, 2268, 2276, 2268, 2266, - 2270, 2273, 2270, 2275, 2280, 2276, 2277, 2284, 2281, 2285, - 2287, 2280, 2279, 2289, 2284, 2278, 2281, 2279, 2277, 2286, - 2273, 2288, 2287, 2290, 2276, 2294, 2292, 2295, 2293, 2299, - 2288, 2280, 2297, 2285, 2284, 2281, 2285, 2287, 2292, 2297, - - 2289, 2295, 2298, 2301, 2302, 2303, 2290, 2304, 2288, 2298, - 2290, 2293, 2294, 2292, 2295, 2293, 2299, 2305, 2301, 2297, - 2306, 2307, 2302, 2308, 2309, 2305, 2311, 2310, 2303, 2298, - 2301, 2302, 2303, 2316, 2304, 2309, 2318, 0, 2319, 2321, - 2317, 2308, 2310, 2307, 2305, 2317, 2322, 2306, 2307, 2323, - 2308, 2309, 2319, 2311, 2310, 2320, 2324, 2321, 2326, 2316, - 2316, 2331, 2329, 2318, 2322, 2319, 2321, 2317, 2324, 2320, - 2330, 2332, 2333, 2322, 2331, 2336, 2323, 2335, 2334, 2339, - 2342, 0, 2320, 2324, 2329, 2326, 2334, 2340, 2331, 2329, - 2343, 2333, 2330, 2332, 2336, 2335, 2338, 2330, 2332, 2333, - - 2341, 2339, 2336, 2348, 2335, 2334, 2339, 2342, 2338, 2340, - 2344, 2345, 2341, 2346, 2340, 2347, 2351, 2343, 2350, 2349, - 0, 2353, 2346, 2338, 2347, 2352, 2354, 2341, 2351, 2358, - 2344, 2359, 2361, 2345, 2360, 2348, 2357, 2344, 2345, 2360, - 2346, 2349, 2347, 2351, 2350, 2350, 2349, 2352, 2353, 2362, - 2357, 2363, 2352, 2354, 2361, 2359, 2358, 2364, 2359, 2361, - 2365, 2366, 2367, 2357, 0, 0, 2360, 2368, 2369, 2372, - 2370, 2362, 0, 0, 2367, 2373, 2362, 2375, 2377, 2366, - 2364, 2378, 2365, 2363, 2364, 2370, 2368, 2365, 2366, 2367, - 2369, 2372, 2375, 2381, 2368, 2369, 2372, 2370, 2379, 2373, - - 2377, 2380, 2373, 2378, 2375, 2377, 2382, 2379, 2378, 2383, - 2387, 2381, 2384, 2390, 2388, 2380, 2392, 2393, 2387, 2389, - 2381, 2388, 2394, 2391, 2382, 2379, 0, 2389, 2380, 2393, - 2384, 2391, 2401, 2382, 2392, 2383, 2383, 2387, 2400, 2384, - 2390, 2388, 2397, 2392, 2393, 2395, 2389, 2403, 2399, 2394, - 2391, 2406, 2404, 2395, 2397, 2399, 2402, 2405, 2402, 2401, - 2411, 2400, 0, 2407, 2408, 2400, 0, 2410, 2414, 2397, - 2413, 2418, 2395, 2417, 2411, 2399, 2415, 2419, 2406, 2403, - 2421, 2414, 2407, 2402, 2404, 2410, 2408, 2411, 2415, 2405, - 2407, 2408, 2422, 2413, 2410, 2414, 2423, 2413, 2418, 2417, - - 2417, 2425, 2427, 2415, 2419, 2428, 2429, 2421, 2430, 2427, - 2432, 0, 2433, 2430, 2435, 2422, 2436, 2432, 2423, 2422, - 2437, 2429, 2438, 2423, 2442, 2440, 2443, 2428, 2425, 2427, - 2444, 2442, 2428, 2429, 2440, 2445, 2438, 2432, 2433, 2433, - 2430, 2435, 2446, 2436, 2437, 2447, 2448, 2437, 2450, 2438, - 2449, 2442, 2440, 2443, 2446, 2451, 2444, 2444, 2452, 2449, - 2448, 2450, 2445, 2453, 2457, 2456, 2463, 2458, 2457, 2446, - 2456, 2459, 2447, 2448, 2458, 2450, 2461, 2449, 2459, 2460, - 2462, 0, 2462, 2464, 2469, 2452, 2453, 2451, 2470, 2463, - 2453, 2457, 2467, 2463, 2458, 2476, 2473, 2456, 2459, 2472, - - 2460, 2472, 2475, 2469, 2476, 2479, 2460, 2462, 2461, 2477, - 2464, 2469, 2470, 2484, 2467, 2470, 2477, 2474, 2474, 2467, - 2473, 2478, 2476, 2473, 2475, 2480, 2472, 2474, 2481, 2475, - 2482, 2483, 2479, 2480, 2478, 2482, 2477, 2485, 2489, 2483, - 2484, 2486, 0, 2487, 2474, 2474, 2488, 2481, 2478, 2489, - 2491, 0, 2480, 2490, 2494, 2481, 2493, 2491, 2483, 2492, - 2492, 2494, 2482, 2485, 2485, 2489, 2497, 2486, 2486, 2487, - 2487, 2495, 2488, 2488, 2493, 2490, 2498, 2491, 2495, 2499, - 2490, 2494, 2501, 2493, 2502, 2503, 2492, 2506, 2499, 2507, - 2508, 2504, 2509, 2497, 2512, 0, 2511, 2513, 2495, 0, - - 2498, 0, 2523, 2498, 2502, 2511, 2499, 2507, 2508, 2501, - 2509, 2502, 2503, 2504, 2506, 2514, 2507, 2508, 2504, 2509, - 2513, 2512, 2515, 2511, 2513, 2516, 2517, 2518, 2522, 2523, - 2516, 2525, 2528, 2514, 2515, 2526, 2527, 2531, 2527, 0, - 2517, 2528, 2514, 2530, 2534, 2518, 2534, 2535, 2526, 2515, - 2522, 2537, 2531, 2517, 2518, 2522, 2559, 2516, 2525, 2528, - 2536, 2530, 2526, 2527, 2531, 2535, 2539, 2536, 2543, 2541, - 2530, 2534, 2544, 2546, 2535, 2541, 2545, 2551, 2552, 2548, - 2553, 2539, 2549, 2537, 0, 2549, 0, 2536, 2559, 2556, - 2543, 2546, 2554, 2539, 2544, 2543, 2541, 2556, 2557, 2544, - - 2546, 2548, 2545, 2545, 2551, 2552, 2548, 2553, 2549, 2549, - 2554, 2555, 2549, 2560, 2561, 2562, 2556, 2563, 2555, 2554, - 2557, 2564, 2566, 2565, 2567, 2557, 2563, 2564, 2568, 0, - 2568, 2566, 2569, 2575, 2572, 2560, 2561, 0, 2555, 2571, - 2560, 2561, 2562, 2577, 2563, 2565, 2572, 2571, 2564, 2566, - 2565, 2573, 2579, 2578, 2580, 2568, 2567, 2577, 2573, 2569, - 2575, 2572, 2581, 2582, 2583, 2584, 2571, 2578, 2585, 2585, - 2577, 2582, 2580, 2581, 2586, 2579, 2587, 2589, 2573, 2579, - 2578, 2580, 2590, 2583, 2587, 2594, 2596, 2584, 2592, 2581, - 2582, 2583, 2584, 0, 2592, 2585, 2597, 2596, 2599, 2598, - - 2601, 2586, 2603, 2587, 2589, 2606, 2603, 2597, 2604, 2590, - 2598, 2602, 2594, 2596, 2608, 2592, 2604, 2607, 2602, 2612, - 2599, 2611, 2615, 2597, 0, 2599, 2598, 2601, 2611, 2603, - 2607, 2606, 2606, 2613, 2614, 2604, 2616, 2618, 2602, 2614, - 2617, 2608, 2619, 2622, 2607, 2621, 2623, 2617, 2611, 2615, - 2620, 2612, 2621, 2626, 2623, 2613, 2618, 2627, 2619, 2624, - 2613, 2614, 2628, 2616, 2618, 2635, 2636, 2617, 2620, 2619, - 2632, 2625, 2621, 2623, 2624, 2622, 2634, 2620, 2625, 2637, - 2626, 2627, 2638, 2618, 2627, 2632, 2624, 2633, 2628, 2628, - 2636, 2638, 2635, 2636, 2633, 2640, 2641, 2632, 2625, 2642, - - 2643, 2645, 2644, 2644, 2647, 0, 2649, 2642, 2634, 2638, - 2651, 2637, 2644, 2648, 2633, 2652, 2653, 2640, 2641, 2655, - 0, 2648, 2640, 2641, 2649, 2656, 2642, 2657, 2645, 2644, - 2644, 2647, 2643, 2649, 2654, 2658, 2659, 2651, 2653, 2661, - 2648, 2655, 2652, 2653, 2666, 2664, 2655, 2654, 2669, 2666, - 2667, 2668, 2656, 2664, 2657, 2667, 2668, 2671, 2659, 2675, - 2672, 2654, 2658, 2659, 2674, 2677, 2661, 2680, 2683, 2673, - 0, 2666, 2664, 2672, 2669, 2669, 2673, 2667, 2668, 2685, - 2686, 2678, 2674, 2688, 2671, 2679, 2675, 2672, 2678, 2680, - 2687, 2674, 2690, 2679, 2680, 2683, 2673, 2677, 2689, 2691, - - 2692, 2696, 2686, 2687, 0, 2697, 2685, 2686, 2678, 2694, - 2698, 2690, 2679, 2689, 2695, 2688, 2694, 2687, 2705, 2690, - 2697, 2695, 2692, 2696, 2700, 2689, 2691, 2692, 2696, 2705, - 2701, 2698, 2697, 2702, 2715, 2703, 2694, 2698, 2701, 2704, - 2702, 2695, 2703, 2700, 2707, 2705, 2706, 2706, 2704, 2712, - 2707, 2700, 2711, 2708, 2716, 2717, 2706, 2701, 2721, 2711, - 2702, 2715, 2703, 2712, 2723, 2727, 2704, 2724, 2724, 2725, - 2725, 2707, 2729, 2706, 2706, 2708, 2712, 2730, 2717, 2711, - 2708, 2716, 2717, 2726, 2726, 2721, 2730, 2731, 2727, 2735, - 2733, 2723, 2727, 2736, 2734, 2740, 2724, 2733, 2725, 2729, - - 2731, 2734, 2741, 2739, 2730, 2739, 2742, 2743, 2746, 2745, - 2748, 2735, 2726, 2747, 2731, 2740, 2735, 2733, 2745, 2743, - 2736, 2734, 2740, 2749, 2742, 2741, 2746, 2751, 2754, 2741, - 2739, 2750, 0, 2742, 2743, 2746, 2745, 2748, 2752, 2747, - 2747, 2752, 2753, 2750, 2755, 2756, 2755, 2753, 2758, 2751, - 2749, 2759, 2761, 2757, 2751, 2760, 2752, 2756, 2750, 2757, - 2754, 2762, 2765, 2760, 2768, 2752, 2769, 2770, 2752, 2771, - 2758, 2755, 2756, 2759, 2753, 2758, 2772, 2773, 2759, 2761, - 2757, 2774, 2760, 2762, 2776, 2777, 2779, 2778, 2762, 2765, - 2780, 2768, 2782, 2769, 2770, 2783, 2771, 2780, 2784, 2789, - - 2782, 2779, 2776, 2772, 2773, 2778, 2785, 2793, 2774, 2786, - 2784, 2776, 2777, 2779, 2778, 2787, 2788, 2780, 2792, 2782, - 2785, 2795, 2783, 2796, 2786, 2784, 2789, 2792, 2788, 2794, - 2794, 2793, 2796, 2785, 2793, 2798, 2786, 2799, 2800, 2801, - 2803, 2787, 2787, 2788, 2802, 2792, 2804, 2795, 2795, 2803, - 2796, 2800, 2802, 2815, 2817, 2818, 2794, 2804, 2806, 2798, - 2819, 2801, 2798, 2820, 2861, 2800, 2801, 2803, 2817, 2799, - 2806, 2802, 2822, 2804, 2823, 2824, 2822, 2815, 2826, 2825, - 2815, 2817, 2818, 2831, 2828, 2806, 2825, 2819, 2828, 0, - 2820, 2826, 2823, 2829, 2830, 2832, 2861, 2833, 2824, 2822, - - 2834, 2823, 2824, 0, 2835, 2826, 2825, 2832, 2831, 2829, - 2831, 2828, 2835, 2838, 2834, 2838, 2830, 2836, 2837, 2842, - 2829, 2830, 2832, 2833, 2833, 2839, 2836, 2834, 2840, 2837, - 2846, 2835, 2841, 2848, 2840, 2847, 2849, 2839, 2850, 2841, - 2838, 2842, 2847, 2846, 2836, 2837, 2842, 2851, 2852, 2853, - 2854, 2859, 2839, 2859, 2849, 2840, 2856, 2846, 2854, 2841, - 2848, 2855, 2847, 2849, 2857, 2850, 2862, 2858, 2855, 2860, - 2864, 2867, 2865, 2851, 2851, 2852, 2853, 2854, 2859, 2862, - 2856, 2860, 2866, 2856, 2865, 2863, 2857, 2874, 2855, 2858, - 2866, 2857, 2863, 2862, 2858, 2869, 2860, 2864, 2867, 2865, - - 2875, 2871, 2876, 2877, 2878, 2879, 2880, 2869, 2882, 2866, - 2871, 2877, 2863, 2883, 2874, 2889, 2882, 2881, 2885, 2880, - 0, 2876, 2869, 2905, 2885, 2886, 2875, 2875, 2871, 2876, - 2877, 2881, 2886, 2880, 2888, 2882, 2878, 2879, 2889, 2891, - 2883, 2892, 2889, 2893, 2881, 2885, 2891, 2888, 2894, 2896, - 2895, 2893, 2886, 0, 2903, 2905, 2897, 2896, 2898, 0, - 2900, 2888, 2894, 2892, 2895, 2901, 2891, 2900, 2892, 2904, - 2893, 2902, 0, 2906, 2901, 2894, 2896, 2895, 2897, 2902, - 2898, 2903, 2907, 2897, 2908, 2898, 2909, 2900, 2911, 2910, - 2912, 2904, 2901, 0, 2914, 2916, 2904, 2910, 2902, 2906, - - 2906, 2913, 2917, 2921, 2907, 2918, 2908, 2919, 2909, 2907, - 2917, 2908, 2923, 2909, 2925, 2919, 2910, 2912, 2916, 2920, - 2911, 2914, 2916, 2913, 2927, 2918, 2923, 2920, 2913, 2917, - 2922, 2929, 2918, 0, 2919, 2921, 2930, 2934, 2922, 2923, - 2925, 2925, 2928, 0, 2930, 2928, 2920, 2931, 2932, 0, - 2933, 2927, 2935, 2929, 2938, 2931, 2940, 2922, 2929, 2934, - 2928, 2941, 2932, 2930, 2934, 2939, 2935, 2937, 2937, 2928, - 2943, 2942, 2928, 2939, 2931, 2932, 2933, 2933, 2944, 2935, - 2938, 2938, 2940, 2940, 2945, 2946, 2944, 2941, 2941, 2947, - 2943, 2948, 2939, 2942, 2937, 2949, 2951, 2943, 2942, 2950, - - 2953, 2955, 2952, 2958, 2951, 2944, 2964, 2946, 2953, 2956, - 2959, 2945, 2946, 2960, 2947, 2949, 2947, 2956, 2948, 2950, - 2962, 2960, 2949, 2951, 2952, 2958, 2950, 2953, 2955, 2952, - 2958, 2961, 2959, 2964, 2965, 2966, 2956, 2959, 2967, 2961, - 2960, 2968, 2965, 2966, 2971, 2972, 2962, 2962, 2979, 2969, - 2973, 2975, 2978, 2981, 2982, 2980, 2979, 0, 2961, 0, - 0, 2965, 2966, 2980, 2967, 2967, 0, 0, 2968, 2969, - 2973, 2971, 2972, 2975, 2978, 2979, 2969, 2973, 2975, 2978, - 2981, 2982, 2980, 2986, 2986, 2986, 2986, 2986, 2986, 2986, - 2987, 2987, 2987, 2987, 2987, 2987, 2987, 2988, 2988, 2988, - - 2988, 2988, 2988, 2988, 2989, 2989, 2989, 2989, 2989, 2989, - 2989, 2990, 2990, 2990, 2990, 2990, 2990, 2990, 2992, 2992, - 0, 2992, 2992, 2992, 2992, 2993, 2993, 0, 0, 0, - 2993, 2993, 2994, 2994, 0, 0, 2994, 0, 2994, 2995, - 0, 0, 0, 0, 0, 2995, 2996, 2996, 0, 0, - 0, 2996, 2996, 2997, 0, 0, 0, 0, 0, 2997, - 2998, 2998, 0, 2998, 2998, 2998, 2998, 2999, 2999, 0, - 2999, 2999, 2999, 2999, 2985, 2985, 2985, 2985, 2985, 2985, - 2985, 2985, 2985, 2985, 2985, 2985, 2985, 2985, 2985, 2985, - 2985, 2985, 2985, 2985, 2985, 2985, 2985, 2985, 2985, 2985, - - 2985, 2985, 2985, 2985, 2985, 2985, 2985, 2985, 2985, 2985, - 2985, 2985, 2985, 2985, 2985, 2985, 2985, 2985, 2985, 2985, - 2985, 2985, 2985, 2985, 2985, 2985, 2985, 2985, 2985, 2985, - 2985, 2985, 2985, 2985, 2985, 2985, 2985, 2985, 2985, 2985, - 2985 + 4, 4, 5, 5, 6, 6, 5, 32, 6, 7, + 7, 7, 7, 33, 7, 8, 8, 8, 8, 32, + 8, 9, 9, 9, 10, 10, 10, 19, 51, 51, + + 1032, 19, 3144, 3, 32, 33, 4, 67, 67, 5, + 33, 6, 2566, 13, 13, 13, 13, 7, 13, 14, + 14, 14, 14, 8, 14, 15, 15, 15, 9, 25, + 1032, 10, 11, 11, 11, 11, 11, 11, 12, 12, + 12, 12, 12, 12, 16, 16, 16, 34, 28, 84, + 84, 13, 11, 45, 1041, 25, 25, 14, 12, 34, + 39, 23, 15, 23, 23, 45, 23, 174, 28, 173, + 11, 28, 23, 39, 34, 28, 12, 171, 37, 11, + 45, 16, 158, 158, 37, 12, 30, 39, 29, 56, + 165, 165, 56, 72, 30, 28, 26, 287, 100, 23, + + 24, 24, 29, 26, 24, 37, 72, 26, 160, 24, + 26, 160, 30, 30, 29, 29, 100, 95, 24, 166, + 72, 30, 26, 26, 24, 100, 287, 24, 24, 29, + 26, 24, 95, 164, 26, 87, 24, 26, 46, 87, + 46, 46, 163, 46, 95, 24, 27, 161, 31, 46, + 27, 31, 101, 27, 94, 27, 27, 142, 31, 62, + 31, 62, 62, 192, 62, 101, 27, 70, 27, 70, + 70, 31, 70, 27, 94, 31, 35, 27, 31, 101, + 27, 94, 27, 27, 35, 31, 93, 31, 36, 142, + 35, 96, 36, 27, 35, 192, 44, 215, 96, 42, + + 44, 42, 35, 35, 44, 70, 92, 159, 36, 93, + 42, 35, 157, 93, 36, 36, 42, 35, 96, 36, + 85, 35, 44, 44, 43, 42, 42, 44, 42, 215, + 92, 44, 218, 92, 43, 36, 38, 42, 43, 43, + 38, 109, 80, 42, 175, 175, 38, 43, 109, 38, + 73, 43, 73, 73, 97, 73, 38, 79, 38, 79, + 79, 43, 79, 38, 218, 43, 43, 38, 109, 86, + 99, 86, 86, 38, 86, 106, 38, 75, 97, 99, + 86, 97, 98, 38, 40, 74, 68, 111, 40, 89, + 137, 89, 89, 106, 89, 98, 111, 99, 40, 40, + + 89, 40, 137, 103, 103, 63, 98, 106, 105, 98, + 40, 40, 103, 102, 111, 40, 105, 137, 104, 102, + 106, 102, 98, 104, 58, 40, 40, 89, 40, 41, + 103, 103, 41, 57, 102, 105, 107, 108, 112, 41, + 102, 899, 115, 41, 41, 104, 102, 112, 102, 107, + 108, 41, 110, 110, 113, 115, 41, 52, 47, 41, + 110, 114, 117, 107, 108, 112, 41, 18, 110, 115, + 41, 41, 899, 116, 118, 17, 116, 113, 122, 110, + 110, 113, 118, 114, 119, 123, 117, 110, 114, 116, + 116, 122, 0, 0, 117, 120, 0, 116, 124, 120, + + 116, 118, 121, 116, 119, 122, 119, 121, 123, 125, + 121, 119, 123, 117, 127, 120, 116, 116, 124, 120, + 126, 130, 120, 125, 129, 124, 120, 134, 127, 121, + 128, 119, 133, 129, 121, 0, 125, 128, 0, 133, + 126, 127, 120, 131, 130, 132, 0, 126, 130, 132, + 139, 129, 131, 134, 134, 135, 136, 128, 139, 133, + 138, 138, 135, 0, 141, 136, 0, 132, 148, 140, + 131, 136, 132, 143, 148, 152, 132, 139, 141, 136, + 140, 147, 135, 136, 140, 0, 144, 138, 143, 147, + 145, 141, 136, 140, 146, 148, 140, 152, 136, 0, + + 143, 145, 152, 144, 149, 146, 144, 140, 147, 151, + 145, 140, 144, 144, 150, 149, 154, 145, 155, 153, + 170, 146, 0, 150, 151, 154, 176, 0, 145, 156, + 144, 149, 0, 144, 153, 150, 151, 0, 0, 150, + 155, 150, 156, 154, 170, 155, 153, 170, 176, 162, + 150, 162, 162, 176, 162, 167, 156, 167, 167, 177, + 167, 168, 150, 168, 168, 172, 168, 172, 172, 178, + 172, 179, 0, 177, 180, 182, 181, 183, 178, 0, + 188, 180, 186, 179, 185, 183, 188, 187, 189, 186, + 189, 177, 181, 180, 182, 184, 178, 190, 179, 168, + + 177, 180, 182, 181, 183, 187, 185, 184, 180, 186, + 191, 185, 188, 188, 187, 189, 195, 193, 0, 190, + 196, 193, 184, 197, 190, 200, 201, 198, 0, 199, + 202, 197, 203, 201, 206, 196, 191, 191, 193, 0, + 200, 204, 195, 195, 0, 193, 206, 196, 193, 198, + 197, 199, 200, 201, 198, 203, 199, 205, 202, 203, + 208, 206, 202, 204, 207, 193, 194, 207, 204, 208, + 205, 194, 0, 209, 210, 212, 194, 0, 0, 207, + 216, 213, 194, 194, 205, 202, 220, 208, 213, 194, + 223, 207, 219, 194, 207, 209, 210, 212, 194, 219, + + 209, 210, 212, 194, 214, 227, 216, 216, 213, 194, + 194, 211, 217, 221, 211, 214, 211, 225, 220, 219, + 222, 226, 223, 217, 224, 227, 222, 221, 211, 0, + 211, 214, 227, 230, 228, 229, 0, 211, 211, 233, + 230, 211, 231, 211, 217, 221, 224, 222, 228, 225, + 217, 224, 0, 226, 221, 211, 229, 211, 233, 232, + 230, 228, 229, 231, 232, 234, 233, 235, 237, 231, + 236, 238, 240, 0, 239, 242, 243, 240, 241, 234, + 237, 239, 238, 245, 242, 244, 232, 247, 236, 235, + 244, 0, 234, 253, 235, 237, 249, 236, 238, 243, + + 241, 239, 242, 243, 240, 241, 248, 246, 246, 0, + 252, 250, 244, 248, 251, 245, 246, 254, 249, 247, + 255, 256, 251, 249, 257, 253, 0, 258, 255, 259, + 252, 260, 262, 248, 246, 246, 250, 252, 250, 257, + 258, 251, 261, 263, 264, 265, 266, 255, 264, 254, + 272, 257, 269, 256, 258, 259, 259, 268, 260, 269, + 263, 266, 271, 270, 262, 261, 271, 265, 263, 267, + 263, 264, 265, 266, 261, 273, 268, 267, 274, 269, + 276, 275, 272, 277, 268, 270, 278, 263, 279, 271, + 270, 280, 261, 286, 283, 277, 267, 279, 281, 278, + + 274, 0, 285, 275, 280, 274, 284, 273, 275, 282, + 277, 282, 276, 278, 288, 279, 289, 281, 280, 286, + 286, 290, 292, 288, 291, 281, 283, 285, 293, 285, + 284, 294, 295, 284, 292, 291, 282, 297, 296, 299, + 298, 288, 289, 289, 301, 300, 304, 290, 290, 292, + 295, 291, 293, 298, 294, 293, 296, 302, 294, 295, + 303, 305, 0, 310, 309, 296, 0, 298, 304, 297, + 300, 299, 300, 304, 302, 306, 301, 308, 309, 307, + 302, 311, 306, 308, 302, 312, 303, 303, 307, 310, + 310, 309, 313, 305, 312, 314, 0, 316, 315, 319, + + 317, 302, 306, 314, 308, 311, 307, 315, 311, 317, + 320, 318, 312, 321, 319, 313, 322, 326, 324, 313, + 325, 0, 314, 316, 316, 315, 319, 317, 318, 325, + 328, 322, 0, 338, 329, 318, 324, 321, 318, 326, + 321, 344, 320, 322, 326, 324, 0, 325, 329, 344, + 0, 327, 361, 327, 328, 318, 323, 328, 330, 323, + 338, 329, 331, 331, 323, 323, 323, 323, 344, 327, + 335, 332, 0, 330, 323, 327, 332, 333, 327, 361, + 327, 336, 335, 323, 337, 330, 323, 331, 339, 331, + 331, 323, 323, 323, 323, 334, 327, 335, 334, 336, + + 340, 333, 337, 332, 333, 334, 341, 342, 336, 343, + 339, 337, 345, 347, 352, 339, 346, 358, 341, 345, + 360, 348, 334, 348, 343, 334, 340, 340, 346, 342, + 350, 351, 348, 341, 342, 358, 343, 350, 353, 345, + 355, 356, 355, 346, 358, 347, 352, 348, 348, 354, + 348, 362, 360, 351, 356, 354, 366, 350, 351, 348, + 353, 357, 366, 359, 355, 353, 383, 355, 356, 355, + 376, 354, 0, 362, 357, 376, 354, 357, 362, 357, + 367, 363, 354, 366, 368, 357, 365, 363, 357, 359, + 359, 363, 367, 365, 375, 408, 368, 369, 383, 363, + + 0, 357, 376, 372, 357, 363, 357, 367, 363, 371, + 369, 368, 375, 365, 363, 0, 372, 377, 363, 374, + 408, 375, 408, 380, 369, 371, 363, 364, 378, 364, + 372, 374, 379, 371, 378, 380, 371, 0, 377, 381, + 379, 385, 364, 382, 377, 364, 374, 364, 385, 364, + 380, 382, 371, 364, 364, 378, 364, 381, 386, 379, + 0, 384, 384, 0, 387, 0, 381, 0, 385, 364, + 382, 386, 364, 387, 364, 0, 364, 373, 373, 388, + 394, 392, 0, 388, 395, 386, 389, 373, 384, 373, + 373, 373, 390, 389, 373, 391, 387, 393, 432, 390, + + 387, 399, 373, 392, 373, 373, 388, 391, 392, 393, + 395, 395, 394, 389, 373, 397, 373, 373, 373, 390, + 396, 373, 391, 398, 393, 432, 400, 396, 400, 401, + 397, 404, 402, 399, 403, 403, 398, 405, 404, 410, + 401, 406, 397, 414, 407, 0, 411, 396, 405, 409, + 398, 412, 406, 400, 402, 414, 401, 407, 404, 402, + 454, 411, 410, 403, 405, 454, 410, 409, 406, 411, + 414, 407, 413, 411, 409, 415, 409, 412, 412, 417, + 413, 416, 418, 419, 423, 420, 415, 454, 411, 0, + 416, 421, 417, 418, 409, 418, 425, 422, 424, 413, + + 418, 419, 415, 426, 424, 427, 417, 420, 416, 418, + 419, 428, 420, 430, 421, 422, 423, 425, 421, 435, + 418, 429, 418, 425, 422, 424, 426, 431, 429, 427, + 426, 433, 427, 428, 436, 434, 437, 0, 428, 430, + 430, 431, 440, 438, 439, 435, 435, 445, 429, 434, + 439, 441, 443, 433, 431, 438, 445, 442, 433, 437, + 446, 444, 434, 437, 440, 442, 436, 443, 444, 440, + 438, 439, 447, 441, 445, 446, 449, 448, 441, 443, + 450, 0, 0, 442, 442, 453, 451, 446, 444, 452, + 0, 449, 442, 456, 460, 452, 447, 0, 458, 447, + + 448, 460, 466, 449, 448, 459, 450, 450, 451, 457, + 467, 453, 453, 451, 461, 457, 452, 458, 468, 456, + 456, 460, 463, 459, 463, 458, 464, 465, 467, 461, + 469, 463, 459, 464, 466, 470, 457, 467, 530, 471, + 465, 461, 471, 472, 474, 475, 473, 530, 470, 463, + 468, 463, 469, 464, 465, 477, 474, 469, 471, 473, + 478, 476, 470, 479, 480, 530, 471, 472, 476, 471, + 472, 474, 482, 473, 483, 481, 479, 475, 482, 477, + 481, 484, 477, 478, 485, 486, 480, 487, 476, 0, + 479, 480, 478, 492, 493, 489, 485, 483, 487, 482, + + 492, 483, 481, 484, 494, 488, 493, 486, 484, 489, + 478, 485, 486, 488, 487, 495, 497, 496, 0, 0, + 492, 493, 489, 495, 0, 0, 505, 494, 496, 0, + 0, 494, 488, 490, 500, 499, 0, 502, 490, 497, + 490, 498, 495, 497, 496, 498, 490, 499, 490, 514, + 505, 490, 490, 505, 0, 502, 500, 514, 490, 490, + 490, 500, 499, 498, 502, 490, 501, 490, 498, 501, + 503, 504, 498, 490, 507, 490, 514, 501, 490, 490, + 503, 507, 504, 506, 512, 490, 508, 506, 509, 518, + 509, 510, 511, 501, 513, 515, 501, 518, 504, 512, + + 515, 507, 503, 516, 511, 517, 513, 503, 519, 522, + 506, 512, 508, 508, 523, 509, 518, 510, 510, 511, + 519, 513, 515, 517, 520, 516, 524, 522, 525, 528, + 516, 0, 517, 534, 526, 519, 522, 523, 529, 527, + 531, 523, 528, 525, 533, 520, 526, 527, 532, 535, + 529, 520, 534, 536, 538, 525, 528, 537, 524, 0, + 534, 526, 532, 531, 539, 529, 527, 531, 540, 533, + 541, 533, 537, 549, 543, 532, 535, 542, 544, 539, + 545, 550, 546, 541, 537, 536, 538, 545, 552, 542, + 545, 539, 540, 546, 547, 540, 543, 541, 545, 547, + + 549, 543, 544, 551, 542, 544, 548, 545, 550, 546, + 553, 554, 557, 555, 545, 552, 0, 545, 555, 556, + 548, 559, 558, 560, 566, 556, 547, 561, 563, 559, + 562, 0, 563, 548, 571, 551, 557, 553, 568, 557, + 565, 567, 560, 554, 558, 555, 556, 568, 559, 558, + 560, 561, 562, 564, 561, 563, 566, 562, 573, 569, + 572, 564, 570, 565, 567, 568, 571, 565, 567, 570, + 574, 573, 576, 579, 575, 574, 0, 578, 581, 574, + 564, 569, 572, 575, 577, 573, 569, 572, 578, 570, + 580, 581, 584, 577, 574, 579, 582, 574, 576, 576, + + 579, 575, 574, 585, 578, 581, 574, 586, 582, 592, + 587, 577, 580, 588, 589, 0, 591, 580, 592, 593, + 590, 585, 596, 582, 584, 597, 595, 591, 603, 596, + 585, 586, 587, 587, 586, 588, 592, 587, 589, 593, + 588, 589, 590, 591, 594, 598, 593, 590, 595, 596, + 600, 601, 597, 595, 599, 602, 605, 608, 594, 587, + 603, 600, 599, 598, 604, 606, 606, 611, 607, 601, + 602, 594, 598, 610, 613, 612, 615, 600, 601, 608, + 605, 599, 602, 605, 608, 604, 610, 609, 614, 620, + 0, 604, 607, 617, 606, 607, 609, 612, 615, 611, + + 610, 625, 612, 615, 616, 618, 613, 617, 619, 616, + 621, 622, 614, 626, 609, 614, 628, 623, 621, 618, + 617, 620, 619, 619, 624, 630, 0, 625, 625, 622, + 619, 624, 618, 626, 632, 619, 616, 621, 622, 623, + 626, 627, 629, 633, 623, 633, 634, 630, 628, 619, + 619, 624, 630, 631, 635, 636, 627, 629, 631, 642, + 632, 632, 635, 637, 0, 627, 638, 639, 627, 629, + 633, 634, 637, 634, 643, 638, 639, 641, 640, 0, + 636, 635, 636, 627, 641, 631, 640, 645, 644, 647, + 637, 642, 648, 638, 639, 646, 649, 643, 647, 645, + + 648, 643, 651, 653, 641, 640, 644, 646, 650, 654, + 656, 649, 652, 655, 645, 644, 647, 654, 653, 648, + 650, 655, 646, 649, 662, 652, 0, 0, 664, 657, + 653, 658, 659, 656, 651, 650, 654, 656, 657, 652, + 655, 659, 658, 660, 660, 661, 662, 663, 667, 666, + 665, 662, 660, 661, 664, 664, 657, 666, 658, 659, + 663, 669, 0, 674, 667, 668, 672, 673, 670, 676, + 660, 660, 661, 665, 663, 667, 666, 665, 668, 670, + 672, 671, 675, 669, 677, 674, 680, 673, 669, 671, + 674, 676, 668, 672, 673, 670, 676, 679, 678, 681, + + 682, 683, 675, 688, 680, 0, 677, 678, 671, 675, + 684, 677, 681, 680, 685, 0, 683, 679, 682, 686, + 687, 688, 689, 690, 679, 678, 681, 682, 683, 691, + 688, 692, 684, 687, 689, 691, 690, 684, 685, 0, + 693, 685, 686, 694, 695, 697, 686, 687, 693, 689, + 690, 698, 699, 697, 700, 702, 691, 702, 692, 699, + 703, 701, 695, 704, 0, 705, 693, 693, 0, 703, + 694, 695, 697, 706, 712, 693, 701, 700, 709, 699, + 707, 700, 702, 698, 705, 709, 712, 703, 701, 707, + 718, 719, 705, 706, 708, 704, 708, 0, 0, 715, + + 706, 712, 0, 721, 722, 709, 0, 707, 718, 715, + 723, 727, 719, 0, 0, 722, 730, 718, 719, 724, + 727, 708, 710, 728, 721, 710, 715, 725, 726, 710, + 721, 722, 710, 723, 729, 732, 728, 723, 727, 710, + 710, 729, 710, 760, 726, 724, 724, 710, 730, 710, + 728, 734, 710, 725, 725, 726, 710, 732, 733, 710, + 734, 729, 732, 735, 733, 735, 710, 710, 736, 710, + 731, 731, 737, 731, 738, 760, 731, 737, 734, 739, + 742, 731, 0, 741, 0, 733, 0, 731, 731, 743, + 735, 745, 736, 0, 738, 736, 731, 731, 731, 740, + + 731, 738, 742, 731, 737, 739, 739, 742, 731, 741, + 741, 740, 744, 743, 731, 731, 743, 746, 745, 748, + 747, 750, 749, 751, 752, 754, 740, 748, 750, 753, + 766, 751, 756, 759, 744, 747, 0, 754, 759, 744, + 755, 762, 746, 752, 746, 749, 748, 747, 750, 749, + 751, 752, 754, 755, 757, 753, 753, 758, 756, 756, + 759, 761, 766, 757, 763, 765, 767, 755, 762, 763, + 769, 0, 758, 768, 0, 0, 771, 770, 773, 774, + 772, 757, 776, 761, 758, 0, 0, 765, 761, 775, + 777, 776, 765, 778, 780, 768, 763, 771, 767, 772, + + 768, 770, 769, 771, 770, 773, 774, 772, 775, 776, + 779, 781, 777, 778, 782, 783, 775, 777, 779, 784, + 778, 780, 786, 788, 787, 0, 788, 784, 0, 781, + 789, 791, 792, 782, 794, 790, 794, 779, 781, 797, + 786, 782, 787, 793, 797, 795, 784, 783, 819, 786, + 788, 787, 789, 790, 792, 791, 793, 789, 791, 792, + 796, 794, 790, 795, 798, 799, 801, 800, 806, 0, + 793, 797, 795, 802, 796, 800, 802, 799, 803, 805, + 819, 808, 807, 809, 801, 0, 803, 796, 807, 809, + 798, 798, 799, 801, 800, 806, 812, 814, 816, 0, + + 802, 812, 803, 808, 805, 803, 805, 810, 808, 807, + 809, 811, 813, 803, 810, 814, 815, 817, 811, 813, + 815, 816, 818, 812, 814, 816, 817, 820, 822, 823, + 818, 821, 824, 827, 810, 825, 822, 0, 811, 813, + 828, 826, 823, 815, 817, 820, 821, 828, 825, 818, + 830, 829, 831, 824, 820, 822, 823, 830, 821, 824, + 827, 833, 825, 826, 836, 832, 833, 828, 826, 829, + 838, 831, 832, 834, 837, 835, 839, 830, 829, 831, + 840, 834, 835, 838, 841, 842, 843, 840, 833, 849, + 0, 844, 832, 846, 0, 845, 836, 838, 847, 844, + + 834, 848, 835, 845, 847, 850, 837, 840, 839, 843, + 845, 853, 852, 843, 851, 846, 841, 842, 844, 855, + 846, 849, 845, 851, 854, 847, 852, 848, 848, 850, + 845, 854, 850, 856, 857, 858, 859, 0, 861, 852, + 858, 851, 856, 853, 862, 860, 855, 863, 859, 862, + 865, 854, 867, 864, 863, 867, 857, 868, 865, 870, + 856, 857, 873, 859, 861, 861, 870, 858, 860, 874, + 868, 862, 860, 875, 863, 864, 871, 865, 876, 867, + 864, 877, 871, 877, 868, 875, 870, 896, 873, 873, + 0, 878, 874, 881, 880, 0, 874, 879, 882, 0, + + 875, 0, 0, 871, 872, 876, 872, 880, 877, 879, + 872, 882, 872, 885, 878, 881, 884, 872, 878, 896, + 881, 880, 872, 886, 879, 882, 885, 883, 872, 887, + 889, 872, 883, 872, 884, 886, 890, 872, 888, 872, + 885, 887, 891, 884, 872, 889, 886, 892, 888, 872, + 886, 893, 894, 892, 897, 891, 887, 889, 890, 883, + 888, 895, 886, 890, 893, 888, 898, 900, 901, 891, + 894, 903, 0, 901, 892, 888, 902, 0, 893, 894, + 903, 905, 895, 906, 902, 910, 897, 907, 895, 909, + 0, 908, 0, 898, 911, 901, 905, 915, 903, 900, + + 907, 0, 0, 902, 904, 906, 908, 910, 905, 904, + 906, 904, 910, 911, 907, 909, 909, 904, 908, 912, + 913, 911, 904, 904, 915, 914, 919, 920, 913, 904, + 904, 904, 912, 914, 916, 917, 904, 921, 904, 922, + 923, 924, 917, 930, 904, 921, 912, 913, 942, 904, + 904, 920, 914, 922, 920, 927, 904, 916, 919, 925, + 928, 916, 917, 924, 921, 929, 922, 925, 924, 932, + 931, 933, 923, 927, 934, 930, 929, 932, 928, 937, + 942, 934, 927, 936, 940, 938, 925, 928, 931, 935, + 936, 939, 929, 933, 937, 0, 932, 931, 933, 948, + + 946, 934, 935, 938, 941, 940, 937, 948, 944, 939, + 936, 940, 938, 946, 941, 947, 935, 949, 939, 944, + 950, 951, 947, 952, 953, 957, 948, 946, 0, 950, + 949, 941, 956, 951, 958, 944, 959, 964, 962, 960, + 964, 0, 947, 957, 949, 952, 953, 950, 951, 962, + 952, 953, 957, 960, 956, 965, 966, 963, 970, 956, + 958, 958, 963, 964, 964, 962, 960, 964, 959, 966, + 967, 969, 970, 968, 971, 972, 0, 967, 974, 965, + 969, 973, 965, 966, 968, 970, 971, 975, 973, 963, + 976, 977, 979, 981, 983, 991, 980, 967, 969, 975, + + 968, 971, 980, 982, 977, 983, 984, 972, 973, 985, + 974, 986, 976, 988, 975, 981, 979, 976, 977, 979, + 981, 983, 990, 980, 989, 982, 986, 991, 984, 992, + 982, 985, 993, 984, 988, 989, 985, 994, 986, 995, + 988, 996, 0, 990, 997, 999, 994, 998, 1001, 990, + 993, 989, 999, 997, 1000, 998, 992, 1002, 1003, 993, + 1004, 1005, 1001, 995, 994, 1007, 995, 996, 996, 1006, + 1011, 997, 999, 1010, 998, 1001, 1009, 1012, 1000, 1013, + 1010, 1000, 1004, 1005, 0, 1009, 1016, 1004, 1005, 1002, + 1003, 1006, 1014, 1015, 1018, 1016, 1006, 1007, 1019, 1012, + + 1010, 1017, 1011, 1009, 1012, 1021, 1013, 1020, 1023, 1017, + 1014, 1015, 1022, 1016, 1021, 1024, 1023, 1025, 1018, 1014, + 1015, 1018, 1019, 1020, 1026, 1019, 1027, 1022, 1017, 1028, + 1029, 1030, 1021, 1033, 1020, 1023, 1026, 1031, 1029, 1022, + 1039, 1034, 1033, 1036, 1030, 1036, 1035, 1024, 1027, 1025, + 0, 1026, 1031, 1027, 1035, 1038, 1028, 1029, 1030, 1034, + 1033, 1042, 1040, 1038, 1031, 1043, 1044, 1039, 1034, 1040, + 1036, 1047, 1045, 1035, 1042, 1049, 1048, 1043, 1046, 1050, + 0, 1044, 1038, 1048, 0, 1052, 1051, 1053, 1042, 1040, + 0, 1054, 1043, 1044, 1045, 1056, 1046, 1063, 1047, 1045, + + 0, 0, 1055, 1048, 1054, 1046, 1059, 1049, 1051, 1053, + 1052, 1050, 1052, 1051, 1053, 1055, 1057, 1056, 1054, 1058, + 1060, 1064, 1056, 1061, 1063, 1066, 1059, 1058, 1057, 1055, + 1065, 1061, 1060, 1059, 1064, 1067, 1071, 1066, 1068, 1065, + 0, 1072, 1073, 1057, 1069, 1068, 1058, 1060, 1064, 1074, + 1061, 1077, 1066, 1069, 1075, 1069, 1067, 1065, 1069, 1071, + 1076, 1079, 1067, 1071, 1073, 1068, 1069, 1072, 1072, 1073, + 1079, 1069, 1080, 1076, 1075, 1077, 1074, 0, 1077, 1081, + 1069, 1075, 1069, 1078, 1082, 1069, 1084, 1076, 1079, 1083, + 1080, 1078, 1082, 1085, 1086, 1088, 1089, 1090, 1091, 1080, + + 1095, 1081, 1086, 1093, 1083, 1091, 1081, 1092, 1084, 1085, + 1078, 1082, 1095, 1084, 1094, 1176, 1083, 1100, 1089, 1090, + 1085, 1086, 1088, 1089, 1090, 1091, 1093, 1095, 1096, 1092, + 1093, 1097, 1094, 1098, 1092, 1099, 1101, 1100, 1102, 1097, + 1096, 1094, 1176, 1103, 1100, 1104, 1102, 1099, 1098, 1103, + 1105, 1101, 1106, 1111, 1104, 1096, 1109, 1112, 1097, 1107, + 1098, 1108, 1099, 1101, 1106, 1102, 1107, 1113, 1108, 1112, + 1103, 1105, 1104, 1114, 1109, 1115, 1116, 1105, 1117, 1106, + 1113, 1119, 1115, 1109, 1112, 1111, 1107, 1121, 1108, 1119, + 1118, 1120, 1114, 1117, 1113, 1118, 0, 1122, 1116, 1124, + + 1114, 1121, 1115, 1116, 1120, 1117, 1126, 1142, 1119, 1125, + 1128, 0, 0, 1124, 1121, 1127, 1130, 1129, 1120, 1133, + 1142, 0, 1118, 1122, 1122, 1123, 1124, 1125, 1123, 1123, + 0, 1131, 1128, 1123, 1142, 1129, 1125, 1128, 1126, 1123, + 1132, 1127, 1127, 1123, 1129, 1133, 1133, 1123, 1130, 1135, + 1139, 1134, 1123, 1131, 1138, 1123, 1123, 1134, 1131, 1136, + 1123, 1136, 1132, 1138, 1137, 1140, 1123, 1132, 1139, 1144, + 1123, 1137, 1140, 1141, 1145, 1135, 1135, 1139, 1134, 0, + 1143, 1138, 1146, 1136, 1149, 1147, 1136, 1151, 1136, 1143, + 0, 1137, 1140, 0, 1153, 1141, 1150, 1150, 0, 0, + + 1141, 1144, 0, 1151, 1146, 1156, 1145, 1143, 1147, 1146, + 1149, 1149, 1147, 1148, 1151, 1154, 1160, 1153, 1148, 1155, + 1148, 1153, 1148, 1156, 1148, 1150, 1158, 1154, 1155, 1157, + 1159, 1148, 1156, 1163, 1157, 1159, 1162, 1161, 1160, 1165, + 1148, 1163, 1154, 1160, 1158, 1148, 1155, 1148, 1164, 1148, + 1161, 1148, 1165, 1158, 1162, 1166, 1164, 1159, 1167, 1168, + 1163, 1157, 1173, 1162, 1161, 1172, 1165, 1169, 1170, 1171, + 1174, 1173, 1174, 1178, 1179, 1164, 1175, 0, 1168, 1177, + 1169, 1181, 1171, 1172, 1167, 1167, 1168, 1166, 1182, 1173, + 1170, 1177, 1172, 1184, 1169, 1170, 1171, 1174, 1175, 1179, + + 1178, 1179, 1185, 1175, 1183, 1181, 1177, 1186, 1181, 1187, + 1182, 1184, 1183, 1188, 1186, 1182, 1189, 1190, 1191, 1192, + 1184, 1193, 0, 1190, 1191, 1194, 1195, 0, 1193, 1185, + 0, 1183, 1196, 1195, 1186, 1198, 1187, 1197, 1189, 1188, + 1188, 1199, 1201, 1189, 1190, 1191, 1192, 1211, 1193, 1194, + 1199, 1202, 1194, 1195, 1196, 1197, 1211, 1203, 1204, 1196, + 1198, 1205, 1198, 1202, 1197, 1207, 1201, 1206, 1199, 1201, + 1209, 1204, 1212, 1208, 1211, 1214, 1210, 1216, 1202, 1203, + 1217, 1213, 1219, 1205, 1203, 1204, 1206, 1207, 1205, 1214, + 1222, 1218, 1207, 1212, 1206, 1208, 1209, 1209, 1210, 1212, + + 1208, 1213, 1214, 1210, 1220, 1223, 1222, 1221, 1213, 1216, + 1229, 0, 1217, 1218, 1219, 1221, 1224, 1222, 1218, 1227, + 1228, 1226, 1220, 1224, 1228, 1230, 1227, 1233, 1231, 1235, + 0, 1220, 1223, 1226, 1221, 1236, 1235, 1239, 1234, 1237, + 0, 0, 1229, 1224, 1234, 1238, 1227, 1228, 1226, 1231, + 1236, 1234, 1237, 1240, 1238, 1231, 1235, 1230, 1244, 1233, + 1240, 1242, 1236, 1239, 1239, 1234, 1237, 1241, 1243, 1241, + 1242, 1234, 1238, 1245, 1246, 1248, 1249, 1245, 1250, 1251, + 1240, 1249, 0, 1248, 1252, 1244, 1253, 1250, 1242, 0, + 1243, 1261, 1254, 1258, 1241, 1243, 1246, 1251, 1257, 1253, + + 1245, 1246, 1248, 1252, 1254, 1250, 1251, 1256, 1249, 1255, + 1256, 1252, 1255, 1253, 1259, 1262, 1257, 1263, 1258, 1254, + 1258, 1255, 1265, 1261, 0, 1257, 1264, 1259, 1268, 1256, + 1265, 1264, 1269, 1263, 1256, 1271, 1255, 1256, 1262, 1255, + 0, 1259, 1262, 1267, 1263, 1266, 1266, 1270, 1274, 1265, + 1268, 1277, 1267, 1272, 1269, 1268, 1270, 1271, 1264, 1269, + 1272, 1274, 1271, 1278, 1275, 1281, 0, 1276, 1282, 1284, + 1267, 0, 1266, 1275, 1270, 1274, 1276, 1277, 1277, 1279, + 1272, 1280, 1284, 1282, 1283, 1288, 1278, 1285, 1279, 1280, + 1278, 1275, 1283, 1286, 1276, 1282, 1284, 1281, 1289, 1285, + + 1290, 1287, 1299, 1292, 1291, 1286, 1279, 1288, 1280, 1287, + 1293, 1283, 1288, 1291, 1285, 1296, 1300, 1294, 1289, 1295, + 1286, 1292, 1290, 1298, 1304, 1289, 1296, 1290, 1287, 1294, + 1292, 1291, 1297, 1305, 1299, 1301, 1293, 1293, 1297, 1302, + 1295, 1308, 1296, 1307, 1294, 1298, 1295, 0, 1300, 1306, + 1298, 1304, 1307, 1310, 1308, 1311, 1305, 1309, 1313, 1297, + 1305, 1301, 1301, 0, 1312, 1302, 1302, 1306, 1308, 1309, + 1307, 1312, 1314, 1310, 1315, 1316, 1306, 1313, 1320, 1319, + 1310, 1311, 1311, 1316, 1309, 1313, 1319, 1315, 1317, 1321, + 1318, 1312, 1322, 1317, 1314, 1318, 1323, 1321, 0, 1314, + + 1322, 1315, 1316, 1324, 1320, 1320, 1319, 1325, 1328, 1327, + 1326, 1329, 1330, 1330, 1323, 1325, 1321, 1326, 1327, 1322, + 1317, 1331, 1318, 1323, 1332, 1324, 1334, 1333, 0, 0, + 1324, 0, 1332, 1329, 1325, 1335, 1327, 1326, 1329, 1330, + 1328, 1336, 1337, 1335, 1338, 1341, 1339, 1345, 1333, 1336, + 1337, 1332, 1338, 1331, 1333, 1340, 1343, 1341, 1334, 1339, + 1342, 1340, 1335, 1344, 1346, 1349, 1347, 1350, 1336, 1337, + 1351, 1338, 1341, 1339, 1345, 1348, 0, 1356, 1344, 1349, + 1343, 1355, 1340, 1343, 1351, 1350, 1342, 1342, 1347, 1356, + 1344, 1346, 1349, 1347, 1350, 1352, 1354, 1351, 1348, 1352, + + 1357, 1359, 1348, 1355, 1356, 1354, 1358, 1357, 1355, 1360, + 1361, 1365, 1352, 1362, 0, 0, 1363, 1358, 0, 1364, + 1352, 1366, 1352, 1354, 1371, 1362, 1352, 1357, 1359, 1370, + 1363, 1360, 0, 1358, 1365, 1378, 1360, 1377, 1365, 1352, + 1362, 1364, 1361, 1363, 1366, 1367, 1364, 1368, 1366, 1373, + 1369, 1371, 1367, 1375, 1381, 0, 1368, 1369, 1373, 1375, + 1376, 1370, 1379, 1377, 1377, 1384, 1383, 1378, 1385, 1379, + 1388, 1389, 1367, 1386, 1368, 0, 1373, 1369, 1389, 1385, + 1375, 1381, 1376, 1390, 1386, 1391, 1395, 1376, 1397, 1379, + 1383, 1392, 1384, 1383, 1388, 1385, 1393, 1388, 1389, 1394, + + 1386, 1390, 1393, 1392, 1396, 1407, 1398, 1394, 1395, 1400, + 1390, 1391, 1391, 1395, 1397, 1397, 1399, 1396, 1392, 1402, + 1401, 1400, 1401, 1393, 1398, 1399, 1394, 1403, 1404, 1405, + 1406, 1396, 1407, 1398, 1409, 1408, 1400, 1404, 1410, 1411, + 1403, 1409, 1406, 1399, 1411, 1402, 1402, 1401, 1413, 1417, + 1415, 1405, 1412, 0, 1403, 1404, 1405, 1406, 1408, 1414, + 1419, 1409, 1408, 1418, 1410, 1410, 1411, 1414, 1412, 1419, + 1420, 1413, 1415, 1424, 1418, 1413, 1417, 1415, 1422, 1412, + 1421, 1421, 1423, 1420, 1423, 1426, 1414, 1419, 1421, 1425, + 1418, 1422, 1426, 1429, 1427, 1428, 1430, 1420, 1433, 1424, + + 1424, 1427, 1431, 1430, 1432, 1422, 1435, 1421, 1421, 1423, + 1434, 1425, 1426, 1428, 1438, 1429, 1425, 1434, 1440, 1437, + 1429, 1427, 1428, 1430, 1455, 1439, 1432, 1431, 1442, 1431, + 1433, 1432, 1437, 1439, 1444, 0, 1445, 1434, 1435, 1440, + 1443, 1438, 1447, 1443, 1446, 1440, 1437, 1448, 1449, 1451, + 1442, 1447, 1439, 1450, 0, 1442, 1455, 1446, 1451, 1448, + 1444, 1444, 1445, 1445, 1459, 1456, 1452, 1443, 1460, 1447, + 1453, 1446, 1449, 1463, 1448, 1449, 1451, 1453, 1457, 1450, + 1450, 1452, 1459, 1454, 1462, 1464, 1454, 1456, 1466, 0, + 1460, 1459, 1456, 1452, 1457, 1460, 1465, 1453, 1454, 1461, + + 1463, 1461, 1457, 1467, 1468, 1457, 1469, 1454, 1462, 1475, + 1454, 1462, 1473, 1454, 1466, 1466, 1472, 1464, 1465, 1473, + 1470, 1457, 1471, 1465, 1472, 1454, 1461, 1474, 1469, 1467, + 1467, 1471, 1476, 1469, 1470, 1477, 1468, 1478, 1479, 1473, + 1481, 1475, 1479, 1472, 1480, 1484, 1482, 1470, 1485, 1471, + 1483, 1474, 1484, 0, 1474, 1485, 0, 1477, 0, 1483, + 1491, 1486, 1477, 1487, 1476, 1479, 1480, 1481, 1482, 1478, + 1488, 1480, 1484, 1482, 1486, 1485, 1487, 1483, 1489, 1492, + 1490, 1495, 1493, 1494, 1497, 1488, 1492, 1495, 1486, 1493, + 1487, 1498, 1491, 1489, 1490, 1499, 1494, 1488, 1498, 1500, + + 1501, 1502, 1505, 1507, 0, 1489, 1492, 1490, 1495, 1493, + 1494, 1497, 1501, 1503, 1502, 1504, 1503, 1499, 1498, 1506, + 1505, 0, 1499, 1507, 1504, 1500, 1500, 1501, 1502, 1505, + 1507, 1506, 1508, 1509, 1514, 1508, 1511, 1513, 1515, 1513, + 1503, 1511, 1504, 1516, 1509, 1518, 1506, 1519, 1511, 1520, + 1508, 1517, 0, 1521, 1518, 0, 1531, 1523, 1514, 1508, + 1509, 1514, 1508, 1511, 1513, 1515, 1517, 1521, 1511, 1522, + 1516, 1519, 1518, 1524, 1519, 1525, 1520, 1522, 1517, 1523, + 1521, 1526, 1528, 1525, 1523, 1527, 1529, 1530, 1531, 1529, + 1528, 1532, 1526, 1534, 1533, 1524, 1522, 1535, 1536, 1537, + + 1524, 1533, 1525, 1527, 1529, 1530, 1535, 1534, 1526, 1528, + 1537, 1536, 1527, 1529, 1530, 1538, 1529, 1541, 1532, 1541, + 1534, 1533, 1542, 1544, 1535, 1536, 1537, 1543, 1545, 1546, + 1538, 1542, 1553, 1547, 1544, 1549, 1550, 1553, 0, 1552, + 1548, 0, 1538, 1548, 1541, 1550, 1545, 1547, 1552, 1542, + 1544, 1546, 1559, 1543, 1543, 1545, 1546, 1549, 1548, 1547, + 1547, 1556, 1549, 1550, 1553, 1551, 1552, 1548, 1555, 1558, + 1548, 1551, 1557, 1556, 1547, 1561, 1560, 1557, 1562, 1563, + 1564, 1555, 1567, 1569, 1559, 1560, 1565, 1568, 1556, 1567, + 1570, 1558, 1551, 1572, 1580, 1555, 1558, 1574, 0, 1557, + + 1568, 1563, 1561, 1560, 1570, 1571, 1563, 1565, 1580, 1567, + 1562, 1571, 1564, 1565, 1568, 1569, 1574, 1570, 1576, 1577, + 1578, 1580, 1579, 1581, 1574, 1572, 1576, 1577, 1582, 1571, + 1583, 1584, 1571, 1585, 1586, 1588, 1593, 1581, 1571, 1578, + 1579, 1582, 1587, 1583, 1589, 1576, 1577, 1578, 0, 1579, + 1581, 1589, 1584, 1591, 1590, 1582, 1587, 1583, 1584, 1592, + 1598, 1591, 1588, 1590, 1595, 1585, 1586, 1594, 1593, 1587, + 1599, 1589, 1594, 1592, 1596, 1595, 1600, 1599, 1601, 1584, + 1591, 1590, 1602, 1596, 1603, 1609, 1592, 1598, 1605, 1604, + 1608, 1595, 1605, 1607, 1594, 0, 1613, 1599, 1611, 1600, + + 1601, 1596, 1608, 1600, 1602, 1601, 1603, 1604, 1607, 1602, + 1610, 1603, 1609, 1611, 1612, 1605, 1604, 1608, 1610, 1614, + 1607, 1616, 1612, 1613, 1615, 1611, 1618, 1617, 1619, 1620, + 1621, 1622, 1614, 1624, 1618, 1619, 1616, 1610, 1623, 1625, + 1622, 1612, 1617, 1626, 1615, 1621, 1614, 1628, 1616, 1629, + 1630, 1615, 1631, 1618, 1617, 1619, 1632, 1621, 1622, 1623, + 1624, 1620, 1633, 1625, 1634, 1623, 1625, 1629, 1635, 1628, + 1626, 1632, 1636, 0, 1628, 1635, 1629, 1636, 1639, 1631, + 1640, 1637, 1630, 1632, 1638, 1641, 1642, 1633, 1634, 1633, + 1637, 1634, 1643, 1638, 1644, 1635, 1645, 1650, 1651, 1636, + + 1639, 1642, 1640, 1641, 1643, 1639, 1648, 1640, 1637, 1645, + 1646, 1638, 1641, 1642, 1645, 1649, 1644, 1646, 1647, 1643, + 1652, 1644, 1656, 1645, 1650, 1647, 1652, 1649, 1648, 1656, + 1651, 1654, 1655, 1648, 1660, 1657, 1645, 1646, 1659, 1654, + 1647, 1661, 1649, 1655, 1658, 1647, 1658, 1652, 1662, 1656, + 1663, 1667, 1647, 1664, 1669, 1662, 1672, 1658, 1654, 1655, + 1657, 1660, 1657, 1665, 1659, 1659, 1666, 1670, 1661, 1665, + 1674, 1658, 1666, 1658, 1668, 1662, 1673, 1663, 1667, 1664, + 1664, 1675, 1676, 1675, 1677, 1673, 1669, 1678, 1672, 1680, + 1665, 1670, 1684, 1666, 1670, 1679, 0, 1668, 1692, 1687, + + 1682, 1668, 1674, 1673, 1687, 1683, 1676, 1682, 1675, 1676, + 1689, 1677, 1683, 1678, 1678, 1688, 1685, 1679, 1681, 1681, + 1681, 1680, 1679, 1685, 1684, 1681, 1691, 1682, 1688, 1696, + 1692, 1687, 1683, 1681, 1690, 1689, 1693, 1689, 1691, 1697, + 1697, 1694, 1688, 1685, 1698, 1681, 1681, 1681, 1694, 1695, + 1690, 1699, 1681, 1691, 1693, 1695, 1696, 1700, 1699, 1701, + 1702, 1690, 1700, 1693, 1706, 1703, 1697, 1707, 1694, 1707, + 1698, 1698, 1703, 1711, 1712, 1708, 1695, 1710, 1699, 1711, + 1713, 1717, 1714, 1716, 1700, 1701, 1701, 1702, 1714, 1715, + 1724, 1706, 1703, 1708, 1707, 1710, 1718, 1718, 1719, 1717, + + 1711, 1715, 1708, 1716, 1710, 1723, 1712, 1713, 1717, 1714, + 1716, 1720, 1720, 1725, 1726, 1721, 1715, 1727, 1728, 1729, + 1725, 1730, 1724, 1718, 1719, 1719, 1721, 1723, 1732, 1731, + 1734, 1733, 1723, 1739, 1726, 1732, 1735, 1740, 1720, 1733, + 1725, 1726, 1721, 1730, 1736, 1734, 1729, 1731, 1730, 1727, + 1728, 1737, 1737, 1736, 1738, 1732, 1731, 1734, 1733, 1741, + 1735, 1742, 1747, 1735, 1748, 1739, 1741, 1743, 1745, 1740, + 0, 1736, 1746, 1742, 1749, 1745, 1756, 1746, 1737, 1752, + 1738, 1738, 1749, 1743, 1747, 1750, 1741, 1752, 1742, 1747, + 1743, 1748, 1753, 1754, 1743, 1745, 1766, 1750, 1755, 1746, + + 1757, 1749, 1758, 1756, 1759, 1760, 1752, 1758, 1761, 1762, + 1743, 1760, 1750, 1769, 1754, 1753, 1755, 1762, 1758, 1753, + 1754, 1761, 1763, 1757, 1768, 1755, 1764, 1757, 1766, 1758, + 1765, 1759, 1760, 1764, 1758, 1761, 1762, 1765, 1767, 1771, + 1769, 1770, 1773, 1774, 1763, 1775, 1768, 1776, 1774, 1763, + 1767, 1768, 1775, 1764, 1778, 1780, 1779, 1765, 1781, 1774, + 1773, 1779, 1771, 1785, 1783, 1767, 1771, 1770, 1770, 1773, + 1774, 0, 1775, 1788, 1776, 1774, 1782, 1782, 1784, 1787, + 1791, 1778, 1789, 1790, 1792, 1790, 1783, 1780, 1779, 1792, + 1781, 1783, 1793, 1784, 1787, 1785, 1788, 1789, 1794, 1795, + + 1788, 1797, 1803, 1782, 1804, 1784, 1787, 1798, 1799, 1789, + 1790, 1792, 1791, 1801, 1795, 1798, 1797, 1802, 1806, 1808, + 1794, 1807, 0, 0, 1793, 1794, 1795, 0, 1797, 1803, + 1799, 1804, 1805, 1809, 1798, 1799, 1812, 1801, 1810, 1805, + 1801, 1808, 1807, 1802, 1802, 1814, 1808, 1815, 1807, 1816, + 1806, 1818, 1819, 1821, 1809, 1820, 1810, 1825, 1812, 1805, + 1809, 1823, 1815, 1812, 1826, 1810, 1818, 1819, 1822, 1814, + 1824, 1828, 1814, 1831, 1815, 1816, 1816, 1820, 1818, 1819, + 1821, 1825, 1820, 1823, 1825, 1830, 1822, 1827, 1823, 1828, + 1829, 1826, 1824, 1830, 1827, 1822, 1831, 1824, 1828, 1829, + + 1831, 1832, 1833, 1835, 1834, 1837, 1836, 0, 0, 1839, + 1840, 1841, 1830, 1834, 1827, 1836, 1842, 1829, 1837, 1840, + 1839, 1835, 1843, 1832, 1844, 1850, 1846, 1847, 1832, 1841, + 1835, 1834, 1837, 1836, 1833, 1839, 1839, 1840, 1841, 1844, + 1843, 1847, 1842, 1842, 1845, 1852, 1853, 1839, 1846, 1843, + 1845, 1844, 1850, 1846, 1847, 1854, 1856, 1853, 1858, 1860, + 1859, 1857, 0, 0, 1861, 1862, 1854, 0, 1856, 1852, + 1859, 1845, 1852, 1853, 1857, 1863, 1865, 0, 1868, 1866, + 1869, 0, 1854, 1856, 1866, 1860, 1860, 1859, 1857, 1861, + 1858, 1861, 1862, 1867, 1863, 1870, 1865, 1871, 1869, 1872, + + 1867, 1870, 1863, 1865, 1868, 1868, 1866, 1869, 1873, 1874, + 1874, 1878, 1871, 1875, 1872, 1879, 1876, 1880, 1878, 1881, + 1867, 1883, 1870, 1873, 1871, 1875, 1872, 1882, 1881, 1876, + 1879, 1884, 1885, 1887, 1882, 1873, 1874, 1876, 1878, 1885, + 1875, 1888, 1879, 1876, 1880, 1883, 1881, 1890, 1883, 1893, + 1891, 0, 1889, 1884, 1882, 1887, 1876, 1896, 1884, 1885, + 1887, 1889, 1895, 1897, 1903, 1899, 1888, 1893, 1888, 1890, + 1891, 1895, 1898, 1899, 1890, 1896, 1893, 1891, 1897, 1889, + 1901, 1902, 1904, 1904, 1896, 0, 1906, 1913, 1905, 1895, + 1897, 1903, 1899, 1909, 1902, 1907, 1908, 1898, 1911, 1898, + + 1918, 1913, 1909, 0, 1912, 1901, 1914, 1901, 1902, 1904, + 1905, 1906, 1910, 1906, 1913, 1905, 1916, 1907, 1908, 1910, + 1909, 1917, 1907, 1908, 1916, 1914, 1912, 1918, 1919, 1920, + 1911, 1912, 1922, 1914, 1917, 1921, 1923, 0, 0, 1910, + 1924, 1920, 1921, 1916, 1925, 1927, 1928, 1932, 1917, 1926, + 0, 1929, 1931, 1925, 1919, 1919, 1920, 1926, 1923, 1930, + 0, 1928, 1921, 1923, 1922, 1924, 1933, 1924, 1926, 1932, + 1931, 1925, 1927, 1928, 1932, 1933, 1926, 1929, 1929, 1931, + 1935, 1936, 1937, 1935, 1926, 1930, 1930, 1938, 1937, 1940, + 1942, 1943, 1938, 1933, 1939, 0, 1947, 1946, 1935, 1949, + + 1944, 0, 1948, 1947, 1940, 1942, 1936, 1935, 1936, 1937, + 1935, 1946, 1939, 1943, 1981, 0, 1940, 1942, 1943, 1938, + 1948, 1939, 1944, 1947, 1946, 1950, 1949, 1944, 1951, 1948, + 1952, 1953, 1956, 1954, 1950, 1957, 1958, 1951, 1961, 1959, + 0, 1952, 1960, 1958, 1953, 1954, 1981, 1956, 0, 1966, + 1957, 1970, 1950, 1970, 1964, 1951, 1961, 1952, 1953, 1956, + 1954, 1959, 1957, 1958, 1960, 1961, 1959, 1964, 1967, 1960, + 1966, 1968, 1967, 1969, 1971, 1964, 1966, 1972, 1970, 1973, + 1974, 1964, 1969, 1968, 1983, 1975, 1976, 0, 1977, 1978, + 1982, 1979, 1971, 1975, 1964, 1967, 1979, 1973, 1968, 1988, + + 1969, 1971, 1984, 1978, 1972, 1991, 1973, 1974, 1983, 1976, + 1977, 1983, 1975, 1976, 1980, 1977, 1978, 1985, 1979, 1980, + 1990, 1984, 1982, 1989, 1985, 1992, 1988, 1993, 1995, 1984, + 1994, 1996, 1991, 0, 2000, 1997, 1998, 1989, 1990, 1994, + 0, 0, 1993, 1999, 1985, 2002, 1980, 1990, 1989, 1989, + 1989, 1992, 1992, 1996, 1993, 2004, 0, 1994, 1996, 2008, + 1995, 1997, 1997, 1998, 1989, 1999, 2000, 2003, 2002, 2005, + 1999, 2007, 2002, 2007, 2003, 1989, 2005, 2010, 2004, 2009, + 2011, 2008, 2004, 2009, 2012, 2014, 2008, 2015, 2013, 2010, + 2016, 2017, 2014, 2012, 2003, 2016, 2005, 2018, 2007, 2013, + + 2020, 2019, 2011, 0, 2010, 0, 2009, 2011, 2022, 2015, + 2024, 2012, 2014, 2019, 2015, 2013, 2025, 2016, 2017, 2027, + 2018, 2023, 2020, 2022, 2018, 2021, 2021, 2020, 2019, 2023, + 2025, 2026, 2024, 2030, 2029, 2022, 2031, 2024, 2032, 2035, + 2026, 2030, 2032, 2025, 2031, 2035, 2027, 2033, 2023, 2034, + 2033, 2040, 2021, 2029, 2036, 2039, 2037, 2034, 2026, 0, + 2030, 2029, 2037, 2031, 2041, 2032, 2035, 2039, 2042, 2036, + 2043, 2047, 2044, 2045, 2033, 2046, 2034, 2048, 2040, 0, + 2050, 2036, 2039, 2037, 2043, 2044, 2041, 2045, 2051, 2053, + 2054, 2041, 2042, 2049, 2050, 2042, 2056, 2043, 2047, 2044, + + 2045, 2046, 2046, 2052, 2048, 2049, 2052, 2050, 2060, 2059, + 2061, 2063, 2054, 2065, 2051, 2051, 2053, 2054, 2056, 2057, + 2049, 2052, 2058, 2056, 2059, 2064, 2057, 2068, 2067, 2058, + 2052, 2062, 2066, 2052, 2064, 2060, 2059, 2061, 2063, 2062, + 2065, 2069, 2071, 2070, 2066, 2073, 2057, 2076, 2072, 2058, + 2067, 2075, 2064, 2073, 2068, 2067, 2070, 2077, 2062, 2066, + 2071, 2072, 2078, 2081, 2080, 2077, 2082, 2079, 2069, 2071, + 2070, 2083, 2073, 2075, 2076, 2072, 2079, 0, 2075, 2087, + 2084, 2082, 0, 2085, 2077, 2080, 2093, 2081, 2084, 2078, + 2081, 2080, 2082, 2082, 2079, 2085, 2086, 2090, 2083, 2091, + + 2095, 2090, 2089, 2096, 2086, 2092, 2087, 2084, 2082, 2089, + 2085, 2091, 2094, 2093, 2099, 2096, 2101, 0, 2100, 2097, + 2094, 2102, 2095, 2086, 2090, 2100, 2091, 2095, 2092, 2089, + 2096, 2097, 2092, 2103, 2102, 2104, 2101, 2105, 2105, 2094, + 2106, 2099, 2103, 2101, 2104, 2100, 2097, 2107, 2102, 2114, + 2108, 2114, 0, 2111, 2109, 2118, 2118, 2112, 2115, 2123, + 2103, 2113, 2104, 0, 2105, 2107, 2106, 2106, 2111, 2109, + 0, 2109, 2115, 2117, 2107, 2108, 2114, 2108, 2109, 2112, + 2111, 2109, 2118, 2113, 2112, 2115, 2116, 2120, 2113, 2121, + 2122, 2123, 2116, 2124, 2125, 2117, 2109, 2126, 2109, 2124, + + 2117, 2127, 2122, 2128, 2129, 2128, 2136, 2131, 2130, 2120, + 0, 2121, 2137, 2116, 2120, 2132, 2121, 2122, 2129, 2126, + 2124, 2133, 2134, 2127, 2126, 2131, 2125, 2142, 2127, 2138, + 2128, 2129, 2130, 2132, 2131, 2130, 2140, 2135, 2136, 2133, + 2134, 2143, 2132, 2140, 2137, 2142, 2144, 2145, 2133, 2134, + 2135, 0, 2138, 2146, 2142, 2145, 2138, 2151, 2147, 2149, + 2147, 2150, 0, 2140, 2135, 2147, 2156, 2143, 2143, 2152, + 2149, 2153, 2150, 2145, 2145, 2146, 2155, 2156, 2144, 2158, + 2146, 2152, 2145, 2157, 2151, 2147, 2149, 2147, 2150, 2153, + 2160, 2155, 0, 2156, 2158, 2157, 2152, 2161, 2153, 2164, + + 2162, 2163, 2167, 2155, 2165, 2170, 2158, 2162, 2168, 2171, + 2157, 2169, 2173, 0, 2160, 0, 2163, 2160, 2172, 2161, + 2175, 2174, 2180, 2179, 2161, 2176, 2164, 2162, 2163, 2167, + 2165, 2165, 2168, 2169, 2174, 2168, 2172, 2170, 2169, 2173, + 2176, 2171, 2177, 2178, 2181, 2172, 2175, 2175, 2174, 2179, + 2179, 2178, 2176, 2182, 2180, 2177, 2184, 2181, 2185, 2186, + 2188, 2189, 2187, 0, 2191, 2195, 2196, 2190, 2189, 2177, + 2178, 2181, 2195, 2196, 2194, 2182, 2198, 2201, 2188, 2184, + 2182, 2192, 2185, 2184, 2187, 2185, 2186, 2188, 2189, 2187, + 2190, 2191, 2195, 2196, 2190, 2192, 2194, 2197, 2199, 2198, + + 2200, 2194, 2202, 2198, 2203, 2199, 2205, 2206, 2192, 2201, + 2197, 2208, 2210, 2203, 2207, 2213, 0, 0, 2206, 2209, + 2215, 2205, 2200, 2202, 2197, 2199, 2214, 2200, 2213, 2202, + 2217, 2203, 2219, 2205, 2206, 2220, 2207, 2210, 2209, 2210, + 0, 2207, 2213, 2208, 2215, 2221, 2209, 2215, 2216, 2216, + 2222, 2223, 2214, 2214, 2226, 2219, 2217, 2217, 2230, 2219, + 2221, 2228, 2231, 0, 2234, 2235, 2235, 2220, 2236, 2223, + 2228, 2230, 2221, 2231, 2237, 2216, 2238, 2222, 2223, 2240, + 2242, 2226, 2243, 2244, 2250, 2230, 2234, 2249, 2228, 2231, + 2236, 2234, 2235, 2245, 2244, 2236, 2237, 2246, 2245, 2248, + + 2252, 2237, 2249, 2238, 2253, 2255, 2240, 2248, 2243, 2243, + 2244, 2250, 2242, 2254, 2249, 2257, 2260, 2255, 2252, 2246, + 2245, 2258, 2254, 2259, 2246, 2260, 2248, 2252, 2262, 2263, + 2264, 2259, 2255, 2266, 2269, 2265, 2253, 2267, 2268, 0, + 2254, 0, 2257, 2260, 2265, 2258, 0, 2269, 2258, 2272, + 2259, 2266, 2264, 2270, 2262, 2262, 2263, 2264, 2271, 2267, + 2266, 2269, 2265, 2268, 2267, 2268, 2270, 2273, 2274, 2275, + 2276, 2272, 2277, 2271, 2273, 2278, 2272, 2279, 2280, 2281, + 2270, 2282, 0, 2283, 2286, 2271, 0, 2280, 2284, 2287, + 2274, 2286, 2279, 2288, 2273, 2274, 2275, 2276, 2285, 2277, + + 2287, 2281, 2278, 2284, 2279, 2280, 2281, 2282, 2282, 2283, + 2283, 2286, 2290, 2285, 2289, 2284, 2287, 2291, 2292, 2296, + 2288, 2293, 2289, 2294, 0, 2285, 2296, 2295, 2298, 2297, + 2299, 2300, 2302, 2302, 2292, 2298, 2293, 2299, 0, 2290, + 0, 2289, 2295, 2294, 2291, 2292, 2296, 2301, 2293, 2304, + 2294, 2297, 2307, 2303, 2295, 2298, 2297, 2299, 2300, 2302, + 2303, 2305, 2306, 2304, 2305, 2301, 2308, 2307, 2309, 2310, + 2311, 2317, 2314, 0, 2301, 2306, 2304, 2314, 2313, 2307, + 2303, 2310, 2311, 2316, 2317, 2320, 2309, 2313, 2305, 2306, + 2315, 2318, 2308, 2308, 2315, 2309, 2310, 2311, 2317, 2314, + + 2319, 2321, 0, 2322, 2330, 2313, 2324, 2316, 2326, 2328, + 2316, 2327, 2320, 2318, 2332, 2329, 2330, 2315, 2318, 0, + 2327, 2332, 2319, 2329, 2338, 2328, 0, 2319, 2321, 2322, + 2322, 2330, 2324, 2324, 2326, 2326, 2328, 2333, 2327, 2334, + 2335, 2332, 2329, 2336, 2334, 2337, 2333, 2335, 2339, 2338, + 2340, 2338, 2337, 2341, 2344, 2339, 2342, 2347, 2345, 2340, + 2346, 2336, 2341, 2345, 2333, 2350, 2334, 2335, 2349, 0, + 2336, 0, 2337, 2353, 2359, 2339, 0, 2340, 2346, 2351, + 2341, 2344, 2342, 2342, 2347, 2345, 2349, 2346, 2351, 2352, + 2354, 2358, 2350, 2353, 2355, 2349, 2356, 2357, 2352, 2358, + + 2353, 2359, 2354, 2355, 2360, 2356, 2351, 2361, 2357, 2362, + 2363, 2366, 2365, 2364, 2452, 2367, 2352, 2354, 2358, 2363, + 2365, 2355, 2367, 2356, 2357, 2364, 2369, 2370, 2368, 2371, + 0, 2360, 2372, 2366, 2361, 2368, 2373, 2363, 2366, 2365, + 2364, 2362, 2367, 2375, 2377, 2379, 2452, 2381, 2369, 0, + 2378, 2375, 2370, 2369, 2370, 2368, 2371, 2372, 2378, 2372, + 2379, 2380, 2377, 2373, 2388, 2387, 2382, 2383, 2380, 2381, + 2375, 2377, 2379, 2382, 2381, 2383, 2386, 2378, 2389, 2391, + 2396, 2392, 0, 2386, 2394, 2397, 2390, 2395, 2380, 2387, + 2389, 2388, 2387, 2382, 2383, 2390, 2394, 2399, 2402, 2397, + + 2405, 2407, 2404, 2386, 2392, 2389, 2391, 2396, 2392, 2399, + 2395, 2394, 2397, 2390, 2395, 2400, 2401, 2404, 2405, 2409, + 2411, 2406, 2400, 2401, 2399, 2402, 2408, 2405, 2407, 2404, + 2410, 2414, 0, 2419, 2408, 2420, 2413, 2421, 2411, 2412, + 2420, 2422, 2400, 2401, 2406, 0, 2409, 2411, 2406, 2424, + 2412, 2413, 2410, 2408, 2425, 2422, 2423, 2410, 2414, 2419, + 2419, 2426, 2420, 2413, 2421, 2427, 2412, 2424, 2422, 2429, + 2423, 2432, 2425, 2433, 2434, 2435, 2424, 2427, 2437, 2441, + 2436, 2425, 2442, 2423, 0, 2438, 2437, 2434, 2426, 2439, + 2445, 2441, 2427, 2432, 2446, 2433, 2429, 2435, 2432, 2436, + + 2433, 2434, 2435, 2438, 2442, 2437, 2441, 2436, 2439, 2442, + 2443, 2444, 2438, 2447, 2448, 0, 2439, 2445, 2450, 2451, + 2449, 2446, 2453, 2444, 2454, 2457, 2456, 2450, 2451, 2458, + 2462, 2455, 2443, 2468, 2448, 2463, 0, 2443, 2444, 2465, + 2447, 2448, 2449, 2455, 2453, 2450, 2451, 2449, 2456, 2453, + 2454, 2454, 2457, 2456, 2461, 2464, 2458, 2462, 2455, 2463, + 2464, 2465, 2463, 2466, 2467, 2468, 2465, 2470, 2461, 2469, + 2471, 2472, 2474, 2475, 2473, 2476, 2481, 2467, 2474, 0, + 0, 2461, 2477, 2472, 2480, 2466, 2485, 2464, 2471, 2470, + 2466, 2467, 2469, 2473, 2470, 2478, 2469, 2471, 2472, 2474, + + 2481, 2473, 2483, 2481, 2477, 2475, 2480, 2476, 2485, 2477, + 2478, 2480, 2486, 2485, 2487, 2489, 2488, 2483, 2490, 0, + 2491, 2497, 2478, 2487, 2496, 2499, 2492, 2498, 2497, 2483, + 2488, 2503, 2496, 2489, 2486, 2498, 2490, 2501, 2502, 2486, + 0, 2487, 2489, 2488, 2492, 2490, 2491, 2491, 2497, 2500, + 2502, 2496, 2499, 2492, 2498, 2501, 2506, 2500, 2503, 2504, + 2510, 2509, 2508, 2512, 2501, 2502, 2513, 2504, 2506, 2508, + 2511, 2514, 2511, 2515, 2516, 0, 2500, 2517, 2519, 2522, + 2520, 0, 2527, 2506, 2509, 2526, 2504, 2510, 2509, 2508, + 2528, 2527, 2529, 2516, 2520, 2512, 2519, 2511, 2513, 2517, + + 2515, 2516, 2522, 2514, 2517, 2519, 2522, 2520, 2523, 2527, + 2524, 2526, 2526, 2531, 2533, 2532, 2535, 2528, 2537, 2529, + 2542, 2523, 2524, 2540, 2538, 2537, 2543, 2542, 2540, 2539, + 2545, 2546, 0, 0, 2548, 2523, 2533, 2524, 2532, 2547, + 2531, 2533, 2532, 2535, 2539, 2537, 2538, 2542, 2548, 2553, + 2550, 2538, 2543, 2543, 2554, 2540, 2539, 2545, 2546, 2550, + 2552, 2548, 2555, 2547, 2557, 2558, 2547, 2552, 2561, 2559, + 2556, 2560, 2562, 0, 0, 2572, 2553, 2550, 2559, 2558, + 2554, 2554, 2556, 2563, 2560, 2567, 2569, 2552, 2570, 2555, + 2567, 2557, 2558, 2569, 2575, 2570, 2559, 2556, 2560, 2562, + + 2561, 2568, 2571, 2574, 0, 2568, 2563, 2572, 2580, 2573, + 2563, 2573, 2578, 2569, 2581, 2570, 2583, 2567, 2583, 2585, + 2584, 2575, 0, 2571, 2590, 2591, 2574, 2580, 2568, 2571, + 2574, 2587, 2586, 2586, 2578, 2580, 2573, 2590, 2581, 2578, + 2588, 2581, 2586, 2583, 2584, 2585, 2585, 2584, 2589, 2588, + 2592, 2590, 2591, 2587, 2593, 2589, 2594, 2595, 2587, 2586, + 2586, 2596, 2593, 2592, 2598, 2595, 2597, 2588, 2599, 2594, + 2600, 2597, 2598, 2601, 2604, 2589, 2602, 2592, 2593, 2603, + 2596, 2593, 2605, 2594, 2595, 2604, 2606, 2609, 2596, 2593, + 2612, 2598, 2608, 2606, 2609, 2599, 2600, 2600, 2597, 2601, + + 2601, 2604, 2602, 2602, 2605, 2603, 2603, 2607, 2607, 2605, + 2608, 2610, 2613, 2606, 2609, 2614, 2616, 2612, 2610, 2608, + 2617, 2618, 2619, 2621, 2614, 2627, 2626, 2622, 2623, 0, + 0, 0, 0, 2624, 2607, 2626, 2613, 0, 2610, 2613, + 2617, 2628, 2614, 2616, 2619, 2622, 2623, 2617, 2618, 2619, + 2621, 2624, 2627, 2626, 2622, 2623, 2629, 2630, 2631, 2632, + 2624, 2633, 2634, 2631, 2628, 2638, 2639, 2641, 2628, 2630, + 2643, 2644, 2643, 2632, 2629, 2653, 0, 2646, 2642, 2633, + 2644, 2647, 2651, 2629, 2630, 2634, 2632, 2638, 2633, 2634, + 2631, 2642, 2638, 2639, 2641, 2646, 2647, 2643, 2644, 2650, + + 2651, 2650, 2655, 2652, 2646, 2642, 2657, 2653, 2647, 2651, + 2652, 2661, 2657, 2659, 2660, 0, 2662, 2655, 2665, 2667, + 2664, 2665, 2668, 2669, 2671, 0, 2650, 0, 0, 2655, + 2652, 2671, 2673, 2657, 2662, 2659, 2660, 2661, 2661, 2670, + 2659, 2660, 2664, 2662, 2665, 2665, 2667, 2664, 2665, 2668, + 2669, 2671, 2672, 2675, 2673, 2676, 2677, 2670, 0, 2673, + 2672, 2678, 2679, 2681, 2682, 2680, 2670, 2683, 2684, 2681, + 2685, 2679, 2685, 0, 2686, 2688, 2683, 2676, 2677, 2672, + 2680, 2689, 2676, 2677, 2690, 2675, 2682, 2691, 2678, 2679, + 2681, 2682, 2680, 2693, 2683, 2696, 2692, 2685, 2688, 2701, + + 2684, 2686, 2688, 2689, 2692, 2693, 2690, 2698, 2689, 2694, + 2699, 2690, 2700, 2691, 2691, 2707, 2694, 2701, 2702, 2703, + 2693, 2698, 2696, 2692, 2699, 2704, 2701, 2703, 2705, 2702, + 2706, 2706, 2708, 2710, 2698, 2700, 2694, 2699, 2711, 2700, + 2708, 2713, 2707, 2715, 2704, 2702, 2703, 2713, 2722, 2720, + 2705, 2717, 2704, 2718, 2723, 2705, 2719, 2706, 2725, 2708, + 2710, 2723, 2717, 2727, 2718, 2711, 2725, 2719, 2713, 2724, + 2715, 2720, 2730, 2724, 2728, 2722, 2720, 2734, 2717, 2733, + 2718, 2723, 2744, 2719, 2729, 2725, 2733, 2728, 2735, 2727, + 2727, 2737, 2729, 2736, 2738, 2739, 2724, 2740, 2736, 2730, + + 2743, 2728, 2739, 2741, 2745, 2742, 2733, 2743, 2748, 2734, + 2735, 2729, 2745, 2746, 2744, 2735, 2740, 2749, 2737, 2741, + 2736, 2738, 2739, 2742, 2740, 2750, 2747, 2743, 2746, 2755, + 2741, 2745, 2742, 2747, 2754, 2748, 2755, 2756, 2757, 2758, + 2746, 2749, 2759, 2740, 2749, 2760, 2762, 2766, 2763, 2754, + 0, 2750, 2750, 2747, 2760, 2764, 2755, 2768, 2772, 2765, + 2772, 2754, 2774, 2758, 0, 2757, 2758, 2765, 2762, 2756, + 2767, 2767, 2760, 2762, 2759, 2763, 2770, 2764, 2771, 2766, + 2767, 2773, 2764, 2776, 2768, 2772, 2765, 2771, 2775, 2774, + 2778, 2770, 2779, 2781, 2780, 2773, 2775, 2767, 2767, 2783, + + 2782, 2776, 2784, 2770, 2785, 2771, 2781, 2788, 2773, 2793, + 2776, 2786, 2798, 2794, 2793, 2775, 2780, 2778, 2794, 2779, + 2781, 2780, 2782, 2795, 2791, 2801, 2783, 2782, 2795, 2784, + 2796, 2785, 2791, 2786, 2788, 2799, 2793, 2800, 2786, 2798, + 2794, 2802, 2803, 2801, 2800, 2805, 2806, 2807, 2799, 2808, + 2795, 2791, 2801, 2806, 2811, 2807, 2796, 2796, 2813, 2815, + 2814, 2816, 2799, 2817, 2800, 2818, 0, 2819, 2802, 2803, + 0, 2808, 2815, 2806, 2807, 2820, 2808, 2805, 2817, 2824, + 2828, 2811, 2814, 2825, 2818, 2813, 2815, 2814, 2822, 2823, + 2817, 2826, 2818, 2816, 2819, 2822, 2823, 2820, 2825, 2828, + + 2829, 2824, 2820, 2836, 2830, 2833, 2824, 2828, 2829, 2836, + 2825, 2830, 2826, 2831, 2833, 2822, 2823, 2834, 2826, 2837, + 2831, 2839, 2840, 2835, 2835, 2841, 2848, 2829, 2834, 2840, + 2836, 2830, 2833, 2835, 2842, 2844, 2849, 2850, 2845, 2854, + 2831, 2837, 2844, 2839, 2834, 2856, 2837, 2860, 2839, 2840, + 2835, 2835, 2845, 2848, 2857, 2857, 2842, 2841, 2858, 2858, + 2850, 2842, 2844, 2849, 2850, 2845, 2854, 2859, 2859, 0, + 2860, 2862, 2856, 2863, 2860, 2864, 2870, 2867, 2868, 2869, + 2877, 2876, 2863, 2857, 2867, 2868, 2875, 2858, 2864, 2873, + 2874, 2873, 2877, 0, 2880, 2882, 2859, 2881, 2862, 2876, + + 2863, 2869, 2864, 2870, 2867, 2868, 2869, 2877, 2876, 2875, + 2874, 2879, 2880, 2875, 2883, 2884, 2873, 2874, 2885, 2888, + 2879, 2880, 2882, 2881, 2881, 2886, 2887, 2884, 2886, 2891, + 2889, 2887, 2889, 2895, 2890, 2891, 2896, 2892, 2879, 0, + 2885, 2883, 2884, 2886, 2893, 2885, 2890, 2898, 2897, 2899, + 2900, 2888, 2886, 2903, 2894, 2886, 2891, 2889, 2887, 2892, + 2895, 2890, 2894, 2906, 2892, 2907, 2893, 2908, 2896, 2897, + 2909, 2893, 2900, 2910, 2898, 2897, 2899, 2900, 2911, 2912, + 2903, 2894, 2915, 2914, 2916, 2921, 2918, 2920, 2917, 0, + 2906, 0, 2907, 2918, 2908, 2920, 2922, 2909, 2925, 2927, + + 2910, 2914, 2916, 2917, 2923, 2911, 2912, 2924, 2922, 2915, + 2914, 2916, 2921, 2918, 2920, 2917, 2926, 2931, 2923, 2933, + 2930, 2934, 2924, 2922, 2925, 2925, 2927, 2936, 2926, 2930, + 2934, 2923, 2932, 2932, 2924, 2937, 2938, 0, 2939, 2945, + 0, 2931, 2940, 2926, 2931, 2933, 2933, 2930, 2934, 2938, + 2940, 2936, 2941, 2942, 2936, 2944, 2948, 2945, 2959, 2932, + 2939, 2941, 2957, 2938, 2942, 2939, 2945, 2937, 2948, 2940, + 2960, 2961, 2959, 2962, 2964, 2965, 2944, 0, 2964, 2941, + 2942, 2966, 2944, 2948, 2967, 2959, 2957, 2972, 2970, 2957, + 2968, 2967, 2970, 2965, 2971, 2973, 2979, 2960, 2961, 2975, + + 2962, 2964, 2965, 2968, 2966, 2976, 2974, 2979, 2966, 2972, + 2971, 2967, 0, 2982, 2972, 2970, 2977, 2968, 2974, 2976, + 2973, 2971, 2973, 2979, 2977, 2975, 2975, 2978, 2980, 2981, + 2980, 2982, 2976, 2974, 2983, 2985, 2978, 2986, 2984, 2990, + 2982, 2981, 2985, 2977, 2984, 2992, 2991, 2994, 2996, 2983, + 2993, 2997, 2990, 2991, 2978, 2980, 2981, 2995, 3000, 2986, + 2999, 2983, 2985, 2998, 2986, 2984, 2990, 2999, 2993, 3001, + 3002, 2998, 2992, 2991, 2994, 2996, 3004, 2993, 2997, 3003, + 3005, 3003, 3000, 2995, 2995, 3000, 3006, 2999, 3004, 3007, + 2998, 3001, 3002, 3008, 3009, 3010, 3001, 3002, 3011, 3006, + + 3012, 3009, 3013, 3004, 3007, 3015, 3003, 3020, 3012, 3017, + 3011, 3021, 3005, 3006, 3022, 3008, 3007, 3015, 3017, 3024, + 3008, 3009, 3010, 3023, 3025, 3011, 3026, 3012, 3027, 3013, + 3029, 3023, 3015, 3022, 3020, 3028, 3017, 3021, 3021, 3026, + 3030, 3022, 3027, 3028, 3031, 3037, 3036, 3040, 3033, 0, + 3023, 3024, 3029, 3026, 3033, 3027, 3025, 3029, 3034, 3036, + 0, 3045, 3028, 3039, 3042, 3034, 3043, 3030, 3037, 3040, + 3039, 3031, 3037, 3036, 3040, 3033, 3041, 3046, 3042, 3044, + 3043, 3047, 3050, 3045, 3041, 3034, 3051, 3044, 3045, 3050, + 3039, 3042, 3052, 3043, 3053, 3051, 3054, 3055, 3056, 3046, + + 3052, 3063, 0, 3041, 3046, 3057, 3044, 0, 3047, 3050, + 3061, 3058, 3059, 3051, 3060, 0, 3065, 3067, 3054, 3052, + 3072, 3053, 3060, 3054, 3056, 3056, 3064, 3057, 3063, 3055, + 3069, 3078, 3057, 3058, 3059, 3074, 0, 3068, 3058, 3059, + 3067, 3060, 3061, 3065, 3067, 3068, 3070, 3071, 3064, 3074, + 3069, 3073, 3072, 3064, 3070, 3071, 3076, 3069, 3078, 3073, + 0, 3081, 3074, 3079, 3068, 3080, 3079, 3082, 0, 3081, + 3083, 0, 3084, 3070, 3071, 3082, 3089, 3086, 3073, 3085, + 3096, 3079, 3076, 3076, 3083, 3088, 3088, 3080, 3081, 3091, + 3079, 3086, 3080, 3079, 3082, 3092, 3093, 3083, 3084, 3084, + + 3090, 3085, 3089, 3089, 3086, 3094, 3085, 3096, 3090, 3095, + 3098, 3097, 3088, 3099, 3100, 3091, 3091, 3095, 3093, 3101, + 3102, 3092, 3092, 3093, 3106, 3094, 3103, 3090, 3102, 3113, + 0, 3115, 3094, 3097, 3100, 3098, 3095, 3098, 3097, 3101, + 3099, 3100, 3104, 3109, 3107, 3110, 3101, 3102, 3103, 3111, + 3104, 3106, 3107, 3103, 3112, 3113, 3113, 3111, 3115, 3118, + 3116, 3119, 3112, 3120, 3122, 3109, 3117, 3110, 3116, 3104, + 3109, 3107, 3110, 3123, 3117, 3124, 3111, 3126, 3132, 3129, + 3133, 3112, 0, 3120, 3130, 3118, 3118, 3116, 3119, 3131, + 3120, 3122, 3130, 3117, 0, 3124, 0, 3131, 0, 3126, + + 3123, 3129, 3124, 0, 3126, 3132, 3129, 3133, 0, 0, + 0, 3130, 0, 0, 0, 0, 3131, 3137, 3137, 3137, + 3137, 3137, 3137, 3137, 3138, 3138, 3138, 3138, 3138, 3138, + 3138, 3139, 3139, 3139, 3139, 3139, 3139, 3139, 3140, 3140, + 3140, 3140, 3140, 3140, 3140, 3141, 3141, 3141, 3141, 3141, + 3141, 3141, 3142, 3142, 3142, 3142, 3142, 3142, 3142, 3143, + 3143, 3143, 3143, 3143, 3143, 3143, 3145, 3145, 0, 3145, + 3145, 3145, 3145, 3146, 3146, 0, 0, 0, 3146, 3146, + 3147, 3147, 0, 0, 3147, 0, 3147, 3148, 0, 0, + 0, 0, 0, 3148, 3149, 3149, 0, 0, 0, 3149, + + 3149, 3150, 0, 0, 0, 0, 0, 3150, 3151, 3151, + 0, 3151, 3151, 3151, 3151, 3152, 0, 0, 0, 0, + 0, 3152, 3153, 3153, 0, 0, 0, 3153, 3153, 3154, + 3154, 0, 3154, 3154, 3154, 3154, 3136, 3136, 3136, 3136, + 3136, 3136, 3136, 3136, 3136, 3136, 3136, 3136, 3136, 3136, + 3136, 3136, 3136, 3136, 3136, 3136, 3136, 3136, 3136, 3136, + 3136, 3136, 3136, 3136, 3136, 3136, 3136, 3136, 3136, 3136, + 3136, 3136, 3136, 3136, 3136, 3136, 3136, 3136, 3136, 3136, + 3136, 3136, 3136, 3136, 3136, 3136, 3136, 3136, 3136, 3136, + 3136, 3136, 3136, 3136, 3136, 3136, 3136, 3136, 3136, 3136, + + 3136, 3136, 3136 } ; static yy_state_type yy_last_accepting_state; @@ -3358,11 +3511,13 @@ struct inc_state { int line; YY_BUFFER_STATE buffer; struct inc_state* next; + int inc_toplevel; }; static struct inc_state* config_include_stack = NULL; static int inc_depth = 0; static int inc_prev = 0; static int num_args = 0; +static int inc_toplevel = 0; void init_cfg_parse(void) { @@ -3370,14 +3525,15 @@ void init_cfg_parse(void) inc_depth = 0; inc_prev = 0; num_args = 0; + inc_toplevel = 0; } -static void config_start_include(const char* filename) +static void config_start_include(const char* filename, int toplevel) { FILE *input; struct inc_state* s; char* nm; - if(inc_depth++ > 100000) { + if(inc_depth+1 > 100000) { ub_c_error_msg("too many include files"); return; } @@ -3409,17 +3565,20 @@ static void config_start_include(const char* filename) return; } LEXOUT(("switch_to_include_file(%s)\n", filename)); + inc_depth++; s->filename = cfg_parser->filename; s->line = cfg_parser->line; s->buffer = YY_CURRENT_BUFFER; + s->inc_toplevel = inc_toplevel; s->next = config_include_stack; config_include_stack = s; cfg_parser->filename = nm; cfg_parser->line = 1; + inc_toplevel = toplevel; yy_switch_to_buffer(yy_create_buffer(input, YY_BUF_SIZE)); } -static void config_start_include_glob(const char* filename) +static void config_start_include_glob(const char* filename, int toplevel) { /* check for wildcards */ @@ -3452,19 +3611,19 @@ static void config_start_include_glob(const char* filename) globfree(&g); if(r == GLOB_NOMATCH) return; /* no matches for pattern */ - config_start_include(filename); /* let original deal with it */ + config_start_include(filename, toplevel); /* let original deal with it */ return; } /* process files found, if any */ for(i=(int)g.gl_pathc-1; i>=0; i--) { - config_start_include(g.gl_pathv[i]); + config_start_include(g.gl_pathv[i], toplevel); } globfree(&g); return; } #endif /* HAVE_GLOB */ - config_start_include(filename); + config_start_include(filename, toplevel); } static void config_end_include(void) @@ -3478,6 +3637,7 @@ static void config_end_include(void) yy_delete_buffer(YY_CURRENT_BUFFER); yy_switch_to_buffer(s->buffer); config_include_stack = s->next; + inc_toplevel = s->inc_toplevel; free(s); } @@ -3490,18 +3650,18 @@ static void config_end_include(void) } #endif -#line 3491 "<stdout>" +#line 3651 "<stdout>" #define YY_NO_INPUT 1 -#line 184 "util/configlexer.lex" +#line 191 "util/configlexer.lex" #ifndef YY_NO_UNPUT #define YY_NO_UNPUT 1 #endif #ifndef YY_NO_INPUT #define YY_NO_INPUT 1 #endif -#line 3500 "<stdout>" +#line 3660 "<stdout>" -#line 3502 "<stdout>" +#line 3662 "<stdout>" #define INITIAL 0 #define quotedstring 1 @@ -3509,6 +3669,8 @@ static void config_end_include(void) #define include 3 #define include_quoted 4 #define val 5 +#define include_toplevel 6 +#define include_toplevel_quoted 7 #ifndef YY_NO_UNISTD_H /* Special case for "unistd.h", since it is non-ANSI. We include it way @@ -3721,9 +3883,9 @@ YY_DECL } { -#line 204 "util/configlexer.lex" +#line 211 "util/configlexer.lex" -#line 3724 "<stdout>" +#line 3886 "<stdout>" while ( /*CONSTCOND*/1 ) /* loops until end-of-file is reached */ { @@ -3756,13 +3918,13 @@ yy_match: while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { yy_current_state = (int) yy_def[yy_current_state]; - if ( yy_current_state >= 2986 ) + if ( yy_current_state >= 3137 ) yy_c = yy_meta[yy_c]; } yy_current_state = yy_nxt[yy_base[yy_current_state] + yy_c]; ++yy_cp; } - while ( yy_base[yy_current_state] != 8475 ); + while ( yy_base[yy_current_state] != 8937 ); yy_find_action: yy_act = yy_accept[yy_current_state]; @@ -3788,1456 +3950,1523 @@ do_action: /* This label is used only to access EOF actions. */ case 1: YY_RULE_SETUP -#line 205 "util/configlexer.lex" +#line 212 "util/configlexer.lex" { LEXOUT(("SP ")); /* ignore */ } YY_BREAK case 2: YY_RULE_SETUP -#line 207 "util/configlexer.lex" +#line 214 "util/configlexer.lex" { /* note that flex makes the longest match and '.' is any but not nl */ LEXOUT(("comment(%s) ", yytext)); /* ignore */ } YY_BREAK case 3: YY_RULE_SETUP -#line 210 "util/configlexer.lex" +#line 217 "util/configlexer.lex" { YDVAR(0, VAR_SERVER) } YY_BREAK case 4: YY_RULE_SETUP -#line 211 "util/configlexer.lex" +#line 218 "util/configlexer.lex" { YDVAR(1, VAR_QNAME_MINIMISATION) } YY_BREAK case 5: YY_RULE_SETUP -#line 212 "util/configlexer.lex" +#line 219 "util/configlexer.lex" { YDVAR(1, VAR_QNAME_MINIMISATION_STRICT) } YY_BREAK case 6: YY_RULE_SETUP -#line 213 "util/configlexer.lex" +#line 220 "util/configlexer.lex" { YDVAR(1, VAR_NUM_THREADS) } YY_BREAK case 7: YY_RULE_SETUP -#line 214 "util/configlexer.lex" +#line 221 "util/configlexer.lex" { YDVAR(1, VAR_VERBOSITY) } YY_BREAK case 8: YY_RULE_SETUP -#line 215 "util/configlexer.lex" +#line 222 "util/configlexer.lex" { YDVAR(1, VAR_PORT) } YY_BREAK case 9: YY_RULE_SETUP -#line 216 "util/configlexer.lex" +#line 223 "util/configlexer.lex" { YDVAR(1, VAR_OUTGOING_RANGE) } YY_BREAK case 10: YY_RULE_SETUP -#line 217 "util/configlexer.lex" +#line 224 "util/configlexer.lex" { YDVAR(1, VAR_OUTGOING_PORT_PERMIT) } YY_BREAK case 11: YY_RULE_SETUP -#line 218 "util/configlexer.lex" +#line 225 "util/configlexer.lex" { YDVAR(1, VAR_OUTGOING_PORT_AVOID) } YY_BREAK case 12: YY_RULE_SETUP -#line 219 "util/configlexer.lex" +#line 226 "util/configlexer.lex" { YDVAR(1, VAR_OUTGOING_NUM_TCP) } YY_BREAK case 13: YY_RULE_SETUP -#line 220 "util/configlexer.lex" +#line 227 "util/configlexer.lex" { YDVAR(1, VAR_INCOMING_NUM_TCP) } YY_BREAK case 14: YY_RULE_SETUP -#line 221 "util/configlexer.lex" +#line 228 "util/configlexer.lex" { YDVAR(1, VAR_DO_IP4) } YY_BREAK case 15: YY_RULE_SETUP -#line 222 "util/configlexer.lex" +#line 229 "util/configlexer.lex" { YDVAR(1, VAR_DO_IP6) } YY_BREAK case 16: YY_RULE_SETUP -#line 223 "util/configlexer.lex" -{ YDVAR(1, VAR_PREFER_IP6) } +#line 230 "util/configlexer.lex" +{ YDVAR(1, VAR_PREFER_IP4) } YY_BREAK case 17: YY_RULE_SETUP -#line 224 "util/configlexer.lex" -{ YDVAR(1, VAR_DO_UDP) } +#line 231 "util/configlexer.lex" +{ YDVAR(1, VAR_PREFER_IP6) } YY_BREAK case 18: YY_RULE_SETUP -#line 225 "util/configlexer.lex" -{ YDVAR(1, VAR_DO_TCP) } +#line 232 "util/configlexer.lex" +{ YDVAR(1, VAR_DO_UDP) } YY_BREAK case 19: YY_RULE_SETUP -#line 226 "util/configlexer.lex" -{ YDVAR(1, VAR_TCP_UPSTREAM) } +#line 233 "util/configlexer.lex" +{ YDVAR(1, VAR_DO_TCP) } YY_BREAK case 20: YY_RULE_SETUP -#line 227 "util/configlexer.lex" -{ YDVAR(1, VAR_TCP_MSS) } +#line 234 "util/configlexer.lex" +{ YDVAR(1, VAR_TCP_UPSTREAM) } YY_BREAK case 21: YY_RULE_SETUP -#line 228 "util/configlexer.lex" -{ YDVAR(1, VAR_OUTGOING_TCP_MSS) } +#line 235 "util/configlexer.lex" +{ YDVAR(1, VAR_TCP_MSS) } YY_BREAK case 22: YY_RULE_SETUP -#line 229 "util/configlexer.lex" -{ YDVAR(1, VAR_TCP_IDLE_TIMEOUT) } +#line 236 "util/configlexer.lex" +{ YDVAR(1, VAR_OUTGOING_TCP_MSS) } YY_BREAK case 23: YY_RULE_SETUP -#line 230 "util/configlexer.lex" -{ YDVAR(1, VAR_EDNS_TCP_KEEPALIVE) } +#line 237 "util/configlexer.lex" +{ YDVAR(1, VAR_TCP_IDLE_TIMEOUT) } YY_BREAK case 24: YY_RULE_SETUP -#line 231 "util/configlexer.lex" -{ YDVAR(1, VAR_EDNS_TCP_KEEPALIVE_TIMEOUT) } +#line 238 "util/configlexer.lex" +{ YDVAR(1, VAR_EDNS_TCP_KEEPALIVE) } YY_BREAK case 25: YY_RULE_SETUP -#line 232 "util/configlexer.lex" -{ YDVAR(1, VAR_SSL_UPSTREAM) } +#line 239 "util/configlexer.lex" +{ YDVAR(1, VAR_EDNS_TCP_KEEPALIVE_TIMEOUT) } YY_BREAK case 26: YY_RULE_SETUP -#line 233 "util/configlexer.lex" +#line 240 "util/configlexer.lex" { YDVAR(1, VAR_SSL_UPSTREAM) } YY_BREAK case 27: YY_RULE_SETUP -#line 234 "util/configlexer.lex" -{ YDVAR(1, VAR_SSL_SERVICE_KEY) } +#line 241 "util/configlexer.lex" +{ YDVAR(1, VAR_SSL_UPSTREAM) } YY_BREAK case 28: YY_RULE_SETUP -#line 235 "util/configlexer.lex" +#line 242 "util/configlexer.lex" { YDVAR(1, VAR_SSL_SERVICE_KEY) } YY_BREAK case 29: YY_RULE_SETUP -#line 236 "util/configlexer.lex" -{ YDVAR(1, VAR_SSL_SERVICE_PEM) } +#line 243 "util/configlexer.lex" +{ YDVAR(1, VAR_SSL_SERVICE_KEY) } YY_BREAK case 30: YY_RULE_SETUP -#line 237 "util/configlexer.lex" +#line 244 "util/configlexer.lex" { YDVAR(1, VAR_SSL_SERVICE_PEM) } YY_BREAK case 31: YY_RULE_SETUP -#line 238 "util/configlexer.lex" -{ YDVAR(1, VAR_SSL_PORT) } +#line 245 "util/configlexer.lex" +{ YDVAR(1, VAR_SSL_SERVICE_PEM) } YY_BREAK case 32: YY_RULE_SETUP -#line 239 "util/configlexer.lex" +#line 246 "util/configlexer.lex" { YDVAR(1, VAR_SSL_PORT) } YY_BREAK case 33: YY_RULE_SETUP -#line 240 "util/configlexer.lex" -{ YDVAR(1, VAR_TLS_CERT_BUNDLE) } +#line 247 "util/configlexer.lex" +{ YDVAR(1, VAR_SSL_PORT) } YY_BREAK case 34: YY_RULE_SETUP -#line 241 "util/configlexer.lex" +#line 248 "util/configlexer.lex" { YDVAR(1, VAR_TLS_CERT_BUNDLE) } YY_BREAK case 35: YY_RULE_SETUP -#line 242 "util/configlexer.lex" -{ YDVAR(1, VAR_TLS_WIN_CERT) } +#line 249 "util/configlexer.lex" +{ YDVAR(1, VAR_TLS_CERT_BUNDLE) } YY_BREAK case 36: YY_RULE_SETUP -#line 243 "util/configlexer.lex" -{ YDVAR(1, VAR_TLS_ADDITIONAL_PORT) } +#line 250 "util/configlexer.lex" +{ YDVAR(1, VAR_TLS_WIN_CERT) } YY_BREAK case 37: YY_RULE_SETUP -#line 244 "util/configlexer.lex" +#line 251 "util/configlexer.lex" { YDVAR(1, VAR_TLS_ADDITIONAL_PORT) } YY_BREAK case 38: YY_RULE_SETUP -#line 245 "util/configlexer.lex" +#line 252 "util/configlexer.lex" { YDVAR(1, VAR_TLS_ADDITIONAL_PORT) } YY_BREAK case 39: YY_RULE_SETUP -#line 246 "util/configlexer.lex" +#line 253 "util/configlexer.lex" { YDVAR(1, VAR_TLS_ADDITIONAL_PORT) } YY_BREAK case 40: YY_RULE_SETUP -#line 247 "util/configlexer.lex" -{ YDVAR(1, VAR_TLS_SESSION_TICKET_KEYS) } +#line 254 "util/configlexer.lex" +{ YDVAR(1, VAR_TLS_ADDITIONAL_PORT) } YY_BREAK case 41: YY_RULE_SETUP -#line 248 "util/configlexer.lex" -{ YDVAR(1, VAR_TLS_CIPHERS) } +#line 255 "util/configlexer.lex" +{ YDVAR(1, VAR_TLS_SESSION_TICKET_KEYS) } YY_BREAK case 42: YY_RULE_SETUP -#line 249 "util/configlexer.lex" -{ YDVAR(1, VAR_TLS_CIPHERSUITES) } +#line 256 "util/configlexer.lex" +{ YDVAR(1, VAR_TLS_CIPHERS) } YY_BREAK case 43: YY_RULE_SETUP -#line 250 "util/configlexer.lex" -{ YDVAR(1, VAR_USE_SYSTEMD) } +#line 257 "util/configlexer.lex" +{ YDVAR(1, VAR_TLS_CIPHERSUITES) } YY_BREAK case 44: YY_RULE_SETUP -#line 251 "util/configlexer.lex" -{ YDVAR(1, VAR_DO_DAEMONIZE) } +#line 258 "util/configlexer.lex" +{ YDVAR(1, VAR_TLS_USE_SNI) } YY_BREAK case 45: YY_RULE_SETUP -#line 252 "util/configlexer.lex" -{ YDVAR(1, VAR_INTERFACE) } +#line 259 "util/configlexer.lex" +{ YDVAR(1, VAR_USE_SYSTEMD) } YY_BREAK case 46: YY_RULE_SETUP -#line 253 "util/configlexer.lex" -{ YDVAR(1, VAR_INTERFACE) } +#line 260 "util/configlexer.lex" +{ YDVAR(1, VAR_DO_DAEMONIZE) } YY_BREAK case 47: YY_RULE_SETUP -#line 254 "util/configlexer.lex" -{ YDVAR(1, VAR_OUTGOING_INTERFACE) } +#line 261 "util/configlexer.lex" +{ YDVAR(1, VAR_INTERFACE) } YY_BREAK case 48: YY_RULE_SETUP -#line 255 "util/configlexer.lex" -{ YDVAR(1, VAR_INTERFACE_AUTOMATIC) } +#line 262 "util/configlexer.lex" +{ YDVAR(1, VAR_INTERFACE) } YY_BREAK case 49: YY_RULE_SETUP -#line 256 "util/configlexer.lex" -{ YDVAR(1, VAR_SO_RCVBUF) } +#line 263 "util/configlexer.lex" +{ YDVAR(1, VAR_OUTGOING_INTERFACE) } YY_BREAK case 50: YY_RULE_SETUP -#line 257 "util/configlexer.lex" -{ YDVAR(1, VAR_SO_SNDBUF) } +#line 264 "util/configlexer.lex" +{ YDVAR(1, VAR_INTERFACE_AUTOMATIC) } YY_BREAK case 51: YY_RULE_SETUP -#line 258 "util/configlexer.lex" -{ YDVAR(1, VAR_SO_REUSEPORT) } +#line 265 "util/configlexer.lex" +{ YDVAR(1, VAR_SO_RCVBUF) } YY_BREAK case 52: YY_RULE_SETUP -#line 259 "util/configlexer.lex" -{ YDVAR(1, VAR_IP_TRANSPARENT) } +#line 266 "util/configlexer.lex" +{ YDVAR(1, VAR_SO_SNDBUF) } YY_BREAK case 53: YY_RULE_SETUP -#line 260 "util/configlexer.lex" -{ YDVAR(1, VAR_IP_FREEBIND) } +#line 267 "util/configlexer.lex" +{ YDVAR(1, VAR_SO_REUSEPORT) } YY_BREAK case 54: YY_RULE_SETUP -#line 261 "util/configlexer.lex" -{ YDVAR(1, VAR_CHROOT) } +#line 268 "util/configlexer.lex" +{ YDVAR(1, VAR_IP_TRANSPARENT) } YY_BREAK case 55: YY_RULE_SETUP -#line 262 "util/configlexer.lex" -{ YDVAR(1, VAR_USERNAME) } +#line 269 "util/configlexer.lex" +{ YDVAR(1, VAR_IP_FREEBIND) } YY_BREAK case 56: YY_RULE_SETUP -#line 263 "util/configlexer.lex" -{ YDVAR(1, VAR_DIRECTORY) } +#line 270 "util/configlexer.lex" +{ YDVAR(1, VAR_IP_DSCP) } YY_BREAK case 57: YY_RULE_SETUP -#line 264 "util/configlexer.lex" -{ YDVAR(1, VAR_LOGFILE) } +#line 271 "util/configlexer.lex" +{ YDVAR(1, VAR_CHROOT) } YY_BREAK case 58: YY_RULE_SETUP -#line 265 "util/configlexer.lex" -{ YDVAR(1, VAR_PIDFILE) } +#line 272 "util/configlexer.lex" +{ YDVAR(1, VAR_USERNAME) } YY_BREAK case 59: YY_RULE_SETUP -#line 266 "util/configlexer.lex" -{ YDVAR(1, VAR_ROOT_HINTS) } +#line 273 "util/configlexer.lex" +{ YDVAR(1, VAR_DIRECTORY) } YY_BREAK case 60: YY_RULE_SETUP -#line 267 "util/configlexer.lex" -{ YDVAR(1, VAR_STREAM_WAIT_SIZE) } +#line 274 "util/configlexer.lex" +{ YDVAR(1, VAR_LOGFILE) } YY_BREAK case 61: YY_RULE_SETUP -#line 268 "util/configlexer.lex" -{ YDVAR(1, VAR_EDNS_BUFFER_SIZE) } +#line 275 "util/configlexer.lex" +{ YDVAR(1, VAR_PIDFILE) } YY_BREAK case 62: YY_RULE_SETUP -#line 269 "util/configlexer.lex" -{ YDVAR(1, VAR_MSG_BUFFER_SIZE) } +#line 276 "util/configlexer.lex" +{ YDVAR(1, VAR_ROOT_HINTS) } YY_BREAK case 63: YY_RULE_SETUP -#line 270 "util/configlexer.lex" -{ YDVAR(1, VAR_MSG_CACHE_SIZE) } +#line 277 "util/configlexer.lex" +{ YDVAR(1, VAR_STREAM_WAIT_SIZE) } YY_BREAK case 64: YY_RULE_SETUP -#line 271 "util/configlexer.lex" -{ YDVAR(1, VAR_MSG_CACHE_SLABS) } +#line 278 "util/configlexer.lex" +{ YDVAR(1, VAR_EDNS_BUFFER_SIZE) } YY_BREAK case 65: YY_RULE_SETUP -#line 272 "util/configlexer.lex" -{ YDVAR(1, VAR_RRSET_CACHE_SIZE) } +#line 279 "util/configlexer.lex" +{ YDVAR(1, VAR_MSG_BUFFER_SIZE) } YY_BREAK case 66: YY_RULE_SETUP -#line 273 "util/configlexer.lex" -{ YDVAR(1, VAR_RRSET_CACHE_SLABS) } +#line 280 "util/configlexer.lex" +{ YDVAR(1, VAR_MSG_CACHE_SIZE) } YY_BREAK case 67: YY_RULE_SETUP -#line 274 "util/configlexer.lex" -{ YDVAR(1, VAR_CACHE_MAX_TTL) } +#line 281 "util/configlexer.lex" +{ YDVAR(1, VAR_MSG_CACHE_SLABS) } YY_BREAK case 68: YY_RULE_SETUP -#line 275 "util/configlexer.lex" -{ YDVAR(1, VAR_CACHE_MAX_NEGATIVE_TTL) } +#line 282 "util/configlexer.lex" +{ YDVAR(1, VAR_RRSET_CACHE_SIZE) } YY_BREAK case 69: YY_RULE_SETUP -#line 276 "util/configlexer.lex" -{ YDVAR(1, VAR_CACHE_MIN_TTL) } +#line 283 "util/configlexer.lex" +{ YDVAR(1, VAR_RRSET_CACHE_SLABS) } YY_BREAK case 70: YY_RULE_SETUP -#line 277 "util/configlexer.lex" -{ YDVAR(1, VAR_INFRA_HOST_TTL) } +#line 284 "util/configlexer.lex" +{ YDVAR(1, VAR_CACHE_MAX_TTL) } YY_BREAK case 71: YY_RULE_SETUP -#line 278 "util/configlexer.lex" -{ YDVAR(1, VAR_INFRA_LAME_TTL) } +#line 285 "util/configlexer.lex" +{ YDVAR(1, VAR_CACHE_MAX_NEGATIVE_TTL) } YY_BREAK case 72: YY_RULE_SETUP -#line 279 "util/configlexer.lex" -{ YDVAR(1, VAR_INFRA_CACHE_SLABS) } +#line 286 "util/configlexer.lex" +{ YDVAR(1, VAR_CACHE_MIN_TTL) } YY_BREAK case 73: YY_RULE_SETUP -#line 280 "util/configlexer.lex" -{ YDVAR(1, VAR_INFRA_CACHE_NUMHOSTS) } +#line 287 "util/configlexer.lex" +{ YDVAR(1, VAR_INFRA_HOST_TTL) } YY_BREAK case 74: YY_RULE_SETUP -#line 281 "util/configlexer.lex" -{ YDVAR(1, VAR_INFRA_CACHE_LAME_SIZE) } +#line 288 "util/configlexer.lex" +{ YDVAR(1, VAR_INFRA_LAME_TTL) } YY_BREAK case 75: YY_RULE_SETUP -#line 282 "util/configlexer.lex" -{ YDVAR(1, VAR_INFRA_CACHE_MIN_RTT) } +#line 289 "util/configlexer.lex" +{ YDVAR(1, VAR_INFRA_CACHE_SLABS) } YY_BREAK case 76: YY_RULE_SETUP -#line 283 "util/configlexer.lex" -{ YDVAR(1, VAR_NUM_QUERIES_PER_THREAD) } +#line 290 "util/configlexer.lex" +{ YDVAR(1, VAR_INFRA_CACHE_NUMHOSTS) } YY_BREAK case 77: YY_RULE_SETUP -#line 284 "util/configlexer.lex" -{ YDVAR(1, VAR_JOSTLE_TIMEOUT) } +#line 291 "util/configlexer.lex" +{ YDVAR(1, VAR_INFRA_CACHE_LAME_SIZE) } YY_BREAK case 78: YY_RULE_SETUP -#line 285 "util/configlexer.lex" -{ YDVAR(1, VAR_DELAY_CLOSE) } +#line 292 "util/configlexer.lex" +{ YDVAR(1, VAR_INFRA_CACHE_MIN_RTT) } YY_BREAK case 79: YY_RULE_SETUP -#line 286 "util/configlexer.lex" -{ YDVAR(1, VAR_TARGET_FETCH_POLICY) } +#line 293 "util/configlexer.lex" +{ YDVAR(1, VAR_NUM_QUERIES_PER_THREAD) } YY_BREAK case 80: YY_RULE_SETUP -#line 287 "util/configlexer.lex" -{ YDVAR(1, VAR_HARDEN_SHORT_BUFSIZE) } +#line 294 "util/configlexer.lex" +{ YDVAR(1, VAR_JOSTLE_TIMEOUT) } YY_BREAK case 81: YY_RULE_SETUP -#line 288 "util/configlexer.lex" -{ YDVAR(1, VAR_HARDEN_LARGE_QUERIES) } +#line 295 "util/configlexer.lex" +{ YDVAR(1, VAR_DELAY_CLOSE) } YY_BREAK case 82: YY_RULE_SETUP -#line 289 "util/configlexer.lex" -{ YDVAR(1, VAR_HARDEN_GLUE) } +#line 296 "util/configlexer.lex" +{ YDVAR(1, VAR_TARGET_FETCH_POLICY) } YY_BREAK case 83: YY_RULE_SETUP -#line 290 "util/configlexer.lex" -{ YDVAR(1, VAR_HARDEN_DNSSEC_STRIPPED) } +#line 297 "util/configlexer.lex" +{ YDVAR(1, VAR_HARDEN_SHORT_BUFSIZE) } YY_BREAK case 84: YY_RULE_SETUP -#line 291 "util/configlexer.lex" -{ YDVAR(1, VAR_HARDEN_BELOW_NXDOMAIN) } +#line 298 "util/configlexer.lex" +{ YDVAR(1, VAR_HARDEN_LARGE_QUERIES) } YY_BREAK case 85: YY_RULE_SETUP -#line 292 "util/configlexer.lex" -{ YDVAR(1, VAR_HARDEN_REFERRAL_PATH) } +#line 299 "util/configlexer.lex" +{ YDVAR(1, VAR_HARDEN_GLUE) } YY_BREAK case 86: YY_RULE_SETUP -#line 293 "util/configlexer.lex" -{ YDVAR(1, VAR_HARDEN_ALGO_DOWNGRADE) } +#line 300 "util/configlexer.lex" +{ YDVAR(1, VAR_HARDEN_DNSSEC_STRIPPED) } YY_BREAK case 87: YY_RULE_SETUP -#line 294 "util/configlexer.lex" -{ YDVAR(1, VAR_USE_CAPS_FOR_ID) } +#line 301 "util/configlexer.lex" +{ YDVAR(1, VAR_HARDEN_BELOW_NXDOMAIN) } YY_BREAK case 88: YY_RULE_SETUP -#line 295 "util/configlexer.lex" -{ YDVAR(1, VAR_CAPS_WHITELIST) } +#line 302 "util/configlexer.lex" +{ YDVAR(1, VAR_HARDEN_REFERRAL_PATH) } YY_BREAK case 89: YY_RULE_SETUP -#line 296 "util/configlexer.lex" -{ YDVAR(1, VAR_UNWANTED_REPLY_THRESHOLD) } +#line 303 "util/configlexer.lex" +{ YDVAR(1, VAR_HARDEN_ALGO_DOWNGRADE) } YY_BREAK case 90: YY_RULE_SETUP -#line 297 "util/configlexer.lex" -{ YDVAR(1, VAR_PRIVATE_ADDRESS) } +#line 304 "util/configlexer.lex" +{ YDVAR(1, VAR_USE_CAPS_FOR_ID) } YY_BREAK case 91: YY_RULE_SETUP -#line 298 "util/configlexer.lex" -{ YDVAR(1, VAR_PRIVATE_DOMAIN) } +#line 305 "util/configlexer.lex" +{ YDVAR(1, VAR_CAPS_WHITELIST) } YY_BREAK case 92: YY_RULE_SETUP -#line 299 "util/configlexer.lex" -{ YDVAR(1, VAR_PREFETCH_KEY) } +#line 306 "util/configlexer.lex" +{ YDVAR(1, VAR_UNWANTED_REPLY_THRESHOLD) } YY_BREAK case 93: YY_RULE_SETUP -#line 300 "util/configlexer.lex" -{ YDVAR(1, VAR_PREFETCH) } +#line 307 "util/configlexer.lex" +{ YDVAR(1, VAR_PRIVATE_ADDRESS) } YY_BREAK case 94: YY_RULE_SETUP -#line 301 "util/configlexer.lex" -{ YDVAR(1, VAR_DENY_ANY) } +#line 308 "util/configlexer.lex" +{ YDVAR(1, VAR_PRIVATE_DOMAIN) } YY_BREAK case 95: YY_RULE_SETUP -#line 302 "util/configlexer.lex" -{ YDVAR(0, VAR_STUB_ZONE) } +#line 309 "util/configlexer.lex" +{ YDVAR(1, VAR_PREFETCH_KEY) } YY_BREAK case 96: YY_RULE_SETUP -#line 303 "util/configlexer.lex" -{ YDVAR(1, VAR_NAME) } +#line 310 "util/configlexer.lex" +{ YDVAR(1, VAR_PREFETCH) } YY_BREAK case 97: YY_RULE_SETUP -#line 304 "util/configlexer.lex" -{ YDVAR(1, VAR_STUB_ADDR) } +#line 311 "util/configlexer.lex" +{ YDVAR(1, VAR_DENY_ANY) } YY_BREAK case 98: YY_RULE_SETUP -#line 305 "util/configlexer.lex" -{ YDVAR(1, VAR_STUB_HOST) } +#line 312 "util/configlexer.lex" +{ YDVAR(0, VAR_STUB_ZONE) } YY_BREAK case 99: YY_RULE_SETUP -#line 306 "util/configlexer.lex" -{ YDVAR(1, VAR_STUB_PRIME) } +#line 313 "util/configlexer.lex" +{ YDVAR(1, VAR_NAME) } YY_BREAK case 100: YY_RULE_SETUP -#line 307 "util/configlexer.lex" -{ YDVAR(1, VAR_STUB_FIRST) } +#line 314 "util/configlexer.lex" +{ YDVAR(1, VAR_STUB_ADDR) } YY_BREAK case 101: YY_RULE_SETUP -#line 308 "util/configlexer.lex" -{ YDVAR(1, VAR_STUB_NO_CACHE) } +#line 315 "util/configlexer.lex" +{ YDVAR(1, VAR_STUB_HOST) } YY_BREAK case 102: YY_RULE_SETUP -#line 309 "util/configlexer.lex" -{ YDVAR(1, VAR_STUB_SSL_UPSTREAM) } +#line 316 "util/configlexer.lex" +{ YDVAR(1, VAR_STUB_PRIME) } YY_BREAK case 103: YY_RULE_SETUP -#line 310 "util/configlexer.lex" -{ YDVAR(1, VAR_STUB_SSL_UPSTREAM) } +#line 317 "util/configlexer.lex" +{ YDVAR(1, VAR_STUB_FIRST) } YY_BREAK case 104: YY_RULE_SETUP -#line 311 "util/configlexer.lex" -{ YDVAR(0, VAR_FORWARD_ZONE) } +#line 318 "util/configlexer.lex" +{ YDVAR(1, VAR_STUB_NO_CACHE) } YY_BREAK case 105: YY_RULE_SETUP -#line 312 "util/configlexer.lex" -{ YDVAR(1, VAR_FORWARD_ADDR) } +#line 319 "util/configlexer.lex" +{ YDVAR(1, VAR_STUB_SSL_UPSTREAM) } YY_BREAK case 106: YY_RULE_SETUP -#line 313 "util/configlexer.lex" -{ YDVAR(1, VAR_FORWARD_HOST) } +#line 320 "util/configlexer.lex" +{ YDVAR(1, VAR_STUB_SSL_UPSTREAM) } YY_BREAK case 107: YY_RULE_SETUP -#line 314 "util/configlexer.lex" -{ YDVAR(1, VAR_FORWARD_FIRST) } +#line 321 "util/configlexer.lex" +{ YDVAR(0, VAR_FORWARD_ZONE) } YY_BREAK case 108: YY_RULE_SETUP -#line 315 "util/configlexer.lex" -{ YDVAR(1, VAR_FORWARD_NO_CACHE) } +#line 322 "util/configlexer.lex" +{ YDVAR(1, VAR_FORWARD_ADDR) } YY_BREAK case 109: YY_RULE_SETUP -#line 316 "util/configlexer.lex" -{ YDVAR(1, VAR_FORWARD_SSL_UPSTREAM) } +#line 323 "util/configlexer.lex" +{ YDVAR(1, VAR_FORWARD_HOST) } YY_BREAK case 110: YY_RULE_SETUP -#line 317 "util/configlexer.lex" -{ YDVAR(1, VAR_FORWARD_SSL_UPSTREAM) } +#line 324 "util/configlexer.lex" +{ YDVAR(1, VAR_FORWARD_FIRST) } YY_BREAK case 111: YY_RULE_SETUP -#line 318 "util/configlexer.lex" -{ YDVAR(0, VAR_AUTH_ZONE) } +#line 325 "util/configlexer.lex" +{ YDVAR(1, VAR_FORWARD_NO_CACHE) } YY_BREAK case 112: YY_RULE_SETUP -#line 319 "util/configlexer.lex" -{ YDVAR(0, VAR_RPZ) } +#line 326 "util/configlexer.lex" +{ YDVAR(1, VAR_FORWARD_SSL_UPSTREAM) } YY_BREAK case 113: YY_RULE_SETUP -#line 320 "util/configlexer.lex" -{ YDVAR(1, VAR_TAGS) } +#line 327 "util/configlexer.lex" +{ YDVAR(1, VAR_FORWARD_SSL_UPSTREAM) } YY_BREAK case 114: YY_RULE_SETUP -#line 321 "util/configlexer.lex" -{ YDVAR(1, VAR_RPZ_ACTION_OVERRIDE) } +#line 328 "util/configlexer.lex" +{ YDVAR(0, VAR_AUTH_ZONE) } YY_BREAK case 115: YY_RULE_SETUP -#line 322 "util/configlexer.lex" -{ YDVAR(1, VAR_RPZ_CNAME_OVERRIDE) } +#line 329 "util/configlexer.lex" +{ YDVAR(0, VAR_RPZ) } YY_BREAK case 116: YY_RULE_SETUP -#line 323 "util/configlexer.lex" -{ YDVAR(1, VAR_RPZ_LOG) } +#line 330 "util/configlexer.lex" +{ YDVAR(1, VAR_TAGS) } YY_BREAK case 117: YY_RULE_SETUP -#line 324 "util/configlexer.lex" -{ YDVAR(1, VAR_RPZ_LOG_NAME) } +#line 331 "util/configlexer.lex" +{ YDVAR(1, VAR_RPZ_ACTION_OVERRIDE) } YY_BREAK case 118: YY_RULE_SETUP -#line 325 "util/configlexer.lex" -{ YDVAR(1, VAR_ZONEFILE) } +#line 332 "util/configlexer.lex" +{ YDVAR(1, VAR_RPZ_CNAME_OVERRIDE) } YY_BREAK case 119: YY_RULE_SETUP -#line 326 "util/configlexer.lex" -{ YDVAR(1, VAR_MASTER) } +#line 333 "util/configlexer.lex" +{ YDVAR(1, VAR_RPZ_LOG) } YY_BREAK case 120: YY_RULE_SETUP -#line 327 "util/configlexer.lex" -{ YDVAR(1, VAR_URL) } +#line 334 "util/configlexer.lex" +{ YDVAR(1, VAR_RPZ_LOG_NAME) } YY_BREAK case 121: YY_RULE_SETUP -#line 328 "util/configlexer.lex" -{ YDVAR(1, VAR_ALLOW_NOTIFY) } +#line 335 "util/configlexer.lex" +{ YDVAR(1, VAR_ZONEFILE) } YY_BREAK case 122: YY_RULE_SETUP -#line 329 "util/configlexer.lex" -{ YDVAR(1, VAR_FOR_DOWNSTREAM) } +#line 336 "util/configlexer.lex" +{ YDVAR(1, VAR_MASTER) } YY_BREAK case 123: YY_RULE_SETUP -#line 330 "util/configlexer.lex" -{ YDVAR(1, VAR_FOR_UPSTREAM) } +#line 337 "util/configlexer.lex" +{ YDVAR(1, VAR_URL) } YY_BREAK case 124: YY_RULE_SETUP -#line 331 "util/configlexer.lex" -{ YDVAR(1, VAR_FALLBACK_ENABLED) } +#line 338 "util/configlexer.lex" +{ YDVAR(1, VAR_ALLOW_NOTIFY) } YY_BREAK case 125: YY_RULE_SETUP -#line 332 "util/configlexer.lex" -{ YDVAR(0, VAR_VIEW) } +#line 339 "util/configlexer.lex" +{ YDVAR(1, VAR_FOR_DOWNSTREAM) } YY_BREAK case 126: YY_RULE_SETUP -#line 333 "util/configlexer.lex" -{ YDVAR(1, VAR_VIEW_FIRST) } +#line 340 "util/configlexer.lex" +{ YDVAR(1, VAR_FOR_UPSTREAM) } YY_BREAK case 127: YY_RULE_SETUP -#line 334 "util/configlexer.lex" -{ YDVAR(1, VAR_DO_NOT_QUERY_ADDRESS) } +#line 341 "util/configlexer.lex" +{ YDVAR(1, VAR_FALLBACK_ENABLED) } YY_BREAK case 128: YY_RULE_SETUP -#line 335 "util/configlexer.lex" -{ YDVAR(1, VAR_DO_NOT_QUERY_LOCALHOST) } +#line 342 "util/configlexer.lex" +{ YDVAR(0, VAR_VIEW) } YY_BREAK case 129: YY_RULE_SETUP -#line 336 "util/configlexer.lex" -{ YDVAR(2, VAR_ACCESS_CONTROL) } +#line 343 "util/configlexer.lex" +{ YDVAR(1, VAR_VIEW_FIRST) } YY_BREAK case 130: YY_RULE_SETUP -#line 337 "util/configlexer.lex" -{ YDVAR(1, VAR_SEND_CLIENT_SUBNET) } +#line 344 "util/configlexer.lex" +{ YDVAR(1, VAR_DO_NOT_QUERY_ADDRESS) } YY_BREAK case 131: YY_RULE_SETUP -#line 338 "util/configlexer.lex" -{ YDVAR(1, VAR_CLIENT_SUBNET_ZONE) } +#line 345 "util/configlexer.lex" +{ YDVAR(1, VAR_DO_NOT_QUERY_LOCALHOST) } YY_BREAK case 132: YY_RULE_SETUP -#line 339 "util/configlexer.lex" -{ YDVAR(1, VAR_CLIENT_SUBNET_ALWAYS_FORWARD) } +#line 346 "util/configlexer.lex" +{ YDVAR(2, VAR_ACCESS_CONTROL) } YY_BREAK case 133: YY_RULE_SETUP -#line 340 "util/configlexer.lex" -{ YDVAR(1, VAR_CLIENT_SUBNET_OPCODE) } +#line 347 "util/configlexer.lex" +{ YDVAR(1, VAR_SEND_CLIENT_SUBNET) } YY_BREAK case 134: YY_RULE_SETUP -#line 341 "util/configlexer.lex" -{ YDVAR(1, VAR_MAX_CLIENT_SUBNET_IPV4) } +#line 348 "util/configlexer.lex" +{ YDVAR(1, VAR_CLIENT_SUBNET_ZONE) } YY_BREAK case 135: YY_RULE_SETUP -#line 342 "util/configlexer.lex" -{ YDVAR(1, VAR_MAX_CLIENT_SUBNET_IPV6) } +#line 349 "util/configlexer.lex" +{ YDVAR(1, VAR_CLIENT_SUBNET_ALWAYS_FORWARD) } YY_BREAK case 136: YY_RULE_SETUP -#line 343 "util/configlexer.lex" -{ YDVAR(1, VAR_MIN_CLIENT_SUBNET_IPV4) } +#line 350 "util/configlexer.lex" +{ YDVAR(1, VAR_CLIENT_SUBNET_OPCODE) } YY_BREAK case 137: YY_RULE_SETUP -#line 344 "util/configlexer.lex" -{ YDVAR(1, VAR_MIN_CLIENT_SUBNET_IPV6) } +#line 351 "util/configlexer.lex" +{ YDVAR(1, VAR_MAX_CLIENT_SUBNET_IPV4) } YY_BREAK case 138: YY_RULE_SETUP -#line 345 "util/configlexer.lex" -{ YDVAR(1, VAR_MAX_ECS_TREE_SIZE_IPV4) } +#line 352 "util/configlexer.lex" +{ YDVAR(1, VAR_MAX_CLIENT_SUBNET_IPV6) } YY_BREAK case 139: YY_RULE_SETUP -#line 346 "util/configlexer.lex" -{ YDVAR(1, VAR_MAX_ECS_TREE_SIZE_IPV6) } +#line 353 "util/configlexer.lex" +{ YDVAR(1, VAR_MIN_CLIENT_SUBNET_IPV4) } YY_BREAK case 140: YY_RULE_SETUP -#line 347 "util/configlexer.lex" -{ YDVAR(1, VAR_HIDE_IDENTITY) } +#line 354 "util/configlexer.lex" +{ YDVAR(1, VAR_MIN_CLIENT_SUBNET_IPV6) } YY_BREAK case 141: YY_RULE_SETUP -#line 348 "util/configlexer.lex" -{ YDVAR(1, VAR_HIDE_VERSION) } +#line 355 "util/configlexer.lex" +{ YDVAR(1, VAR_MAX_ECS_TREE_SIZE_IPV4) } YY_BREAK case 142: YY_RULE_SETUP -#line 349 "util/configlexer.lex" -{ YDVAR(1, VAR_HIDE_TRUSTANCHOR) } +#line 356 "util/configlexer.lex" +{ YDVAR(1, VAR_MAX_ECS_TREE_SIZE_IPV6) } YY_BREAK case 143: YY_RULE_SETUP -#line 350 "util/configlexer.lex" -{ YDVAR(1, VAR_IDENTITY) } +#line 357 "util/configlexer.lex" +{ YDVAR(1, VAR_HIDE_IDENTITY) } YY_BREAK case 144: YY_RULE_SETUP -#line 351 "util/configlexer.lex" -{ YDVAR(1, VAR_VERSION) } +#line 358 "util/configlexer.lex" +{ YDVAR(1, VAR_HIDE_VERSION) } YY_BREAK case 145: YY_RULE_SETUP -#line 352 "util/configlexer.lex" -{ YDVAR(1, VAR_MODULE_CONF) } +#line 359 "util/configlexer.lex" +{ YDVAR(1, VAR_HIDE_TRUSTANCHOR) } YY_BREAK case 146: YY_RULE_SETUP -#line 353 "util/configlexer.lex" -{ YDVAR(1, VAR_DLV_ANCHOR) } +#line 360 "util/configlexer.lex" +{ YDVAR(1, VAR_IDENTITY) } YY_BREAK case 147: YY_RULE_SETUP -#line 354 "util/configlexer.lex" -{ YDVAR(1, VAR_DLV_ANCHOR_FILE) } +#line 361 "util/configlexer.lex" +{ YDVAR(1, VAR_VERSION) } YY_BREAK case 148: YY_RULE_SETUP -#line 355 "util/configlexer.lex" -{ YDVAR(1, VAR_TRUST_ANCHOR_FILE) } +#line 362 "util/configlexer.lex" +{ YDVAR(1, VAR_MODULE_CONF) } YY_BREAK case 149: YY_RULE_SETUP -#line 356 "util/configlexer.lex" -{ YDVAR(1, VAR_AUTO_TRUST_ANCHOR_FILE) } +#line 363 "util/configlexer.lex" +{ YDVAR(1, VAR_DLV_ANCHOR) } YY_BREAK case 150: YY_RULE_SETUP -#line 357 "util/configlexer.lex" -{ YDVAR(1, VAR_TRUSTED_KEYS_FILE) } +#line 364 "util/configlexer.lex" +{ YDVAR(1, VAR_DLV_ANCHOR_FILE) } YY_BREAK case 151: YY_RULE_SETUP -#line 358 "util/configlexer.lex" -{ YDVAR(1, VAR_TRUST_ANCHOR) } +#line 365 "util/configlexer.lex" +{ YDVAR(1, VAR_TRUST_ANCHOR_FILE) } YY_BREAK case 152: YY_RULE_SETUP -#line 359 "util/configlexer.lex" -{ YDVAR(1, VAR_TRUST_ANCHOR_SIGNALING) } +#line 366 "util/configlexer.lex" +{ YDVAR(1, VAR_AUTO_TRUST_ANCHOR_FILE) } YY_BREAK case 153: YY_RULE_SETUP -#line 360 "util/configlexer.lex" -{ YDVAR(1, VAR_ROOT_KEY_SENTINEL) } +#line 367 "util/configlexer.lex" +{ YDVAR(1, VAR_TRUSTED_KEYS_FILE) } YY_BREAK case 154: YY_RULE_SETUP -#line 361 "util/configlexer.lex" -{ YDVAR(1, VAR_VAL_OVERRIDE_DATE) } +#line 368 "util/configlexer.lex" +{ YDVAR(1, VAR_TRUST_ANCHOR) } YY_BREAK case 155: YY_RULE_SETUP -#line 362 "util/configlexer.lex" -{ YDVAR(1, VAR_VAL_SIG_SKEW_MIN) } +#line 369 "util/configlexer.lex" +{ YDVAR(1, VAR_TRUST_ANCHOR_SIGNALING) } YY_BREAK case 156: YY_RULE_SETUP -#line 363 "util/configlexer.lex" -{ YDVAR(1, VAR_VAL_SIG_SKEW_MAX) } +#line 370 "util/configlexer.lex" +{ YDVAR(1, VAR_ROOT_KEY_SENTINEL) } YY_BREAK case 157: YY_RULE_SETUP -#line 364 "util/configlexer.lex" -{ YDVAR(1, VAR_BOGUS_TTL) } +#line 371 "util/configlexer.lex" +{ YDVAR(1, VAR_VAL_OVERRIDE_DATE) } YY_BREAK case 158: YY_RULE_SETUP -#line 365 "util/configlexer.lex" -{ YDVAR(1, VAR_VAL_CLEAN_ADDITIONAL) } +#line 372 "util/configlexer.lex" +{ YDVAR(1, VAR_VAL_SIG_SKEW_MIN) } YY_BREAK case 159: YY_RULE_SETUP -#line 366 "util/configlexer.lex" -{ YDVAR(1, VAR_VAL_PERMISSIVE_MODE) } +#line 373 "util/configlexer.lex" +{ YDVAR(1, VAR_VAL_SIG_SKEW_MAX) } YY_BREAK case 160: YY_RULE_SETUP -#line 367 "util/configlexer.lex" -{ YDVAR(1, VAR_AGGRESSIVE_NSEC) } +#line 374 "util/configlexer.lex" +{ YDVAR(1, VAR_BOGUS_TTL) } YY_BREAK case 161: YY_RULE_SETUP -#line 368 "util/configlexer.lex" -{ YDVAR(1, VAR_IGNORE_CD_FLAG) } +#line 375 "util/configlexer.lex" +{ YDVAR(1, VAR_VAL_CLEAN_ADDITIONAL) } YY_BREAK case 162: YY_RULE_SETUP -#line 369 "util/configlexer.lex" -{ YDVAR(1, VAR_SERVE_EXPIRED) } +#line 376 "util/configlexer.lex" +{ YDVAR(1, VAR_VAL_PERMISSIVE_MODE) } YY_BREAK case 163: YY_RULE_SETUP -#line 370 "util/configlexer.lex" -{ YDVAR(1, VAR_SERVE_EXPIRED_TTL) } +#line 377 "util/configlexer.lex" +{ YDVAR(1, VAR_AGGRESSIVE_NSEC) } YY_BREAK case 164: YY_RULE_SETUP -#line 371 "util/configlexer.lex" -{ YDVAR(1, VAR_SERVE_EXPIRED_TTL_RESET) } +#line 378 "util/configlexer.lex" +{ YDVAR(1, VAR_IGNORE_CD_FLAG) } YY_BREAK case 165: YY_RULE_SETUP -#line 372 "util/configlexer.lex" -{ YDVAR(1, VAR_SERVE_EXPIRED_REPLY_TTL) } +#line 379 "util/configlexer.lex" +{ YDVAR(1, VAR_SERVE_EXPIRED) } YY_BREAK case 166: YY_RULE_SETUP -#line 373 "util/configlexer.lex" -{ YDVAR(1, VAR_SERVE_EXPIRED_CLIENT_TIMEOUT) } +#line 380 "util/configlexer.lex" +{ YDVAR(1, VAR_SERVE_EXPIRED_TTL) } YY_BREAK case 167: YY_RULE_SETUP -#line 374 "util/configlexer.lex" -{ YDVAR(1, VAR_FAKE_DSA) } +#line 381 "util/configlexer.lex" +{ YDVAR(1, VAR_SERVE_EXPIRED_TTL_RESET) } YY_BREAK case 168: YY_RULE_SETUP -#line 375 "util/configlexer.lex" -{ YDVAR(1, VAR_FAKE_SHA1) } +#line 382 "util/configlexer.lex" +{ YDVAR(1, VAR_SERVE_EXPIRED_REPLY_TTL) } YY_BREAK case 169: YY_RULE_SETUP -#line 376 "util/configlexer.lex" -{ YDVAR(1, VAR_VAL_LOG_LEVEL) } +#line 383 "util/configlexer.lex" +{ YDVAR(1, VAR_SERVE_EXPIRED_CLIENT_TIMEOUT) } YY_BREAK case 170: YY_RULE_SETUP -#line 377 "util/configlexer.lex" -{ YDVAR(1, VAR_KEY_CACHE_SIZE) } +#line 384 "util/configlexer.lex" +{ YDVAR(1, VAR_FAKE_DSA) } YY_BREAK case 171: YY_RULE_SETUP -#line 378 "util/configlexer.lex" -{ YDVAR(1, VAR_KEY_CACHE_SLABS) } +#line 385 "util/configlexer.lex" +{ YDVAR(1, VAR_FAKE_SHA1) } YY_BREAK case 172: YY_RULE_SETUP -#line 379 "util/configlexer.lex" -{ YDVAR(1, VAR_NEG_CACHE_SIZE) } +#line 386 "util/configlexer.lex" +{ YDVAR(1, VAR_VAL_LOG_LEVEL) } YY_BREAK case 173: YY_RULE_SETUP -#line 380 "util/configlexer.lex" +#line 387 "util/configlexer.lex" +{ YDVAR(1, VAR_KEY_CACHE_SIZE) } + YY_BREAK +case 174: +YY_RULE_SETUP +#line 388 "util/configlexer.lex" +{ YDVAR(1, VAR_KEY_CACHE_SLABS) } + YY_BREAK +case 175: +YY_RULE_SETUP +#line 389 "util/configlexer.lex" +{ YDVAR(1, VAR_NEG_CACHE_SIZE) } + YY_BREAK +case 176: +YY_RULE_SETUP +#line 390 "util/configlexer.lex" { YDVAR(1, VAR_VAL_NSEC3_KEYSIZE_ITERATIONS) } YY_BREAK -case 174: +case 177: YY_RULE_SETUP -#line 382 "util/configlexer.lex" +#line 392 "util/configlexer.lex" { YDVAR(1, VAR_ADD_HOLDDOWN) } YY_BREAK -case 175: +case 178: YY_RULE_SETUP -#line 383 "util/configlexer.lex" +#line 393 "util/configlexer.lex" { YDVAR(1, VAR_DEL_HOLDDOWN) } YY_BREAK -case 176: +case 179: YY_RULE_SETUP -#line 384 "util/configlexer.lex" +#line 394 "util/configlexer.lex" { YDVAR(1, VAR_KEEP_MISSING) } YY_BREAK -case 177: +case 180: YY_RULE_SETUP -#line 385 "util/configlexer.lex" +#line 395 "util/configlexer.lex" { YDVAR(1, VAR_PERMIT_SMALL_HOLDDOWN) } YY_BREAK -case 178: +case 181: YY_RULE_SETUP -#line 386 "util/configlexer.lex" +#line 396 "util/configlexer.lex" { YDVAR(1, VAR_USE_SYSLOG) } YY_BREAK -case 179: +case 182: YY_RULE_SETUP -#line 387 "util/configlexer.lex" +#line 397 "util/configlexer.lex" { YDVAR(1, VAR_LOG_IDENTITY) } YY_BREAK -case 180: +case 183: YY_RULE_SETUP -#line 388 "util/configlexer.lex" +#line 398 "util/configlexer.lex" { YDVAR(1, VAR_LOG_TIME_ASCII) } YY_BREAK -case 181: +case 184: YY_RULE_SETUP -#line 389 "util/configlexer.lex" +#line 399 "util/configlexer.lex" { YDVAR(1, VAR_LOG_QUERIES) } YY_BREAK -case 182: +case 185: YY_RULE_SETUP -#line 390 "util/configlexer.lex" +#line 400 "util/configlexer.lex" { YDVAR(1, VAR_LOG_REPLIES) } YY_BREAK -case 183: +case 186: YY_RULE_SETUP -#line 391 "util/configlexer.lex" +#line 401 "util/configlexer.lex" { YDVAR(1, VAR_LOG_TAG_QUERYREPLY) } YY_BREAK -case 184: +case 187: YY_RULE_SETUP -#line 392 "util/configlexer.lex" +#line 402 "util/configlexer.lex" { YDVAR(1, VAR_LOG_LOCAL_ACTIONS) } YY_BREAK -case 185: +case 188: YY_RULE_SETUP -#line 393 "util/configlexer.lex" +#line 403 "util/configlexer.lex" { YDVAR(1, VAR_LOG_SERVFAIL) } YY_BREAK -case 186: +case 189: YY_RULE_SETUP -#line 394 "util/configlexer.lex" +#line 404 "util/configlexer.lex" { YDVAR(2, VAR_LOCAL_ZONE) } YY_BREAK -case 187: +case 190: YY_RULE_SETUP -#line 395 "util/configlexer.lex" +#line 405 "util/configlexer.lex" { YDVAR(1, VAR_LOCAL_DATA) } YY_BREAK -case 188: +case 191: YY_RULE_SETUP -#line 396 "util/configlexer.lex" +#line 406 "util/configlexer.lex" { YDVAR(1, VAR_LOCAL_DATA_PTR) } YY_BREAK -case 189: +case 192: YY_RULE_SETUP -#line 397 "util/configlexer.lex" +#line 407 "util/configlexer.lex" { YDVAR(1, VAR_UNBLOCK_LAN_ZONES) } YY_BREAK -case 190: +case 193: YY_RULE_SETUP -#line 398 "util/configlexer.lex" +#line 408 "util/configlexer.lex" { YDVAR(1, VAR_INSECURE_LAN_ZONES) } YY_BREAK -case 191: +case 194: YY_RULE_SETUP -#line 399 "util/configlexer.lex" +#line 409 "util/configlexer.lex" { YDVAR(1, VAR_STATISTICS_INTERVAL) } YY_BREAK -case 192: +case 195: YY_RULE_SETUP -#line 400 "util/configlexer.lex" +#line 410 "util/configlexer.lex" { YDVAR(1, VAR_STATISTICS_CUMULATIVE) } YY_BREAK -case 193: +case 196: YY_RULE_SETUP -#line 401 "util/configlexer.lex" +#line 411 "util/configlexer.lex" { YDVAR(1, VAR_EXTENDED_STATISTICS) } YY_BREAK -case 194: +case 197: YY_RULE_SETUP -#line 402 "util/configlexer.lex" +#line 412 "util/configlexer.lex" { YDVAR(1, VAR_SHM_ENABLE) } YY_BREAK -case 195: +case 198: YY_RULE_SETUP -#line 403 "util/configlexer.lex" +#line 413 "util/configlexer.lex" { YDVAR(1, VAR_SHM_KEY) } YY_BREAK -case 196: +case 199: YY_RULE_SETUP -#line 404 "util/configlexer.lex" +#line 414 "util/configlexer.lex" { YDVAR(0, VAR_REMOTE_CONTROL) } YY_BREAK -case 197: +case 200: YY_RULE_SETUP -#line 405 "util/configlexer.lex" +#line 415 "util/configlexer.lex" { YDVAR(1, VAR_CONTROL_ENABLE) } YY_BREAK -case 198: +case 201: YY_RULE_SETUP -#line 406 "util/configlexer.lex" +#line 416 "util/configlexer.lex" { YDVAR(1, VAR_CONTROL_INTERFACE) } YY_BREAK -case 199: +case 202: YY_RULE_SETUP -#line 407 "util/configlexer.lex" +#line 417 "util/configlexer.lex" { YDVAR(1, VAR_CONTROL_PORT) } YY_BREAK -case 200: +case 203: YY_RULE_SETUP -#line 408 "util/configlexer.lex" +#line 418 "util/configlexer.lex" { YDVAR(1, VAR_CONTROL_USE_CERT) } YY_BREAK -case 201: +case 204: YY_RULE_SETUP -#line 409 "util/configlexer.lex" +#line 419 "util/configlexer.lex" { YDVAR(1, VAR_SERVER_KEY_FILE) } YY_BREAK -case 202: +case 205: YY_RULE_SETUP -#line 410 "util/configlexer.lex" +#line 420 "util/configlexer.lex" { YDVAR(1, VAR_SERVER_CERT_FILE) } YY_BREAK -case 203: +case 206: YY_RULE_SETUP -#line 411 "util/configlexer.lex" +#line 421 "util/configlexer.lex" { YDVAR(1, VAR_CONTROL_KEY_FILE) } YY_BREAK -case 204: +case 207: YY_RULE_SETUP -#line 412 "util/configlexer.lex" +#line 422 "util/configlexer.lex" { YDVAR(1, VAR_CONTROL_CERT_FILE) } YY_BREAK -case 205: +case 208: YY_RULE_SETUP -#line 413 "util/configlexer.lex" +#line 423 "util/configlexer.lex" { YDVAR(1, VAR_PYTHON_SCRIPT) } YY_BREAK -case 206: +case 209: YY_RULE_SETUP -#line 414 "util/configlexer.lex" +#line 424 "util/configlexer.lex" { YDVAR(0, VAR_PYTHON) } YY_BREAK -case 207: +case 210: YY_RULE_SETUP -#line 415 "util/configlexer.lex" +#line 425 "util/configlexer.lex" +{ YDVAR(1, VAR_DYNLIB_FILE) } + YY_BREAK +case 211: +YY_RULE_SETUP +#line 426 "util/configlexer.lex" +{ YDVAR(0, VAR_DYNLIB) } + YY_BREAK +case 212: +YY_RULE_SETUP +#line 427 "util/configlexer.lex" { YDVAR(1, VAR_DOMAIN_INSECURE) } YY_BREAK -case 208: +case 213: YY_RULE_SETUP -#line 416 "util/configlexer.lex" +#line 428 "util/configlexer.lex" { YDVAR(1, VAR_MINIMAL_RESPONSES) } YY_BREAK -case 209: +case 214: YY_RULE_SETUP -#line 417 "util/configlexer.lex" +#line 429 "util/configlexer.lex" { YDVAR(1, VAR_RRSET_ROUNDROBIN) } YY_BREAK -case 210: +case 215: YY_RULE_SETUP -#line 418 "util/configlexer.lex" +#line 430 "util/configlexer.lex" { YDVAR(1, VAR_UNKNOWN_SERVER_TIME_LIMIT) } YY_BREAK -case 211: +case 216: YY_RULE_SETUP -#line 419 "util/configlexer.lex" +#line 431 "util/configlexer.lex" { YDVAR(1, VAR_MAX_UDP_SIZE) } YY_BREAK -case 212: +case 217: YY_RULE_SETUP -#line 420 "util/configlexer.lex" +#line 432 "util/configlexer.lex" { YDVAR(1, VAR_DNS64_PREFIX) } YY_BREAK -case 213: +case 218: YY_RULE_SETUP -#line 421 "util/configlexer.lex" +#line 433 "util/configlexer.lex" { YDVAR(1, VAR_DNS64_SYNTHALL) } YY_BREAK -case 214: +case 219: YY_RULE_SETUP -#line 422 "util/configlexer.lex" +#line 434 "util/configlexer.lex" { YDVAR(1, VAR_DNS64_IGNORE_AAAA) } YY_BREAK -case 215: +case 220: YY_RULE_SETUP -#line 423 "util/configlexer.lex" +#line 435 "util/configlexer.lex" { YDVAR(1, VAR_DEFINE_TAG) } YY_BREAK -case 216: +case 221: YY_RULE_SETUP -#line 424 "util/configlexer.lex" +#line 436 "util/configlexer.lex" { YDVAR(2, VAR_LOCAL_ZONE_TAG) } YY_BREAK -case 217: +case 222: YY_RULE_SETUP -#line 425 "util/configlexer.lex" +#line 437 "util/configlexer.lex" { YDVAR(2, VAR_ACCESS_CONTROL_TAG) } YY_BREAK -case 218: +case 223: YY_RULE_SETUP -#line 426 "util/configlexer.lex" +#line 438 "util/configlexer.lex" { YDVAR(3, VAR_ACCESS_CONTROL_TAG_ACTION) } YY_BREAK -case 219: +case 224: YY_RULE_SETUP -#line 427 "util/configlexer.lex" +#line 439 "util/configlexer.lex" { YDVAR(3, VAR_ACCESS_CONTROL_TAG_DATA) } YY_BREAK -case 220: +case 225: YY_RULE_SETUP -#line 428 "util/configlexer.lex" +#line 440 "util/configlexer.lex" { YDVAR(2, VAR_ACCESS_CONTROL_VIEW) } YY_BREAK -case 221: +case 226: YY_RULE_SETUP -#line 429 "util/configlexer.lex" +#line 441 "util/configlexer.lex" { YDVAR(3, VAR_LOCAL_ZONE_OVERRIDE) } YY_BREAK -case 222: +case 227: YY_RULE_SETUP -#line 430 "util/configlexer.lex" +#line 442 "util/configlexer.lex" { YDVAR(0, VAR_DNSTAP) } YY_BREAK -case 223: +case 228: YY_RULE_SETUP -#line 431 "util/configlexer.lex" +#line 443 "util/configlexer.lex" { YDVAR(1, VAR_DNSTAP_ENABLE) } YY_BREAK -case 224: +case 229: YY_RULE_SETUP -#line 432 "util/configlexer.lex" +#line 444 "util/configlexer.lex" +{ YDVAR(1, VAR_DNSTAP_BIDIRECTIONAL) } + YY_BREAK +case 230: +YY_RULE_SETUP +#line 445 "util/configlexer.lex" { YDVAR(1, VAR_DNSTAP_SOCKET_PATH) } YY_BREAK -case 225: +case 231: YY_RULE_SETUP -#line 433 "util/configlexer.lex" +#line 446 "util/configlexer.lex" +{ YDVAR(1, VAR_DNSTAP_IP) } + YY_BREAK +case 232: +YY_RULE_SETUP +#line 447 "util/configlexer.lex" +{ YDVAR(1, VAR_DNSTAP_TLS) } + YY_BREAK +case 233: +YY_RULE_SETUP +#line 448 "util/configlexer.lex" +{ YDVAR(1, VAR_DNSTAP_TLS_SERVER_NAME) } + YY_BREAK +case 234: +YY_RULE_SETUP +#line 449 "util/configlexer.lex" +{ YDVAR(1, VAR_DNSTAP_TLS_CERT_BUNDLE) } + YY_BREAK +case 235: +YY_RULE_SETUP +#line 450 "util/configlexer.lex" +{ + YDVAR(1, VAR_DNSTAP_TLS_CLIENT_KEY_FILE) } + YY_BREAK +case 236: +YY_RULE_SETUP +#line 452 "util/configlexer.lex" +{ + YDVAR(1, VAR_DNSTAP_TLS_CLIENT_CERT_FILE) } + YY_BREAK +case 237: +YY_RULE_SETUP +#line 454 "util/configlexer.lex" { YDVAR(1, VAR_DNSTAP_SEND_IDENTITY) } YY_BREAK -case 226: +case 238: YY_RULE_SETUP -#line 434 "util/configlexer.lex" +#line 455 "util/configlexer.lex" { YDVAR(1, VAR_DNSTAP_SEND_VERSION) } YY_BREAK -case 227: +case 239: YY_RULE_SETUP -#line 435 "util/configlexer.lex" +#line 456 "util/configlexer.lex" { YDVAR(1, VAR_DNSTAP_IDENTITY) } YY_BREAK -case 228: +case 240: YY_RULE_SETUP -#line 436 "util/configlexer.lex" +#line 457 "util/configlexer.lex" { YDVAR(1, VAR_DNSTAP_VERSION) } YY_BREAK -case 229: +case 241: YY_RULE_SETUP -#line 437 "util/configlexer.lex" +#line 458 "util/configlexer.lex" { YDVAR(1, VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES) } YY_BREAK -case 230: +case 242: YY_RULE_SETUP -#line 439 "util/configlexer.lex" +#line 460 "util/configlexer.lex" { YDVAR(1, VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES) } YY_BREAK -case 231: +case 243: YY_RULE_SETUP -#line 441 "util/configlexer.lex" +#line 462 "util/configlexer.lex" { YDVAR(1, VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES) } YY_BREAK -case 232: +case 244: YY_RULE_SETUP -#line 443 "util/configlexer.lex" +#line 464 "util/configlexer.lex" { YDVAR(1, VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES) } YY_BREAK -case 233: +case 245: YY_RULE_SETUP -#line 445 "util/configlexer.lex" +#line 466 "util/configlexer.lex" { YDVAR(1, VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES) } YY_BREAK -case 234: +case 246: YY_RULE_SETUP -#line 447 "util/configlexer.lex" +#line 468 "util/configlexer.lex" { YDVAR(1, VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES) } YY_BREAK -case 235: +case 247: YY_RULE_SETUP -#line 449 "util/configlexer.lex" +#line 470 "util/configlexer.lex" { YDVAR(1, VAR_DISABLE_DNSSEC_LAME_CHECK) } YY_BREAK -case 236: +case 248: YY_RULE_SETUP -#line 450 "util/configlexer.lex" +#line 471 "util/configlexer.lex" { YDVAR(1, VAR_IP_RATELIMIT) } YY_BREAK -case 237: +case 249: YY_RULE_SETUP -#line 451 "util/configlexer.lex" +#line 472 "util/configlexer.lex" { YDVAR(1, VAR_RATELIMIT) } YY_BREAK -case 238: +case 250: YY_RULE_SETUP -#line 452 "util/configlexer.lex" +#line 473 "util/configlexer.lex" { YDVAR(1, VAR_IP_RATELIMIT_SLABS) } YY_BREAK -case 239: +case 251: YY_RULE_SETUP -#line 453 "util/configlexer.lex" +#line 474 "util/configlexer.lex" { YDVAR(1, VAR_RATELIMIT_SLABS) } YY_BREAK -case 240: +case 252: YY_RULE_SETUP -#line 454 "util/configlexer.lex" +#line 475 "util/configlexer.lex" { YDVAR(1, VAR_IP_RATELIMIT_SIZE) } YY_BREAK -case 241: +case 253: YY_RULE_SETUP -#line 455 "util/configlexer.lex" +#line 476 "util/configlexer.lex" { YDVAR(1, VAR_RATELIMIT_SIZE) } YY_BREAK -case 242: +case 254: YY_RULE_SETUP -#line 456 "util/configlexer.lex" +#line 477 "util/configlexer.lex" { YDVAR(2, VAR_RATELIMIT_FOR_DOMAIN) } YY_BREAK -case 243: +case 255: YY_RULE_SETUP -#line 457 "util/configlexer.lex" +#line 478 "util/configlexer.lex" { YDVAR(2, VAR_RATELIMIT_BELOW_DOMAIN) } YY_BREAK -case 244: +case 256: YY_RULE_SETUP -#line 458 "util/configlexer.lex" +#line 479 "util/configlexer.lex" { YDVAR(1, VAR_IP_RATELIMIT_FACTOR) } YY_BREAK -case 245: +case 257: YY_RULE_SETUP -#line 459 "util/configlexer.lex" +#line 480 "util/configlexer.lex" { YDVAR(1, VAR_RATELIMIT_FACTOR) } YY_BREAK -case 246: +case 258: YY_RULE_SETUP -#line 460 "util/configlexer.lex" +#line 481 "util/configlexer.lex" { YDVAR(1, VAR_LOW_RTT) } YY_BREAK -case 247: +case 259: YY_RULE_SETUP -#line 461 "util/configlexer.lex" +#line 482 "util/configlexer.lex" { YDVAR(1, VAR_FAST_SERVER_NUM) } YY_BREAK -case 248: +case 260: YY_RULE_SETUP -#line 462 "util/configlexer.lex" +#line 483 "util/configlexer.lex" { YDVAR(1, VAR_FAST_SERVER_PERMIL) } YY_BREAK -case 249: +case 261: YY_RULE_SETUP -#line 463 "util/configlexer.lex" +#line 484 "util/configlexer.lex" { YDVAR(1, VAR_FAST_SERVER_PERMIL) } YY_BREAK -case 250: +case 262: YY_RULE_SETUP -#line 464 "util/configlexer.lex" +#line 485 "util/configlexer.lex" { YDVAR(1, VAR_FAST_SERVER_PERMIL) } YY_BREAK -case 251: +case 263: YY_RULE_SETUP -#line 465 "util/configlexer.lex" +#line 486 "util/configlexer.lex" { YDVAR(2, VAR_RESPONSE_IP_TAG) } YY_BREAK -case 252: +case 264: YY_RULE_SETUP -#line 466 "util/configlexer.lex" +#line 487 "util/configlexer.lex" { YDVAR(2, VAR_RESPONSE_IP) } YY_BREAK -case 253: +case 265: YY_RULE_SETUP -#line 467 "util/configlexer.lex" +#line 488 "util/configlexer.lex" { YDVAR(2, VAR_RESPONSE_IP_DATA) } YY_BREAK -case 254: +case 266: YY_RULE_SETUP -#line 468 "util/configlexer.lex" +#line 489 "util/configlexer.lex" { YDVAR(0, VAR_DNSCRYPT) } YY_BREAK -case 255: +case 267: YY_RULE_SETUP -#line 469 "util/configlexer.lex" +#line 490 "util/configlexer.lex" { YDVAR(1, VAR_DNSCRYPT_ENABLE) } YY_BREAK -case 256: +case 268: YY_RULE_SETUP -#line 470 "util/configlexer.lex" +#line 491 "util/configlexer.lex" { YDVAR(1, VAR_DNSCRYPT_PORT) } YY_BREAK -case 257: +case 269: YY_RULE_SETUP -#line 471 "util/configlexer.lex" +#line 492 "util/configlexer.lex" { YDVAR(1, VAR_DNSCRYPT_PROVIDER) } YY_BREAK -case 258: +case 270: YY_RULE_SETUP -#line 472 "util/configlexer.lex" +#line 493 "util/configlexer.lex" { YDVAR(1, VAR_DNSCRYPT_SECRET_KEY) } YY_BREAK -case 259: +case 271: YY_RULE_SETUP -#line 473 "util/configlexer.lex" +#line 494 "util/configlexer.lex" { YDVAR(1, VAR_DNSCRYPT_PROVIDER_CERT) } YY_BREAK -case 260: +case 272: YY_RULE_SETUP -#line 474 "util/configlexer.lex" +#line 495 "util/configlexer.lex" { YDVAR(1, VAR_DNSCRYPT_PROVIDER_CERT_ROTATED) } YY_BREAK -case 261: +case 273: YY_RULE_SETUP -#line 475 "util/configlexer.lex" +#line 496 "util/configlexer.lex" { YDVAR(1, VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE) } YY_BREAK -case 262: +case 274: YY_RULE_SETUP -#line 477 "util/configlexer.lex" +#line 498 "util/configlexer.lex" { YDVAR(1, VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS) } YY_BREAK -case 263: +case 275: YY_RULE_SETUP -#line 479 "util/configlexer.lex" +#line 500 "util/configlexer.lex" { YDVAR(1, VAR_DNSCRYPT_NONCE_CACHE_SIZE) } YY_BREAK -case 264: +case 276: YY_RULE_SETUP -#line 480 "util/configlexer.lex" +#line 501 "util/configlexer.lex" { YDVAR(1, VAR_DNSCRYPT_NONCE_CACHE_SLABS) } YY_BREAK -case 265: +case 277: YY_RULE_SETUP -#line 481 "util/configlexer.lex" +#line 502 "util/configlexer.lex" { YDVAR(1, VAR_IPSECMOD_ENABLED) } YY_BREAK -case 266: +case 278: YY_RULE_SETUP -#line 482 "util/configlexer.lex" +#line 503 "util/configlexer.lex" { YDVAR(1, VAR_IPSECMOD_IGNORE_BOGUS) } YY_BREAK -case 267: +case 279: YY_RULE_SETUP -#line 483 "util/configlexer.lex" +#line 504 "util/configlexer.lex" { YDVAR(1, VAR_IPSECMOD_HOOK) } YY_BREAK -case 268: +case 280: YY_RULE_SETUP -#line 484 "util/configlexer.lex" +#line 505 "util/configlexer.lex" { YDVAR(1, VAR_IPSECMOD_MAX_TTL) } YY_BREAK -case 269: +case 281: YY_RULE_SETUP -#line 485 "util/configlexer.lex" +#line 506 "util/configlexer.lex" { YDVAR(1, VAR_IPSECMOD_WHITELIST) } YY_BREAK -case 270: +case 282: YY_RULE_SETUP -#line 486 "util/configlexer.lex" +#line 507 "util/configlexer.lex" { YDVAR(1, VAR_IPSECMOD_STRICT) } YY_BREAK -case 271: +case 283: YY_RULE_SETUP -#line 487 "util/configlexer.lex" +#line 508 "util/configlexer.lex" { YDVAR(0, VAR_CACHEDB) } YY_BREAK -case 272: +case 284: YY_RULE_SETUP -#line 488 "util/configlexer.lex" +#line 509 "util/configlexer.lex" { YDVAR(1, VAR_CACHEDB_BACKEND) } YY_BREAK -case 273: +case 285: YY_RULE_SETUP -#line 489 "util/configlexer.lex" +#line 510 "util/configlexer.lex" { YDVAR(1, VAR_CACHEDB_SECRETSEED) } YY_BREAK -case 274: +case 286: YY_RULE_SETUP -#line 490 "util/configlexer.lex" +#line 511 "util/configlexer.lex" { YDVAR(1, VAR_CACHEDB_REDISHOST) } YY_BREAK -case 275: +case 287: YY_RULE_SETUP -#line 491 "util/configlexer.lex" +#line 512 "util/configlexer.lex" { YDVAR(1, VAR_CACHEDB_REDISPORT) } YY_BREAK -case 276: +case 288: YY_RULE_SETUP -#line 492 "util/configlexer.lex" +#line 513 "util/configlexer.lex" { YDVAR(1, VAR_CACHEDB_REDISTIMEOUT) } YY_BREAK -case 277: +case 289: YY_RULE_SETUP -#line 493 "util/configlexer.lex" +#line 514 "util/configlexer.lex" +{ YDVAR(1, VAR_CACHEDB_REDISEXPIRERECORDS) } + YY_BREAK +case 290: +YY_RULE_SETUP +#line 515 "util/configlexer.lex" { YDVAR(0, VAR_IPSET) } YY_BREAK -case 278: +case 291: YY_RULE_SETUP -#line 494 "util/configlexer.lex" +#line 516 "util/configlexer.lex" { YDVAR(1, VAR_IPSET_NAME_V4) } YY_BREAK -case 279: +case 292: YY_RULE_SETUP -#line 495 "util/configlexer.lex" +#line 517 "util/configlexer.lex" { YDVAR(1, VAR_IPSET_NAME_V6) } YY_BREAK -case 280: +case 293: YY_RULE_SETUP -#line 496 "util/configlexer.lex" +#line 518 "util/configlexer.lex" { YDVAR(1, VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM) } YY_BREAK -case 281: +case 294: YY_RULE_SETUP -#line 497 "util/configlexer.lex" +#line 519 "util/configlexer.lex" { YDVAR(2, VAR_TCP_CONNECTION_LIMIT) } YY_BREAK -case 282: -/* rule 282 can match eol */ +case 295: +/* rule 295 can match eol */ YY_RULE_SETUP -#line 498 "util/configlexer.lex" +#line 520 "util/configlexer.lex" { LEXOUT(("NL\n")); cfg_parser->line++; } YY_BREAK /* Quoted strings. Strip leading and ending quotes */ -case 283: +case 296: YY_RULE_SETUP -#line 501 "util/configlexer.lex" +#line 523 "util/configlexer.lex" { BEGIN(quotedstring); LEXOUT(("QS ")); } YY_BREAK case YY_STATE_EOF(quotedstring): -#line 502 "util/configlexer.lex" +#line 524 "util/configlexer.lex" { yyerror("EOF inside quoted string"); if(--num_args == 0) { BEGIN(INITIAL); } else { BEGIN(val); } } YY_BREAK -case 284: +case 297: YY_RULE_SETUP -#line 507 "util/configlexer.lex" +#line 529 "util/configlexer.lex" { LEXOUT(("STR(%s) ", yytext)); yymore(); } YY_BREAK -case 285: -/* rule 285 can match eol */ +case 298: +/* rule 298 can match eol */ YY_RULE_SETUP -#line 508 "util/configlexer.lex" +#line 530 "util/configlexer.lex" { yyerror("newline inside quoted string, no end \""); cfg_parser->line++; BEGIN(INITIAL); } YY_BREAK -case 286: +case 299: YY_RULE_SETUP -#line 510 "util/configlexer.lex" +#line 532 "util/configlexer.lex" { LEXOUT(("QE ")); if(--num_args == 0) { BEGIN(INITIAL); } @@ -5250,34 +5479,34 @@ YY_RULE_SETUP } YY_BREAK /* Single Quoted strings. Strip leading and ending quotes */ -case 287: +case 300: YY_RULE_SETUP -#line 522 "util/configlexer.lex" +#line 544 "util/configlexer.lex" { BEGIN(singlequotedstr); LEXOUT(("SQS ")); } YY_BREAK case YY_STATE_EOF(singlequotedstr): -#line 523 "util/configlexer.lex" +#line 545 "util/configlexer.lex" { yyerror("EOF inside quoted string"); if(--num_args == 0) { BEGIN(INITIAL); } else { BEGIN(val); } } YY_BREAK -case 288: +case 301: YY_RULE_SETUP -#line 528 "util/configlexer.lex" +#line 550 "util/configlexer.lex" { LEXOUT(("STR(%s) ", yytext)); yymore(); } YY_BREAK -case 289: -/* rule 289 can match eol */ +case 302: +/* rule 302 can match eol */ YY_RULE_SETUP -#line 529 "util/configlexer.lex" +#line 551 "util/configlexer.lex" { yyerror("newline inside quoted string, no end '"); cfg_parser->line++; BEGIN(INITIAL); } YY_BREAK -case 290: +case 303: YY_RULE_SETUP -#line 531 "util/configlexer.lex" +#line 553 "util/configlexer.lex" { LEXOUT(("SQE ")); if(--num_args == 0) { BEGIN(INITIAL); } @@ -5290,114 +5519,189 @@ YY_RULE_SETUP } YY_BREAK /* include: directive */ -case 291: +case 304: YY_RULE_SETUP -#line 543 "util/configlexer.lex" +#line 565 "util/configlexer.lex" { LEXOUT(("v(%s) ", yytext)); inc_prev = YYSTATE; BEGIN(include); } YY_BREAK case YY_STATE_EOF(include): -#line 545 "util/configlexer.lex" +#line 567 "util/configlexer.lex" { yyerror("EOF inside include directive"); BEGIN(inc_prev); } YY_BREAK -case 292: +case 305: YY_RULE_SETUP -#line 549 "util/configlexer.lex" +#line 571 "util/configlexer.lex" { LEXOUT(("ISP ")); /* ignore */ } YY_BREAK -case 293: -/* rule 293 can match eol */ +case 306: +/* rule 306 can match eol */ YY_RULE_SETUP -#line 550 "util/configlexer.lex" +#line 572 "util/configlexer.lex" { LEXOUT(("NL\n")); cfg_parser->line++;} YY_BREAK -case 294: +case 307: YY_RULE_SETUP -#line 551 "util/configlexer.lex" +#line 573 "util/configlexer.lex" { LEXOUT(("IQS ")); BEGIN(include_quoted); } YY_BREAK -case 295: +case 308: YY_RULE_SETUP -#line 552 "util/configlexer.lex" +#line 574 "util/configlexer.lex" { LEXOUT(("Iunquotedstr(%s) ", yytext)); - config_start_include_glob(yytext); + config_start_include_glob(yytext, 0); BEGIN(inc_prev); } YY_BREAK case YY_STATE_EOF(include_quoted): -#line 557 "util/configlexer.lex" +#line 579 "util/configlexer.lex" { yyerror("EOF inside quoted string"); BEGIN(inc_prev); } YY_BREAK -case 296: +case 309: YY_RULE_SETUP -#line 561 "util/configlexer.lex" +#line 583 "util/configlexer.lex" { LEXOUT(("ISTR(%s) ", yytext)); yymore(); } YY_BREAK -case 297: -/* rule 297 can match eol */ +case 310: +/* rule 310 can match eol */ YY_RULE_SETUP -#line 562 "util/configlexer.lex" +#line 584 "util/configlexer.lex" { yyerror("newline before \" in include name"); cfg_parser->line++; BEGIN(inc_prev); } YY_BREAK -case 298: +case 311: YY_RULE_SETUP -#line 564 "util/configlexer.lex" +#line 586 "util/configlexer.lex" { LEXOUT(("IQE ")); yytext[yyleng - 1] = '\0'; - config_start_include_glob(yytext); + config_start_include_glob(yytext, 0); BEGIN(inc_prev); } YY_BREAK case YY_STATE_EOF(INITIAL): case YY_STATE_EOF(val): -#line 570 "util/configlexer.lex" +#line 592 "util/configlexer.lex" { LEXOUT(("LEXEOF ")); yy_set_bol(1); /* Set beginning of line, so "^" rules match. */ if (!config_include_stack) { yyterminate(); } else { + int prev_toplevel = inc_toplevel; fclose(yyin); config_end_include(); + if(prev_toplevel) return (VAR_FORCE_TOPLEVEL); } } YY_BREAK -case 299: +/* include-toplevel: directive */ +case 312: YY_RULE_SETUP -#line 581 "util/configlexer.lex" +#line 606 "util/configlexer.lex" +{ + LEXOUT(("v(%s) ", yytext)); inc_prev = YYSTATE; BEGIN(include_toplevel); +} + YY_BREAK +case YY_STATE_EOF(include_toplevel): +#line 609 "util/configlexer.lex" +{ + yyerror("EOF inside include_toplevel directive"); + BEGIN(inc_prev); +} + YY_BREAK +case 313: +YY_RULE_SETUP +#line 613 "util/configlexer.lex" +{ LEXOUT(("ITSP ")); /* ignore */ } + YY_BREAK +case 314: +/* rule 314 can match eol */ +YY_RULE_SETUP +#line 614 "util/configlexer.lex" +{ LEXOUT(("NL\n")); cfg_parser->line++; } + YY_BREAK +case 315: +YY_RULE_SETUP +#line 615 "util/configlexer.lex" +{ LEXOUT(("ITQS ")); BEGIN(include_toplevel_quoted); } + YY_BREAK +case 316: +YY_RULE_SETUP +#line 616 "util/configlexer.lex" +{ + LEXOUT(("ITunquotedstr(%s) ", yytext)); + config_start_include_glob(yytext, 1); + BEGIN(inc_prev); + return (VAR_FORCE_TOPLEVEL); +} + YY_BREAK +case YY_STATE_EOF(include_toplevel_quoted): +#line 622 "util/configlexer.lex" +{ + yyerror("EOF inside quoted string"); + BEGIN(inc_prev); +} + YY_BREAK +case 317: +YY_RULE_SETUP +#line 626 "util/configlexer.lex" +{ LEXOUT(("ITSTR(%s) ", yytext)); yymore(); } + YY_BREAK +case 318: +/* rule 318 can match eol */ +YY_RULE_SETUP +#line 627 "util/configlexer.lex" +{ + yyerror("newline before \" in include name"); + cfg_parser->line++; BEGIN(inc_prev); +} + YY_BREAK +case 319: +YY_RULE_SETUP +#line 631 "util/configlexer.lex" +{ + LEXOUT(("ITQE ")); + yytext[yyleng - 1] = '\0'; + config_start_include_glob(yytext, 1); + BEGIN(inc_prev); + return (VAR_FORCE_TOPLEVEL); +} + YY_BREAK +case 320: +YY_RULE_SETUP +#line 639 "util/configlexer.lex" { LEXOUT(("unquotedstr(%s) ", yytext)); if(--num_args == 0) { BEGIN(INITIAL); } yylval.str = strdup(yytext); return STRING_ARG; } YY_BREAK -case 300: +case 321: YY_RULE_SETUP -#line 585 "util/configlexer.lex" +#line 643 "util/configlexer.lex" { ub_c_error_msg("unknown keyword '%s'", yytext); } YY_BREAK -case 301: +case 322: YY_RULE_SETUP -#line 589 "util/configlexer.lex" +#line 647 "util/configlexer.lex" { ub_c_error_msg("stray '%s'", yytext); } YY_BREAK -case 302: +case 323: YY_RULE_SETUP -#line 593 "util/configlexer.lex" +#line 651 "util/configlexer.lex" ECHO; YY_BREAK -#line 5398 "<stdout>" +#line 5702 "<stdout>" case YY_END_OF_BUFFER: { @@ -5692,7 +5996,7 @@ static int yy_get_next_buffer (void) while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { yy_current_state = (int) yy_def[yy_current_state]; - if ( yy_current_state >= 2986 ) + if ( yy_current_state >= 3137 ) yy_c = yy_meta[yy_c]; } yy_current_state = yy_nxt[yy_base[yy_current_state] + yy_c]; @@ -5720,11 +6024,11 @@ static int yy_get_next_buffer (void) while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { yy_current_state = (int) yy_def[yy_current_state]; - if ( yy_current_state >= 2986 ) + if ( yy_current_state >= 3137 ) yy_c = yy_meta[yy_c]; } yy_current_state = yy_nxt[yy_base[yy_current_state] + yy_c]; - yy_is_jam = (yy_current_state == 2985); + yy_is_jam = (yy_current_state == 3136); return yy_is_jam ? 0 : yy_current_state; } @@ -6363,6 +6667,6 @@ void yyfree (void * ptr ) #define YYTABLES_NAME "yytables" -#line 593 "util/configlexer.lex" +#line 651 "util/configlexer.lex" diff --git a/util/configlexer.lex b/util/configlexer.lex index deedffa58da4..83cea4b992fd 100644 --- a/util/configlexer.lex +++ b/util/configlexer.lex @@ -45,11 +45,13 @@ struct inc_state { int line; YY_BUFFER_STATE buffer; struct inc_state* next; + int inc_toplevel; }; static struct inc_state* config_include_stack = NULL; static int inc_depth = 0; static int inc_prev = 0; static int num_args = 0; +static int inc_toplevel = 0; void init_cfg_parse(void) { @@ -57,14 +59,15 @@ void init_cfg_parse(void) inc_depth = 0; inc_prev = 0; num_args = 0; + inc_toplevel = 0; } -static void config_start_include(const char* filename) +static void config_start_include(const char* filename, int toplevel) { FILE *input; struct inc_state* s; char* nm; - if(inc_depth++ > 100000) { + if(inc_depth+1 > 100000) { ub_c_error_msg("too many include files"); return; } @@ -96,17 +99,20 @@ static void config_start_include(const char* filename) return; } LEXOUT(("switch_to_include_file(%s)\n", filename)); + inc_depth++; s->filename = cfg_parser->filename; s->line = cfg_parser->line; s->buffer = YY_CURRENT_BUFFER; + s->inc_toplevel = inc_toplevel; s->next = config_include_stack; config_include_stack = s; cfg_parser->filename = nm; cfg_parser->line = 1; + inc_toplevel = toplevel; yy_switch_to_buffer(yy_create_buffer(input, YY_BUF_SIZE)); } -static void config_start_include_glob(const char* filename) +static void config_start_include_glob(const char* filename, int toplevel) { /* check for wildcards */ @@ -139,19 +145,19 @@ static void config_start_include_glob(const char* filename) globfree(&g); if(r == GLOB_NOMATCH) return; /* no matches for pattern */ - config_start_include(filename); /* let original deal with it */ + config_start_include(filename, toplevel); /* let original deal with it */ return; } /* process files found, if any */ for(i=(int)g.gl_pathc-1; i>=0; i--) { - config_start_include(g.gl_pathv[i]); + config_start_include(g.gl_pathv[i], toplevel); } globfree(&g); return; } #endif /* HAVE_GLOB */ - config_start_include(filename); + config_start_include(filename, toplevel); } static void config_end_include(void) @@ -165,6 +171,7 @@ static void config_end_include(void) yy_delete_buffer(YY_CURRENT_BUFFER); yy_switch_to_buffer(s->buffer); config_include_stack = s->next; + inc_toplevel = s->inc_toplevel; free(s); } @@ -199,7 +206,7 @@ COLON \: DQANY [^\"\n\r\\]|\\. SQANY [^\'\n\r\\]|\\. -%x quotedstring singlequotedstr include include_quoted val +%x quotedstring singlequotedstr include include_quoted val include_toplevel include_toplevel_quoted %% <INITIAL,val>{SPACE}* { @@ -220,6 +227,7 @@ outgoing-num-tcp{COLON} { YDVAR(1, VAR_OUTGOING_NUM_TCP) } incoming-num-tcp{COLON} { YDVAR(1, VAR_INCOMING_NUM_TCP) } do-ip4{COLON} { YDVAR(1, VAR_DO_IP4) } do-ip6{COLON} { YDVAR(1, VAR_DO_IP6) } +prefer-ip4{COLON} { YDVAR(1, VAR_PREFER_IP4) } prefer-ip6{COLON} { YDVAR(1, VAR_PREFER_IP6) } do-udp{COLON} { YDVAR(1, VAR_DO_UDP) } do-tcp{COLON} { YDVAR(1, VAR_DO_TCP) } @@ -247,6 +255,7 @@ tls-additional-port{COLON} { YDVAR(1, VAR_TLS_ADDITIONAL_PORT) } tls-session-ticket-keys{COLON} { YDVAR(1, VAR_TLS_SESSION_TICKET_KEYS) } tls-ciphers{COLON} { YDVAR(1, VAR_TLS_CIPHERS) } tls-ciphersuites{COLON} { YDVAR(1, VAR_TLS_CIPHERSUITES) } +tls-use-sni{COLON} { YDVAR(1, VAR_TLS_USE_SNI) } use-systemd{COLON} { YDVAR(1, VAR_USE_SYSTEMD) } do-daemonize{COLON} { YDVAR(1, VAR_DO_DAEMONIZE) } interface{COLON} { YDVAR(1, VAR_INTERFACE) } @@ -258,6 +267,7 @@ so-sndbuf{COLON} { YDVAR(1, VAR_SO_SNDBUF) } so-reuseport{COLON} { YDVAR(1, VAR_SO_REUSEPORT) } ip-transparent{COLON} { YDVAR(1, VAR_IP_TRANSPARENT) } ip-freebind{COLON} { YDVAR(1, VAR_IP_FREEBIND) } +ip-dscp{COLON} { YDVAR(1, VAR_IP_DSCP) } chroot{COLON} { YDVAR(1, VAR_CHROOT) } username{COLON} { YDVAR(1, VAR_USERNAME) } directory{COLON} { YDVAR(1, VAR_DIRECTORY) } @@ -412,6 +422,8 @@ control-key-file{COLON} { YDVAR(1, VAR_CONTROL_KEY_FILE) } control-cert-file{COLON} { YDVAR(1, VAR_CONTROL_CERT_FILE) } python-script{COLON} { YDVAR(1, VAR_PYTHON_SCRIPT) } python{COLON} { YDVAR(0, VAR_PYTHON) } +dynlib-file{COLON} { YDVAR(1, VAR_DYNLIB_FILE) } +dynlib{COLON} { YDVAR(0, VAR_DYNLIB) } domain-insecure{COLON} { YDVAR(1, VAR_DOMAIN_INSECURE) } minimal-responses{COLON} { YDVAR(1, VAR_MINIMAL_RESPONSES) } rrset-roundrobin{COLON} { YDVAR(1, VAR_RRSET_ROUNDROBIN) } @@ -429,7 +441,16 @@ access-control-view{COLON} { YDVAR(2, VAR_ACCESS_CONTROL_VIEW) } local-zone-override{COLON} { YDVAR(3, VAR_LOCAL_ZONE_OVERRIDE) } dnstap{COLON} { YDVAR(0, VAR_DNSTAP) } dnstap-enable{COLON} { YDVAR(1, VAR_DNSTAP_ENABLE) } +dnstap-bidirectional{COLON} { YDVAR(1, VAR_DNSTAP_BIDIRECTIONAL) } dnstap-socket-path{COLON} { YDVAR(1, VAR_DNSTAP_SOCKET_PATH) } +dnstap-ip{COLON} { YDVAR(1, VAR_DNSTAP_IP) } +dnstap-tls{COLON} { YDVAR(1, VAR_DNSTAP_TLS) } +dnstap-tls-server-name{COLON} { YDVAR(1, VAR_DNSTAP_TLS_SERVER_NAME) } +dnstap-tls-cert-bundle{COLON} { YDVAR(1, VAR_DNSTAP_TLS_CERT_BUNDLE) } +dnstap-tls-client-key-file{COLON} { + YDVAR(1, VAR_DNSTAP_TLS_CLIENT_KEY_FILE) } +dnstap-tls-client-cert-file{COLON} { + YDVAR(1, VAR_DNSTAP_TLS_CLIENT_CERT_FILE) } dnstap-send-identity{COLON} { YDVAR(1, VAR_DNSTAP_SEND_IDENTITY) } dnstap-send-version{COLON} { YDVAR(1, VAR_DNSTAP_SEND_VERSION) } dnstap-identity{COLON} { YDVAR(1, VAR_DNSTAP_IDENTITY) } @@ -490,6 +511,7 @@ secret-seed{COLON} { YDVAR(1, VAR_CACHEDB_SECRETSEED) } redis-server-host{COLON} { YDVAR(1, VAR_CACHEDB_REDISHOST) } redis-server-port{COLON} { YDVAR(1, VAR_CACHEDB_REDISPORT) } redis-timeout{COLON} { YDVAR(1, VAR_CACHEDB_REDISTIMEOUT) } +redis-expire-records{COLON} { YDVAR(1, VAR_CACHEDB_REDISEXPIRERECORDS) } ipset{COLON} { YDVAR(0, VAR_IPSET) } name-v4{COLON} { YDVAR(1, VAR_IPSET_NAME_V4) } name-v6{COLON} { YDVAR(1, VAR_IPSET_NAME_V6) } @@ -551,7 +573,7 @@ tcp-connection-limit{COLON} { YDVAR(2, VAR_TCP_CONNECTION_LIMIT) } <include>\" { LEXOUT(("IQS ")); BEGIN(include_quoted); } <include>{UNQUOTEDLETTER}* { LEXOUT(("Iunquotedstr(%s) ", yytext)); - config_start_include_glob(yytext); + config_start_include_glob(yytext, 0); BEGIN(inc_prev); } <include_quoted><<EOF>> { @@ -564,7 +586,7 @@ tcp-connection-limit{COLON} { YDVAR(2, VAR_TCP_CONNECTION_LIMIT) } <include_quoted>\" { LEXOUT(("IQE ")); yytext[yyleng - 1] = '\0'; - config_start_include_glob(yytext); + config_start_include_glob(yytext, 0); BEGIN(inc_prev); } <INITIAL,val><<EOF>> { @@ -573,11 +595,47 @@ tcp-connection-limit{COLON} { YDVAR(2, VAR_TCP_CONNECTION_LIMIT) } if (!config_include_stack) { yyterminate(); } else { + int prev_toplevel = inc_toplevel; fclose(yyin); config_end_include(); + if(prev_toplevel) return (VAR_FORCE_TOPLEVEL); } } + /* include-toplevel: directive */ +<INITIAL,val>include-toplevel{COLON} { + LEXOUT(("v(%s) ", yytext)); inc_prev = YYSTATE; BEGIN(include_toplevel); +} +<include_toplevel><<EOF>> { + yyerror("EOF inside include_toplevel directive"); + BEGIN(inc_prev); +} +<include_toplevel>{SPACE}* { LEXOUT(("ITSP ")); /* ignore */ } +<include_toplevel>{NEWLINE} { LEXOUT(("NL\n")); cfg_parser->line++; } +<include_toplevel>\" { LEXOUT(("ITQS ")); BEGIN(include_toplevel_quoted); } +<include_toplevel>{UNQUOTEDLETTER}* { + LEXOUT(("ITunquotedstr(%s) ", yytext)); + config_start_include_glob(yytext, 1); + BEGIN(inc_prev); + return (VAR_FORCE_TOPLEVEL); +} +<include_toplevel_quoted><<EOF>> { + yyerror("EOF inside quoted string"); + BEGIN(inc_prev); +} +<include_toplevel_quoted>{DQANY}* { LEXOUT(("ITSTR(%s) ", yytext)); yymore(); } +<include_toplevel_quoted>{NEWLINE} { + yyerror("newline before \" in include name"); + cfg_parser->line++; BEGIN(inc_prev); +} +<include_toplevel_quoted>\" { + LEXOUT(("ITQE ")); + yytext[yyleng - 1] = '\0'; + config_start_include_glob(yytext, 1); + BEGIN(inc_prev); + return (VAR_FORCE_TOPLEVEL); +} + <val>{UNQUOTEDLETTER}* { LEXOUT(("unquotedstr(%s) ", yytext)); if(--num_args == 0) { BEGIN(INITIAL); } yylval.str = strdup(yytext); return STRING_ARG; } diff --git a/util/configparser.c b/util/configparser.c index 6ddfaca1d7b4..fbb9b532bcd4 100644 --- a/util/configparser.c +++ b/util/configparser.c @@ -142,273 +142,287 @@ extern int yydebug; ANY = 263, ZONESTR = 264, STRING_ARG = 265, - VAR_SERVER = 266, - VAR_VERBOSITY = 267, - VAR_NUM_THREADS = 268, - VAR_PORT = 269, - VAR_OUTGOING_RANGE = 270, - VAR_INTERFACE = 271, - VAR_DO_IP4 = 272, - VAR_DO_IP6 = 273, - VAR_PREFER_IP6 = 274, - VAR_DO_UDP = 275, - VAR_DO_TCP = 276, - VAR_TCP_MSS = 277, - VAR_OUTGOING_TCP_MSS = 278, - VAR_TCP_IDLE_TIMEOUT = 279, - VAR_EDNS_TCP_KEEPALIVE = 280, - VAR_EDNS_TCP_KEEPALIVE_TIMEOUT = 281, - VAR_CHROOT = 282, - VAR_USERNAME = 283, - VAR_DIRECTORY = 284, - VAR_LOGFILE = 285, - VAR_PIDFILE = 286, - VAR_MSG_CACHE_SIZE = 287, - VAR_MSG_CACHE_SLABS = 288, - VAR_NUM_QUERIES_PER_THREAD = 289, - VAR_RRSET_CACHE_SIZE = 290, - VAR_RRSET_CACHE_SLABS = 291, - VAR_OUTGOING_NUM_TCP = 292, - VAR_INFRA_HOST_TTL = 293, - VAR_INFRA_LAME_TTL = 294, - VAR_INFRA_CACHE_SLABS = 295, - VAR_INFRA_CACHE_NUMHOSTS = 296, - VAR_INFRA_CACHE_LAME_SIZE = 297, - VAR_NAME = 298, - VAR_STUB_ZONE = 299, - VAR_STUB_HOST = 300, - VAR_STUB_ADDR = 301, - VAR_TARGET_FETCH_POLICY = 302, - VAR_HARDEN_SHORT_BUFSIZE = 303, - VAR_HARDEN_LARGE_QUERIES = 304, - VAR_FORWARD_ZONE = 305, - VAR_FORWARD_HOST = 306, - VAR_FORWARD_ADDR = 307, - VAR_DO_NOT_QUERY_ADDRESS = 308, - VAR_HIDE_IDENTITY = 309, - VAR_HIDE_VERSION = 310, - VAR_IDENTITY = 311, - VAR_VERSION = 312, - VAR_HARDEN_GLUE = 313, - VAR_MODULE_CONF = 314, - VAR_TRUST_ANCHOR_FILE = 315, - VAR_TRUST_ANCHOR = 316, - VAR_VAL_OVERRIDE_DATE = 317, - VAR_BOGUS_TTL = 318, - VAR_VAL_CLEAN_ADDITIONAL = 319, - VAR_VAL_PERMISSIVE_MODE = 320, - VAR_INCOMING_NUM_TCP = 321, - VAR_MSG_BUFFER_SIZE = 322, - VAR_KEY_CACHE_SIZE = 323, - VAR_KEY_CACHE_SLABS = 324, - VAR_TRUSTED_KEYS_FILE = 325, - VAR_VAL_NSEC3_KEYSIZE_ITERATIONS = 326, - VAR_USE_SYSLOG = 327, - VAR_OUTGOING_INTERFACE = 328, - VAR_ROOT_HINTS = 329, - VAR_DO_NOT_QUERY_LOCALHOST = 330, - VAR_CACHE_MAX_TTL = 331, - VAR_HARDEN_DNSSEC_STRIPPED = 332, - VAR_ACCESS_CONTROL = 333, - VAR_LOCAL_ZONE = 334, - VAR_LOCAL_DATA = 335, - VAR_INTERFACE_AUTOMATIC = 336, - VAR_STATISTICS_INTERVAL = 337, - VAR_DO_DAEMONIZE = 338, - VAR_USE_CAPS_FOR_ID = 339, - VAR_STATISTICS_CUMULATIVE = 340, - VAR_OUTGOING_PORT_PERMIT = 341, - VAR_OUTGOING_PORT_AVOID = 342, - VAR_DLV_ANCHOR_FILE = 343, - VAR_DLV_ANCHOR = 344, - VAR_NEG_CACHE_SIZE = 345, - VAR_HARDEN_REFERRAL_PATH = 346, - VAR_PRIVATE_ADDRESS = 347, - VAR_PRIVATE_DOMAIN = 348, - VAR_REMOTE_CONTROL = 349, - VAR_CONTROL_ENABLE = 350, - VAR_CONTROL_INTERFACE = 351, - VAR_CONTROL_PORT = 352, - VAR_SERVER_KEY_FILE = 353, - VAR_SERVER_CERT_FILE = 354, - VAR_CONTROL_KEY_FILE = 355, - VAR_CONTROL_CERT_FILE = 356, - VAR_CONTROL_USE_CERT = 357, - VAR_EXTENDED_STATISTICS = 358, - VAR_LOCAL_DATA_PTR = 359, - VAR_JOSTLE_TIMEOUT = 360, - VAR_STUB_PRIME = 361, - VAR_UNWANTED_REPLY_THRESHOLD = 362, - VAR_LOG_TIME_ASCII = 363, - VAR_DOMAIN_INSECURE = 364, - VAR_PYTHON = 365, - VAR_PYTHON_SCRIPT = 366, - VAR_VAL_SIG_SKEW_MIN = 367, - VAR_VAL_SIG_SKEW_MAX = 368, - VAR_CACHE_MIN_TTL = 369, - VAR_VAL_LOG_LEVEL = 370, - VAR_AUTO_TRUST_ANCHOR_FILE = 371, - VAR_KEEP_MISSING = 372, - VAR_ADD_HOLDDOWN = 373, - VAR_DEL_HOLDDOWN = 374, - VAR_SO_RCVBUF = 375, - VAR_EDNS_BUFFER_SIZE = 376, - VAR_PREFETCH = 377, - VAR_PREFETCH_KEY = 378, - VAR_SO_SNDBUF = 379, - VAR_SO_REUSEPORT = 380, - VAR_HARDEN_BELOW_NXDOMAIN = 381, - VAR_IGNORE_CD_FLAG = 382, - VAR_LOG_QUERIES = 383, - VAR_LOG_REPLIES = 384, - VAR_LOG_LOCAL_ACTIONS = 385, - VAR_TCP_UPSTREAM = 386, - VAR_SSL_UPSTREAM = 387, - VAR_SSL_SERVICE_KEY = 388, - VAR_SSL_SERVICE_PEM = 389, - VAR_SSL_PORT = 390, - VAR_FORWARD_FIRST = 391, - VAR_STUB_SSL_UPSTREAM = 392, - VAR_FORWARD_SSL_UPSTREAM = 393, - VAR_TLS_CERT_BUNDLE = 394, - VAR_STUB_FIRST = 395, - VAR_MINIMAL_RESPONSES = 396, - VAR_RRSET_ROUNDROBIN = 397, - VAR_MAX_UDP_SIZE = 398, - VAR_DELAY_CLOSE = 399, - VAR_UNBLOCK_LAN_ZONES = 400, - VAR_INSECURE_LAN_ZONES = 401, - VAR_INFRA_CACHE_MIN_RTT = 402, - VAR_DNS64_PREFIX = 403, - VAR_DNS64_SYNTHALL = 404, - VAR_DNS64_IGNORE_AAAA = 405, - VAR_DNSTAP = 406, - VAR_DNSTAP_ENABLE = 407, - VAR_DNSTAP_SOCKET_PATH = 408, - VAR_DNSTAP_SEND_IDENTITY = 409, - VAR_DNSTAP_SEND_VERSION = 410, - VAR_DNSTAP_IDENTITY = 411, - VAR_DNSTAP_VERSION = 412, - VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES = 413, - VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES = 414, - VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES = 415, - VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES = 416, - VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES = 417, - VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES = 418, - VAR_RESPONSE_IP_TAG = 419, - VAR_RESPONSE_IP = 420, - VAR_RESPONSE_IP_DATA = 421, - VAR_HARDEN_ALGO_DOWNGRADE = 422, - VAR_IP_TRANSPARENT = 423, - VAR_DISABLE_DNSSEC_LAME_CHECK = 424, - VAR_IP_RATELIMIT = 425, - VAR_IP_RATELIMIT_SLABS = 426, - VAR_IP_RATELIMIT_SIZE = 427, - VAR_RATELIMIT = 428, - VAR_RATELIMIT_SLABS = 429, - VAR_RATELIMIT_SIZE = 430, - VAR_RATELIMIT_FOR_DOMAIN = 431, - VAR_RATELIMIT_BELOW_DOMAIN = 432, - VAR_IP_RATELIMIT_FACTOR = 433, - VAR_RATELIMIT_FACTOR = 434, - VAR_SEND_CLIENT_SUBNET = 435, - VAR_CLIENT_SUBNET_ZONE = 436, - VAR_CLIENT_SUBNET_ALWAYS_FORWARD = 437, - VAR_CLIENT_SUBNET_OPCODE = 438, - VAR_MAX_CLIENT_SUBNET_IPV4 = 439, - VAR_MAX_CLIENT_SUBNET_IPV6 = 440, - VAR_MIN_CLIENT_SUBNET_IPV4 = 441, - VAR_MIN_CLIENT_SUBNET_IPV6 = 442, - VAR_MAX_ECS_TREE_SIZE_IPV4 = 443, - VAR_MAX_ECS_TREE_SIZE_IPV6 = 444, - VAR_CAPS_WHITELIST = 445, - VAR_CACHE_MAX_NEGATIVE_TTL = 446, - VAR_PERMIT_SMALL_HOLDDOWN = 447, - VAR_QNAME_MINIMISATION = 448, - VAR_QNAME_MINIMISATION_STRICT = 449, - VAR_IP_FREEBIND = 450, - VAR_DEFINE_TAG = 451, - VAR_LOCAL_ZONE_TAG = 452, - VAR_ACCESS_CONTROL_TAG = 453, - VAR_LOCAL_ZONE_OVERRIDE = 454, - VAR_ACCESS_CONTROL_TAG_ACTION = 455, - VAR_ACCESS_CONTROL_TAG_DATA = 456, - VAR_VIEW = 457, - VAR_ACCESS_CONTROL_VIEW = 458, - VAR_VIEW_FIRST = 459, - VAR_SERVE_EXPIRED = 460, - VAR_SERVE_EXPIRED_TTL = 461, - VAR_SERVE_EXPIRED_TTL_RESET = 462, - VAR_SERVE_EXPIRED_REPLY_TTL = 463, - VAR_SERVE_EXPIRED_CLIENT_TIMEOUT = 464, - VAR_FAKE_DSA = 465, - VAR_FAKE_SHA1 = 466, - VAR_LOG_IDENTITY = 467, - VAR_HIDE_TRUSTANCHOR = 468, - VAR_TRUST_ANCHOR_SIGNALING = 469, - VAR_AGGRESSIVE_NSEC = 470, - VAR_USE_SYSTEMD = 471, - VAR_SHM_ENABLE = 472, - VAR_SHM_KEY = 473, - VAR_ROOT_KEY_SENTINEL = 474, - VAR_DNSCRYPT = 475, - VAR_DNSCRYPT_ENABLE = 476, - VAR_DNSCRYPT_PORT = 477, - VAR_DNSCRYPT_PROVIDER = 478, - VAR_DNSCRYPT_SECRET_KEY = 479, - VAR_DNSCRYPT_PROVIDER_CERT = 480, - VAR_DNSCRYPT_PROVIDER_CERT_ROTATED = 481, - VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE = 482, - VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS = 483, - VAR_DNSCRYPT_NONCE_CACHE_SIZE = 484, - VAR_DNSCRYPT_NONCE_CACHE_SLABS = 485, - VAR_IPSECMOD_ENABLED = 486, - VAR_IPSECMOD_HOOK = 487, - VAR_IPSECMOD_IGNORE_BOGUS = 488, - VAR_IPSECMOD_MAX_TTL = 489, - VAR_IPSECMOD_WHITELIST = 490, - VAR_IPSECMOD_STRICT = 491, - VAR_CACHEDB = 492, - VAR_CACHEDB_BACKEND = 493, - VAR_CACHEDB_SECRETSEED = 494, - VAR_CACHEDB_REDISHOST = 495, - VAR_CACHEDB_REDISPORT = 496, - VAR_CACHEDB_REDISTIMEOUT = 497, - VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM = 498, - VAR_FOR_UPSTREAM = 499, - VAR_AUTH_ZONE = 500, - VAR_ZONEFILE = 501, - VAR_MASTER = 502, - VAR_URL = 503, - VAR_FOR_DOWNSTREAM = 504, - VAR_FALLBACK_ENABLED = 505, - VAR_TLS_ADDITIONAL_PORT = 506, - VAR_LOW_RTT = 507, - VAR_LOW_RTT_PERMIL = 508, - VAR_FAST_SERVER_PERMIL = 509, - VAR_FAST_SERVER_NUM = 510, - VAR_ALLOW_NOTIFY = 511, - VAR_TLS_WIN_CERT = 512, - VAR_TCP_CONNECTION_LIMIT = 513, - VAR_FORWARD_NO_CACHE = 514, - VAR_STUB_NO_CACHE = 515, - VAR_LOG_SERVFAIL = 516, - VAR_DENY_ANY = 517, - VAR_UNKNOWN_SERVER_TIME_LIMIT = 518, - VAR_LOG_TAG_QUERYREPLY = 519, - VAR_STREAM_WAIT_SIZE = 520, - VAR_TLS_CIPHERS = 521, - VAR_TLS_CIPHERSUITES = 522, - VAR_IPSET = 523, - VAR_IPSET_NAME_V4 = 524, - VAR_IPSET_NAME_V6 = 525, - VAR_TLS_SESSION_TICKET_KEYS = 526, - VAR_RPZ = 527, - VAR_TAGS = 528, - VAR_RPZ_ACTION_OVERRIDE = 529, - VAR_RPZ_CNAME_OVERRIDE = 530, - VAR_RPZ_LOG = 531, - VAR_RPZ_LOG_NAME = 532 + VAR_FORCE_TOPLEVEL = 266, + VAR_SERVER = 267, + VAR_VERBOSITY = 268, + VAR_NUM_THREADS = 269, + VAR_PORT = 270, + VAR_OUTGOING_RANGE = 271, + VAR_INTERFACE = 272, + VAR_PREFER_IP4 = 273, + VAR_DO_IP4 = 274, + VAR_DO_IP6 = 275, + VAR_PREFER_IP6 = 276, + VAR_DO_UDP = 277, + VAR_DO_TCP = 278, + VAR_TCP_MSS = 279, + VAR_OUTGOING_TCP_MSS = 280, + VAR_TCP_IDLE_TIMEOUT = 281, + VAR_EDNS_TCP_KEEPALIVE = 282, + VAR_EDNS_TCP_KEEPALIVE_TIMEOUT = 283, + VAR_CHROOT = 284, + VAR_USERNAME = 285, + VAR_DIRECTORY = 286, + VAR_LOGFILE = 287, + VAR_PIDFILE = 288, + VAR_MSG_CACHE_SIZE = 289, + VAR_MSG_CACHE_SLABS = 290, + VAR_NUM_QUERIES_PER_THREAD = 291, + VAR_RRSET_CACHE_SIZE = 292, + VAR_RRSET_CACHE_SLABS = 293, + VAR_OUTGOING_NUM_TCP = 294, + VAR_INFRA_HOST_TTL = 295, + VAR_INFRA_LAME_TTL = 296, + VAR_INFRA_CACHE_SLABS = 297, + VAR_INFRA_CACHE_NUMHOSTS = 298, + VAR_INFRA_CACHE_LAME_SIZE = 299, + VAR_NAME = 300, + VAR_STUB_ZONE = 301, + VAR_STUB_HOST = 302, + VAR_STUB_ADDR = 303, + VAR_TARGET_FETCH_POLICY = 304, + VAR_HARDEN_SHORT_BUFSIZE = 305, + VAR_HARDEN_LARGE_QUERIES = 306, + VAR_FORWARD_ZONE = 307, + VAR_FORWARD_HOST = 308, + VAR_FORWARD_ADDR = 309, + VAR_DO_NOT_QUERY_ADDRESS = 310, + VAR_HIDE_IDENTITY = 311, + VAR_HIDE_VERSION = 312, + VAR_IDENTITY = 313, + VAR_VERSION = 314, + VAR_HARDEN_GLUE = 315, + VAR_MODULE_CONF = 316, + VAR_TRUST_ANCHOR_FILE = 317, + VAR_TRUST_ANCHOR = 318, + VAR_VAL_OVERRIDE_DATE = 319, + VAR_BOGUS_TTL = 320, + VAR_VAL_CLEAN_ADDITIONAL = 321, + VAR_VAL_PERMISSIVE_MODE = 322, + VAR_INCOMING_NUM_TCP = 323, + VAR_MSG_BUFFER_SIZE = 324, + VAR_KEY_CACHE_SIZE = 325, + VAR_KEY_CACHE_SLABS = 326, + VAR_TRUSTED_KEYS_FILE = 327, + VAR_VAL_NSEC3_KEYSIZE_ITERATIONS = 328, + VAR_USE_SYSLOG = 329, + VAR_OUTGOING_INTERFACE = 330, + VAR_ROOT_HINTS = 331, + VAR_DO_NOT_QUERY_LOCALHOST = 332, + VAR_CACHE_MAX_TTL = 333, + VAR_HARDEN_DNSSEC_STRIPPED = 334, + VAR_ACCESS_CONTROL = 335, + VAR_LOCAL_ZONE = 336, + VAR_LOCAL_DATA = 337, + VAR_INTERFACE_AUTOMATIC = 338, + VAR_STATISTICS_INTERVAL = 339, + VAR_DO_DAEMONIZE = 340, + VAR_USE_CAPS_FOR_ID = 341, + VAR_STATISTICS_CUMULATIVE = 342, + VAR_OUTGOING_PORT_PERMIT = 343, + VAR_OUTGOING_PORT_AVOID = 344, + VAR_DLV_ANCHOR_FILE = 345, + VAR_DLV_ANCHOR = 346, + VAR_NEG_CACHE_SIZE = 347, + VAR_HARDEN_REFERRAL_PATH = 348, + VAR_PRIVATE_ADDRESS = 349, + VAR_PRIVATE_DOMAIN = 350, + VAR_REMOTE_CONTROL = 351, + VAR_CONTROL_ENABLE = 352, + VAR_CONTROL_INTERFACE = 353, + VAR_CONTROL_PORT = 354, + VAR_SERVER_KEY_FILE = 355, + VAR_SERVER_CERT_FILE = 356, + VAR_CONTROL_KEY_FILE = 357, + VAR_CONTROL_CERT_FILE = 358, + VAR_CONTROL_USE_CERT = 359, + VAR_EXTENDED_STATISTICS = 360, + VAR_LOCAL_DATA_PTR = 361, + VAR_JOSTLE_TIMEOUT = 362, + VAR_STUB_PRIME = 363, + VAR_UNWANTED_REPLY_THRESHOLD = 364, + VAR_LOG_TIME_ASCII = 365, + VAR_DOMAIN_INSECURE = 366, + VAR_PYTHON = 367, + VAR_PYTHON_SCRIPT = 368, + VAR_VAL_SIG_SKEW_MIN = 369, + VAR_VAL_SIG_SKEW_MAX = 370, + VAR_CACHE_MIN_TTL = 371, + VAR_VAL_LOG_LEVEL = 372, + VAR_AUTO_TRUST_ANCHOR_FILE = 373, + VAR_KEEP_MISSING = 374, + VAR_ADD_HOLDDOWN = 375, + VAR_DEL_HOLDDOWN = 376, + VAR_SO_RCVBUF = 377, + VAR_EDNS_BUFFER_SIZE = 378, + VAR_PREFETCH = 379, + VAR_PREFETCH_KEY = 380, + VAR_SO_SNDBUF = 381, + VAR_SO_REUSEPORT = 382, + VAR_HARDEN_BELOW_NXDOMAIN = 383, + VAR_IGNORE_CD_FLAG = 384, + VAR_LOG_QUERIES = 385, + VAR_LOG_REPLIES = 386, + VAR_LOG_LOCAL_ACTIONS = 387, + VAR_TCP_UPSTREAM = 388, + VAR_SSL_UPSTREAM = 389, + VAR_SSL_SERVICE_KEY = 390, + VAR_SSL_SERVICE_PEM = 391, + VAR_SSL_PORT = 392, + VAR_FORWARD_FIRST = 393, + VAR_STUB_SSL_UPSTREAM = 394, + VAR_FORWARD_SSL_UPSTREAM = 395, + VAR_TLS_CERT_BUNDLE = 396, + VAR_STUB_FIRST = 397, + VAR_MINIMAL_RESPONSES = 398, + VAR_RRSET_ROUNDROBIN = 399, + VAR_MAX_UDP_SIZE = 400, + VAR_DELAY_CLOSE = 401, + VAR_UNBLOCK_LAN_ZONES = 402, + VAR_INSECURE_LAN_ZONES = 403, + VAR_INFRA_CACHE_MIN_RTT = 404, + VAR_DNS64_PREFIX = 405, + VAR_DNS64_SYNTHALL = 406, + VAR_DNS64_IGNORE_AAAA = 407, + VAR_DNSTAP = 408, + VAR_DNSTAP_ENABLE = 409, + VAR_DNSTAP_SOCKET_PATH = 410, + VAR_DNSTAP_IP = 411, + VAR_DNSTAP_TLS = 412, + VAR_DNSTAP_TLS_SERVER_NAME = 413, + VAR_DNSTAP_TLS_CERT_BUNDLE = 414, + VAR_DNSTAP_TLS_CLIENT_KEY_FILE = 415, + VAR_DNSTAP_TLS_CLIENT_CERT_FILE = 416, + VAR_DNSTAP_SEND_IDENTITY = 417, + VAR_DNSTAP_SEND_VERSION = 418, + VAR_DNSTAP_BIDIRECTIONAL = 419, + VAR_DNSTAP_IDENTITY = 420, + VAR_DNSTAP_VERSION = 421, + VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES = 422, + VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES = 423, + VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES = 424, + VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES = 425, + VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES = 426, + VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES = 427, + VAR_RESPONSE_IP_TAG = 428, + VAR_RESPONSE_IP = 429, + VAR_RESPONSE_IP_DATA = 430, + VAR_HARDEN_ALGO_DOWNGRADE = 431, + VAR_IP_TRANSPARENT = 432, + VAR_IP_DSCP = 433, + VAR_DISABLE_DNSSEC_LAME_CHECK = 434, + VAR_IP_RATELIMIT = 435, + VAR_IP_RATELIMIT_SLABS = 436, + VAR_IP_RATELIMIT_SIZE = 437, + VAR_RATELIMIT = 438, + VAR_RATELIMIT_SLABS = 439, + VAR_RATELIMIT_SIZE = 440, + VAR_RATELIMIT_FOR_DOMAIN = 441, + VAR_RATELIMIT_BELOW_DOMAIN = 442, + VAR_IP_RATELIMIT_FACTOR = 443, + VAR_RATELIMIT_FACTOR = 444, + VAR_SEND_CLIENT_SUBNET = 445, + VAR_CLIENT_SUBNET_ZONE = 446, + VAR_CLIENT_SUBNET_ALWAYS_FORWARD = 447, + VAR_CLIENT_SUBNET_OPCODE = 448, + VAR_MAX_CLIENT_SUBNET_IPV4 = 449, + VAR_MAX_CLIENT_SUBNET_IPV6 = 450, + VAR_MIN_CLIENT_SUBNET_IPV4 = 451, + VAR_MIN_CLIENT_SUBNET_IPV6 = 452, + VAR_MAX_ECS_TREE_SIZE_IPV4 = 453, + VAR_MAX_ECS_TREE_SIZE_IPV6 = 454, + VAR_CAPS_WHITELIST = 455, + VAR_CACHE_MAX_NEGATIVE_TTL = 456, + VAR_PERMIT_SMALL_HOLDDOWN = 457, + VAR_QNAME_MINIMISATION = 458, + VAR_QNAME_MINIMISATION_STRICT = 459, + VAR_IP_FREEBIND = 460, + VAR_DEFINE_TAG = 461, + VAR_LOCAL_ZONE_TAG = 462, + VAR_ACCESS_CONTROL_TAG = 463, + VAR_LOCAL_ZONE_OVERRIDE = 464, + VAR_ACCESS_CONTROL_TAG_ACTION = 465, + VAR_ACCESS_CONTROL_TAG_DATA = 466, + VAR_VIEW = 467, + VAR_ACCESS_CONTROL_VIEW = 468, + VAR_VIEW_FIRST = 469, + VAR_SERVE_EXPIRED = 470, + VAR_SERVE_EXPIRED_TTL = 471, + VAR_SERVE_EXPIRED_TTL_RESET = 472, + VAR_SERVE_EXPIRED_REPLY_TTL = 473, + VAR_SERVE_EXPIRED_CLIENT_TIMEOUT = 474, + VAR_FAKE_DSA = 475, + VAR_FAKE_SHA1 = 476, + VAR_LOG_IDENTITY = 477, + VAR_HIDE_TRUSTANCHOR = 478, + VAR_TRUST_ANCHOR_SIGNALING = 479, + VAR_AGGRESSIVE_NSEC = 480, + VAR_USE_SYSTEMD = 481, + VAR_SHM_ENABLE = 482, + VAR_SHM_KEY = 483, + VAR_ROOT_KEY_SENTINEL = 484, + VAR_DNSCRYPT = 485, + VAR_DNSCRYPT_ENABLE = 486, + VAR_DNSCRYPT_PORT = 487, + VAR_DNSCRYPT_PROVIDER = 488, + VAR_DNSCRYPT_SECRET_KEY = 489, + VAR_DNSCRYPT_PROVIDER_CERT = 490, + VAR_DNSCRYPT_PROVIDER_CERT_ROTATED = 491, + VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE = 492, + VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS = 493, + VAR_DNSCRYPT_NONCE_CACHE_SIZE = 494, + VAR_DNSCRYPT_NONCE_CACHE_SLABS = 495, + VAR_IPSECMOD_ENABLED = 496, + VAR_IPSECMOD_HOOK = 497, + VAR_IPSECMOD_IGNORE_BOGUS = 498, + VAR_IPSECMOD_MAX_TTL = 499, + VAR_IPSECMOD_WHITELIST = 500, + VAR_IPSECMOD_STRICT = 501, + VAR_CACHEDB = 502, + VAR_CACHEDB_BACKEND = 503, + VAR_CACHEDB_SECRETSEED = 504, + VAR_CACHEDB_REDISHOST = 505, + VAR_CACHEDB_REDISPORT = 506, + VAR_CACHEDB_REDISTIMEOUT = 507, + VAR_CACHEDB_REDISEXPIRERECORDS = 508, + VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM = 509, + VAR_FOR_UPSTREAM = 510, + VAR_AUTH_ZONE = 511, + VAR_ZONEFILE = 512, + VAR_MASTER = 513, + VAR_URL = 514, + VAR_FOR_DOWNSTREAM = 515, + VAR_FALLBACK_ENABLED = 516, + VAR_TLS_ADDITIONAL_PORT = 517, + VAR_LOW_RTT = 518, + VAR_LOW_RTT_PERMIL = 519, + VAR_FAST_SERVER_PERMIL = 520, + VAR_FAST_SERVER_NUM = 521, + VAR_ALLOW_NOTIFY = 522, + VAR_TLS_WIN_CERT = 523, + VAR_TCP_CONNECTION_LIMIT = 524, + VAR_FORWARD_NO_CACHE = 525, + VAR_STUB_NO_CACHE = 526, + VAR_LOG_SERVFAIL = 527, + VAR_DENY_ANY = 528, + VAR_UNKNOWN_SERVER_TIME_LIMIT = 529, + VAR_LOG_TAG_QUERYREPLY = 530, + VAR_STREAM_WAIT_SIZE = 531, + VAR_TLS_CIPHERS = 532, + VAR_TLS_CIPHERSUITES = 533, + VAR_TLS_USE_SNI = 534, + VAR_IPSET = 535, + VAR_IPSET_NAME_V4 = 536, + VAR_IPSET_NAME_V6 = 537, + VAR_TLS_SESSION_TICKET_KEYS = 538, + VAR_RPZ = 539, + VAR_TAGS = 540, + VAR_RPZ_ACTION_OVERRIDE = 541, + VAR_RPZ_CNAME_OVERRIDE = 542, + VAR_RPZ_LOG = 543, + VAR_RPZ_LOG_NAME = 544, + VAR_DYNLIB = 545, + VAR_DYNLIB_FILE = 546 }; #endif /* Tokens. */ @@ -420,273 +434,287 @@ extern int yydebug; #define ANY 263 #define ZONESTR 264 #define STRING_ARG 265 -#define VAR_SERVER 266 -#define VAR_VERBOSITY 267 -#define VAR_NUM_THREADS 268 -#define VAR_PORT 269 -#define VAR_OUTGOING_RANGE 270 -#define VAR_INTERFACE 271 -#define VAR_DO_IP4 272 -#define VAR_DO_IP6 273 -#define VAR_PREFER_IP6 274 -#define VAR_DO_UDP 275 -#define VAR_DO_TCP 276 -#define VAR_TCP_MSS 277 -#define VAR_OUTGOING_TCP_MSS 278 -#define VAR_TCP_IDLE_TIMEOUT 279 -#define VAR_EDNS_TCP_KEEPALIVE 280 -#define VAR_EDNS_TCP_KEEPALIVE_TIMEOUT 281 -#define VAR_CHROOT 282 -#define VAR_USERNAME 283 -#define VAR_DIRECTORY 284 -#define VAR_LOGFILE 285 -#define VAR_PIDFILE 286 -#define VAR_MSG_CACHE_SIZE 287 -#define VAR_MSG_CACHE_SLABS 288 -#define VAR_NUM_QUERIES_PER_THREAD 289 -#define VAR_RRSET_CACHE_SIZE 290 -#define VAR_RRSET_CACHE_SLABS 291 -#define VAR_OUTGOING_NUM_TCP 292 -#define VAR_INFRA_HOST_TTL 293 -#define VAR_INFRA_LAME_TTL 294 -#define VAR_INFRA_CACHE_SLABS 295 -#define VAR_INFRA_CACHE_NUMHOSTS 296 -#define VAR_INFRA_CACHE_LAME_SIZE 297 -#define VAR_NAME 298 -#define VAR_STUB_ZONE 299 -#define VAR_STUB_HOST 300 -#define VAR_STUB_ADDR 301 -#define VAR_TARGET_FETCH_POLICY 302 -#define VAR_HARDEN_SHORT_BUFSIZE 303 -#define VAR_HARDEN_LARGE_QUERIES 304 -#define VAR_FORWARD_ZONE 305 -#define VAR_FORWARD_HOST 306 -#define VAR_FORWARD_ADDR 307 -#define VAR_DO_NOT_QUERY_ADDRESS 308 -#define VAR_HIDE_IDENTITY 309 -#define VAR_HIDE_VERSION 310 -#define VAR_IDENTITY 311 -#define VAR_VERSION 312 -#define VAR_HARDEN_GLUE 313 -#define VAR_MODULE_CONF 314 -#define VAR_TRUST_ANCHOR_FILE 315 -#define VAR_TRUST_ANCHOR 316 -#define VAR_VAL_OVERRIDE_DATE 317 -#define VAR_BOGUS_TTL 318 -#define VAR_VAL_CLEAN_ADDITIONAL 319 -#define VAR_VAL_PERMISSIVE_MODE 320 -#define VAR_INCOMING_NUM_TCP 321 -#define VAR_MSG_BUFFER_SIZE 322 -#define VAR_KEY_CACHE_SIZE 323 -#define VAR_KEY_CACHE_SLABS 324 -#define VAR_TRUSTED_KEYS_FILE 325 -#define VAR_VAL_NSEC3_KEYSIZE_ITERATIONS 326 -#define VAR_USE_SYSLOG 327 -#define VAR_OUTGOING_INTERFACE 328 -#define VAR_ROOT_HINTS 329 -#define VAR_DO_NOT_QUERY_LOCALHOST 330 -#define VAR_CACHE_MAX_TTL 331 -#define VAR_HARDEN_DNSSEC_STRIPPED 332 -#define VAR_ACCESS_CONTROL 333 -#define VAR_LOCAL_ZONE 334 -#define VAR_LOCAL_DATA 335 -#define VAR_INTERFACE_AUTOMATIC 336 -#define VAR_STATISTICS_INTERVAL 337 -#define VAR_DO_DAEMONIZE 338 -#define VAR_USE_CAPS_FOR_ID 339 -#define VAR_STATISTICS_CUMULATIVE 340 -#define VAR_OUTGOING_PORT_PERMIT 341 -#define VAR_OUTGOING_PORT_AVOID 342 -#define VAR_DLV_ANCHOR_FILE 343 -#define VAR_DLV_ANCHOR 344 -#define VAR_NEG_CACHE_SIZE 345 -#define VAR_HARDEN_REFERRAL_PATH 346 -#define VAR_PRIVATE_ADDRESS 347 -#define VAR_PRIVATE_DOMAIN 348 -#define VAR_REMOTE_CONTROL 349 -#define VAR_CONTROL_ENABLE 350 -#define VAR_CONTROL_INTERFACE 351 -#define VAR_CONTROL_PORT 352 -#define VAR_SERVER_KEY_FILE 353 -#define VAR_SERVER_CERT_FILE 354 -#define VAR_CONTROL_KEY_FILE 355 -#define VAR_CONTROL_CERT_FILE 356 -#define VAR_CONTROL_USE_CERT 357 -#define VAR_EXTENDED_STATISTICS 358 -#define VAR_LOCAL_DATA_PTR 359 -#define VAR_JOSTLE_TIMEOUT 360 -#define VAR_STUB_PRIME 361 -#define VAR_UNWANTED_REPLY_THRESHOLD 362 -#define VAR_LOG_TIME_ASCII 363 -#define VAR_DOMAIN_INSECURE 364 -#define VAR_PYTHON 365 -#define VAR_PYTHON_SCRIPT 366 -#define VAR_VAL_SIG_SKEW_MIN 367 -#define VAR_VAL_SIG_SKEW_MAX 368 -#define VAR_CACHE_MIN_TTL 369 -#define VAR_VAL_LOG_LEVEL 370 -#define VAR_AUTO_TRUST_ANCHOR_FILE 371 -#define VAR_KEEP_MISSING 372 -#define VAR_ADD_HOLDDOWN 373 -#define VAR_DEL_HOLDDOWN 374 -#define VAR_SO_RCVBUF 375 -#define VAR_EDNS_BUFFER_SIZE 376 -#define VAR_PREFETCH 377 -#define VAR_PREFETCH_KEY 378 -#define VAR_SO_SNDBUF 379 -#define VAR_SO_REUSEPORT 380 -#define VAR_HARDEN_BELOW_NXDOMAIN 381 -#define VAR_IGNORE_CD_FLAG 382 -#define VAR_LOG_QUERIES 383 -#define VAR_LOG_REPLIES 384 -#define VAR_LOG_LOCAL_ACTIONS 385 -#define VAR_TCP_UPSTREAM 386 -#define VAR_SSL_UPSTREAM 387 -#define VAR_SSL_SERVICE_KEY 388 -#define VAR_SSL_SERVICE_PEM 389 -#define VAR_SSL_PORT 390 -#define VAR_FORWARD_FIRST 391 -#define VAR_STUB_SSL_UPSTREAM 392 -#define VAR_FORWARD_SSL_UPSTREAM 393 -#define VAR_TLS_CERT_BUNDLE 394 -#define VAR_STUB_FIRST 395 -#define VAR_MINIMAL_RESPONSES 396 -#define VAR_RRSET_ROUNDROBIN 397 -#define VAR_MAX_UDP_SIZE 398 -#define VAR_DELAY_CLOSE 399 -#define VAR_UNBLOCK_LAN_ZONES 400 -#define VAR_INSECURE_LAN_ZONES 401 -#define VAR_INFRA_CACHE_MIN_RTT 402 -#define VAR_DNS64_PREFIX 403 -#define VAR_DNS64_SYNTHALL 404 -#define VAR_DNS64_IGNORE_AAAA 405 -#define VAR_DNSTAP 406 -#define VAR_DNSTAP_ENABLE 407 -#define VAR_DNSTAP_SOCKET_PATH 408 -#define VAR_DNSTAP_SEND_IDENTITY 409 -#define VAR_DNSTAP_SEND_VERSION 410 -#define VAR_DNSTAP_IDENTITY 411 -#define VAR_DNSTAP_VERSION 412 -#define VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES 413 -#define VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES 414 -#define VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES 415 -#define VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES 416 -#define VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES 417 -#define VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES 418 -#define VAR_RESPONSE_IP_TAG 419 -#define VAR_RESPONSE_IP 420 -#define VAR_RESPONSE_IP_DATA 421 -#define VAR_HARDEN_ALGO_DOWNGRADE 422 -#define VAR_IP_TRANSPARENT 423 -#define VAR_DISABLE_DNSSEC_LAME_CHECK 424 -#define VAR_IP_RATELIMIT 425 -#define VAR_IP_RATELIMIT_SLABS 426 -#define VAR_IP_RATELIMIT_SIZE 427 -#define VAR_RATELIMIT 428 -#define VAR_RATELIMIT_SLABS 429 -#define VAR_RATELIMIT_SIZE 430 -#define VAR_RATELIMIT_FOR_DOMAIN 431 -#define VAR_RATELIMIT_BELOW_DOMAIN 432 -#define VAR_IP_RATELIMIT_FACTOR 433 -#define VAR_RATELIMIT_FACTOR 434 -#define VAR_SEND_CLIENT_SUBNET 435 -#define VAR_CLIENT_SUBNET_ZONE 436 -#define VAR_CLIENT_SUBNET_ALWAYS_FORWARD 437 -#define VAR_CLIENT_SUBNET_OPCODE 438 -#define VAR_MAX_CLIENT_SUBNET_IPV4 439 -#define VAR_MAX_CLIENT_SUBNET_IPV6 440 -#define VAR_MIN_CLIENT_SUBNET_IPV4 441 -#define VAR_MIN_CLIENT_SUBNET_IPV6 442 -#define VAR_MAX_ECS_TREE_SIZE_IPV4 443 -#define VAR_MAX_ECS_TREE_SIZE_IPV6 444 -#define VAR_CAPS_WHITELIST 445 -#define VAR_CACHE_MAX_NEGATIVE_TTL 446 -#define VAR_PERMIT_SMALL_HOLDDOWN 447 -#define VAR_QNAME_MINIMISATION 448 -#define VAR_QNAME_MINIMISATION_STRICT 449 -#define VAR_IP_FREEBIND 450 -#define VAR_DEFINE_TAG 451 -#define VAR_LOCAL_ZONE_TAG 452 -#define VAR_ACCESS_CONTROL_TAG 453 -#define VAR_LOCAL_ZONE_OVERRIDE 454 -#define VAR_ACCESS_CONTROL_TAG_ACTION 455 -#define VAR_ACCESS_CONTROL_TAG_DATA 456 -#define VAR_VIEW 457 -#define VAR_ACCESS_CONTROL_VIEW 458 -#define VAR_VIEW_FIRST 459 -#define VAR_SERVE_EXPIRED 460 -#define VAR_SERVE_EXPIRED_TTL 461 -#define VAR_SERVE_EXPIRED_TTL_RESET 462 -#define VAR_SERVE_EXPIRED_REPLY_TTL 463 -#define VAR_SERVE_EXPIRED_CLIENT_TIMEOUT 464 -#define VAR_FAKE_DSA 465 -#define VAR_FAKE_SHA1 466 -#define VAR_LOG_IDENTITY 467 -#define VAR_HIDE_TRUSTANCHOR 468 -#define VAR_TRUST_ANCHOR_SIGNALING 469 -#define VAR_AGGRESSIVE_NSEC 470 -#define VAR_USE_SYSTEMD 471 -#define VAR_SHM_ENABLE 472 -#define VAR_SHM_KEY 473 -#define VAR_ROOT_KEY_SENTINEL 474 -#define VAR_DNSCRYPT 475 -#define VAR_DNSCRYPT_ENABLE 476 -#define VAR_DNSCRYPT_PORT 477 -#define VAR_DNSCRYPT_PROVIDER 478 -#define VAR_DNSCRYPT_SECRET_KEY 479 -#define VAR_DNSCRYPT_PROVIDER_CERT 480 -#define VAR_DNSCRYPT_PROVIDER_CERT_ROTATED 481 -#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE 482 -#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS 483 -#define VAR_DNSCRYPT_NONCE_CACHE_SIZE 484 -#define VAR_DNSCRYPT_NONCE_CACHE_SLABS 485 -#define VAR_IPSECMOD_ENABLED 486 -#define VAR_IPSECMOD_HOOK 487 -#define VAR_IPSECMOD_IGNORE_BOGUS 488 -#define VAR_IPSECMOD_MAX_TTL 489 -#define VAR_IPSECMOD_WHITELIST 490 -#define VAR_IPSECMOD_STRICT 491 -#define VAR_CACHEDB 492 -#define VAR_CACHEDB_BACKEND 493 -#define VAR_CACHEDB_SECRETSEED 494 -#define VAR_CACHEDB_REDISHOST 495 -#define VAR_CACHEDB_REDISPORT 496 -#define VAR_CACHEDB_REDISTIMEOUT 497 -#define VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM 498 -#define VAR_FOR_UPSTREAM 499 -#define VAR_AUTH_ZONE 500 -#define VAR_ZONEFILE 501 -#define VAR_MASTER 502 -#define VAR_URL 503 -#define VAR_FOR_DOWNSTREAM 504 -#define VAR_FALLBACK_ENABLED 505 -#define VAR_TLS_ADDITIONAL_PORT 506 -#define VAR_LOW_RTT 507 -#define VAR_LOW_RTT_PERMIL 508 -#define VAR_FAST_SERVER_PERMIL 509 -#define VAR_FAST_SERVER_NUM 510 -#define VAR_ALLOW_NOTIFY 511 -#define VAR_TLS_WIN_CERT 512 -#define VAR_TCP_CONNECTION_LIMIT 513 -#define VAR_FORWARD_NO_CACHE 514 -#define VAR_STUB_NO_CACHE 515 -#define VAR_LOG_SERVFAIL 516 -#define VAR_DENY_ANY 517 -#define VAR_UNKNOWN_SERVER_TIME_LIMIT 518 -#define VAR_LOG_TAG_QUERYREPLY 519 -#define VAR_STREAM_WAIT_SIZE 520 -#define VAR_TLS_CIPHERS 521 -#define VAR_TLS_CIPHERSUITES 522 -#define VAR_IPSET 523 -#define VAR_IPSET_NAME_V4 524 -#define VAR_IPSET_NAME_V6 525 -#define VAR_TLS_SESSION_TICKET_KEYS 526 -#define VAR_RPZ 527 -#define VAR_TAGS 528 -#define VAR_RPZ_ACTION_OVERRIDE 529 -#define VAR_RPZ_CNAME_OVERRIDE 530 -#define VAR_RPZ_LOG 531 -#define VAR_RPZ_LOG_NAME 532 +#define VAR_FORCE_TOPLEVEL 266 +#define VAR_SERVER 267 +#define VAR_VERBOSITY 268 +#define VAR_NUM_THREADS 269 +#define VAR_PORT 270 +#define VAR_OUTGOING_RANGE 271 +#define VAR_INTERFACE 272 +#define VAR_PREFER_IP4 273 +#define VAR_DO_IP4 274 +#define VAR_DO_IP6 275 +#define VAR_PREFER_IP6 276 +#define VAR_DO_UDP 277 +#define VAR_DO_TCP 278 +#define VAR_TCP_MSS 279 +#define VAR_OUTGOING_TCP_MSS 280 +#define VAR_TCP_IDLE_TIMEOUT 281 +#define VAR_EDNS_TCP_KEEPALIVE 282 +#define VAR_EDNS_TCP_KEEPALIVE_TIMEOUT 283 +#define VAR_CHROOT 284 +#define VAR_USERNAME 285 +#define VAR_DIRECTORY 286 +#define VAR_LOGFILE 287 +#define VAR_PIDFILE 288 +#define VAR_MSG_CACHE_SIZE 289 +#define VAR_MSG_CACHE_SLABS 290 +#define VAR_NUM_QUERIES_PER_THREAD 291 +#define VAR_RRSET_CACHE_SIZE 292 +#define VAR_RRSET_CACHE_SLABS 293 +#define VAR_OUTGOING_NUM_TCP 294 +#define VAR_INFRA_HOST_TTL 295 +#define VAR_INFRA_LAME_TTL 296 +#define VAR_INFRA_CACHE_SLABS 297 +#define VAR_INFRA_CACHE_NUMHOSTS 298 +#define VAR_INFRA_CACHE_LAME_SIZE 299 +#define VAR_NAME 300 +#define VAR_STUB_ZONE 301 +#define VAR_STUB_HOST 302 +#define VAR_STUB_ADDR 303 +#define VAR_TARGET_FETCH_POLICY 304 +#define VAR_HARDEN_SHORT_BUFSIZE 305 +#define VAR_HARDEN_LARGE_QUERIES 306 +#define VAR_FORWARD_ZONE 307 +#define VAR_FORWARD_HOST 308 +#define VAR_FORWARD_ADDR 309 +#define VAR_DO_NOT_QUERY_ADDRESS 310 +#define VAR_HIDE_IDENTITY 311 +#define VAR_HIDE_VERSION 312 +#define VAR_IDENTITY 313 +#define VAR_VERSION 314 +#define VAR_HARDEN_GLUE 315 +#define VAR_MODULE_CONF 316 +#define VAR_TRUST_ANCHOR_FILE 317 +#define VAR_TRUST_ANCHOR 318 +#define VAR_VAL_OVERRIDE_DATE 319 +#define VAR_BOGUS_TTL 320 +#define VAR_VAL_CLEAN_ADDITIONAL 321 +#define VAR_VAL_PERMISSIVE_MODE 322 +#define VAR_INCOMING_NUM_TCP 323 +#define VAR_MSG_BUFFER_SIZE 324 +#define VAR_KEY_CACHE_SIZE 325 +#define VAR_KEY_CACHE_SLABS 326 +#define VAR_TRUSTED_KEYS_FILE 327 +#define VAR_VAL_NSEC3_KEYSIZE_ITERATIONS 328 +#define VAR_USE_SYSLOG 329 +#define VAR_OUTGOING_INTERFACE 330 +#define VAR_ROOT_HINTS 331 +#define VAR_DO_NOT_QUERY_LOCALHOST 332 +#define VAR_CACHE_MAX_TTL 333 +#define VAR_HARDEN_DNSSEC_STRIPPED 334 +#define VAR_ACCESS_CONTROL 335 +#define VAR_LOCAL_ZONE 336 +#define VAR_LOCAL_DATA 337 +#define VAR_INTERFACE_AUTOMATIC 338 +#define VAR_STATISTICS_INTERVAL 339 +#define VAR_DO_DAEMONIZE 340 +#define VAR_USE_CAPS_FOR_ID 341 +#define VAR_STATISTICS_CUMULATIVE 342 +#define VAR_OUTGOING_PORT_PERMIT 343 +#define VAR_OUTGOING_PORT_AVOID 344 +#define VAR_DLV_ANCHOR_FILE 345 +#define VAR_DLV_ANCHOR 346 +#define VAR_NEG_CACHE_SIZE 347 +#define VAR_HARDEN_REFERRAL_PATH 348 +#define VAR_PRIVATE_ADDRESS 349 +#define VAR_PRIVATE_DOMAIN 350 +#define VAR_REMOTE_CONTROL 351 +#define VAR_CONTROL_ENABLE 352 +#define VAR_CONTROL_INTERFACE 353 +#define VAR_CONTROL_PORT 354 +#define VAR_SERVER_KEY_FILE 355 +#define VAR_SERVER_CERT_FILE 356 +#define VAR_CONTROL_KEY_FILE 357 +#define VAR_CONTROL_CERT_FILE 358 +#define VAR_CONTROL_USE_CERT 359 +#define VAR_EXTENDED_STATISTICS 360 +#define VAR_LOCAL_DATA_PTR 361 +#define VAR_JOSTLE_TIMEOUT 362 +#define VAR_STUB_PRIME 363 +#define VAR_UNWANTED_REPLY_THRESHOLD 364 +#define VAR_LOG_TIME_ASCII 365 +#define VAR_DOMAIN_INSECURE 366 +#define VAR_PYTHON 367 +#define VAR_PYTHON_SCRIPT 368 +#define VAR_VAL_SIG_SKEW_MIN 369 +#define VAR_VAL_SIG_SKEW_MAX 370 +#define VAR_CACHE_MIN_TTL 371 +#define VAR_VAL_LOG_LEVEL 372 +#define VAR_AUTO_TRUST_ANCHOR_FILE 373 +#define VAR_KEEP_MISSING 374 +#define VAR_ADD_HOLDDOWN 375 +#define VAR_DEL_HOLDDOWN 376 +#define VAR_SO_RCVBUF 377 +#define VAR_EDNS_BUFFER_SIZE 378 +#define VAR_PREFETCH 379 +#define VAR_PREFETCH_KEY 380 +#define VAR_SO_SNDBUF 381 +#define VAR_SO_REUSEPORT 382 +#define VAR_HARDEN_BELOW_NXDOMAIN 383 +#define VAR_IGNORE_CD_FLAG 384 +#define VAR_LOG_QUERIES 385 +#define VAR_LOG_REPLIES 386 +#define VAR_LOG_LOCAL_ACTIONS 387 +#define VAR_TCP_UPSTREAM 388 +#define VAR_SSL_UPSTREAM 389 +#define VAR_SSL_SERVICE_KEY 390 +#define VAR_SSL_SERVICE_PEM 391 +#define VAR_SSL_PORT 392 +#define VAR_FORWARD_FIRST 393 +#define VAR_STUB_SSL_UPSTREAM 394 +#define VAR_FORWARD_SSL_UPSTREAM 395 +#define VAR_TLS_CERT_BUNDLE 396 +#define VAR_STUB_FIRST 397 +#define VAR_MINIMAL_RESPONSES 398 +#define VAR_RRSET_ROUNDROBIN 399 +#define VAR_MAX_UDP_SIZE 400 +#define VAR_DELAY_CLOSE 401 +#define VAR_UNBLOCK_LAN_ZONES 402 +#define VAR_INSECURE_LAN_ZONES 403 +#define VAR_INFRA_CACHE_MIN_RTT 404 +#define VAR_DNS64_PREFIX 405 +#define VAR_DNS64_SYNTHALL 406 +#define VAR_DNS64_IGNORE_AAAA 407 +#define VAR_DNSTAP 408 +#define VAR_DNSTAP_ENABLE 409 +#define VAR_DNSTAP_SOCKET_PATH 410 +#define VAR_DNSTAP_IP 411 +#define VAR_DNSTAP_TLS 412 +#define VAR_DNSTAP_TLS_SERVER_NAME 413 +#define VAR_DNSTAP_TLS_CERT_BUNDLE 414 +#define VAR_DNSTAP_TLS_CLIENT_KEY_FILE 415 +#define VAR_DNSTAP_TLS_CLIENT_CERT_FILE 416 +#define VAR_DNSTAP_SEND_IDENTITY 417 +#define VAR_DNSTAP_SEND_VERSION 418 +#define VAR_DNSTAP_BIDIRECTIONAL 419 +#define VAR_DNSTAP_IDENTITY 420 +#define VAR_DNSTAP_VERSION 421 +#define VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES 422 +#define VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES 423 +#define VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES 424 +#define VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES 425 +#define VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES 426 +#define VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES 427 +#define VAR_RESPONSE_IP_TAG 428 +#define VAR_RESPONSE_IP 429 +#define VAR_RESPONSE_IP_DATA 430 +#define VAR_HARDEN_ALGO_DOWNGRADE 431 +#define VAR_IP_TRANSPARENT 432 +#define VAR_IP_DSCP 433 +#define VAR_DISABLE_DNSSEC_LAME_CHECK 434 +#define VAR_IP_RATELIMIT 435 +#define VAR_IP_RATELIMIT_SLABS 436 +#define VAR_IP_RATELIMIT_SIZE 437 +#define VAR_RATELIMIT 438 +#define VAR_RATELIMIT_SLABS 439 +#define VAR_RATELIMIT_SIZE 440 +#define VAR_RATELIMIT_FOR_DOMAIN 441 +#define VAR_RATELIMIT_BELOW_DOMAIN 442 +#define VAR_IP_RATELIMIT_FACTOR 443 +#define VAR_RATELIMIT_FACTOR 444 +#define VAR_SEND_CLIENT_SUBNET 445 +#define VAR_CLIENT_SUBNET_ZONE 446 +#define VAR_CLIENT_SUBNET_ALWAYS_FORWARD 447 +#define VAR_CLIENT_SUBNET_OPCODE 448 +#define VAR_MAX_CLIENT_SUBNET_IPV4 449 +#define VAR_MAX_CLIENT_SUBNET_IPV6 450 +#define VAR_MIN_CLIENT_SUBNET_IPV4 451 +#define VAR_MIN_CLIENT_SUBNET_IPV6 452 +#define VAR_MAX_ECS_TREE_SIZE_IPV4 453 +#define VAR_MAX_ECS_TREE_SIZE_IPV6 454 +#define VAR_CAPS_WHITELIST 455 +#define VAR_CACHE_MAX_NEGATIVE_TTL 456 +#define VAR_PERMIT_SMALL_HOLDDOWN 457 +#define VAR_QNAME_MINIMISATION 458 +#define VAR_QNAME_MINIMISATION_STRICT 459 +#define VAR_IP_FREEBIND 460 +#define VAR_DEFINE_TAG 461 +#define VAR_LOCAL_ZONE_TAG 462 +#define VAR_ACCESS_CONTROL_TAG 463 +#define VAR_LOCAL_ZONE_OVERRIDE 464 +#define VAR_ACCESS_CONTROL_TAG_ACTION 465 +#define VAR_ACCESS_CONTROL_TAG_DATA 466 +#define VAR_VIEW 467 +#define VAR_ACCESS_CONTROL_VIEW 468 +#define VAR_VIEW_FIRST 469 +#define VAR_SERVE_EXPIRED 470 +#define VAR_SERVE_EXPIRED_TTL 471 +#define VAR_SERVE_EXPIRED_TTL_RESET 472 +#define VAR_SERVE_EXPIRED_REPLY_TTL 473 +#define VAR_SERVE_EXPIRED_CLIENT_TIMEOUT 474 +#define VAR_FAKE_DSA 475 +#define VAR_FAKE_SHA1 476 +#define VAR_LOG_IDENTITY 477 +#define VAR_HIDE_TRUSTANCHOR 478 +#define VAR_TRUST_ANCHOR_SIGNALING 479 +#define VAR_AGGRESSIVE_NSEC 480 +#define VAR_USE_SYSTEMD 481 +#define VAR_SHM_ENABLE 482 +#define VAR_SHM_KEY 483 +#define VAR_ROOT_KEY_SENTINEL 484 +#define VAR_DNSCRYPT 485 +#define VAR_DNSCRYPT_ENABLE 486 +#define VAR_DNSCRYPT_PORT 487 +#define VAR_DNSCRYPT_PROVIDER 488 +#define VAR_DNSCRYPT_SECRET_KEY 489 +#define VAR_DNSCRYPT_PROVIDER_CERT 490 +#define VAR_DNSCRYPT_PROVIDER_CERT_ROTATED 491 +#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE 492 +#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS 493 +#define VAR_DNSCRYPT_NONCE_CACHE_SIZE 494 +#define VAR_DNSCRYPT_NONCE_CACHE_SLABS 495 +#define VAR_IPSECMOD_ENABLED 496 +#define VAR_IPSECMOD_HOOK 497 +#define VAR_IPSECMOD_IGNORE_BOGUS 498 +#define VAR_IPSECMOD_MAX_TTL 499 +#define VAR_IPSECMOD_WHITELIST 500 +#define VAR_IPSECMOD_STRICT 501 +#define VAR_CACHEDB 502 +#define VAR_CACHEDB_BACKEND 503 +#define VAR_CACHEDB_SECRETSEED 504 +#define VAR_CACHEDB_REDISHOST 505 +#define VAR_CACHEDB_REDISPORT 506 +#define VAR_CACHEDB_REDISTIMEOUT 507 +#define VAR_CACHEDB_REDISEXPIRERECORDS 508 +#define VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM 509 +#define VAR_FOR_UPSTREAM 510 +#define VAR_AUTH_ZONE 511 +#define VAR_ZONEFILE 512 +#define VAR_MASTER 513 +#define VAR_URL 514 +#define VAR_FOR_DOWNSTREAM 515 +#define VAR_FALLBACK_ENABLED 516 +#define VAR_TLS_ADDITIONAL_PORT 517 +#define VAR_LOW_RTT 518 +#define VAR_LOW_RTT_PERMIL 519 +#define VAR_FAST_SERVER_PERMIL 520 +#define VAR_FAST_SERVER_NUM 521 +#define VAR_ALLOW_NOTIFY 522 +#define VAR_TLS_WIN_CERT 523 +#define VAR_TCP_CONNECTION_LIMIT 524 +#define VAR_FORWARD_NO_CACHE 525 +#define VAR_STUB_NO_CACHE 526 +#define VAR_LOG_SERVFAIL 527 +#define VAR_DENY_ANY 528 +#define VAR_UNKNOWN_SERVER_TIME_LIMIT 529 +#define VAR_LOG_TAG_QUERYREPLY 530 +#define VAR_STREAM_WAIT_SIZE 531 +#define VAR_TLS_CIPHERS 532 +#define VAR_TLS_CIPHERSUITES 533 +#define VAR_TLS_USE_SNI 534 +#define VAR_IPSET 535 +#define VAR_IPSET_NAME_V4 536 +#define VAR_IPSET_NAME_V6 537 +#define VAR_TLS_SESSION_TICKET_KEYS 538 +#define VAR_RPZ 539 +#define VAR_TAGS 540 +#define VAR_RPZ_ACTION_OVERRIDE 541 +#define VAR_RPZ_CNAME_OVERRIDE 542 +#define VAR_RPZ_LOG 543 +#define VAR_RPZ_LOG_NAME 544 +#define VAR_DYNLIB 545 +#define VAR_DYNLIB_FILE 546 /* Value type. */ #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED @@ -696,7 +724,7 @@ union YYSTYPE char* str; -#line 700 "util/configparser.c" +#line 728 "util/configparser.c" }; typedef union YYSTYPE YYSTYPE; @@ -946,19 +974,19 @@ union yyalloc /* YYFINAL -- State number of the termination state. */ #define YYFINAL 2 /* YYLAST -- Last index in YYTABLE. */ -#define YYLAST 590 +#define YYLAST 620 /* YYNTOKENS -- Number of terminals. */ -#define YYNTOKENS 278 +#define YYNTOKENS 292 /* YYNNTS -- Number of nonterminals. */ -#define YYNNTS 301 +#define YYNNTS 317 /* YYNRULES -- Number of rules. */ -#define YYNRULES 580 +#define YYNRULES 610 /* YYNSTATES -- Number of states. */ -#define YYNSTATES 863 +#define YYNSTATES 905 #define YYUNDEFTOK 2 -#define YYMAXUTOK 532 +#define YYMAXUTOK 546 /* YYTRANSLATE(TOKEN-NUM) -- Symbol number corresponding to TOKEN-NUM as returned by yylex, with out-of-bounds checking. */ @@ -1022,72 +1050,76 @@ static const yytype_uint16 yytranslate[] = 245, 246, 247, 248, 249, 250, 251, 252, 253, 254, 255, 256, 257, 258, 259, 260, 261, 262, 263, 264, 265, 266, 267, 268, 269, 270, 271, 272, 273, 274, - 275, 276, 277 + 275, 276, 277, 278, 279, 280, 281, 282, 283, 284, + 285, 286, 287, 288, 289, 290, 291 }; #if YYDEBUG /* YYRLINE[YYN] -- Source line where rule number YYN was defined. */ static const yytype_uint16 yyrline[] = { - 0, 175, 175, 175, 176, 176, 177, 177, 178, 178, - 178, 179, 179, 180, 180, 181, 185, 190, 191, 192, - 192, 192, 193, 193, 194, 194, 195, 195, 196, 196, - 196, 197, 197, 198, 198, 198, 199, 199, 199, 200, - 200, 201, 201, 202, 202, 203, 203, 204, 204, 205, - 205, 206, 206, 207, 207, 208, 208, 208, 209, 209, - 209, 210, 210, 210, 211, 211, 212, 212, 213, 213, - 214, 214, 215, 215, 215, 216, 216, 217, 217, 218, - 218, 218, 219, 219, 220, 220, 221, 221, 222, 222, - 222, 223, 223, 224, 224, 225, 225, 226, 226, 227, - 227, 228, 228, 228, 229, 229, 230, 230, 230, 231, - 231, 231, 232, 232, 232, 233, 233, 233, 233, 234, - 235, 235, 235, 236, 236, 236, 237, 237, 238, 238, - 239, 239, 239, 240, 240, 241, 241, 241, 242, 242, - 243, 243, 244, 245, 245, 246, 246, 247, 247, 248, - 249, 249, 250, 250, 251, 251, 252, 252, 253, 253, - 254, 254, 254, 255, 255, 256, 256, 257, 257, 258, - 258, 259, 259, 260, 260, 261, 261, 261, 262, 262, - 262, 263, 263, 263, 264, 264, 265, 266, 266, 267, - 267, 268, 268, 269, 269, 270, 270, 270, 271, 271, - 271, 272, 272, 272, 273, 273, 274, 274, 275, 275, - 277, 289, 290, 291, 291, 291, 291, 291, 292, 292, - 294, 306, 307, 308, 308, 308, 308, 309, 309, 311, - 325, 326, 327, 327, 327, 327, 328, 328, 328, 330, - 347, 348, 349, 349, 349, 349, 350, 350, 350, 351, - 354, 373, 390, 398, 408, 416, 433, 434, 435, 435, - 435, 435, 435, 436, 436, 436, 437, 437, 439, 448, - 457, 468, 477, 486, 495, 506, 515, 527, 541, 556, - 567, 584, 601, 618, 635, 650, 665, 678, 693, 702, - 711, 720, 729, 738, 747, 756, 765, 774, 783, 792, - 801, 810, 823, 832, 845, 854, 863, 872, 879, 886, - 895, 902, 911, 919, 926, 933, 941, 950, 959, 973, - 982, 991, 1000, 1009, 1018, 1027, 1034, 1041, 1067, 1075, - 1082, 1089, 1096, 1103, 1111, 1119, 1127, 1134, 1145, 1156, - 1163, 1172, 1181, 1190, 1197, 1204, 1212, 1220, 1230, 1240, - 1250, 1258, 1271, 1282, 1290, 1303, 1312, 1321, 1330, 1340, - 1350, 1358, 1371, 1380, 1388, 1397, 1405, 1418, 1427, 1434, - 1444, 1454, 1464, 1474, 1484, 1494, 1504, 1514, 1521, 1528, - 1535, 1544, 1553, 1562, 1571, 1578, 1588, 1608, 1615, 1633, - 1646, 1659, 1668, 1677, 1686, 1695, 1705, 1715, 1726, 1735, - 1744, 1753, 1762, 1771, 1780, 1793, 1806, 1815, 1822, 1831, - 1840, 1849, 1858, 1866, 1879, 1887, 1928, 1935, 1950, 1960, - 1970, 1977, 1984, 1991, 2000, 2008, 2022, 2043, 2064, 2076, - 2088, 2100, 2109, 2130, 2140, 2149, 2157, 2165, 2178, 2191, - 2206, 2221, 2230, 2239, 2245, 2254, 2263, 2273, 2283, 2296, - 2309, 2321, 2335, 2347, 2361, 2371, 2378, 2385, 2394, 2403, - 2413, 2423, 2433, 2440, 2447, 2456, 2465, 2475, 2485, 2492, - 2499, 2506, 2514, 2524, 2534, 2544, 2554, 2593, 2603, 2611, - 2619, 2634, 2643, 2648, 2649, 2650, 2650, 2650, 2651, 2651, - 2651, 2652, 2652, 2654, 2664, 2673, 2680, 2687, 2694, 2701, - 2708, 2715, 2720, 2721, 2722, 2722, 2723, 2723, 2724, 2724, - 2725, 2726, 2727, 2728, 2729, 2730, 2732, 2741, 2748, 2757, - 2766, 2773, 2780, 2790, 2800, 2810, 2820, 2830, 2840, 2845, - 2846, 2847, 2849, 2855, 2865, 2872, 2881, 2889, 2894, 2895, - 2897, 2897, 2897, 2898, 2898, 2899, 2900, 2901, 2902, 2903, - 2905, 2915, 2924, 2931, 2940, 2947, 2956, 2964, 2977, 2985, - 2998, 3003, 3004, 3005, 3005, 3006, 3006, 3006, 3008, 3020, - 3032, 3044, 3059, 3072, 3083, 3088, 3089, 3090, 3090, 3092, - 3107 + 0, 181, 181, 181, 182, 182, 183, 183, 184, 184, + 184, 185, 185, 186, 186, 187, 187, 188, 190, 196, + 201, 202, 203, 203, 203, 204, 204, 205, 205, 205, + 206, 206, 207, 207, 207, 208, 208, 209, 209, 209, + 210, 210, 210, 211, 211, 212, 212, 213, 213, 214, + 214, 215, 215, 216, 216, 217, 217, 218, 218, 219, + 219, 219, 220, 220, 220, 221, 221, 221, 222, 222, + 223, 223, 224, 224, 225, 225, 226, 226, 226, 227, + 227, 228, 228, 229, 229, 229, 230, 230, 231, 231, + 232, 232, 233, 233, 233, 234, 234, 235, 235, 236, + 236, 237, 237, 238, 238, 239, 239, 239, 240, 240, + 241, 241, 241, 242, 242, 242, 243, 243, 243, 244, + 244, 244, 244, 245, 246, 246, 246, 247, 247, 247, + 248, 248, 249, 249, 250, 250, 250, 251, 251, 252, + 252, 252, 253, 254, 254, 255, 255, 256, 257, 257, + 258, 258, 259, 259, 260, 261, 261, 262, 262, 263, + 263, 264, 264, 265, 265, 266, 266, 266, 267, 267, + 268, 268, 269, 269, 270, 270, 271, 271, 272, 272, + 273, 273, 273, 274, 274, 274, 275, 275, 275, 276, + 276, 277, 278, 278, 279, 279, 280, 280, 281, 281, + 282, 282, 282, 283, 283, 283, 284, 284, 284, 285, + 285, 286, 286, 287, 287, 288, 290, 302, 303, 304, + 304, 304, 304, 304, 305, 305, 307, 319, 320, 321, + 321, 321, 321, 322, 322, 324, 338, 339, 340, 340, + 340, 340, 341, 341, 341, 343, 360, 361, 362, 362, + 362, 362, 363, 363, 363, 364, 367, 386, 403, 411, + 421, 429, 446, 447, 448, 448, 448, 448, 448, 449, + 449, 449, 450, 450, 452, 461, 470, 481, 490, 499, + 508, 519, 528, 540, 554, 569, 580, 597, 614, 631, + 648, 663, 678, 691, 706, 715, 724, 733, 742, 751, + 760, 769, 778, 787, 796, 805, 814, 823, 832, 845, + 854, 867, 876, 885, 894, 901, 908, 917, 924, 933, + 941, 948, 955, 963, 972, 981, 990, 1004, 1013, 1022, + 1031, 1040, 1049, 1058, 1065, 1072, 1098, 1106, 1113, 1120, + 1127, 1134, 1142, 1150, 1158, 1165, 1176, 1187, 1194, 1203, + 1212, 1221, 1228, 1235, 1243, 1251, 1261, 1271, 1281, 1295, + 1303, 1316, 1327, 1335, 1348, 1357, 1366, 1375, 1385, 1395, + 1403, 1416, 1425, 1433, 1442, 1450, 1463, 1472, 1479, 1489, + 1499, 1509, 1519, 1529, 1539, 1549, 1559, 1566, 1573, 1580, + 1589, 1598, 1607, 1616, 1623, 1633, 1653, 1660, 1678, 1691, + 1704, 1713, 1722, 1731, 1740, 1750, 1760, 1771, 1780, 1789, + 1798, 1807, 1816, 1825, 1838, 1851, 1860, 1867, 1876, 1885, + 1894, 1903, 1911, 1924, 1932, 1973, 1980, 1995, 2005, 2015, + 2022, 2029, 2036, 2045, 2053, 2067, 2088, 2109, 2121, 2133, + 2145, 2154, 2175, 2185, 2194, 2202, 2210, 2223, 2236, 2251, + 2266, 2275, 2284, 2290, 2299, 2308, 2318, 2328, 2341, 2354, + 2366, 2380, 2392, 2406, 2416, 2423, 2430, 2439, 2448, 2458, + 2468, 2478, 2485, 2492, 2501, 2510, 2520, 2530, 2537, 2544, + 2551, 2559, 2569, 2579, 2589, 2599, 2638, 2648, 2656, 2664, + 2679, 2688, 2693, 2694, 2695, 2695, 2695, 2696, 2696, 2696, + 2697, 2697, 2699, 2709, 2718, 2725, 2732, 2739, 2746, 2753, + 2760, 2765, 2766, 2767, 2767, 2767, 2768, 2768, 2768, 2769, + 2770, 2770, 2771, 2771, 2772, 2772, 2773, 2774, 2775, 2776, + 2777, 2778, 2780, 2789, 2799, 2806, 2813, 2822, 2829, 2836, + 2843, 2850, 2859, 2868, 2875, 2882, 2892, 2902, 2912, 2922, + 2932, 2942, 2947, 2948, 2949, 2951, 2957, 2962, 2963, 2964, + 2966, 2972, 2982, 2989, 2998, 3006, 3011, 3012, 3014, 3014, + 3014, 3015, 3015, 3016, 3017, 3018, 3019, 3020, 3022, 3032, + 3041, 3048, 3057, 3064, 3073, 3081, 3094, 3102, 3115, 3120, + 3121, 3122, 3122, 3123, 3123, 3123, 3124, 3126, 3138, 3150, + 3162, 3177, 3190, 3203, 3214, 3219, 3220, 3221, 3221, 3223, + 3238 }; #endif @@ -1097,9 +1129,10 @@ static const yytype_uint16 yyrline[] = static const char *const yytname[] = { "$end", "error", "$undefined", "SPACE", "LETTER", "NEWLINE", "COMMENT", - "COLON", "ANY", "ZONESTR", "STRING_ARG", "VAR_SERVER", "VAR_VERBOSITY", - "VAR_NUM_THREADS", "VAR_PORT", "VAR_OUTGOING_RANGE", "VAR_INTERFACE", - "VAR_DO_IP4", "VAR_DO_IP6", "VAR_PREFER_IP6", "VAR_DO_UDP", "VAR_DO_TCP", + "COLON", "ANY", "ZONESTR", "STRING_ARG", "VAR_FORCE_TOPLEVEL", + "VAR_SERVER", "VAR_VERBOSITY", "VAR_NUM_THREADS", "VAR_PORT", + "VAR_OUTGOING_RANGE", "VAR_INTERFACE", "VAR_PREFER_IP4", "VAR_DO_IP4", + "VAR_DO_IP6", "VAR_PREFER_IP6", "VAR_DO_UDP", "VAR_DO_TCP", "VAR_TCP_MSS", "VAR_OUTGOING_TCP_MSS", "VAR_TCP_IDLE_TIMEOUT", "VAR_EDNS_TCP_KEEPALIVE", "VAR_EDNS_TCP_KEEPALIVE_TIMEOUT", "VAR_CHROOT", "VAR_USERNAME", "VAR_DIRECTORY", "VAR_LOGFILE", "VAR_PIDFILE", @@ -1145,8 +1178,11 @@ static const char *const yytname[] = "VAR_DELAY_CLOSE", "VAR_UNBLOCK_LAN_ZONES", "VAR_INSECURE_LAN_ZONES", "VAR_INFRA_CACHE_MIN_RTT", "VAR_DNS64_PREFIX", "VAR_DNS64_SYNTHALL", "VAR_DNS64_IGNORE_AAAA", "VAR_DNSTAP", "VAR_DNSTAP_ENABLE", - "VAR_DNSTAP_SOCKET_PATH", "VAR_DNSTAP_SEND_IDENTITY", - "VAR_DNSTAP_SEND_VERSION", "VAR_DNSTAP_IDENTITY", "VAR_DNSTAP_VERSION", + "VAR_DNSTAP_SOCKET_PATH", "VAR_DNSTAP_IP", "VAR_DNSTAP_TLS", + "VAR_DNSTAP_TLS_SERVER_NAME", "VAR_DNSTAP_TLS_CERT_BUNDLE", + "VAR_DNSTAP_TLS_CLIENT_KEY_FILE", "VAR_DNSTAP_TLS_CLIENT_CERT_FILE", + "VAR_DNSTAP_SEND_IDENTITY", "VAR_DNSTAP_SEND_VERSION", + "VAR_DNSTAP_BIDIRECTIONAL", "VAR_DNSTAP_IDENTITY", "VAR_DNSTAP_VERSION", "VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES", "VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES", "VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES", @@ -1154,7 +1190,7 @@ static const char *const yytname[] = "VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES", "VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES", "VAR_RESPONSE_IP_TAG", "VAR_RESPONSE_IP", "VAR_RESPONSE_IP_DATA", "VAR_HARDEN_ALGO_DOWNGRADE", - "VAR_IP_TRANSPARENT", "VAR_DISABLE_DNSSEC_LAME_CHECK", + "VAR_IP_TRANSPARENT", "VAR_IP_DSCP", "VAR_DISABLE_DNSSEC_LAME_CHECK", "VAR_IP_RATELIMIT", "VAR_IP_RATELIMIT_SLABS", "VAR_IP_RATELIMIT_SIZE", "VAR_RATELIMIT", "VAR_RATELIMIT_SLABS", "VAR_RATELIMIT_SIZE", "VAR_RATELIMIT_FOR_DOMAIN", "VAR_RATELIMIT_BELOW_DOMAIN", @@ -1186,26 +1222,27 @@ static const char *const yytname[] = "VAR_IPSECMOD_MAX_TTL", "VAR_IPSECMOD_WHITELIST", "VAR_IPSECMOD_STRICT", "VAR_CACHEDB", "VAR_CACHEDB_BACKEND", "VAR_CACHEDB_SECRETSEED", "VAR_CACHEDB_REDISHOST", "VAR_CACHEDB_REDISPORT", - "VAR_CACHEDB_REDISTIMEOUT", "VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM", - "VAR_FOR_UPSTREAM", "VAR_AUTH_ZONE", "VAR_ZONEFILE", "VAR_MASTER", - "VAR_URL", "VAR_FOR_DOWNSTREAM", "VAR_FALLBACK_ENABLED", - "VAR_TLS_ADDITIONAL_PORT", "VAR_LOW_RTT", "VAR_LOW_RTT_PERMIL", - "VAR_FAST_SERVER_PERMIL", "VAR_FAST_SERVER_NUM", "VAR_ALLOW_NOTIFY", - "VAR_TLS_WIN_CERT", "VAR_TCP_CONNECTION_LIMIT", "VAR_FORWARD_NO_CACHE", - "VAR_STUB_NO_CACHE", "VAR_LOG_SERVFAIL", "VAR_DENY_ANY", - "VAR_UNKNOWN_SERVER_TIME_LIMIT", "VAR_LOG_TAG_QUERYREPLY", - "VAR_STREAM_WAIT_SIZE", "VAR_TLS_CIPHERS", "VAR_TLS_CIPHERSUITES", - "VAR_IPSET", "VAR_IPSET_NAME_V4", "VAR_IPSET_NAME_V6", - "VAR_TLS_SESSION_TICKET_KEYS", "VAR_RPZ", "VAR_TAGS", - "VAR_RPZ_ACTION_OVERRIDE", "VAR_RPZ_CNAME_OVERRIDE", "VAR_RPZ_LOG", - "VAR_RPZ_LOG_NAME", "$accept", "toplevelvars", "toplevelvar", - "serverstart", "contents_server", "content_server", "stubstart", - "contents_stub", "content_stub", "forwardstart", "contents_forward", - "content_forward", "viewstart", "contents_view", "content_view", - "authstart", "contents_auth", "content_auth", "rpz_tag", - "rpz_action_override", "rpz_cname_override", "rpz_log", "rpz_log_name", - "rpzstart", "contents_rpz", "content_rpz", "server_num_threads", - "server_verbosity", "server_statistics_interval", + "VAR_CACHEDB_REDISTIMEOUT", "VAR_CACHEDB_REDISEXPIRERECORDS", + "VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM", "VAR_FOR_UPSTREAM", + "VAR_AUTH_ZONE", "VAR_ZONEFILE", "VAR_MASTER", "VAR_URL", + "VAR_FOR_DOWNSTREAM", "VAR_FALLBACK_ENABLED", "VAR_TLS_ADDITIONAL_PORT", + "VAR_LOW_RTT", "VAR_LOW_RTT_PERMIL", "VAR_FAST_SERVER_PERMIL", + "VAR_FAST_SERVER_NUM", "VAR_ALLOW_NOTIFY", "VAR_TLS_WIN_CERT", + "VAR_TCP_CONNECTION_LIMIT", "VAR_FORWARD_NO_CACHE", "VAR_STUB_NO_CACHE", + "VAR_LOG_SERVFAIL", "VAR_DENY_ANY", "VAR_UNKNOWN_SERVER_TIME_LIMIT", + "VAR_LOG_TAG_QUERYREPLY", "VAR_STREAM_WAIT_SIZE", "VAR_TLS_CIPHERS", + "VAR_TLS_CIPHERSUITES", "VAR_TLS_USE_SNI", "VAR_IPSET", + "VAR_IPSET_NAME_V4", "VAR_IPSET_NAME_V6", "VAR_TLS_SESSION_TICKET_KEYS", + "VAR_RPZ", "VAR_TAGS", "VAR_RPZ_ACTION_OVERRIDE", + "VAR_RPZ_CNAME_OVERRIDE", "VAR_RPZ_LOG", "VAR_RPZ_LOG_NAME", + "VAR_DYNLIB", "VAR_DYNLIB_FILE", "$accept", "toplevelvars", + "toplevelvar", "force_toplevel", "serverstart", "contents_server", + "content_server", "stubstart", "contents_stub", "content_stub", + "forwardstart", "contents_forward", "content_forward", "viewstart", + "contents_view", "content_view", "authstart", "contents_auth", + "content_auth", "rpz_tag", "rpz_action_override", "rpz_cname_override", + "rpz_log", "rpz_log_name", "rpzstart", "contents_rpz", "content_rpz", + "server_num_threads", "server_verbosity", "server_statistics_interval", "server_statistics_cumulative", "server_extended_statistics", "server_shm_enable", "server_shm_key", "server_port", "server_send_client_subnet", "server_client_subnet_zone", @@ -1217,55 +1254,56 @@ static const char *const yytname[] = "server_outgoing_port_permit", "server_outgoing_port_avoid", "server_outgoing_num_tcp", "server_incoming_num_tcp", "server_interface_automatic", "server_do_ip4", "server_do_ip6", - "server_do_udp", "server_do_tcp", "server_prefer_ip6", "server_tcp_mss", - "server_outgoing_tcp_mss", "server_tcp_idle_timeout", - "server_tcp_keepalive", "server_tcp_keepalive_timeout", - "server_tcp_upstream", "server_udp_upstream_without_downstream", - "server_ssl_upstream", "server_ssl_service_key", - "server_ssl_service_pem", "server_ssl_port", "server_tls_cert_bundle", - "server_tls_win_cert", "server_tls_additional_port", - "server_tls_ciphers", "server_tls_ciphersuites", - "server_tls_session_ticket_keys", "server_use_systemd", - "server_do_daemonize", "server_use_syslog", "server_log_time_ascii", - "server_log_queries", "server_log_replies", "server_log_tag_queryreply", - "server_log_servfail", "server_log_local_actions", "server_chroot", - "server_username", "server_directory", "server_logfile", - "server_pidfile", "server_root_hints", "server_dlv_anchor_file", - "server_dlv_anchor", "server_auto_trust_anchor_file", - "server_trust_anchor_file", "server_trusted_keys_file", - "server_trust_anchor", "server_trust_anchor_signaling", - "server_root_key_sentinel", "server_domain_insecure", - "server_hide_identity", "server_hide_version", "server_hide_trustanchor", - "server_identity", "server_version", "server_so_rcvbuf", - "server_so_sndbuf", "server_so_reuseport", "server_ip_transparent", - "server_ip_freebind", "server_stream_wait_size", - "server_edns_buffer_size", "server_msg_buffer_size", - "server_msg_cache_size", "server_msg_cache_slabs", - "server_num_queries_per_thread", "server_jostle_timeout", - "server_delay_close", "server_unblock_lan_zones", - "server_insecure_lan_zones", "server_rrset_cache_size", - "server_rrset_cache_slabs", "server_infra_host_ttl", - "server_infra_lame_ttl", "server_infra_cache_numhosts", - "server_infra_cache_lame_size", "server_infra_cache_slabs", - "server_infra_cache_min_rtt", "server_target_fetch_policy", - "server_harden_short_bufsize", "server_harden_large_queries", - "server_harden_glue", "server_harden_dnssec_stripped", - "server_harden_below_nxdomain", "server_harden_referral_path", - "server_harden_algo_downgrade", "server_use_caps_for_id", - "server_caps_whitelist", "server_private_address", - "server_private_domain", "server_prefetch", "server_prefetch_key", - "server_deny_any", "server_unwanted_reply_threshold", - "server_do_not_query_address", "server_do_not_query_localhost", - "server_access_control", "server_module_conf", - "server_val_override_date", "server_val_sig_skew_min", - "server_val_sig_skew_max", "server_cache_max_ttl", - "server_cache_max_negative_ttl", "server_cache_min_ttl", - "server_bogus_ttl", "server_val_clean_additional", - "server_val_permissive_mode", "server_aggressive_nsec", - "server_ignore_cd_flag", "server_serve_expired", - "server_serve_expired_ttl", "server_serve_expired_ttl_reset", - "server_serve_expired_reply_ttl", "server_serve_expired_client_timeout", - "server_fake_dsa", "server_fake_sha1", "server_val_log_level", + "server_do_udp", "server_do_tcp", "server_prefer_ip4", + "server_prefer_ip6", "server_tcp_mss", "server_outgoing_tcp_mss", + "server_tcp_idle_timeout", "server_tcp_keepalive", + "server_tcp_keepalive_timeout", "server_tcp_upstream", + "server_udp_upstream_without_downstream", "server_ssl_upstream", + "server_ssl_service_key", "server_ssl_service_pem", "server_ssl_port", + "server_tls_cert_bundle", "server_tls_win_cert", + "server_tls_additional_port", "server_tls_ciphers", + "server_tls_ciphersuites", "server_tls_session_ticket_keys", + "server_tls_use_sni", "server_use_systemd", "server_do_daemonize", + "server_use_syslog", "server_log_time_ascii", "server_log_queries", + "server_log_replies", "server_log_tag_queryreply", "server_log_servfail", + "server_log_local_actions", "server_chroot", "server_username", + "server_directory", "server_logfile", "server_pidfile", + "server_root_hints", "server_dlv_anchor_file", "server_dlv_anchor", + "server_auto_trust_anchor_file", "server_trust_anchor_file", + "server_trusted_keys_file", "server_trust_anchor", + "server_trust_anchor_signaling", "server_root_key_sentinel", + "server_domain_insecure", "server_hide_identity", "server_hide_version", + "server_hide_trustanchor", "server_identity", "server_version", + "server_so_rcvbuf", "server_so_sndbuf", "server_so_reuseport", + "server_ip_transparent", "server_ip_freebind", "server_ip_dscp", + "server_stream_wait_size", "server_edns_buffer_size", + "server_msg_buffer_size", "server_msg_cache_size", + "server_msg_cache_slabs", "server_num_queries_per_thread", + "server_jostle_timeout", "server_delay_close", + "server_unblock_lan_zones", "server_insecure_lan_zones", + "server_rrset_cache_size", "server_rrset_cache_slabs", + "server_infra_host_ttl", "server_infra_lame_ttl", + "server_infra_cache_numhosts", "server_infra_cache_lame_size", + "server_infra_cache_slabs", "server_infra_cache_min_rtt", + "server_target_fetch_policy", "server_harden_short_bufsize", + "server_harden_large_queries", "server_harden_glue", + "server_harden_dnssec_stripped", "server_harden_below_nxdomain", + "server_harden_referral_path", "server_harden_algo_downgrade", + "server_use_caps_for_id", "server_caps_whitelist", + "server_private_address", "server_private_domain", "server_prefetch", + "server_prefetch_key", "server_deny_any", + "server_unwanted_reply_threshold", "server_do_not_query_address", + "server_do_not_query_localhost", "server_access_control", + "server_module_conf", "server_val_override_date", + "server_val_sig_skew_min", "server_val_sig_skew_max", + "server_cache_max_ttl", "server_cache_max_negative_ttl", + "server_cache_min_ttl", "server_bogus_ttl", + "server_val_clean_additional", "server_val_permissive_mode", + "server_aggressive_nsec", "server_ignore_cd_flag", + "server_serve_expired", "server_serve_expired_ttl", + "server_serve_expired_ttl_reset", "server_serve_expired_reply_ttl", + "server_serve_expired_client_timeout", "server_fake_dsa", + "server_fake_sha1", "server_val_log_level", "server_val_nsec3_keysize_iterations", "server_add_holddown", "server_del_holddown", "server_keep_missing", "server_permit_small_holddown", "server_key_cache_size", @@ -1298,7 +1336,10 @@ static const char *const yytname[] = "rc_control_interface", "rc_control_use_cert", "rc_server_key_file", "rc_server_cert_file", "rc_control_key_file", "rc_control_cert_file", "dtstart", "contents_dt", "content_dt", "dt_dnstap_enable", - "dt_dnstap_socket_path", "dt_dnstap_send_identity", + "dt_dnstap_bidirectional", "dt_dnstap_socket_path", "dt_dnstap_ip", + "dt_dnstap_tls", "dt_dnstap_tls_server_name", + "dt_dnstap_tls_cert_bundle", "dt_dnstap_tls_client_key_file", + "dt_dnstap_tls_client_cert_file", "dt_dnstap_send_identity", "dt_dnstap_send_version", "dt_dnstap_identity", "dt_dnstap_version", "dt_dnstap_log_resolver_query_messages", "dt_dnstap_log_resolver_response_messages", @@ -1306,10 +1347,10 @@ static const char *const yytname[] = "dt_dnstap_log_client_response_messages", "dt_dnstap_log_forwarder_query_messages", "dt_dnstap_log_forwarder_response_messages", "pythonstart", - "contents_py", "content_py", "py_script", - "server_disable_dnssec_lame_check", "server_log_identity", - "server_response_ip", "server_response_ip_data", "dnscstart", - "contents_dnsc", "content_dnsc", "dnsc_dnscrypt_enable", + "contents_py", "content_py", "py_script", "dynlibstart", "contents_dl", + "content_dl", "dl_file", "server_disable_dnssec_lame_check", + "server_log_identity", "server_response_ip", "server_response_ip_data", + "dnscstart", "contents_dnsc", "content_dnsc", "dnsc_dnscrypt_enable", "dnsc_dnscrypt_port", "dnsc_dnscrypt_provider", "dnsc_dnscrypt_provider_cert", "dnsc_dnscrypt_provider_cert_rotated", "dnsc_dnscrypt_secret_key", "dnsc_dnscrypt_shared_secret_cache_size", @@ -1317,9 +1358,9 @@ static const char *const yytname[] = "dnsc_dnscrypt_nonce_cache_size", "dnsc_dnscrypt_nonce_cache_slabs", "cachedbstart", "contents_cachedb", "content_cachedb", "cachedb_backend_name", "cachedb_secret_seed", "redis_server_host", - "redis_server_port", "redis_timeout", "server_tcp_connection_limit", - "ipsetstart", "contents_ipset", "content_ipset", "ipset_name_v4", - "ipset_name_v6", YY_NULLPTR + "redis_server_port", "redis_timeout", "redis_expire_records", + "server_tcp_connection_limit", "ipsetstart", "contents_ipset", + "content_ipset", "ipset_name_v4", "ipset_name_v6", YY_NULLPTR }; #endif @@ -1355,14 +1396,16 @@ static const yytype_uint16 yytoknum[] = 495, 496, 497, 498, 499, 500, 501, 502, 503, 504, 505, 506, 507, 508, 509, 510, 511, 512, 513, 514, 515, 516, 517, 518, 519, 520, 521, 522, 523, 524, - 525, 526, 527, 528, 529, 530, 531, 532 + 525, 526, 527, 528, 529, 530, 531, 532, 533, 534, + 535, 536, 537, 538, 539, 540, 541, 542, 543, 544, + 545, 546 }; # endif -#define YYPACT_NINF -262 +#define YYPACT_NINF -285 #define yypact_value_is_default(Yystate) \ - (!!((Yystate) == (-262))) + (!!((Yystate) == (-285))) #define YYTABLE_NINF -1 @@ -1373,93 +1416,97 @@ static const yytype_uint16 yytoknum[] = STATE-NUM. */ static const yytype_int16 yypact[] = { - -262, 0, -262, -262, -262, -262, -262, -262, -262, -262, - -262, -262, -262, -262, -262, -262, -262, -262, -262, -262, - -262, -262, -262, -262, -262, -262, -262, -262, 261, -41, - -36, -40, -20, -42, -29, -128, -105, -170, -221, -261, - 2, 3, 4, 12, 26, 27, 28, 31, 32, 33, - 35, 36, 37, 38, 39, 51, 52, 53, 64, 65, - 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, - 76, 77, 78, 79, 80, 81, 82, 83, 85, 87, - 88, 91, 93, 94, 95, 96, 97, 98, 99, 101, - 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, - 112, 113, 114, 117, 118, 119, 120, 121, 122, 123, - 124, 125, 126, 127, 128, 129, 130, 131, 132, 133, - 134, 135, 136, 137, 138, 139, 140, 142, 143, 144, - 145, 146, 147, 148, 149, 150, 151, 152, 153, 155, - 156, 157, 158, 159, 160, 161, 162, 163, 164, 165, - 166, 167, 168, 169, 170, 171, 172, 173, 174, 175, - 176, 177, 178, 179, 180, 181, 182, 183, 184, 185, - 186, 187, 188, 189, 190, 191, 193, 197, 198, 199, - 200, 201, 202, 203, 205, 206, 207, 208, 211, 212, - 215, 228, 229, 230, 231, 232, 233, 234, 236, 237, - 238, 239, 240, 241, 242, 243, 244, 245, 246, 247, - 248, 249, 250, 251, 252, 253, 254, 255, 256, 257, - 259, 260, 294, 295, 296, 297, 301, 302, 303, 345, - 346, -262, -262, -262, -262, -262, -262, -262, -262, -262, - -262, -262, -262, -262, -262, -262, -262, -262, -262, -262, - -262, -262, -262, -262, -262, -262, -262, -262, -262, -262, - -262, -262, -262, -262, -262, -262, -262, -262, -262, -262, - -262, -262, -262, -262, -262, -262, -262, -262, -262, -262, - -262, -262, -262, -262, -262, -262, -262, -262, -262, -262, - -262, -262, -262, -262, -262, -262, -262, -262, -262, -262, - -262, -262, -262, -262, -262, -262, -262, -262, -262, -262, - -262, -262, -262, -262, -262, -262, -262, -262, -262, -262, - -262, -262, -262, -262, -262, -262, -262, -262, -262, -262, - -262, -262, -262, -262, -262, -262, -262, -262, -262, -262, - -262, -262, -262, -262, -262, -262, -262, -262, -262, -262, - -262, -262, -262, -262, -262, -262, -262, -262, -262, -262, - -262, -262, -262, -262, -262, -262, -262, -262, -262, -262, - -262, -262, -262, -262, -262, -262, -262, -262, -262, -262, - -262, -262, -262, -262, -262, -262, -262, -262, -262, -262, - -262, -262, -262, -262, -262, -262, -262, -262, -262, -262, - -262, -262, -262, -262, -262, -262, -262, -262, -262, -262, - -262, -262, -262, -262, -262, -262, -262, -262, -262, -262, - -262, -262, -262, 347, 348, 349, 350, 351, 352, 353, - -262, -262, -262, -262, -262, -262, -262, -262, 357, 361, - 362, 387, 388, 389, -262, -262, -262, -262, -262, -262, - -262, 391, 402, 403, 404, 405, 406, 407, -262, -262, - -262, -262, -262, -262, -262, -262, 408, 409, 410, 411, - 412, 413, 414, 453, -262, -262, -262, -262, -262, -262, - -262, -262, -262, 455, 471, 472, 473, 474, -262, -262, - -262, -262, -262, -262, -262, -262, -262, -262, -262, 475, - 476, 477, 478, 479, 480, 481, 488, -262, -262, -262, - -262, -262, -262, -262, -262, -262, 489, 490, 491, 492, - 493, 495, 496, 497, 498, 499, 500, 501, -262, -262, - -262, -262, -262, -262, -262, -262, -262, -262, -262, -262, - -262, 504, -262, -262, 507, 510, 511, 519, 520, 521, - 523, 524, 525, 526, -262, -262, -262, -262, -262, -262, - -262, -262, -262, -262, -262, 527, 528, 529, 530, 531, - -262, -262, -262, -262, -262, -262, 532, 533, -262, -262, - -262, -262, -262, -262, -262, -262, -262, -262, -262, -262, - -262, -262, -262, -262, -262, -262, -262, -262, -262, -262, - -262, -262, -262, -262, -262, -262, -262, -262, -262, -262, - -262, -262, -262, -262, -262, -262, -262, -262, -262, -262, - -262, -262, -262, -262, -262, -262, -262, -262, -262, -262, - -262, -262, -262, -262, -262, -262, -262, -262, -262, -262, - 534, 535, -262, -262, -262, -262, -262, -262, -262, -262, - -262, -262, -262, -262, -262, -262, -262, -262, -262, -262, - -262, -262, -262, -262, -262, -262, -262, -262, -262, -262, - -262, -262, -262, -262, -262, -262, -262, -262, -262, -262, - -262, -262, -262, -262, -262, -262, -262, -262, -262, -262, - -262, -262, -262, -262, -262, -262, -262, 536, 537, 538, - -262, -262, -262, -262, -262, -262, -262, -262, -262, 539, - 540, -262, -262, -262, -262, -262, -262, -262, -262, -262, - -262, -262, -262, -262, -262, -262, -262, -262, -262, -262, - 541, 542, 543, 544, 545, 546, -262, -262, -262, -262, - -262, -262, -262, -262, -262, -262, -262, -262, -262, -262, - -262, -262, -262, -262, -262, -262, -262, -262, -262, -262, - -262, -262, -262, 547, -262, -262, -262, -262, -262, -262, - -262, -262, -262, -262, -262, -262, -262, -262, -262, -262, - -262, -262, -262, -262, -262, -262, 548, -262, -262, 549, - 550, -262, -262, -262, -262, -262, -262, -262, -262, -262, - -262, -262, -262, -262, -262, -262, -262, -262, -262, -262, - -262, -262, -262, -262, -262, -262, -262, -262, -262, -262, - -262, -262, -262, -262, -262, -262, -262, -262, -262, -262, - -262, -262, -262, -262, -262, -262, -262, -262, -262, -262, - -262, -262, -262, -262, -262, -262, -262, -262, -262, -262, - -262, -262, 551, 552, 553, -262, -262, -262, -262, -262, - -262, -262, -262 + -285, 0, -285, -285, -285, -285, -285, -285, -285, -285, + -285, -285, -285, -285, -285, -285, -285, -285, -285, -285, + -285, -285, -285, -285, -285, -285, -285, -285, -285, -285, + -285, -285, 278, -42, -37, -43, -21, -44, -11, -87, + -109, -284, -206, -230, -272, 3, 4, 5, 25, 26, + 27, 30, 31, 32, 33, 34, 35, 37, 38, 39, + 40, 41, 43, 44, 45, 46, 47, 48, 49, 50, + 51, 52, 54, 55, 84, 85, 88, 89, 92, 94, + 95, 96, 97, 98, 99, 100, 101, 103, 104, 105, + 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, + 116, 117, 118, 119, 120, 123, 124, 125, 126, 127, + 128, 129, 130, 131, 132, 133, 134, 135, 136, 137, + 138, 139, 140, 141, 142, 144, 145, 146, 147, 148, + 149, 150, 151, 152, 153, 154, 155, 156, 157, 158, + 159, 160, 162, 163, 164, 165, 166, 167, 168, 169, + 170, 171, 172, 173, 174, 175, 176, 177, 178, 179, + 180, 181, 182, 183, 184, 185, 186, 187, 188, 189, + 190, 191, 192, 193, 194, 195, 196, 197, 198, 199, + 200, 201, 206, 207, 208, 209, 210, 211, 212, 214, + 215, 216, 217, 218, 221, 222, 225, 238, 239, 240, + 241, 242, 243, 244, 245, 247, 248, 249, 250, 251, + 252, 253, 254, 255, 256, 257, 258, 259, 260, 261, + 262, 263, 264, 265, 266, 267, 268, 269, 271, 272, + 273, 275, 276, 277, 279, 313, 314, 315, 316, -285, + -285, -285, -285, -285, -285, -285, -285, -285, -285, -285, + -285, -285, -285, -285, -285, -285, -285, -285, -285, -285, + -285, -285, -285, -285, -285, -285, -285, -285, -285, -285, + -285, -285, -285, -285, -285, -285, -285, -285, -285, -285, + -285, -285, -285, -285, -285, -285, -285, -285, -285, -285, + -285, -285, -285, -285, -285, -285, -285, -285, -285, -285, + -285, -285, -285, -285, -285, -285, -285, -285, -285, -285, + -285, -285, -285, -285, -285, -285, -285, -285, -285, -285, + -285, -285, -285, -285, -285, -285, -285, -285, -285, -285, + -285, -285, -285, -285, -285, -285, -285, -285, -285, -285, + -285, -285, -285, -285, -285, -285, -285, -285, -285, -285, + -285, -285, -285, -285, -285, -285, -285, -285, -285, -285, + -285, -285, -285, -285, -285, -285, -285, -285, -285, -285, + -285, -285, -285, -285, -285, -285, -285, -285, -285, -285, + -285, -285, -285, -285, -285, -285, -285, -285, -285, -285, + -285, -285, -285, -285, -285, -285, -285, -285, -285, -285, + -285, -285, -285, -285, -285, -285, -285, -285, -285, -285, + -285, -285, -285, -285, -285, -285, -285, -285, -285, -285, + -285, -285, -285, -285, -285, -285, -285, -285, -285, -285, + -285, -285, -285, -285, 320, 321, 322, 364, 365, 366, + 367, -285, -285, -285, -285, -285, -285, -285, -285, 368, + 369, 370, 371, 372, 376, -285, -285, -285, -285, -285, + -285, -285, 380, 381, 406, 407, 408, 410, 421, -285, + -285, -285, -285, -285, -285, -285, -285, 422, 423, 424, + 425, 426, 427, 428, 429, -285, -285, -285, -285, -285, + -285, -285, -285, -285, 430, 431, 432, 433, 434, -285, + -285, -285, -285, -285, -285, -285, -285, -285, -285, -285, + 435, 436, 437, 438, 439, 440, 480, 482, -285, -285, + -285, -285, -285, -285, -285, -285, -285, 498, 499, 500, + 501, 502, 503, 504, 505, 506, 507, 508, 515, 516, + 517, 518, 519, 520, 521, 523, -285, -285, -285, -285, + -285, -285, -285, -285, -285, -285, -285, -285, -285, -285, + -285, -285, -285, -285, -285, -285, 524, -285, -285, 525, + -285, -285, 526, 527, 528, 529, 532, 535, 538, 539, + 548, 549, -285, -285, -285, -285, -285, -285, -285, -285, + -285, -285, -285, 550, 552, 553, 554, 555, 556, -285, + -285, -285, -285, -285, -285, -285, 557, 558, -285, -285, + -285, -285, -285, -285, -285, -285, -285, -285, -285, -285, + -285, -285, -285, -285, -285, -285, -285, -285, -285, -285, + -285, -285, -285, -285, -285, -285, -285, -285, -285, -285, + -285, -285, -285, -285, -285, -285, -285, -285, -285, -285, + -285, -285, -285, -285, -285, -285, -285, -285, -285, -285, + -285, -285, -285, -285, -285, -285, -285, -285, -285, -285, + -285, 559, 560, -285, -285, -285, -285, -285, -285, -285, + -285, -285, -285, -285, -285, -285, -285, -285, -285, -285, + -285, -285, -285, -285, -285, -285, -285, -285, -285, -285, + -285, -285, -285, -285, -285, -285, -285, -285, -285, -285, + -285, -285, -285, -285, -285, -285, -285, -285, -285, -285, + -285, -285, -285, -285, -285, -285, -285, -285, 561, 562, + 563, -285, -285, -285, -285, -285, -285, -285, -285, -285, + -285, 564, 565, -285, -285, -285, -285, -285, -285, -285, + -285, -285, -285, -285, -285, -285, -285, -285, -285, -285, + -285, -285, 566, 567, 568, 569, 570, 571, -285, -285, + -285, -285, -285, -285, -285, -285, -285, -285, -285, -285, + -285, -285, -285, -285, -285, -285, -285, -285, -285, -285, + -285, -285, -285, -285, -285, 572, -285, -285, -285, -285, + -285, -285, -285, -285, -285, -285, -285, -285, -285, -285, + -285, -285, -285, -285, -285, -285, -285, -285, -285, 573, + -285, -285, 574, 575, -285, -285, -285, -285, -285, -285, + -285, -285, -285, -285, -285, -285, -285, -285, -285, -285, + -285, -285, -285, -285, -285, -285, -285, -285, -285, -285, + -285, -285, -285, -285, -285, -285, -285, -285, -285, -285, + -285, -285, -285, -285, -285, -285, -285, -285, -285, -285, + -285, -285, -285, -285, -285, -285, -285, -285, -285, -285, + -285, -285, -285, -285, -285, -285, -285, -285, -285, -285, + -285, -285, -285, -285, 576, 577, 578, -285, -285, -285, + -285, -285, -285, -285, -285 }; /* YYDEFACT[STATE-NUM] -- Default reduction number in state STATE-NUM. @@ -1467,10 +1514,11 @@ static const yytype_int16 yypact[] = means the default is an error. */ static const yytype_uint16 yydefact[] = { - 2, 0, 1, 16, 210, 220, 482, 528, 501, 229, - 537, 560, 239, 574, 255, 3, 18, 212, 222, 231, - 241, 257, 484, 503, 530, 539, 562, 576, 4, 5, - 6, 10, 14, 15, 8, 9, 7, 11, 12, 13, + 2, 0, 1, 18, 19, 216, 226, 491, 551, 510, + 235, 565, 588, 245, 604, 261, 556, 3, 17, 21, + 218, 228, 237, 247, 263, 493, 512, 553, 558, 567, + 590, 606, 4, 5, 6, 10, 14, 15, 8, 9, + 7, 16, 11, 12, 13, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -1489,143 +1537,148 @@ static const yytype_uint16 yydefact[] = 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 20, + 22, 23, 86, 89, 98, 186, 187, 24, 151, 152, + 153, 154, 155, 156, 157, 158, 159, 160, 37, 77, + 25, 90, 91, 48, 70, 85, 26, 27, 30, 31, + 28, 29, 32, 33, 34, 35, 36, 121, 198, 122, + 124, 125, 126, 200, 205, 201, 212, 213, 214, 215, + 182, 87, 76, 102, 119, 120, 210, 207, 123, 38, + 39, 40, 41, 42, 78, 92, 93, 108, 64, 74, + 65, 190, 191, 103, 58, 59, 189, 60, 61, 112, + 116, 130, 139, 165, 142, 211, 113, 71, 43, 44, + 45, 100, 131, 132, 133, 46, 47, 49, 50, 52, + 53, 51, 137, 54, 55, 56, 62, 81, 117, 95, + 138, 88, 161, 96, 97, 114, 115, 208, 101, 57, + 79, 82, 63, 66, 104, 105, 80, 162, 106, 67, + 68, 69, 199, 118, 175, 176, 177, 178, 179, 180, + 188, 107, 75, 109, 110, 111, 163, 72, 73, 94, + 83, 84, 99, 127, 128, 209, 129, 134, 135, 136, + 166, 167, 169, 171, 172, 170, 173, 183, 140, 141, + 145, 146, 143, 144, 147, 148, 150, 149, 202, 204, + 203, 164, 174, 192, 194, 193, 195, 196, 197, 168, + 181, 184, 185, 206, 0, 0, 0, 0, 0, 0, + 0, 217, 219, 220, 221, 223, 224, 225, 222, 0, + 0, 0, 0, 0, 0, 227, 229, 230, 231, 232, + 233, 234, 0, 0, 0, 0, 0, 0, 0, 236, + 238, 239, 242, 243, 240, 244, 241, 0, 0, 0, + 0, 0, 0, 0, 0, 246, 248, 249, 250, 251, + 255, 252, 253, 254, 0, 0, 0, 0, 0, 266, + 270, 271, 272, 273, 262, 264, 265, 267, 268, 269, + 0, 0, 0, 0, 0, 0, 0, 0, 492, 494, + 496, 495, 501, 497, 498, 499, 500, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 17, 19, 20, 82, 85, 94, 181, 182, 21, - 146, 147, 148, 149, 150, 151, 152, 153, 154, 155, - 33, 73, 22, 86, 87, 44, 66, 81, 23, 24, - 26, 27, 25, 28, 29, 30, 31, 32, 117, 193, - 118, 120, 121, 122, 195, 200, 196, 207, 208, 209, - 177, 83, 72, 98, 115, 116, 205, 202, 119, 34, - 35, 36, 37, 38, 74, 88, 89, 104, 60, 70, - 61, 185, 186, 99, 54, 55, 184, 56, 57, 108, - 112, 126, 135, 160, 206, 109, 67, 39, 40, 41, - 96, 127, 128, 129, 42, 43, 45, 46, 48, 49, - 47, 133, 50, 51, 52, 58, 77, 113, 91, 134, - 84, 156, 92, 93, 110, 111, 203, 97, 53, 75, - 78, 59, 62, 100, 101, 76, 157, 102, 63, 64, - 65, 194, 114, 170, 171, 172, 173, 174, 175, 183, - 103, 71, 105, 106, 107, 158, 68, 69, 90, 79, - 80, 95, 123, 124, 204, 125, 130, 131, 132, 161, - 162, 164, 166, 167, 165, 168, 178, 136, 137, 140, - 141, 138, 139, 142, 143, 145, 144, 197, 199, 198, - 159, 169, 187, 189, 188, 190, 191, 192, 163, 176, - 179, 180, 201, 0, 0, 0, 0, 0, 0, 0, - 211, 213, 214, 215, 217, 218, 219, 216, 0, 0, - 0, 0, 0, 0, 221, 223, 224, 225, 226, 227, - 228, 0, 0, 0, 0, 0, 0, 0, 230, 232, - 233, 236, 237, 234, 238, 235, 0, 0, 0, 0, - 0, 0, 0, 0, 240, 242, 243, 244, 245, 249, - 246, 247, 248, 0, 0, 0, 0, 0, 260, 264, - 265, 266, 267, 256, 258, 259, 261, 262, 263, 0, - 0, 0, 0, 0, 0, 0, 0, 483, 485, 487, - 486, 492, 488, 489, 490, 491, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 502, 504, - 505, 506, 507, 508, 509, 510, 511, 512, 513, 514, - 515, 0, 529, 531, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 538, 540, 541, 542, 544, 545, - 543, 546, 547, 548, 549, 0, 0, 0, 0, 0, - 561, 563, 564, 565, 566, 567, 0, 0, 575, 577, - 578, 269, 268, 275, 288, 286, 294, 295, 298, 296, - 297, 299, 300, 301, 302, 303, 325, 326, 327, 328, - 329, 353, 354, 355, 360, 361, 291, 362, 363, 366, - 364, 365, 368, 369, 370, 384, 340, 341, 343, 344, - 371, 387, 334, 336, 388, 394, 395, 396, 292, 352, - 412, 413, 335, 407, 318, 287, 330, 385, 391, 372, - 0, 0, 416, 293, 270, 317, 376, 271, 289, 290, - 331, 332, 414, 374, 378, 379, 272, 417, 356, 383, - 319, 339, 389, 390, 393, 406, 333, 410, 408, 409, - 345, 351, 380, 381, 346, 347, 373, 398, 320, 321, - 324, 304, 306, 307, 308, 309, 310, 418, 419, 421, - 357, 358, 359, 367, 422, 423, 424, 0, 0, 0, - 375, 348, 533, 433, 437, 435, 434, 438, 436, 0, - 0, 441, 442, 276, 277, 278, 279, 280, 281, 282, - 283, 284, 285, 377, 392, 411, 446, 447, 349, 425, - 0, 0, 0, 0, 0, 0, 399, 400, 401, 402, - 403, 404, 405, 534, 342, 337, 397, 316, 273, 274, - 338, 448, 450, 449, 451, 452, 453, 305, 312, 443, - 445, 444, 311, 0, 323, 382, 420, 322, 350, 313, - 314, 315, 454, 455, 456, 460, 459, 457, 458, 461, - 462, 463, 464, 466, 465, 475, 0, 479, 480, 0, - 0, 481, 467, 473, 468, 469, 470, 472, 474, 471, - 250, 251, 252, 253, 254, 493, 495, 494, 497, 498, - 499, 500, 496, 516, 517, 518, 519, 520, 521, 522, - 523, 524, 525, 526, 527, 532, 550, 551, 552, 555, - 553, 554, 556, 557, 558, 559, 568, 569, 570, 571, - 572, 579, 580, 386, 415, 432, 535, 536, 439, 440, - 426, 427, 0, 0, 0, 431, 573, 476, 477, 478, - 430, 428, 429 + 0, 0, 0, 0, 0, 0, 511, 513, 515, 514, + 516, 517, 518, 519, 520, 521, 522, 523, 524, 525, + 526, 527, 528, 529, 530, 531, 0, 552, 554, 0, + 557, 559, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 566, 568, 569, 570, 572, 573, 571, 574, + 575, 576, 577, 0, 0, 0, 0, 0, 0, 589, + 591, 592, 593, 594, 595, 596, 0, 0, 605, 607, + 608, 275, 274, 281, 294, 292, 304, 300, 301, 305, + 302, 303, 306, 307, 308, 309, 310, 333, 334, 335, + 336, 337, 362, 363, 364, 369, 370, 297, 371, 372, + 375, 373, 374, 377, 378, 379, 393, 348, 349, 351, + 352, 380, 396, 342, 344, 397, 403, 404, 405, 298, + 361, 421, 422, 343, 416, 326, 293, 338, 394, 400, + 381, 0, 0, 425, 299, 276, 325, 385, 277, 295, + 296, 339, 340, 423, 383, 387, 388, 278, 426, 365, + 392, 327, 347, 398, 399, 402, 415, 341, 419, 417, + 418, 353, 360, 389, 390, 354, 355, 382, 407, 328, + 329, 332, 311, 313, 314, 315, 316, 317, 427, 428, + 430, 366, 367, 368, 376, 431, 432, 433, 0, 0, + 0, 384, 356, 358, 561, 442, 446, 444, 443, 447, + 445, 0, 0, 450, 451, 282, 283, 284, 285, 286, + 287, 288, 289, 290, 291, 386, 401, 420, 455, 456, + 357, 434, 0, 0, 0, 0, 0, 0, 408, 409, + 410, 411, 412, 413, 414, 562, 350, 345, 406, 324, + 279, 280, 346, 457, 459, 458, 460, 461, 462, 312, + 319, 452, 454, 453, 318, 0, 331, 391, 429, 330, + 359, 320, 321, 323, 322, 463, 464, 465, 469, 468, + 466, 467, 470, 471, 472, 473, 475, 474, 484, 0, + 488, 489, 0, 0, 490, 476, 482, 477, 478, 479, + 481, 483, 480, 256, 257, 258, 259, 260, 502, 504, + 503, 506, 507, 508, 509, 505, 532, 534, 535, 536, + 537, 538, 539, 540, 541, 542, 533, 543, 544, 545, + 546, 547, 548, 549, 550, 555, 560, 578, 579, 580, + 583, 581, 582, 584, 585, 586, 587, 597, 598, 599, + 600, 601, 602, 609, 610, 395, 424, 441, 563, 564, + 448, 449, 435, 436, 0, 0, 0, 440, 603, 485, + 486, 487, 439, 437, 438 }; /* YYPGOTO[NTERM-NUM]. */ static const yytype_int16 yypgoto[] = { - -262, -262, -262, -262, -262, -262, -262, -262, -262, -262, - -262, -262, -262, -262, -262, -262, -262, -262, -262, -262, - -262, -262, -262, -262, -262, -262, -262, -262, -262, -262, - -262, -262, -262, -262, -262, -262, -262, -262, -262, -262, - -262, -262, -262, -262, -262, -262, -262, -262, -262, -262, - -262, -262, -262, -262, -262, -262, -262, -262, -262, -262, - -262, -262, -262, -262, -262, -262, -262, -262, -262, -262, - -262, -262, -262, -262, -262, -262, -262, -262, -262, -262, - -262, -262, -262, -262, -262, -262, -262, -262, -262, -262, - -262, -262, -262, -262, -262, -262, -262, -262, -262, -262, - -262, -262, -262, -262, -262, -262, -262, -262, -262, -262, - -262, -262, -262, -262, -262, -262, -262, -262, -262, -262, - -262, -262, -262, -262, -262, -262, -262, -262, -262, -262, - -262, -262, -262, -262, -262, -262, -262, -262, -262, -262, - -262, -262, -262, -262, -262, -262, -262, -262, -262, -262, - -262, -262, -262, -262, -262, -262, -262, -262, -262, -262, - -262, -262, -262, -262, -262, -262, -262, -262, -262, -262, - -262, -262, -262, -262, -262, -262, -262, -262, -262, -262, - -262, -262, -262, -262, -262, -262, -262, -262, -262, -262, - -262, -262, -262, -262, -262, -262, -262, -262, -262, -262, - -262, -262, -262, -262, -262, -262, -262, -262, -262, -262, - -262, -262, -262, -262, -262, -262, -262, -262, -262, -262, - -262, -262, -262, -262, -262, -23, 554, 555, 556, 557, - -262, -262, -262, -262, -262, -262, -262, -262, -262, -262, - -262, -262, -262, -262, -262, -262, -262, -262, -262, -262, - -262, -262, -262, -262, -262, -262, -262, -262, -262, -262, - -262, -262, -262, -262, -262, -262, -262, -262, -262, -262, - -262, -262, -262, -262, -262, -262, -262, -262, -262, -262, - -262, -262, -262, -262, -262, -262, -262, -262, -262, -262, - -262, -262, -262, -262, -262, -262, -262, -262, -262, -262, - -262 + -285, -285, -285, -285, -285, -285, -285, -285, -285, -285, + -285, -285, -285, -285, -285, -285, -285, -285, -285, -285, + -285, -285, -285, -285, -285, -285, -285, -285, -285, -285, + -285, -285, -285, -285, -285, -285, -285, -285, -285, -285, + -285, -285, -285, -285, -285, -285, -285, -285, -285, -285, + -285, -285, -285, -285, -285, -285, -285, -285, -285, -285, + -285, -285, -285, -285, -285, -285, -285, -285, -285, -285, + -285, -285, -285, -285, -285, -285, -285, -285, -285, -285, + -285, -285, -285, -285, -285, -285, -285, -285, -285, -285, + -285, -285, -285, -285, -285, -285, -285, -285, -285, -285, + -285, -285, -285, -285, -285, -285, -285, -285, -285, -285, + -285, -285, -285, -285, -285, -285, -285, -285, -285, -285, + -285, -285, -285, -285, -285, -285, -285, -285, -285, -285, + -285, -285, -285, -285, -285, -285, -285, -285, -285, -285, + -285, -285, -285, -285, -285, -285, -285, -285, -285, -285, + -285, -285, -285, -285, -285, -285, -285, -285, -285, -285, + -285, -285, -285, -285, -285, -285, -285, -285, -285, -285, + -285, -285, -285, -285, -285, -285, -285, -285, -285, -285, + -285, -285, -285, -285, -285, -285, -285, -285, -285, -285, + -285, -285, -285, -285, -285, -285, -285, -285, -285, -285, + -285, -285, -285, -285, -285, -285, -285, -285, -285, -285, + -285, -285, -285, -285, -285, -285, -285, -285, -285, -285, + -285, -285, -285, -285, -285, -285, -285, -285, -285, 579, + 580, 581, 582, 583, -285, -285, -285, -285, -285, -285, + -285, -285, -285, -285, -285, -285, -285, -285, -285, -285, + -285, -285, -285, -285, -285, -285, -285, -285, -285, -285, + -285, -285, -285, -285, -285, -285, -285, -285, -285, -285, + -285, -285, -285, -285, -285, -285, -285, -285, -285, -285, + -285, -285, -285, -285, -285, -285, -285, -285, -285, -285, + -285, -285, -285, -285, -285, -285, -285, -285, -285, -285, + -285, -285, -285, -285, -285, -285, -285, -285, -285, -285, + -285, -285, -285, -285, -285, -285, -285 }; /* YYDEFGOTO[NTERM-NUM]. */ static const yytype_int16 yydefgoto[] = { - -1, 1, 15, 16, 28, 231, 17, 29, 430, 18, - 30, 444, 19, 31, 458, 20, 32, 474, 488, 489, - 490, 491, 492, 21, 33, 493, 232, 233, 234, 235, - 236, 237, 238, 239, 240, 241, 242, 243, 244, 245, - 246, 247, 248, 249, 250, 251, 252, 253, 254, 255, - 256, 257, 258, 259, 260, 261, 262, 263, 264, 265, - 266, 267, 268, 269, 270, 271, 272, 273, 274, 275, - 276, 277, 278, 279, 280, 281, 282, 283, 284, 285, - 286, 287, 288, 289, 290, 291, 292, 293, 294, 295, - 296, 297, 298, 299, 300, 301, 302, 303, 304, 305, - 306, 307, 308, 309, 310, 311, 312, 313, 314, 315, - 316, 317, 318, 319, 320, 321, 322, 323, 324, 325, - 326, 327, 328, 329, 330, 331, 332, 333, 334, 335, - 336, 337, 338, 339, 340, 341, 342, 343, 344, 345, - 346, 347, 348, 349, 350, 351, 352, 353, 354, 355, - 356, 357, 358, 359, 360, 361, 362, 363, 364, 365, - 366, 367, 368, 369, 370, 371, 372, 373, 374, 375, - 376, 377, 378, 379, 380, 381, 382, 383, 384, 385, - 386, 387, 388, 389, 390, 391, 392, 393, 394, 395, - 396, 397, 398, 399, 400, 401, 402, 403, 404, 405, - 406, 407, 408, 409, 410, 411, 412, 413, 414, 415, - 416, 417, 431, 432, 433, 434, 435, 436, 437, 445, - 446, 447, 448, 449, 450, 475, 476, 477, 478, 479, - 480, 481, 482, 459, 460, 461, 462, 463, 464, 465, - 22, 34, 507, 508, 509, 510, 511, 512, 513, 514, - 515, 23, 35, 528, 529, 530, 531, 532, 533, 534, - 535, 536, 537, 538, 539, 540, 24, 36, 542, 543, - 418, 419, 420, 421, 25, 37, 554, 555, 556, 557, - 558, 559, 560, 561, 562, 563, 564, 26, 38, 570, - 571, 572, 573, 574, 575, 422, 27, 39, 578, 579, - 580 + -1, 1, 17, 18, 19, 32, 239, 20, 33, 441, + 21, 34, 455, 22, 35, 469, 23, 36, 485, 499, + 500, 501, 502, 503, 24, 37, 504, 240, 241, 242, + 243, 244, 245, 246, 247, 248, 249, 250, 251, 252, + 253, 254, 255, 256, 257, 258, 259, 260, 261, 262, + 263, 264, 265, 266, 267, 268, 269, 270, 271, 272, + 273, 274, 275, 276, 277, 278, 279, 280, 281, 282, + 283, 284, 285, 286, 287, 288, 289, 290, 291, 292, + 293, 294, 295, 296, 297, 298, 299, 300, 301, 302, + 303, 304, 305, 306, 307, 308, 309, 310, 311, 312, + 313, 314, 315, 316, 317, 318, 319, 320, 321, 322, + 323, 324, 325, 326, 327, 328, 329, 330, 331, 332, + 333, 334, 335, 336, 337, 338, 339, 340, 341, 342, + 343, 344, 345, 346, 347, 348, 349, 350, 351, 352, + 353, 354, 355, 356, 357, 358, 359, 360, 361, 362, + 363, 364, 365, 366, 367, 368, 369, 370, 371, 372, + 373, 374, 375, 376, 377, 378, 379, 380, 381, 382, + 383, 384, 385, 386, 387, 388, 389, 390, 391, 392, + 393, 394, 395, 396, 397, 398, 399, 400, 401, 402, + 403, 404, 405, 406, 407, 408, 409, 410, 411, 412, + 413, 414, 415, 416, 417, 418, 419, 420, 421, 422, + 423, 424, 425, 426, 427, 428, 442, 443, 444, 445, + 446, 447, 448, 456, 457, 458, 459, 460, 461, 486, + 487, 488, 489, 490, 491, 492, 493, 470, 471, 472, + 473, 474, 475, 476, 25, 38, 518, 519, 520, 521, + 522, 523, 524, 525, 526, 26, 39, 546, 547, 548, + 549, 550, 551, 552, 553, 554, 555, 556, 557, 558, + 559, 560, 561, 562, 563, 564, 565, 27, 40, 567, + 568, 28, 41, 570, 571, 429, 430, 431, 432, 29, + 42, 582, 583, 584, 585, 586, 587, 588, 589, 590, + 591, 592, 30, 43, 599, 600, 601, 602, 603, 604, + 605, 433, 31, 44, 608, 609, 610 }; /* YYTABLE[YYPACT[STATE-NUM]] -- What to do in state STATE-NUM. If @@ -1633,195 +1686,204 @@ static const yytype_int16 yydefgoto[] = number is the opposite. If YYTABLE_NINF, syntax error. */ static const yytype_uint16 yytable[] = { - 2, 466, 423, 451, 424, 425, 541, 438, 576, 577, - 494, 3, 581, 582, 583, 439, 440, 565, 566, 567, - 568, 569, 584, 466, 516, 517, 518, 519, 520, 521, - 522, 523, 524, 525, 526, 527, 585, 586, 587, 452, - 453, 588, 589, 590, 4, 591, 592, 593, 594, 595, - 5, 544, 545, 546, 547, 548, 549, 550, 551, 552, - 553, 596, 597, 598, 454, 426, 499, 500, 501, 502, - 503, 504, 505, 506, 599, 600, 601, 602, 603, 604, - 605, 606, 607, 608, 609, 610, 611, 612, 613, 614, - 615, 616, 617, 618, 6, 619, 427, 620, 621, 428, - 441, 622, 442, 623, 624, 625, 626, 627, 628, 629, - 7, 630, 631, 632, 633, 634, 635, 636, 637, 638, - 639, 640, 641, 642, 643, 455, 456, 644, 645, 646, - 647, 648, 649, 650, 651, 652, 653, 654, 655, 656, - 657, 658, 659, 660, 661, 662, 663, 664, 665, 666, - 667, 8, 668, 669, 670, 671, 672, 673, 674, 675, - 676, 677, 678, 679, 457, 680, 681, 682, 683, 684, - 685, 686, 687, 688, 689, 690, 691, 692, 693, 694, - 695, 696, 697, 698, 699, 700, 701, 702, 703, 704, - 705, 706, 707, 708, 709, 710, 711, 712, 713, 714, - 715, 716, 9, 717, 468, 469, 470, 718, 719, 720, - 721, 722, 723, 724, 473, 725, 726, 727, 728, 429, - 10, 729, 730, 443, 467, 731, 468, 469, 470, 471, - 472, 483, 484, 485, 486, 487, 473, 11, 732, 733, - 734, 735, 736, 737, 738, 12, 739, 740, 741, 742, - 743, 744, 745, 746, 747, 748, 749, 750, 751, 752, - 753, 754, 755, 756, 757, 758, 759, 760, 13, 761, - 762, 0, 14, 40, 41, 42, 43, 44, 45, 46, - 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, - 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, - 67, 68, 69, 70, 763, 764, 765, 766, 71, 72, - 73, 767, 768, 769, 74, 75, 76, 77, 78, 79, - 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, - 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, - 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, - 110, 111, 112, 113, 114, 770, 771, 772, 773, 774, - 775, 776, 777, 778, 115, 116, 117, 779, 118, 119, - 120, 780, 781, 121, 122, 123, 124, 125, 126, 127, - 128, 129, 130, 131, 132, 133, 134, 135, 136, 137, - 138, 139, 140, 141, 142, 143, 144, 782, 783, 784, - 145, 785, 146, 147, 148, 149, 150, 151, 152, 153, - 154, 155, 786, 787, 788, 789, 790, 791, 792, 793, - 794, 795, 796, 797, 798, 156, 157, 158, 159, 160, - 161, 162, 163, 164, 165, 166, 167, 168, 169, 170, + 2, 477, 462, 434, 566, 435, 436, 569, 449, 606, + 607, 3, 4, 611, 612, 613, 450, 451, 593, 594, + 595, 596, 597, 598, 477, 572, 573, 574, 575, 576, + 577, 578, 579, 580, 581, 614, 615, 616, 463, 464, + 617, 618, 619, 620, 621, 622, 5, 623, 624, 625, + 626, 627, 6, 628, 629, 630, 631, 632, 633, 634, + 635, 636, 637, 465, 638, 639, 437, 527, 528, 529, + 530, 531, 532, 533, 534, 535, 536, 537, 538, 539, + 540, 541, 542, 543, 544, 545, 510, 511, 512, 513, + 514, 515, 516, 517, 640, 641, 7, 438, 642, 643, + 439, 452, 644, 453, 645, 646, 647, 648, 649, 650, + 651, 652, 8, 653, 654, 655, 656, 657, 658, 659, + 660, 661, 662, 663, 664, 665, 666, 667, 668, 669, + 670, 466, 467, 671, 672, 673, 674, 675, 676, 677, + 678, 679, 680, 681, 682, 683, 684, 685, 686, 687, + 688, 689, 690, 9, 691, 692, 693, 694, 695, 696, + 697, 698, 699, 700, 701, 702, 703, 704, 705, 706, + 707, 468, 708, 709, 710, 711, 712, 713, 714, 715, + 716, 717, 718, 719, 720, 721, 722, 723, 724, 725, + 726, 727, 728, 729, 730, 731, 732, 733, 734, 735, + 736, 737, 738, 739, 740, 741, 742, 743, 744, 745, + 746, 747, 10, 479, 480, 481, 748, 749, 750, 751, + 752, 753, 754, 484, 755, 756, 757, 758, 759, 440, + 11, 760, 761, 454, 478, 762, 479, 480, 481, 482, + 483, 494, 495, 496, 497, 498, 484, 12, 763, 764, + 765, 766, 767, 768, 769, 770, 13, 771, 772, 773, + 774, 775, 776, 777, 778, 779, 780, 781, 782, 783, + 784, 785, 786, 787, 788, 789, 790, 791, 792, 793, + 14, 794, 795, 796, 15, 797, 798, 799, 0, 800, + 16, 45, 46, 47, 48, 49, 50, 51, 52, 53, + 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, + 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, + 74, 75, 76, 801, 802, 803, 804, 77, 78, 79, + 805, 806, 807, 80, 81, 82, 83, 84, 85, 86, + 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, + 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, + 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, + 117, 118, 119, 120, 808, 809, 810, 811, 812, 813, + 814, 815, 816, 121, 122, 123, 817, 124, 125, 126, + 818, 819, 127, 128, 129, 130, 131, 132, 133, 134, + 135, 136, 137, 138, 139, 140, 141, 142, 143, 144, + 145, 146, 147, 148, 149, 150, 820, 821, 822, 151, + 823, 152, 153, 154, 155, 156, 157, 158, 159, 160, + 161, 824, 825, 826, 827, 828, 829, 830, 831, 832, + 833, 834, 835, 836, 837, 838, 839, 840, 841, 842, + 843, 162, 163, 164, 165, 166, 167, 168, 169, 170, 171, 172, 173, 174, 175, 176, 177, 178, 179, 180, 181, 182, 183, 184, 185, 186, 187, 188, 189, 190, - 191, 192, 193, 799, 194, 800, 195, 196, 197, 198, - 199, 200, 201, 202, 203, 204, 205, 206, 207, 208, - 209, 801, 802, 803, 804, 805, 806, 807, 808, 809, - 810, 811, 210, 211, 212, 213, 214, 215, 812, 813, - 814, 815, 816, 817, 216, 818, 819, 820, 821, 822, - 823, 824, 217, 218, 825, 219, 220, 826, 221, 222, - 827, 828, 223, 224, 225, 226, 227, 228, 229, 829, - 830, 831, 230, 832, 833, 834, 835, 836, 837, 838, - 839, 840, 841, 842, 843, 844, 845, 846, 847, 848, - 849, 850, 851, 852, 853, 854, 855, 856, 857, 858, - 859, 860, 861, 862, 0, 0, 0, 0, 0, 0, + 191, 192, 193, 194, 195, 196, 197, 198, 199, 200, + 844, 201, 845, 202, 203, 204, 205, 206, 207, 208, + 209, 210, 211, 212, 213, 214, 215, 216, 846, 847, + 848, 849, 850, 851, 852, 853, 854, 855, 856, 217, + 218, 219, 220, 221, 222, 857, 858, 859, 860, 861, + 862, 863, 223, 864, 865, 866, 867, 868, 869, 870, + 224, 225, 871, 226, 227, 872, 228, 229, 873, 874, + 230, 231, 232, 233, 234, 235, 236, 237, 875, 876, + 877, 238, 878, 879, 880, 881, 882, 883, 884, 885, + 886, 887, 888, 889, 890, 891, 892, 893, 894, 895, + 896, 897, 898, 899, 900, 901, 902, 903, 904, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 495, 496, 497, - 498 + 0, 0, 0, 0, 0, 0, 505, 506, 507, 508, + 509 }; static const yytype_int16 yycheck[] = { - 0, 43, 43, 43, 45, 46, 111, 43, 269, 270, - 33, 11, 10, 10, 10, 51, 52, 238, 239, 240, - 241, 242, 10, 43, 152, 153, 154, 155, 156, 157, - 158, 159, 160, 161, 162, 163, 10, 10, 10, 79, - 80, 10, 10, 10, 44, 10, 10, 10, 10, 10, - 50, 221, 222, 223, 224, 225, 226, 227, 228, 229, - 230, 10, 10, 10, 104, 106, 95, 96, 97, 98, - 99, 100, 101, 102, 10, 10, 10, 10, 10, 10, + 0, 45, 45, 45, 113, 47, 48, 291, 45, 281, + 282, 11, 12, 10, 10, 10, 53, 54, 248, 249, + 250, 251, 252, 253, 45, 231, 232, 233, 234, 235, + 236, 237, 238, 239, 240, 10, 10, 10, 81, 82, + 10, 10, 10, 10, 10, 10, 46, 10, 10, 10, + 10, 10, 52, 10, 10, 10, 10, 10, 10, 10, + 10, 10, 10, 106, 10, 10, 108, 154, 155, 156, + 157, 158, 159, 160, 161, 162, 163, 164, 165, 166, + 167, 168, 169, 170, 171, 172, 97, 98, 99, 100, + 101, 102, 103, 104, 10, 10, 96, 139, 10, 10, + 142, 138, 10, 140, 10, 10, 10, 10, 10, 10, + 10, 10, 112, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 94, 10, 137, 10, 10, 140, - 136, 10, 138, 10, 10, 10, 10, 10, 10, 10, - 110, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 165, 166, 10, 10, 10, + 10, 174, 175, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, + 10, 10, 10, 153, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 151, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 204, 10, 10, 10, 10, 10, + 10, 214, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 202, 10, 246, 247, 248, 10, 10, 10, - 10, 10, 10, 10, 256, 10, 10, 10, 10, 260, - 220, 10, 10, 259, 244, 10, 246, 247, 248, 249, - 250, 273, 274, 275, 276, 277, 256, 237, 10, 10, - 10, 10, 10, 10, 10, 245, 10, 10, 10, 10, + 10, 10, 212, 257, 258, 259, 10, 10, 10, 10, + 10, 10, 10, 267, 10, 10, 10, 10, 10, 271, + 230, 10, 10, 270, 255, 10, 257, 258, 259, 260, + 261, 285, 286, 287, 288, 289, 267, 247, 10, 10, + 10, 10, 10, 10, 10, 10, 256, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 10, 268, 10, - 10, -1, 272, 12, 13, 14, 15, 16, 17, 18, - 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, - 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, - 39, 40, 41, 42, 10, 10, 10, 10, 47, 48, - 49, 10, 10, 10, 53, 54, 55, 56, 57, 58, - 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, - 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, - 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, - 89, 90, 91, 92, 93, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 103, 104, 105, 10, 107, 108, - 109, 10, 10, 112, 113, 114, 115, 116, 117, 118, - 119, 120, 121, 122, 123, 124, 125, 126, 127, 128, - 129, 130, 131, 132, 133, 134, 135, 10, 10, 10, - 139, 10, 141, 142, 143, 144, 145, 146, 147, 148, - 149, 150, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 164, 165, 166, 167, 168, - 169, 170, 171, 172, 173, 174, 175, 176, 177, 178, - 179, 180, 181, 182, 183, 184, 185, 186, 187, 188, - 189, 190, 191, 192, 193, 194, 195, 196, 197, 198, - 199, 200, 201, 10, 203, 10, 205, 206, 207, 208, - 209, 210, 211, 212, 213, 214, 215, 216, 217, 218, - 219, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 231, 232, 233, 234, 235, 236, 10, 10, - 10, 10, 10, 10, 243, 10, 10, 10, 10, 10, - 10, 10, 251, 252, 10, 254, 255, 10, 257, 258, - 10, 10, 261, 262, 263, 264, 265, 266, 267, 10, - 10, 10, 271, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, + 280, 10, 10, 10, 284, 10, 10, 10, -1, 10, + 290, 13, 14, 15, 16, 17, 18, 19, 20, 21, + 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, + 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, + 42, 43, 44, 10, 10, 10, 10, 49, 50, 51, + 10, 10, 10, 55, 56, 57, 58, 59, 60, 61, + 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, + 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, + 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, + 92, 93, 94, 95, 10, 10, 10, 10, 10, 10, + 10, 10, 10, 105, 106, 107, 10, 109, 110, 111, + 10, 10, 114, 115, 116, 117, 118, 119, 120, 121, + 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, + 132, 133, 134, 135, 136, 137, 10, 10, 10, 141, + 10, 143, 144, 145, 146, 147, 148, 149, 150, 151, + 152, 10, 10, 10, 10, 10, 10, 10, 10, 10, + 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, + 10, 173, 174, 175, 176, 177, 178, 179, 180, 181, + 182, 183, 184, 185, 186, 187, 188, 189, 190, 191, + 192, 193, 194, 195, 196, 197, 198, 199, 200, 201, + 202, 203, 204, 205, 206, 207, 208, 209, 210, 211, + 10, 213, 10, 215, 216, 217, 218, 219, 220, 221, + 222, 223, 224, 225, 226, 227, 228, 229, 10, 10, + 10, 10, 10, 10, 10, 10, 10, 10, 10, 241, + 242, 243, 244, 245, 246, 10, 10, 10, 10, 10, + 10, 10, 254, 10, 10, 10, 10, 10, 10, 10, + 262, 263, 10, 265, 266, 10, 268, 269, 10, 10, + 272, 273, 274, 275, 276, 277, 278, 279, 10, 10, + 10, 283, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, -1, -1, -1, -1, -1, -1, + 10, 10, 10, 10, 10, 10, 10, 10, 10, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 33, 33, 33, - 33 + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 37, 37, 37, 37, + 37 }; /* YYSTOS[STATE-NUM] -- The (internal number of the) accessing symbol of state STATE-NUM. */ static const yytype_uint16 yystos[] = { - 0, 279, 0, 11, 44, 50, 94, 110, 151, 202, - 220, 237, 245, 268, 272, 280, 281, 284, 287, 290, - 293, 301, 518, 529, 544, 552, 565, 574, 282, 285, - 288, 291, 294, 302, 519, 530, 545, 553, 566, 575, - 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, - 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, - 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, - 42, 47, 48, 49, 53, 54, 55, 56, 57, 58, - 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, - 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, - 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, - 89, 90, 91, 92, 93, 103, 104, 105, 107, 108, - 109, 112, 113, 114, 115, 116, 117, 118, 119, 120, - 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, - 131, 132, 133, 134, 135, 139, 141, 142, 143, 144, - 145, 146, 147, 148, 149, 150, 164, 165, 166, 167, - 168, 169, 170, 171, 172, 173, 174, 175, 176, 177, - 178, 179, 180, 181, 182, 183, 184, 185, 186, 187, - 188, 189, 190, 191, 192, 193, 194, 195, 196, 197, - 198, 199, 200, 201, 203, 205, 206, 207, 208, 209, - 210, 211, 212, 213, 214, 215, 216, 217, 218, 219, - 231, 232, 233, 234, 235, 236, 243, 251, 252, 254, - 255, 257, 258, 261, 262, 263, 264, 265, 266, 267, - 271, 283, 304, 305, 306, 307, 308, 309, 310, 311, - 312, 313, 314, 315, 316, 317, 318, 319, 320, 321, - 322, 323, 324, 325, 326, 327, 328, 329, 330, 331, - 332, 333, 334, 335, 336, 337, 338, 339, 340, 341, - 342, 343, 344, 345, 346, 347, 348, 349, 350, 351, - 352, 353, 354, 355, 356, 357, 358, 359, 360, 361, - 362, 363, 364, 365, 366, 367, 368, 369, 370, 371, - 372, 373, 374, 375, 376, 377, 378, 379, 380, 381, - 382, 383, 384, 385, 386, 387, 388, 389, 390, 391, - 392, 393, 394, 395, 396, 397, 398, 399, 400, 401, - 402, 403, 404, 405, 406, 407, 408, 409, 410, 411, - 412, 413, 414, 415, 416, 417, 418, 419, 420, 421, - 422, 423, 424, 425, 426, 427, 428, 429, 430, 431, - 432, 433, 434, 435, 436, 437, 438, 439, 440, 441, - 442, 443, 444, 445, 446, 447, 448, 449, 450, 451, - 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, - 462, 463, 464, 465, 466, 467, 468, 469, 470, 471, - 472, 473, 474, 475, 476, 477, 478, 479, 480, 481, - 482, 483, 484, 485, 486, 487, 488, 489, 548, 549, - 550, 551, 573, 43, 45, 46, 106, 137, 140, 260, - 286, 490, 491, 492, 493, 494, 495, 496, 43, 51, - 52, 136, 138, 259, 289, 497, 498, 499, 500, 501, - 502, 43, 79, 80, 104, 165, 166, 204, 292, 511, - 512, 513, 514, 515, 516, 517, 43, 244, 246, 247, - 248, 249, 250, 256, 295, 503, 504, 505, 506, 507, - 508, 509, 510, 273, 274, 275, 276, 277, 296, 297, - 298, 299, 300, 303, 503, 504, 505, 506, 507, 95, - 96, 97, 98, 99, 100, 101, 102, 520, 521, 522, - 523, 524, 525, 526, 527, 528, 152, 153, 154, 155, - 156, 157, 158, 159, 160, 161, 162, 163, 531, 532, - 533, 534, 535, 536, 537, 538, 539, 540, 541, 542, - 543, 111, 546, 547, 221, 222, 223, 224, 225, 226, - 227, 228, 229, 230, 554, 555, 556, 557, 558, 559, - 560, 561, 562, 563, 564, 238, 239, 240, 241, 242, - 567, 568, 569, 570, 571, 572, 269, 270, 576, 577, - 578, 10, 10, 10, 10, 10, 10, 10, 10, 10, + 0, 293, 0, 11, 12, 46, 52, 96, 112, 153, + 212, 230, 247, 256, 280, 284, 290, 294, 295, 296, + 299, 302, 305, 308, 316, 536, 547, 569, 573, 581, + 594, 604, 297, 300, 303, 306, 309, 317, 537, 548, + 570, 574, 582, 595, 605, 13, 14, 15, 16, 17, + 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, + 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, + 38, 39, 40, 41, 42, 43, 44, 49, 50, 51, + 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, + 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, + 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, + 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, + 95, 105, 106, 107, 109, 110, 111, 114, 115, 116, + 117, 118, 119, 120, 121, 122, 123, 124, 125, 126, + 127, 128, 129, 130, 131, 132, 133, 134, 135, 136, + 137, 141, 143, 144, 145, 146, 147, 148, 149, 150, + 151, 152, 173, 174, 175, 176, 177, 178, 179, 180, + 181, 182, 183, 184, 185, 186, 187, 188, 189, 190, + 191, 192, 193, 194, 195, 196, 197, 198, 199, 200, + 201, 202, 203, 204, 205, 206, 207, 208, 209, 210, + 211, 213, 215, 216, 217, 218, 219, 220, 221, 222, + 223, 224, 225, 226, 227, 228, 229, 241, 242, 243, + 244, 245, 246, 254, 262, 263, 265, 266, 268, 269, + 272, 273, 274, 275, 276, 277, 278, 279, 283, 298, + 319, 320, 321, 322, 323, 324, 325, 326, 327, 328, + 329, 330, 331, 332, 333, 334, 335, 336, 337, 338, + 339, 340, 341, 342, 343, 344, 345, 346, 347, 348, + 349, 350, 351, 352, 353, 354, 355, 356, 357, 358, + 359, 360, 361, 362, 363, 364, 365, 366, 367, 368, + 369, 370, 371, 372, 373, 374, 375, 376, 377, 378, + 379, 380, 381, 382, 383, 384, 385, 386, 387, 388, + 389, 390, 391, 392, 393, 394, 395, 396, 397, 398, + 399, 400, 401, 402, 403, 404, 405, 406, 407, 408, + 409, 410, 411, 412, 413, 414, 415, 416, 417, 418, + 419, 420, 421, 422, 423, 424, 425, 426, 427, 428, + 429, 430, 431, 432, 433, 434, 435, 436, 437, 438, + 439, 440, 441, 442, 443, 444, 445, 446, 447, 448, + 449, 450, 451, 452, 453, 454, 455, 456, 457, 458, + 459, 460, 461, 462, 463, 464, 465, 466, 467, 468, + 469, 470, 471, 472, 473, 474, 475, 476, 477, 478, + 479, 480, 481, 482, 483, 484, 485, 486, 487, 488, + 489, 490, 491, 492, 493, 494, 495, 496, 497, 498, + 499, 500, 501, 502, 503, 504, 505, 506, 507, 577, + 578, 579, 580, 603, 45, 47, 48, 108, 139, 142, + 271, 301, 508, 509, 510, 511, 512, 513, 514, 45, + 53, 54, 138, 140, 270, 304, 515, 516, 517, 518, + 519, 520, 45, 81, 82, 106, 174, 175, 214, 307, + 529, 530, 531, 532, 533, 534, 535, 45, 255, 257, + 258, 259, 260, 261, 267, 310, 521, 522, 523, 524, + 525, 526, 527, 528, 285, 286, 287, 288, 289, 311, + 312, 313, 314, 315, 318, 521, 522, 523, 524, 525, + 97, 98, 99, 100, 101, 102, 103, 104, 538, 539, + 540, 541, 542, 543, 544, 545, 546, 154, 155, 156, + 157, 158, 159, 160, 161, 162, 163, 164, 165, 166, + 167, 168, 169, 170, 171, 172, 549, 550, 551, 552, + 553, 554, 555, 556, 557, 558, 559, 560, 561, 562, + 563, 564, 565, 566, 567, 568, 113, 571, 572, 291, + 575, 576, 231, 232, 233, 234, 235, 236, 237, 238, + 239, 240, 583, 584, 585, 586, 587, 588, 589, 590, + 591, 592, 593, 248, 249, 250, 251, 252, 253, 596, + 597, 598, 599, 600, 601, 602, 281, 282, 606, 607, + 608, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, @@ -1849,79 +1911,83 @@ static const yytype_uint16 yystos[] = 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10 + 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, + 10, 10, 10, 10, 10 }; /* YYR1[YYN] -- Symbol number of symbol that rule YYN derives. */ static const yytype_uint16 yyr1[] = { - 0, 278, 279, 279, 280, 280, 280, 280, 280, 280, - 280, 280, 280, 280, 280, 280, 281, 282, 282, 283, - 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, - 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, - 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, - 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, - 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, - 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, - 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, - 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, - 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, - 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, - 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, - 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, - 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, - 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, - 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, - 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, - 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, - 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, - 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, - 284, 285, 285, 286, 286, 286, 286, 286, 286, 286, - 287, 288, 288, 289, 289, 289, 289, 289, 289, 290, - 291, 291, 292, 292, 292, 292, 292, 292, 292, 293, - 294, 294, 295, 295, 295, 295, 295, 295, 295, 295, - 296, 297, 298, 299, 300, 301, 302, 302, 303, 303, - 303, 303, 303, 303, 303, 303, 303, 303, 304, 305, - 306, 307, 308, 309, 310, 311, 312, 313, 314, 315, - 316, 317, 318, 319, 320, 321, 322, 323, 324, 325, - 326, 327, 328, 329, 330, 331, 332, 333, 334, 335, - 336, 337, 338, 339, 340, 341, 342, 343, 344, 345, - 346, 347, 348, 349, 350, 351, 352, 353, 354, 355, - 356, 357, 358, 359, 360, 361, 362, 363, 364, 365, - 366, 367, 368, 369, 370, 371, 372, 373, 374, 375, - 376, 377, 378, 379, 380, 381, 382, 383, 384, 385, - 386, 387, 388, 389, 390, 391, 392, 393, 394, 395, - 396, 397, 398, 399, 400, 401, 402, 403, 404, 405, - 406, 407, 408, 409, 410, 411, 412, 413, 414, 415, - 416, 417, 418, 419, 420, 421, 422, 423, 424, 425, - 426, 427, 428, 429, 430, 431, 432, 433, 434, 435, - 436, 437, 438, 439, 440, 441, 442, 443, 444, 445, - 446, 447, 448, 449, 450, 451, 452, 453, 454, 455, - 456, 457, 458, 459, 460, 461, 462, 463, 464, 465, - 466, 467, 468, 469, 470, 471, 472, 473, 474, 475, - 476, 477, 478, 479, 480, 481, 482, 483, 484, 485, - 486, 487, 488, 489, 490, 491, 492, 493, 494, 495, - 496, 497, 498, 499, 500, 501, 502, 503, 504, 505, - 506, 507, 508, 509, 510, 511, 512, 513, 514, 515, - 516, 517, 518, 519, 519, 520, 520, 520, 520, 520, - 520, 520, 520, 521, 522, 523, 524, 525, 526, 527, - 528, 529, 530, 530, 531, 531, 531, 531, 531, 531, - 531, 531, 531, 531, 531, 531, 532, 533, 534, 535, - 536, 537, 538, 539, 540, 541, 542, 543, 544, 545, - 545, 546, 547, 548, 549, 550, 551, 552, 553, 553, - 554, 554, 554, 554, 554, 554, 554, 554, 554, 554, - 555, 556, 557, 558, 559, 560, 561, 562, 563, 564, - 565, 566, 566, 567, 567, 567, 567, 567, 568, 569, - 570, 571, 572, 573, 574, 575, 575, 576, 576, 577, - 578 + 0, 292, 293, 293, 294, 294, 294, 294, 294, 294, + 294, 294, 294, 294, 294, 294, 294, 294, 295, 296, + 297, 297, 298, 298, 298, 298, 298, 298, 298, 298, + 298, 298, 298, 298, 298, 298, 298, 298, 298, 298, + 298, 298, 298, 298, 298, 298, 298, 298, 298, 298, + 298, 298, 298, 298, 298, 298, 298, 298, 298, 298, + 298, 298, 298, 298, 298, 298, 298, 298, 298, 298, + 298, 298, 298, 298, 298, 298, 298, 298, 298, 298, + 298, 298, 298, 298, 298, 298, 298, 298, 298, 298, + 298, 298, 298, 298, 298, 298, 298, 298, 298, 298, + 298, 298, 298, 298, 298, 298, 298, 298, 298, 298, + 298, 298, 298, 298, 298, 298, 298, 298, 298, 298, + 298, 298, 298, 298, 298, 298, 298, 298, 298, 298, + 298, 298, 298, 298, 298, 298, 298, 298, 298, 298, + 298, 298, 298, 298, 298, 298, 298, 298, 298, 298, + 298, 298, 298, 298, 298, 298, 298, 298, 298, 298, + 298, 298, 298, 298, 298, 298, 298, 298, 298, 298, + 298, 298, 298, 298, 298, 298, 298, 298, 298, 298, + 298, 298, 298, 298, 298, 298, 298, 298, 298, 298, + 298, 298, 298, 298, 298, 298, 298, 298, 298, 298, + 298, 298, 298, 298, 298, 298, 298, 298, 298, 298, + 298, 298, 298, 298, 298, 298, 299, 300, 300, 301, + 301, 301, 301, 301, 301, 301, 302, 303, 303, 304, + 304, 304, 304, 304, 304, 305, 306, 306, 307, 307, + 307, 307, 307, 307, 307, 308, 309, 309, 310, 310, + 310, 310, 310, 310, 310, 310, 311, 312, 313, 314, + 315, 316, 317, 317, 318, 318, 318, 318, 318, 318, + 318, 318, 318, 318, 319, 320, 321, 322, 323, 324, + 325, 326, 327, 328, 329, 330, 331, 332, 333, 334, + 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, + 345, 346, 347, 348, 349, 350, 351, 352, 353, 354, + 355, 356, 357, 358, 359, 360, 361, 362, 363, 364, + 365, 366, 367, 368, 369, 370, 371, 372, 373, 374, + 375, 376, 377, 378, 379, 380, 381, 382, 383, 384, + 385, 386, 387, 388, 389, 390, 391, 392, 393, 394, + 395, 396, 397, 398, 399, 400, 401, 402, 403, 404, + 405, 406, 407, 408, 409, 410, 411, 412, 413, 414, + 415, 416, 417, 418, 419, 420, 421, 422, 423, 424, + 425, 426, 427, 428, 429, 430, 431, 432, 433, 434, + 435, 436, 437, 438, 439, 440, 441, 442, 443, 444, + 445, 446, 447, 448, 449, 450, 451, 452, 453, 454, + 455, 456, 457, 458, 459, 460, 461, 462, 463, 464, + 465, 466, 467, 468, 469, 470, 471, 472, 473, 474, + 475, 476, 477, 478, 479, 480, 481, 482, 483, 484, + 485, 486, 487, 488, 489, 490, 491, 492, 493, 494, + 495, 496, 497, 498, 499, 500, 501, 502, 503, 504, + 505, 506, 507, 508, 509, 510, 511, 512, 513, 514, + 515, 516, 517, 518, 519, 520, 521, 522, 523, 524, + 525, 526, 527, 528, 529, 530, 531, 532, 533, 534, + 535, 536, 537, 537, 538, 538, 538, 538, 538, 538, + 538, 538, 539, 540, 541, 542, 543, 544, 545, 546, + 547, 548, 548, 549, 549, 549, 549, 549, 549, 549, + 549, 549, 549, 549, 549, 549, 549, 549, 549, 549, + 549, 549, 550, 551, 552, 553, 554, 555, 556, 557, + 558, 559, 560, 561, 562, 563, 564, 565, 566, 567, + 568, 569, 570, 570, 571, 572, 573, 574, 574, 575, + 576, 577, 578, 579, 580, 581, 582, 582, 583, 583, + 583, 583, 583, 583, 583, 583, 583, 583, 584, 585, + 586, 587, 588, 589, 590, 591, 592, 593, 594, 595, + 595, 596, 596, 596, 596, 596, 596, 597, 598, 599, + 600, 601, 602, 603, 604, 605, 605, 606, 606, 607, + 608 }; /* YYR2[YYN] -- Number of symbols on the right hand side of rule YYN. */ static const yytype_uint8 yyr2[] = { 0, 2, 0, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 1, 2, 0, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, + 2, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, @@ -1940,12 +2006,13 @@ static const yytype_uint8 yyr2[] = 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 2, 0, 1, 1, 1, 1, 1, 1, 1, - 1, 2, 0, 1, 1, 1, 1, 1, 1, 1, - 2, 0, 1, 1, 1, 1, 1, 1, 1, 1, - 2, 0, 1, 1, 1, 1, 1, 1, 1, 1, - 2, 2, 2, 2, 2, 1, 2, 0, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 2, 2, + 1, 1, 1, 1, 1, 1, 1, 2, 0, 1, + 1, 1, 1, 1, 1, 1, 1, 2, 0, 1, + 1, 1, 1, 1, 1, 1, 2, 0, 1, 1, + 1, 1, 1, 1, 1, 1, 2, 0, 1, 1, + 1, 1, 1, 1, 1, 1, 2, 2, 2, 2, + 2, 1, 2, 0, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, @@ -1957,25 +2024,27 @@ static const yytype_uint8 yyr2[] = 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 3, 2, 2, 2, + 2, 2, 2, 2, 2, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 3, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 3, 3, 4, 4, - 4, 3, 3, 2, 2, 2, 2, 2, 2, 3, - 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 3, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 3, 3, 4, 4, 4, + 3, 3, 2, 2, 2, 2, 2, 2, 3, 3, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 3, 3, 3, 2, - 2, 2, 1, 2, 0, 1, 1, 1, 1, 1, - 1, 1, 1, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 3, 3, 3, 2, 2, 2, 1, 2, 0, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 1, 2, - 0, 1, 2, 2, 2, 3, 3, 1, 2, 0, + 1, 1, 2, 2, 2, 2, 2, 2, 2, 2, + 1, 2, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 1, 2, 0, 1, 1, 1, 1, 1, 2, 2, + 2, 1, 2, 0, 1, 2, 1, 2, 0, 1, + 2, 2, 2, 3, 3, 1, 2, 0, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 1, 2, + 0, 1, 1, 1, 1, 1, 1, 2, 2, 2, 2, 2, 2, 3, 1, 2, 0, 1, 1, 2, 2 }; @@ -2661,16 +2730,24 @@ yyreduce: YY_REDUCE_PRINT (yyn); switch (yyn) { - case 16: -#line 186 "util/configparser.y" + case 18: +#line 191 "util/configparser.y" + { + OUTYY(("\nP(force-toplevel)\n")); + } +#line 2739 "util/configparser.c" + break; + + case 19: +#line 197 "util/configparser.y" { - OUTYY(("\nP(server:)\n")); + OUTYY(("\nP(server:)\n")); } -#line 2670 "util/configparser.c" +#line 2747 "util/configparser.c" break; - case 210: -#line 278 "util/configparser.y" + case 216: +#line 291 "util/configparser.y" { struct config_stub* s; OUTYY(("\nP(stub_zone:)\n")); @@ -2681,11 +2758,11 @@ yyreduce: } else yyerror("out of memory"); } -#line 2685 "util/configparser.c" +#line 2762 "util/configparser.c" break; - case 220: -#line 295 "util/configparser.y" + case 226: +#line 308 "util/configparser.y" { struct config_stub* s; OUTYY(("\nP(forward_zone:)\n")); @@ -2696,11 +2773,11 @@ yyreduce: } else yyerror("out of memory"); } -#line 2700 "util/configparser.c" +#line 2777 "util/configparser.c" break; - case 229: -#line 312 "util/configparser.y" + case 235: +#line 325 "util/configparser.y" { struct config_view* s; OUTYY(("\nP(view:)\n")); @@ -2713,11 +2790,11 @@ yyreduce: } else yyerror("out of memory"); } -#line 2717 "util/configparser.c" +#line 2794 "util/configparser.c" break; - case 239: -#line 331 "util/configparser.y" + case 245: +#line 344 "util/configparser.y" { struct config_auth* s; OUTYY(("\nP(auth_zone:)\n")); @@ -2733,11 +2810,11 @@ yyreduce: } else yyerror("out of memory"); } -#line 2737 "util/configparser.c" +#line 2814 "util/configparser.c" break; - case 250: -#line 355 "util/configparser.y" + case 256: +#line 368 "util/configparser.y" { uint8_t* bitlist; size_t len = 0; @@ -2754,11 +2831,11 @@ yyreduce: } } -#line 2758 "util/configparser.c" +#line 2835 "util/configparser.c" break; - case 251: -#line 374 "util/configparser.y" + case 257: +#line 387 "util/configparser.y" { OUTYY(("P(rpz_action_override:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "nxdomain")!=0 && strcmp((yyvsp[0].str), "nodata")!=0 && @@ -2773,21 +2850,21 @@ yyreduce: cfg_parser->cfg->auths->rpz_action_override = (yyvsp[0].str); } } -#line 2777 "util/configparser.c" +#line 2854 "util/configparser.c" break; - case 252: -#line 391 "util/configparser.y" + case 258: +#line 404 "util/configparser.y" { OUTYY(("P(rpz_cname_override:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->auths->rpz_cname); cfg_parser->cfg->auths->rpz_cname = (yyvsp[0].str); } -#line 2787 "util/configparser.c" +#line 2864 "util/configparser.c" break; - case 253: -#line 399 "util/configparser.y" + case 259: +#line 412 "util/configparser.y" { OUTYY(("P(rpz_log:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -2795,21 +2872,21 @@ yyreduce: else cfg_parser->cfg->auths->rpz_log = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 2799 "util/configparser.c" +#line 2876 "util/configparser.c" break; - case 254: -#line 409 "util/configparser.y" + case 260: +#line 422 "util/configparser.y" { OUTYY(("P(rpz_log_name:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->auths->rpz_log_name); cfg_parser->cfg->auths->rpz_log_name = (yyvsp[0].str); } -#line 2809 "util/configparser.c" +#line 2886 "util/configparser.c" break; - case 255: -#line 417 "util/configparser.y" + case 261: +#line 430 "util/configparser.y" { struct config_auth* s; OUTYY(("\nP(rpz:)\n")); @@ -2825,11 +2902,11 @@ yyreduce: } else yyerror("out of memory"); } -#line 2829 "util/configparser.c" +#line 2906 "util/configparser.c" break; - case 268: -#line 440 "util/configparser.y" + case 274: +#line 453 "util/configparser.y" { OUTYY(("P(server_num_threads:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -2837,11 +2914,11 @@ yyreduce: else cfg_parser->cfg->num_threads = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 2841 "util/configparser.c" +#line 2918 "util/configparser.c" break; - case 269: -#line 449 "util/configparser.y" + case 275: +#line 462 "util/configparser.y" { OUTYY(("P(server_verbosity:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -2849,11 +2926,11 @@ yyreduce: else cfg_parser->cfg->verbosity = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 2853 "util/configparser.c" +#line 2930 "util/configparser.c" break; - case 270: -#line 458 "util/configparser.y" + case 276: +#line 471 "util/configparser.y" { OUTYY(("P(server_statistics_interval:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "") == 0 || strcmp((yyvsp[0].str), "0") == 0) @@ -2863,11 +2940,11 @@ yyreduce: else cfg_parser->cfg->stat_interval = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 2867 "util/configparser.c" +#line 2944 "util/configparser.c" break; - case 271: -#line 469 "util/configparser.y" + case 277: +#line 482 "util/configparser.y" { OUTYY(("P(server_statistics_cumulative:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -2875,11 +2952,11 @@ yyreduce: else cfg_parser->cfg->stat_cumulative = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 2879 "util/configparser.c" +#line 2956 "util/configparser.c" break; - case 272: -#line 478 "util/configparser.y" + case 278: +#line 491 "util/configparser.y" { OUTYY(("P(server_extended_statistics:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -2887,11 +2964,11 @@ yyreduce: else cfg_parser->cfg->stat_extended = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 2891 "util/configparser.c" +#line 2968 "util/configparser.c" break; - case 273: -#line 487 "util/configparser.y" + case 279: +#line 500 "util/configparser.y" { OUTYY(("P(server_shm_enable:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -2899,11 +2976,11 @@ yyreduce: else cfg_parser->cfg->shm_enable = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 2903 "util/configparser.c" +#line 2980 "util/configparser.c" break; - case 274: -#line 496 "util/configparser.y" + case 280: +#line 509 "util/configparser.y" { OUTYY(("P(server_shm_key:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "") == 0 || strcmp((yyvsp[0].str), "0") == 0) @@ -2913,11 +2990,11 @@ yyreduce: else cfg_parser->cfg->shm_key = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 2917 "util/configparser.c" +#line 2994 "util/configparser.c" break; - case 275: -#line 507 "util/configparser.y" + case 281: +#line 520 "util/configparser.y" { OUTYY(("P(server_port:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -2925,11 +3002,11 @@ yyreduce: else cfg_parser->cfg->port = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 2929 "util/configparser.c" +#line 3006 "util/configparser.c" break; - case 276: -#line 516 "util/configparser.y" + case 282: +#line 529 "util/configparser.y" { #ifdef CLIENT_SUBNET OUTYY(("P(server_send_client_subnet:%s)\n", (yyvsp[0].str))); @@ -2940,11 +3017,11 @@ yyreduce: free((yyvsp[0].str)); #endif } -#line 2944 "util/configparser.c" +#line 3021 "util/configparser.c" break; - case 277: -#line 528 "util/configparser.y" + case 283: +#line 541 "util/configparser.y" { #ifdef CLIENT_SUBNET OUTYY(("P(server_client_subnet_zone:%s)\n", (yyvsp[0].str))); @@ -2956,11 +3033,11 @@ yyreduce: free((yyvsp[0].str)); #endif } -#line 2960 "util/configparser.c" +#line 3037 "util/configparser.c" break; - case 278: -#line 542 "util/configparser.y" + case 284: +#line 555 "util/configparser.y" { #ifdef CLIENT_SUBNET OUTYY(("P(server_client_subnet_always_forward:%s)\n", (yyvsp[0].str))); @@ -2974,11 +3051,11 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 2978 "util/configparser.c" +#line 3055 "util/configparser.c" break; - case 279: -#line 557 "util/configparser.y" + case 285: +#line 570 "util/configparser.y" { #ifdef CLIENT_SUBNET OUTYY(("P(client_subnet_opcode:%s)\n", (yyvsp[0].str))); @@ -2988,11 +3065,11 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 2992 "util/configparser.c" +#line 3069 "util/configparser.c" break; - case 280: -#line 568 "util/configparser.y" + case 286: +#line 581 "util/configparser.y" { #ifdef CLIENT_SUBNET OUTYY(("P(max_client_subnet_ipv4:%s)\n", (yyvsp[0].str))); @@ -3008,11 +3085,11 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 3012 "util/configparser.c" +#line 3089 "util/configparser.c" break; - case 281: -#line 585 "util/configparser.y" + case 287: +#line 598 "util/configparser.y" { #ifdef CLIENT_SUBNET OUTYY(("P(max_client_subnet_ipv6:%s)\n", (yyvsp[0].str))); @@ -3028,11 +3105,11 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 3032 "util/configparser.c" +#line 3109 "util/configparser.c" break; - case 282: -#line 602 "util/configparser.y" + case 288: +#line 615 "util/configparser.y" { #ifdef CLIENT_SUBNET OUTYY(("P(min_client_subnet_ipv4:%s)\n", (yyvsp[0].str))); @@ -3048,11 +3125,11 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 3052 "util/configparser.c" +#line 3129 "util/configparser.c" break; - case 283: -#line 619 "util/configparser.y" + case 289: +#line 632 "util/configparser.y" { #ifdef CLIENT_SUBNET OUTYY(("P(min_client_subnet_ipv6:%s)\n", (yyvsp[0].str))); @@ -3068,11 +3145,11 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 3072 "util/configparser.c" +#line 3149 "util/configparser.c" break; - case 284: -#line 636 "util/configparser.y" + case 290: +#line 649 "util/configparser.y" { #ifdef CLIENT_SUBNET OUTYY(("P(max_ecs_tree_size_ipv4:%s)\n", (yyvsp[0].str))); @@ -3086,11 +3163,11 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 3090 "util/configparser.c" +#line 3167 "util/configparser.c" break; - case 285: -#line 651 "util/configparser.y" + case 291: +#line 664 "util/configparser.y" { #ifdef CLIENT_SUBNET OUTYY(("P(max_ecs_tree_size_ipv6:%s)\n", (yyvsp[0].str))); @@ -3104,11 +3181,11 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 3108 "util/configparser.c" +#line 3185 "util/configparser.c" break; - case 286: -#line 666 "util/configparser.y" + case 292: +#line 679 "util/configparser.y" { OUTYY(("P(server_interface:%s)\n", (yyvsp[0].str))); if(cfg_parser->cfg->num_ifs == 0) @@ -3120,11 +3197,11 @@ yyreduce: else cfg_parser->cfg->ifs[cfg_parser->cfg->num_ifs++] = (yyvsp[0].str); } -#line 3124 "util/configparser.c" +#line 3201 "util/configparser.c" break; - case 287: -#line 679 "util/configparser.y" + case 293: +#line 692 "util/configparser.y" { OUTYY(("P(server_outgoing_interface:%s)\n", (yyvsp[0].str))); if(cfg_parser->cfg->num_out_ifs == 0) @@ -3138,11 +3215,11 @@ yyreduce: cfg_parser->cfg->out_ifs[ cfg_parser->cfg->num_out_ifs++] = (yyvsp[0].str); } -#line 3142 "util/configparser.c" +#line 3219 "util/configparser.c" break; - case 288: -#line 694 "util/configparser.y" + case 294: +#line 707 "util/configparser.y" { OUTYY(("P(server_outgoing_range:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -3150,11 +3227,11 @@ yyreduce: else cfg_parser->cfg->outgoing_num_ports = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3154 "util/configparser.c" +#line 3231 "util/configparser.c" break; - case 289: -#line 703 "util/configparser.y" + case 295: +#line 716 "util/configparser.y" { OUTYY(("P(server_outgoing_port_permit:%s)\n", (yyvsp[0].str))); if(!cfg_mark_ports((yyvsp[0].str), 1, @@ -3162,11 +3239,11 @@ yyreduce: yyerror("port number or range (\"low-high\") expected"); free((yyvsp[0].str)); } -#line 3166 "util/configparser.c" +#line 3243 "util/configparser.c" break; - case 290: -#line 712 "util/configparser.y" + case 296: +#line 725 "util/configparser.y" { OUTYY(("P(server_outgoing_port_avoid:%s)\n", (yyvsp[0].str))); if(!cfg_mark_ports((yyvsp[0].str), 0, @@ -3174,11 +3251,11 @@ yyreduce: yyerror("port number or range (\"low-high\") expected"); free((yyvsp[0].str)); } -#line 3178 "util/configparser.c" +#line 3255 "util/configparser.c" break; - case 291: -#line 721 "util/configparser.y" + case 297: +#line 734 "util/configparser.y" { OUTYY(("P(server_outgoing_num_tcp:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3186,11 +3263,11 @@ yyreduce: else cfg_parser->cfg->outgoing_num_tcp = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3190 "util/configparser.c" +#line 3267 "util/configparser.c" break; - case 292: -#line 730 "util/configparser.y" + case 298: +#line 743 "util/configparser.y" { OUTYY(("P(server_incoming_num_tcp:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3198,11 +3275,11 @@ yyreduce: else cfg_parser->cfg->incoming_num_tcp = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3202 "util/configparser.c" +#line 3279 "util/configparser.c" break; - case 293: -#line 739 "util/configparser.y" + case 299: +#line 752 "util/configparser.y" { OUTYY(("P(server_interface_automatic:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3210,11 +3287,11 @@ yyreduce: else cfg_parser->cfg->if_automatic = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3214 "util/configparser.c" +#line 3291 "util/configparser.c" break; - case 294: -#line 748 "util/configparser.y" + case 300: +#line 761 "util/configparser.y" { OUTYY(("P(server_do_ip4:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3222,11 +3299,11 @@ yyreduce: else cfg_parser->cfg->do_ip4 = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3226 "util/configparser.c" +#line 3303 "util/configparser.c" break; - case 295: -#line 757 "util/configparser.y" + case 301: +#line 770 "util/configparser.y" { OUTYY(("P(server_do_ip6:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3234,11 +3311,11 @@ yyreduce: else cfg_parser->cfg->do_ip6 = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3238 "util/configparser.c" +#line 3315 "util/configparser.c" break; - case 296: -#line 766 "util/configparser.y" + case 302: +#line 779 "util/configparser.y" { OUTYY(("P(server_do_udp:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3246,11 +3323,11 @@ yyreduce: else cfg_parser->cfg->do_udp = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3250 "util/configparser.c" +#line 3327 "util/configparser.c" break; - case 297: -#line 775 "util/configparser.y" + case 303: +#line 788 "util/configparser.y" { OUTYY(("P(server_do_tcp:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3258,11 +3335,23 @@ yyreduce: else cfg_parser->cfg->do_tcp = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3262 "util/configparser.c" +#line 3339 "util/configparser.c" break; - case 298: -#line 784 "util/configparser.y" + case 304: +#line 797 "util/configparser.y" + { + OUTYY(("P(server_prefer_ip4:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->prefer_ip4 = (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 3351 "util/configparser.c" + break; + + case 305: +#line 806 "util/configparser.y" { OUTYY(("P(server_prefer_ip6:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3270,11 +3359,11 @@ yyreduce: else cfg_parser->cfg->prefer_ip6 = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3274 "util/configparser.c" +#line 3363 "util/configparser.c" break; - case 299: -#line 793 "util/configparser.y" + case 306: +#line 815 "util/configparser.y" { OUTYY(("P(server_tcp_mss:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3282,11 +3371,11 @@ yyreduce: else cfg_parser->cfg->tcp_mss = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3286 "util/configparser.c" +#line 3375 "util/configparser.c" break; - case 300: -#line 802 "util/configparser.y" + case 307: +#line 824 "util/configparser.y" { OUTYY(("P(server_outgoing_tcp_mss:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3294,11 +3383,11 @@ yyreduce: else cfg_parser->cfg->outgoing_tcp_mss = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3298 "util/configparser.c" +#line 3387 "util/configparser.c" break; - case 301: -#line 811 "util/configparser.y" + case 308: +#line 833 "util/configparser.y" { OUTYY(("P(server_tcp_idle_timeout:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3310,11 +3399,11 @@ yyreduce: else cfg_parser->cfg->tcp_idle_timeout = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3314 "util/configparser.c" +#line 3403 "util/configparser.c" break; - case 302: -#line 824 "util/configparser.y" + case 309: +#line 846 "util/configparser.y" { OUTYY(("P(server_tcp_keepalive:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3322,11 +3411,11 @@ yyreduce: else cfg_parser->cfg->do_tcp_keepalive = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3326 "util/configparser.c" +#line 3415 "util/configparser.c" break; - case 303: -#line 833 "util/configparser.y" + case 310: +#line 855 "util/configparser.y" { OUTYY(("P(server_tcp_keepalive_timeout:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3338,11 +3427,11 @@ yyreduce: else cfg_parser->cfg->tcp_keepalive_timeout = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3342 "util/configparser.c" +#line 3431 "util/configparser.c" break; - case 304: -#line 846 "util/configparser.y" + case 311: +#line 868 "util/configparser.y" { OUTYY(("P(server_tcp_upstream:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3350,11 +3439,11 @@ yyreduce: else cfg_parser->cfg->tcp_upstream = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3354 "util/configparser.c" +#line 3443 "util/configparser.c" break; - case 305: -#line 855 "util/configparser.y" + case 312: +#line 877 "util/configparser.y" { OUTYY(("P(server_udp_upstream_without_downstream:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3362,11 +3451,11 @@ yyreduce: else cfg_parser->cfg->udp_upstream_without_downstream = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3366 "util/configparser.c" +#line 3455 "util/configparser.c" break; - case 306: -#line 864 "util/configparser.y" + case 313: +#line 886 "util/configparser.y" { OUTYY(("P(server_ssl_upstream:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3374,31 +3463,31 @@ yyreduce: else cfg_parser->cfg->ssl_upstream = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3378 "util/configparser.c" +#line 3467 "util/configparser.c" break; - case 307: -#line 873 "util/configparser.y" + case 314: +#line 895 "util/configparser.y" { OUTYY(("P(server_ssl_service_key:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->ssl_service_key); cfg_parser->cfg->ssl_service_key = (yyvsp[0].str); } -#line 3388 "util/configparser.c" +#line 3477 "util/configparser.c" break; - case 308: -#line 880 "util/configparser.y" + case 315: +#line 902 "util/configparser.y" { OUTYY(("P(server_ssl_service_pem:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->ssl_service_pem); cfg_parser->cfg->ssl_service_pem = (yyvsp[0].str); } -#line 3398 "util/configparser.c" +#line 3487 "util/configparser.c" break; - case 309: -#line 887 "util/configparser.y" + case 316: +#line 909 "util/configparser.y" { OUTYY(("P(server_ssl_port:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -3406,21 +3495,21 @@ yyreduce: else cfg_parser->cfg->ssl_port = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3410 "util/configparser.c" +#line 3499 "util/configparser.c" break; - case 310: -#line 896 "util/configparser.y" + case 317: +#line 918 "util/configparser.y" { OUTYY(("P(server_tls_cert_bundle:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->tls_cert_bundle); cfg_parser->cfg->tls_cert_bundle = (yyvsp[0].str); } -#line 3420 "util/configparser.c" +#line 3509 "util/configparser.c" break; - case 311: -#line 903 "util/configparser.y" + case 318: +#line 925 "util/configparser.y" { OUTYY(("P(server_tls_win_cert:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3428,53 +3517,65 @@ yyreduce: else cfg_parser->cfg->tls_win_cert = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3432 "util/configparser.c" +#line 3521 "util/configparser.c" break; - case 312: -#line 912 "util/configparser.y" + case 319: +#line 934 "util/configparser.y" { OUTYY(("P(server_tls_additional_port:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->tls_additional_port, (yyvsp[0].str))) yyerror("out of memory"); } -#line 3443 "util/configparser.c" +#line 3532 "util/configparser.c" break; - case 313: -#line 920 "util/configparser.y" + case 320: +#line 942 "util/configparser.y" { OUTYY(("P(server_tls_ciphers:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->tls_ciphers); cfg_parser->cfg->tls_ciphers = (yyvsp[0].str); } -#line 3453 "util/configparser.c" +#line 3542 "util/configparser.c" break; - case 314: -#line 927 "util/configparser.y" + case 321: +#line 949 "util/configparser.y" { OUTYY(("P(server_tls_ciphersuites:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->tls_ciphersuites); cfg_parser->cfg->tls_ciphersuites = (yyvsp[0].str); } -#line 3463 "util/configparser.c" +#line 3552 "util/configparser.c" break; - case 315: -#line 934 "util/configparser.y" + case 322: +#line 956 "util/configparser.y" { OUTYY(("P(server_tls_session_ticket_keys:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_append(&cfg_parser->cfg->tls_session_ticket_keys, (yyvsp[0].str))) yyerror("out of memory"); } -#line 3474 "util/configparser.c" +#line 3563 "util/configparser.c" break; - case 316: -#line 942 "util/configparser.y" + case 323: +#line 964 "util/configparser.y" + { + OUTYY(("P(server_tls_use_sni:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->tls_use_sni = (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 3575 "util/configparser.c" + break; + + case 324: +#line 973 "util/configparser.y" { OUTYY(("P(server_use_systemd:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3482,11 +3583,11 @@ yyreduce: else cfg_parser->cfg->use_systemd = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3486 "util/configparser.c" +#line 3587 "util/configparser.c" break; - case 317: -#line 951 "util/configparser.y" + case 325: +#line 982 "util/configparser.y" { OUTYY(("P(server_do_daemonize:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3494,11 +3595,11 @@ yyreduce: else cfg_parser->cfg->do_daemonize = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3498 "util/configparser.c" +#line 3599 "util/configparser.c" break; - case 318: -#line 960 "util/configparser.y" + case 326: +#line 991 "util/configparser.y" { OUTYY(("P(server_use_syslog:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3511,11 +3612,11 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 3515 "util/configparser.c" +#line 3616 "util/configparser.c" break; - case 319: -#line 974 "util/configparser.y" + case 327: +#line 1005 "util/configparser.y" { OUTYY(("P(server_log_time_ascii:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3523,11 +3624,11 @@ yyreduce: else cfg_parser->cfg->log_time_ascii = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3527 "util/configparser.c" +#line 3628 "util/configparser.c" break; - case 320: -#line 983 "util/configparser.y" + case 328: +#line 1014 "util/configparser.y" { OUTYY(("P(server_log_queries:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3535,11 +3636,11 @@ yyreduce: else cfg_parser->cfg->log_queries = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3539 "util/configparser.c" +#line 3640 "util/configparser.c" break; - case 321: -#line 992 "util/configparser.y" + case 329: +#line 1023 "util/configparser.y" { OUTYY(("P(server_log_replies:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3547,11 +3648,11 @@ yyreduce: else cfg_parser->cfg->log_replies = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3551 "util/configparser.c" +#line 3652 "util/configparser.c" break; - case 322: -#line 1001 "util/configparser.y" + case 330: +#line 1032 "util/configparser.y" { OUTYY(("P(server_log_tag_queryreply:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3559,11 +3660,11 @@ yyreduce: else cfg_parser->cfg->log_tag_queryreply = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3563 "util/configparser.c" +#line 3664 "util/configparser.c" break; - case 323: -#line 1010 "util/configparser.y" + case 331: +#line 1041 "util/configparser.y" { OUTYY(("P(server_log_servfail:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3571,11 +3672,11 @@ yyreduce: else cfg_parser->cfg->log_servfail = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3575 "util/configparser.c" +#line 3676 "util/configparser.c" break; - case 324: -#line 1019 "util/configparser.y" + case 332: +#line 1050 "util/configparser.y" { OUTYY(("P(server_log_local_actions:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3583,31 +3684,31 @@ yyreduce: else cfg_parser->cfg->log_local_actions = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3587 "util/configparser.c" +#line 3688 "util/configparser.c" break; - case 325: -#line 1028 "util/configparser.y" + case 333: +#line 1059 "util/configparser.y" { OUTYY(("P(server_chroot:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->chrootdir); cfg_parser->cfg->chrootdir = (yyvsp[0].str); } -#line 3597 "util/configparser.c" +#line 3698 "util/configparser.c" break; - case 326: -#line 1035 "util/configparser.y" + case 334: +#line 1066 "util/configparser.y" { OUTYY(("P(server_username:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->username); cfg_parser->cfg->username = (yyvsp[0].str); } -#line 3607 "util/configparser.c" +#line 3708 "util/configparser.c" break; - case 327: -#line 1042 "util/configparser.y" + case 335: +#line 1073 "util/configparser.y" { OUTYY(("P(server_directory:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->directory); @@ -3632,105 +3733,105 @@ yyreduce: } } } -#line 3636 "util/configparser.c" +#line 3737 "util/configparser.c" break; - case 328: -#line 1068 "util/configparser.y" + case 336: +#line 1099 "util/configparser.y" { OUTYY(("P(server_logfile:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->logfile); cfg_parser->cfg->logfile = (yyvsp[0].str); cfg_parser->cfg->use_syslog = 0; } -#line 3647 "util/configparser.c" +#line 3748 "util/configparser.c" break; - case 329: -#line 1076 "util/configparser.y" + case 337: +#line 1107 "util/configparser.y" { OUTYY(("P(server_pidfile:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->pidfile); cfg_parser->cfg->pidfile = (yyvsp[0].str); } -#line 3657 "util/configparser.c" +#line 3758 "util/configparser.c" break; - case 330: -#line 1083 "util/configparser.y" + case 338: +#line 1114 "util/configparser.y" { OUTYY(("P(server_root_hints:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->root_hints, (yyvsp[0].str))) yyerror("out of memory"); } -#line 3667 "util/configparser.c" +#line 3768 "util/configparser.c" break; - case 331: -#line 1090 "util/configparser.y" + case 339: +#line 1121 "util/configparser.y" { OUTYY(("P(server_dlv_anchor_file:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->dlv_anchor_file); cfg_parser->cfg->dlv_anchor_file = (yyvsp[0].str); } -#line 3677 "util/configparser.c" +#line 3778 "util/configparser.c" break; - case 332: -#line 1097 "util/configparser.y" + case 340: +#line 1128 "util/configparser.y" { OUTYY(("P(server_dlv_anchor:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->dlv_anchor_list, (yyvsp[0].str))) yyerror("out of memory"); } -#line 3687 "util/configparser.c" +#line 3788 "util/configparser.c" break; - case 333: -#line 1104 "util/configparser.y" + case 341: +#line 1135 "util/configparser.y" { OUTYY(("P(server_auto_trust_anchor_file:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg-> auto_trust_anchor_file_list, (yyvsp[0].str))) yyerror("out of memory"); } -#line 3698 "util/configparser.c" +#line 3799 "util/configparser.c" break; - case 334: -#line 1112 "util/configparser.y" + case 342: +#line 1143 "util/configparser.y" { OUTYY(("P(server_trust_anchor_file:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg-> trust_anchor_file_list, (yyvsp[0].str))) yyerror("out of memory"); } -#line 3709 "util/configparser.c" +#line 3810 "util/configparser.c" break; - case 335: -#line 1120 "util/configparser.y" + case 343: +#line 1151 "util/configparser.y" { OUTYY(("P(server_trusted_keys_file:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg-> trusted_keys_file_list, (yyvsp[0].str))) yyerror("out of memory"); } -#line 3720 "util/configparser.c" +#line 3821 "util/configparser.c" break; - case 336: -#line 1128 "util/configparser.y" + case 344: +#line 1159 "util/configparser.y" { OUTYY(("P(server_trust_anchor:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->trust_anchor_list, (yyvsp[0].str))) yyerror("out of memory"); } -#line 3730 "util/configparser.c" +#line 3831 "util/configparser.c" break; - case 337: -#line 1135 "util/configparser.y" + case 345: +#line 1166 "util/configparser.y" { OUTYY(("P(server_trust_anchor_signaling:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3740,11 +3841,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3744 "util/configparser.c" +#line 3845 "util/configparser.c" break; - case 338: -#line 1146 "util/configparser.y" + case 346: +#line 1177 "util/configparser.y" { OUTYY(("P(server_root_key_sentinel:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3754,21 +3855,21 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3758 "util/configparser.c" +#line 3859 "util/configparser.c" break; - case 339: -#line 1157 "util/configparser.y" + case 347: +#line 1188 "util/configparser.y" { OUTYY(("P(server_domain_insecure:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->domain_insecure, (yyvsp[0].str))) yyerror("out of memory"); } -#line 3768 "util/configparser.c" +#line 3869 "util/configparser.c" break; - case 340: -#line 1164 "util/configparser.y" + case 348: +#line 1195 "util/configparser.y" { OUTYY(("P(server_hide_identity:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3776,11 +3877,11 @@ yyreduce: else cfg_parser->cfg->hide_identity = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3780 "util/configparser.c" +#line 3881 "util/configparser.c" break; - case 341: -#line 1173 "util/configparser.y" + case 349: +#line 1204 "util/configparser.y" { OUTYY(("P(server_hide_version:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3788,11 +3889,11 @@ yyreduce: else cfg_parser->cfg->hide_version = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3792 "util/configparser.c" +#line 3893 "util/configparser.c" break; - case 342: -#line 1182 "util/configparser.y" + case 350: +#line 1213 "util/configparser.y" { OUTYY(("P(server_hide_trustanchor:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3800,53 +3901,53 @@ yyreduce: else cfg_parser->cfg->hide_trustanchor = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3804 "util/configparser.c" +#line 3905 "util/configparser.c" break; - case 343: -#line 1191 "util/configparser.y" + case 351: +#line 1222 "util/configparser.y" { OUTYY(("P(server_identity:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->identity); cfg_parser->cfg->identity = (yyvsp[0].str); } -#line 3814 "util/configparser.c" +#line 3915 "util/configparser.c" break; - case 344: -#line 1198 "util/configparser.y" + case 352: +#line 1229 "util/configparser.y" { OUTYY(("P(server_version:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->version); cfg_parser->cfg->version = (yyvsp[0].str); } -#line 3824 "util/configparser.c" +#line 3925 "util/configparser.c" break; - case 345: -#line 1205 "util/configparser.y" + case 353: +#line 1236 "util/configparser.y" { OUTYY(("P(server_so_rcvbuf:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->so_rcvbuf)) yyerror("buffer size expected"); free((yyvsp[0].str)); } -#line 3835 "util/configparser.c" +#line 3936 "util/configparser.c" break; - case 346: -#line 1213 "util/configparser.y" + case 354: +#line 1244 "util/configparser.y" { OUTYY(("P(server_so_sndbuf:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->so_sndbuf)) yyerror("buffer size expected"); free((yyvsp[0].str)); } -#line 3846 "util/configparser.c" +#line 3947 "util/configparser.c" break; - case 347: -#line 1221 "util/configparser.y" + case 355: +#line 1252 "util/configparser.y" { OUTYY(("P(server_so_reuseport:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3855,11 +3956,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3859 "util/configparser.c" +#line 3960 "util/configparser.c" break; - case 348: -#line 1231 "util/configparser.y" + case 356: +#line 1262 "util/configparser.y" { OUTYY(("P(server_ip_transparent:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3868,11 +3969,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3872 "util/configparser.c" +#line 3973 "util/configparser.c" break; - case 349: -#line 1241 "util/configparser.y" + case 357: +#line 1272 "util/configparser.y" { OUTYY(("P(server_ip_freebind:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3881,22 +3982,39 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3885 "util/configparser.c" +#line 3986 "util/configparser.c" break; - case 350: -#line 1251 "util/configparser.y" + case 358: +#line 1282 "util/configparser.y" + { + OUTYY(("P(server_ip_dscp:%s)\n", (yyvsp[0].str))); + if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) + yyerror("number expected"); + else if (atoi((yyvsp[0].str)) > 63) + yyerror("value too large (max 63)"); + else if (atoi((yyvsp[0].str)) < 0) + yyerror("value too small (min 0)"); + else + cfg_parser->cfg->ip_dscp = atoi((yyvsp[0].str)); + free((yyvsp[0].str)); + } +#line 4003 "util/configparser.c" + break; + + case 359: +#line 1296 "util/configparser.y" { OUTYY(("P(server_stream_wait_size:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->stream_wait_size)) yyerror("memory size expected"); free((yyvsp[0].str)); } -#line 3896 "util/configparser.c" +#line 4014 "util/configparser.c" break; - case 351: -#line 1259 "util/configparser.y" + case 360: +#line 1304 "util/configparser.y" { OUTYY(("P(server_edns_buffer_size:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -3908,11 +4026,11 @@ yyreduce: else cfg_parser->cfg->edns_buffer_size = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3912 "util/configparser.c" +#line 4030 "util/configparser.c" break; - case 352: -#line 1272 "util/configparser.y" + case 361: +#line 1317 "util/configparser.y" { OUTYY(("P(server_msg_buffer_size:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -3922,22 +4040,22 @@ yyreduce: else cfg_parser->cfg->msg_buffer_size = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3926 "util/configparser.c" +#line 4044 "util/configparser.c" break; - case 353: -#line 1283 "util/configparser.y" + case 362: +#line 1328 "util/configparser.y" { OUTYY(("P(server_msg_cache_size:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->msg_cache_size)) yyerror("memory size expected"); free((yyvsp[0].str)); } -#line 3937 "util/configparser.c" +#line 4055 "util/configparser.c" break; - case 354: -#line 1291 "util/configparser.y" + case 363: +#line 1336 "util/configparser.y" { OUTYY(("P(server_msg_cache_slabs:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -3949,11 +4067,11 @@ yyreduce: } free((yyvsp[0].str)); } -#line 3953 "util/configparser.c" +#line 4071 "util/configparser.c" break; - case 355: -#line 1304 "util/configparser.y" + case 364: +#line 1349 "util/configparser.y" { OUTYY(("P(server_num_queries_per_thread:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -3961,11 +4079,11 @@ yyreduce: else cfg_parser->cfg->num_queries_per_thread = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3965 "util/configparser.c" +#line 4083 "util/configparser.c" break; - case 356: -#line 1313 "util/configparser.y" + case 365: +#line 1358 "util/configparser.y" { OUTYY(("P(server_jostle_timeout:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3973,11 +4091,11 @@ yyreduce: else cfg_parser->cfg->jostle_time = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3977 "util/configparser.c" +#line 4095 "util/configparser.c" break; - case 357: -#line 1322 "util/configparser.y" + case 366: +#line 1367 "util/configparser.y" { OUTYY(("P(server_delay_close:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3985,11 +4103,11 @@ yyreduce: else cfg_parser->cfg->delay_close = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3989 "util/configparser.c" +#line 4107 "util/configparser.c" break; - case 358: -#line 1331 "util/configparser.y" + case 367: +#line 1376 "util/configparser.y" { OUTYY(("P(server_unblock_lan_zones:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3998,11 +4116,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4002 "util/configparser.c" +#line 4120 "util/configparser.c" break; - case 359: -#line 1341 "util/configparser.y" + case 368: +#line 1386 "util/configparser.y" { OUTYY(("P(server_insecure_lan_zones:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4011,22 +4129,22 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4015 "util/configparser.c" +#line 4133 "util/configparser.c" break; - case 360: -#line 1351 "util/configparser.y" + case 369: +#line 1396 "util/configparser.y" { OUTYY(("P(server_rrset_cache_size:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->rrset_cache_size)) yyerror("memory size expected"); free((yyvsp[0].str)); } -#line 4026 "util/configparser.c" +#line 4144 "util/configparser.c" break; - case 361: -#line 1359 "util/configparser.y" + case 370: +#line 1404 "util/configparser.y" { OUTYY(("P(server_rrset_cache_slabs:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -4038,11 +4156,11 @@ yyreduce: } free((yyvsp[0].str)); } -#line 4042 "util/configparser.c" +#line 4160 "util/configparser.c" break; - case 362: -#line 1372 "util/configparser.y" + case 371: +#line 1417 "util/configparser.y" { OUTYY(("P(server_infra_host_ttl:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -4050,22 +4168,22 @@ yyreduce: else cfg_parser->cfg->host_ttl = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4054 "util/configparser.c" +#line 4172 "util/configparser.c" break; - case 363: -#line 1381 "util/configparser.y" + case 372: +#line 1426 "util/configparser.y" { OUTYY(("P(server_infra_lame_ttl:%s)\n", (yyvsp[0].str))); verbose(VERB_DETAIL, "ignored infra-lame-ttl: %s (option " "removed, use infra-host-ttl)", (yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4065 "util/configparser.c" +#line 4183 "util/configparser.c" break; - case 364: -#line 1389 "util/configparser.y" + case 373: +#line 1434 "util/configparser.y" { OUTYY(("P(server_infra_cache_numhosts:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -4073,22 +4191,22 @@ yyreduce: else cfg_parser->cfg->infra_cache_numhosts = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4077 "util/configparser.c" +#line 4195 "util/configparser.c" break; - case 365: -#line 1398 "util/configparser.y" + case 374: +#line 1443 "util/configparser.y" { OUTYY(("P(server_infra_cache_lame_size:%s)\n", (yyvsp[0].str))); verbose(VERB_DETAIL, "ignored infra-cache-lame-size: %s " "(option removed, use infra-cache-numhosts)", (yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4088 "util/configparser.c" +#line 4206 "util/configparser.c" break; - case 366: -#line 1406 "util/configparser.y" + case 375: +#line 1451 "util/configparser.y" { OUTYY(("P(server_infra_cache_slabs:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -4100,11 +4218,11 @@ yyreduce: } free((yyvsp[0].str)); } -#line 4104 "util/configparser.c" +#line 4222 "util/configparser.c" break; - case 367: -#line 1419 "util/configparser.y" + case 376: +#line 1464 "util/configparser.y" { OUTYY(("P(server_infra_cache_min_rtt:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -4112,21 +4230,21 @@ yyreduce: else cfg_parser->cfg->infra_cache_min_rtt = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4116 "util/configparser.c" +#line 4234 "util/configparser.c" break; - case 368: -#line 1428 "util/configparser.y" + case 377: +#line 1473 "util/configparser.y" { OUTYY(("P(server_target_fetch_policy:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->target_fetch_policy); cfg_parser->cfg->target_fetch_policy = (yyvsp[0].str); } -#line 4126 "util/configparser.c" +#line 4244 "util/configparser.c" break; - case 369: -#line 1435 "util/configparser.y" + case 378: +#line 1480 "util/configparser.y" { OUTYY(("P(server_harden_short_bufsize:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4135,11 +4253,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4139 "util/configparser.c" +#line 4257 "util/configparser.c" break; - case 370: -#line 1445 "util/configparser.y" + case 379: +#line 1490 "util/configparser.y" { OUTYY(("P(server_harden_large_queries:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4148,11 +4266,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4152 "util/configparser.c" +#line 4270 "util/configparser.c" break; - case 371: -#line 1455 "util/configparser.y" + case 380: +#line 1500 "util/configparser.y" { OUTYY(("P(server_harden_glue:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4161,11 +4279,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4165 "util/configparser.c" +#line 4283 "util/configparser.c" break; - case 372: -#line 1465 "util/configparser.y" + case 381: +#line 1510 "util/configparser.y" { OUTYY(("P(server_harden_dnssec_stripped:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4174,11 +4292,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4178 "util/configparser.c" +#line 4296 "util/configparser.c" break; - case 373: -#line 1475 "util/configparser.y" + case 382: +#line 1520 "util/configparser.y" { OUTYY(("P(server_harden_below_nxdomain:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4187,11 +4305,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4191 "util/configparser.c" +#line 4309 "util/configparser.c" break; - case 374: -#line 1485 "util/configparser.y" + case 383: +#line 1530 "util/configparser.y" { OUTYY(("P(server_harden_referral_path:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4200,11 +4318,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4204 "util/configparser.c" +#line 4322 "util/configparser.c" break; - case 375: -#line 1495 "util/configparser.y" + case 384: +#line 1540 "util/configparser.y" { OUTYY(("P(server_harden_algo_downgrade:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4213,11 +4331,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4217 "util/configparser.c" +#line 4335 "util/configparser.c" break; - case 376: -#line 1505 "util/configparser.y" + case 385: +#line 1550 "util/configparser.y" { OUTYY(("P(server_use_caps_for_id:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4226,41 +4344,41 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4230 "util/configparser.c" +#line 4348 "util/configparser.c" break; - case 377: -#line 1515 "util/configparser.y" + case 386: +#line 1560 "util/configparser.y" { OUTYY(("P(server_caps_whitelist:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->caps_whitelist, (yyvsp[0].str))) yyerror("out of memory"); } -#line 4240 "util/configparser.c" +#line 4358 "util/configparser.c" break; - case 378: -#line 1522 "util/configparser.y" + case 387: +#line 1567 "util/configparser.y" { OUTYY(("P(server_private_address:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->private_address, (yyvsp[0].str))) yyerror("out of memory"); } -#line 4250 "util/configparser.c" +#line 4368 "util/configparser.c" break; - case 379: -#line 1529 "util/configparser.y" + case 388: +#line 1574 "util/configparser.y" { OUTYY(("P(server_private_domain:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->private_domain, (yyvsp[0].str))) yyerror("out of memory"); } -#line 4260 "util/configparser.c" +#line 4378 "util/configparser.c" break; - case 380: -#line 1536 "util/configparser.y" + case 389: +#line 1581 "util/configparser.y" { OUTYY(("P(server_prefetch:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4268,11 +4386,11 @@ yyreduce: else cfg_parser->cfg->prefetch = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4272 "util/configparser.c" +#line 4390 "util/configparser.c" break; - case 381: -#line 1545 "util/configparser.y" + case 390: +#line 1590 "util/configparser.y" { OUTYY(("P(server_prefetch_key:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4280,11 +4398,11 @@ yyreduce: else cfg_parser->cfg->prefetch_key = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4284 "util/configparser.c" +#line 4402 "util/configparser.c" break; - case 382: -#line 1554 "util/configparser.y" + case 391: +#line 1599 "util/configparser.y" { OUTYY(("P(server_deny_any:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4292,11 +4410,11 @@ yyreduce: else cfg_parser->cfg->deny_any = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4296 "util/configparser.c" +#line 4414 "util/configparser.c" break; - case 383: -#line 1563 "util/configparser.y" + case 392: +#line 1608 "util/configparser.y" { OUTYY(("P(server_unwanted_reply_threshold:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -4304,21 +4422,21 @@ yyreduce: else cfg_parser->cfg->unwanted_threshold = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4308 "util/configparser.c" +#line 4426 "util/configparser.c" break; - case 384: -#line 1572 "util/configparser.y" + case 393: +#line 1617 "util/configparser.y" { OUTYY(("P(server_do_not_query_address:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->donotqueryaddrs, (yyvsp[0].str))) yyerror("out of memory"); } -#line 4318 "util/configparser.c" +#line 4436 "util/configparser.c" break; - case 385: -#line 1579 "util/configparser.y" + case 394: +#line 1624 "util/configparser.y" { OUTYY(("P(server_do_not_query_localhost:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4327,11 +4445,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4331 "util/configparser.c" +#line 4449 "util/configparser.c" break; - case 386: -#line 1589 "util/configparser.y" + case 395: +#line 1634 "util/configparser.y" { OUTYY(("P(server_access_control:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "deny")!=0 && strcmp((yyvsp[0].str), "refuse")!=0 && @@ -4350,21 +4468,21 @@ yyreduce: fatal_exit("out of memory adding acl"); } } -#line 4354 "util/configparser.c" +#line 4472 "util/configparser.c" break; - case 387: -#line 1609 "util/configparser.y" + case 396: +#line 1654 "util/configparser.y" { OUTYY(("P(server_module_conf:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->module_conf); cfg_parser->cfg->module_conf = (yyvsp[0].str); } -#line 4364 "util/configparser.c" +#line 4482 "util/configparser.c" break; - case 388: -#line 1616 "util/configparser.y" + case 397: +#line 1661 "util/configparser.y" { OUTYY(("P(server_val_override_date:%s)\n", (yyvsp[0].str))); if(*(yyvsp[0].str) == '\0' || strcmp((yyvsp[0].str), "0") == 0) { @@ -4381,11 +4499,11 @@ yyreduce: } free((yyvsp[0].str)); } -#line 4385 "util/configparser.c" +#line 4503 "util/configparser.c" break; - case 389: -#line 1634 "util/configparser.y" + case 398: +#line 1679 "util/configparser.y" { OUTYY(("P(server_val_sig_skew_min:%s)\n", (yyvsp[0].str))); if(*(yyvsp[0].str) == '\0' || strcmp((yyvsp[0].str), "0") == 0) { @@ -4397,11 +4515,11 @@ yyreduce: } free((yyvsp[0].str)); } -#line 4401 "util/configparser.c" +#line 4519 "util/configparser.c" break; - case 390: -#line 1647 "util/configparser.y" + case 399: +#line 1692 "util/configparser.y" { OUTYY(("P(server_val_sig_skew_max:%s)\n", (yyvsp[0].str))); if(*(yyvsp[0].str) == '\0' || strcmp((yyvsp[0].str), "0") == 0) { @@ -4413,11 +4531,11 @@ yyreduce: } free((yyvsp[0].str)); } -#line 4417 "util/configparser.c" +#line 4535 "util/configparser.c" break; - case 391: -#line 1660 "util/configparser.y" + case 400: +#line 1705 "util/configparser.y" { OUTYY(("P(server_cache_max_ttl:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -4425,11 +4543,11 @@ yyreduce: else cfg_parser->cfg->max_ttl = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4429 "util/configparser.c" +#line 4547 "util/configparser.c" break; - case 392: -#line 1669 "util/configparser.y" + case 401: +#line 1714 "util/configparser.y" { OUTYY(("P(server_cache_max_negative_ttl:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -4437,11 +4555,11 @@ yyreduce: else cfg_parser->cfg->max_negative_ttl = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4441 "util/configparser.c" +#line 4559 "util/configparser.c" break; - case 393: -#line 1678 "util/configparser.y" + case 402: +#line 1723 "util/configparser.y" { OUTYY(("P(server_cache_min_ttl:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -4449,11 +4567,11 @@ yyreduce: else cfg_parser->cfg->min_ttl = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4453 "util/configparser.c" +#line 4571 "util/configparser.c" break; - case 394: -#line 1687 "util/configparser.y" + case 403: +#line 1732 "util/configparser.y" { OUTYY(("P(server_bogus_ttl:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -4461,11 +4579,11 @@ yyreduce: else cfg_parser->cfg->bogus_ttl = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4465 "util/configparser.c" +#line 4583 "util/configparser.c" break; - case 395: -#line 1696 "util/configparser.y" + case 404: +#line 1741 "util/configparser.y" { OUTYY(("P(server_val_clean_additional:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4474,11 +4592,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4478 "util/configparser.c" +#line 4596 "util/configparser.c" break; - case 396: -#line 1706 "util/configparser.y" + case 405: +#line 1751 "util/configparser.y" { OUTYY(("P(server_val_permissive_mode:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4487,11 +4605,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4491 "util/configparser.c" +#line 4609 "util/configparser.c" break; - case 397: -#line 1716 "util/configparser.y" + case 406: +#line 1761 "util/configparser.y" { OUTYY(("P(server_aggressive_nsec:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4501,11 +4619,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4505 "util/configparser.c" +#line 4623 "util/configparser.c" break; - case 398: -#line 1727 "util/configparser.y" + case 407: +#line 1772 "util/configparser.y" { OUTYY(("P(server_ignore_cd_flag:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4513,11 +4631,11 @@ yyreduce: else cfg_parser->cfg->ignore_cd = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4517 "util/configparser.c" +#line 4635 "util/configparser.c" break; - case 399: -#line 1736 "util/configparser.y" + case 408: +#line 1781 "util/configparser.y" { OUTYY(("P(server_serve_expired:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4525,11 +4643,11 @@ yyreduce: else cfg_parser->cfg->serve_expired = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4529 "util/configparser.c" +#line 4647 "util/configparser.c" break; - case 400: -#line 1745 "util/configparser.y" + case 409: +#line 1790 "util/configparser.y" { OUTYY(("P(server_serve_expired_ttl:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -4537,11 +4655,11 @@ yyreduce: else cfg_parser->cfg->serve_expired_ttl = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4541 "util/configparser.c" +#line 4659 "util/configparser.c" break; - case 401: -#line 1754 "util/configparser.y" + case 410: +#line 1799 "util/configparser.y" { OUTYY(("P(server_serve_expired_ttl_reset:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4549,11 +4667,11 @@ yyreduce: else cfg_parser->cfg->serve_expired_ttl_reset = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4553 "util/configparser.c" +#line 4671 "util/configparser.c" break; - case 402: -#line 1763 "util/configparser.y" + case 411: +#line 1808 "util/configparser.y" { OUTYY(("P(server_serve_expired_reply_ttl:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -4561,11 +4679,11 @@ yyreduce: else cfg_parser->cfg->serve_expired_reply_ttl = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4565 "util/configparser.c" +#line 4683 "util/configparser.c" break; - case 403: -#line 1772 "util/configparser.y" + case 412: +#line 1817 "util/configparser.y" { OUTYY(("P(server_serve_expired_client_timeout:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -4573,11 +4691,11 @@ yyreduce: else cfg_parser->cfg->serve_expired_client_timeout = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4577 "util/configparser.c" +#line 4695 "util/configparser.c" break; - case 404: -#line 1781 "util/configparser.y" + case 413: +#line 1826 "util/configparser.y" { OUTYY(("P(server_fake_dsa:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4589,11 +4707,11 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 4593 "util/configparser.c" +#line 4711 "util/configparser.c" break; - case 405: -#line 1794 "util/configparser.y" + case 414: +#line 1839 "util/configparser.y" { OUTYY(("P(server_fake_sha1:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4605,11 +4723,11 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 4609 "util/configparser.c" +#line 4727 "util/configparser.c" break; - case 406: -#line 1807 "util/configparser.y" + case 415: +#line 1852 "util/configparser.y" { OUTYY(("P(server_val_log_level:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -4617,21 +4735,21 @@ yyreduce: else cfg_parser->cfg->val_log_level = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4621 "util/configparser.c" +#line 4739 "util/configparser.c" break; - case 407: -#line 1816 "util/configparser.y" + case 416: +#line 1861 "util/configparser.y" { OUTYY(("P(server_val_nsec3_keysize_iterations:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->val_nsec3_key_iterations); cfg_parser->cfg->val_nsec3_key_iterations = (yyvsp[0].str); } -#line 4631 "util/configparser.c" +#line 4749 "util/configparser.c" break; - case 408: -#line 1823 "util/configparser.y" + case 417: +#line 1868 "util/configparser.y" { OUTYY(("P(server_add_holddown:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -4639,11 +4757,11 @@ yyreduce: else cfg_parser->cfg->add_holddown = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4643 "util/configparser.c" +#line 4761 "util/configparser.c" break; - case 409: -#line 1832 "util/configparser.y" + case 418: +#line 1877 "util/configparser.y" { OUTYY(("P(server_del_holddown:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -4651,11 +4769,11 @@ yyreduce: else cfg_parser->cfg->del_holddown = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4655 "util/configparser.c" +#line 4773 "util/configparser.c" break; - case 410: -#line 1841 "util/configparser.y" + case 419: +#line 1886 "util/configparser.y" { OUTYY(("P(server_keep_missing:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -4663,11 +4781,11 @@ yyreduce: else cfg_parser->cfg->keep_missing = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4667 "util/configparser.c" +#line 4785 "util/configparser.c" break; - case 411: -#line 1850 "util/configparser.y" + case 420: +#line 1895 "util/configparser.y" { OUTYY(("P(server_permit_small_holddown:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4676,22 +4794,22 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4680 "util/configparser.c" +#line 4798 "util/configparser.c" break; - case 412: -#line 1859 "util/configparser.y" + case 421: +#line 1904 "util/configparser.y" { OUTYY(("P(server_key_cache_size:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->key_cache_size)) yyerror("memory size expected"); free((yyvsp[0].str)); } -#line 4691 "util/configparser.c" +#line 4809 "util/configparser.c" break; - case 413: -#line 1867 "util/configparser.y" + case 422: +#line 1912 "util/configparser.y" { OUTYY(("P(server_key_cache_slabs:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -4703,22 +4821,22 @@ yyreduce: } free((yyvsp[0].str)); } -#line 4707 "util/configparser.c" +#line 4825 "util/configparser.c" break; - case 414: -#line 1880 "util/configparser.y" + case 423: +#line 1925 "util/configparser.y" { OUTYY(("P(server_neg_cache_size:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->neg_cache_size)) yyerror("memory size expected"); free((yyvsp[0].str)); } -#line 4718 "util/configparser.c" +#line 4836 "util/configparser.c" break; - case 415: -#line 1888 "util/configparser.y" + case 424: +#line 1933 "util/configparser.y" { OUTYY(("P(server_local_zone:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "static")!=0 && strcmp((yyvsp[0].str), "deny")!=0 && @@ -4758,21 +4876,21 @@ yyreduce: fatal_exit("out of memory adding local-zone"); } } -#line 4762 "util/configparser.c" +#line 4880 "util/configparser.c" break; - case 416: -#line 1929 "util/configparser.y" + case 425: +#line 1974 "util/configparser.y" { OUTYY(("P(server_local_data:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->local_data, (yyvsp[0].str))) fatal_exit("out of memory adding local-data"); } -#line 4772 "util/configparser.c" +#line 4890 "util/configparser.c" break; - case 417: -#line 1936 "util/configparser.y" + case 426: +#line 1981 "util/configparser.y" { char* ptr; OUTYY(("P(server_local_data_ptr:%s)\n", (yyvsp[0].str))); @@ -4786,11 +4904,11 @@ yyreduce: yyerror("local-data-ptr could not be reversed"); } } -#line 4790 "util/configparser.c" +#line 4908 "util/configparser.c" break; - case 418: -#line 1951 "util/configparser.y" + case 427: +#line 1996 "util/configparser.y" { OUTYY(("P(server_minimal_responses:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4799,11 +4917,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4803 "util/configparser.c" +#line 4921 "util/configparser.c" break; - case 419: -#line 1961 "util/configparser.y" + case 428: +#line 2006 "util/configparser.y" { OUTYY(("P(server_rrset_roundrobin:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4812,41 +4930,41 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4816 "util/configparser.c" +#line 4934 "util/configparser.c" break; - case 420: -#line 1971 "util/configparser.y" + case 429: +#line 2016 "util/configparser.y" { OUTYY(("P(server_unknown_server_time_limit:%s)\n", (yyvsp[0].str))); cfg_parser->cfg->unknown_server_time_limit = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4826 "util/configparser.c" +#line 4944 "util/configparser.c" break; - case 421: -#line 1978 "util/configparser.y" + case 430: +#line 2023 "util/configparser.y" { OUTYY(("P(server_max_udp_size:%s)\n", (yyvsp[0].str))); cfg_parser->cfg->max_udp_size = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4836 "util/configparser.c" +#line 4954 "util/configparser.c" break; - case 422: -#line 1985 "util/configparser.y" + case 431: +#line 2030 "util/configparser.y" { OUTYY(("P(dns64_prefix:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->dns64_prefix); cfg_parser->cfg->dns64_prefix = (yyvsp[0].str); } -#line 4846 "util/configparser.c" +#line 4964 "util/configparser.c" break; - case 423: -#line 1992 "util/configparser.y" + case 432: +#line 2037 "util/configparser.y" { OUTYY(("P(server_dns64_synthall:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4854,22 +4972,22 @@ yyreduce: else cfg_parser->cfg->dns64_synthall = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4858 "util/configparser.c" +#line 4976 "util/configparser.c" break; - case 424: -#line 2001 "util/configparser.y" + case 433: +#line 2046 "util/configparser.y" { OUTYY(("P(dns64_ignore_aaaa:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->dns64_ignore_aaaa, (yyvsp[0].str))) fatal_exit("out of memory adding dns64-ignore-aaaa"); } -#line 4869 "util/configparser.c" +#line 4987 "util/configparser.c" break; - case 425: -#line 2009 "util/configparser.y" + case 434: +#line 2054 "util/configparser.y" { char* p, *s = (yyvsp[0].str); OUTYY(("P(server_define_tag:%s)\n", (yyvsp[0].str))); @@ -4882,11 +5000,11 @@ yyreduce: } free((yyvsp[0].str)); } -#line 4886 "util/configparser.c" +#line 5004 "util/configparser.c" break; - case 426: -#line 2023 "util/configparser.y" + case 435: +#line 2068 "util/configparser.y" { size_t len = 0; uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, (yyvsp[0].str), @@ -4906,11 +5024,11 @@ yyreduce: } } } -#line 4910 "util/configparser.c" +#line 5028 "util/configparser.c" break; - case 427: -#line 2044 "util/configparser.y" + case 436: +#line 2089 "util/configparser.y" { size_t len = 0; uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, (yyvsp[0].str), @@ -4930,11 +5048,11 @@ yyreduce: } } } -#line 4934 "util/configparser.c" +#line 5052 "util/configparser.c" break; - case 428: -#line 2065 "util/configparser.y" + case 437: +#line 2110 "util/configparser.y" { OUTYY(("P(server_access_control_tag_action:%s %s %s)\n", (yyvsp[-2].str), (yyvsp[-1].str), (yyvsp[0].str))); if(!cfg_str3list_insert(&cfg_parser->cfg->acl_tag_actions, @@ -4945,11 +5063,11 @@ yyreduce: free((yyvsp[0].str)); } } -#line 4949 "util/configparser.c" +#line 5067 "util/configparser.c" break; - case 429: -#line 2077 "util/configparser.y" + case 438: +#line 2122 "util/configparser.y" { OUTYY(("P(server_access_control_tag_data:%s %s %s)\n", (yyvsp[-2].str), (yyvsp[-1].str), (yyvsp[0].str))); if(!cfg_str3list_insert(&cfg_parser->cfg->acl_tag_datas, @@ -4960,11 +5078,11 @@ yyreduce: free((yyvsp[0].str)); } } -#line 4964 "util/configparser.c" +#line 5082 "util/configparser.c" break; - case 430: -#line 2089 "util/configparser.y" + case 439: +#line 2134 "util/configparser.y" { OUTYY(("P(server_local_zone_override:%s %s %s)\n", (yyvsp[-2].str), (yyvsp[-1].str), (yyvsp[0].str))); if(!cfg_str3list_insert(&cfg_parser->cfg->local_zone_overrides, @@ -4975,11 +5093,11 @@ yyreduce: free((yyvsp[0].str)); } } -#line 4979 "util/configparser.c" +#line 5097 "util/configparser.c" break; - case 431: -#line 2101 "util/configparser.y" + case 440: +#line 2146 "util/configparser.y" { OUTYY(("P(server_access_control_view:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); if(!cfg_str2list_insert(&cfg_parser->cfg->acl_view, @@ -4987,11 +5105,11 @@ yyreduce: yyerror("out of memory"); } } -#line 4991 "util/configparser.c" +#line 5109 "util/configparser.c" break; - case 432: -#line 2110 "util/configparser.y" + case 441: +#line 2155 "util/configparser.y" { size_t len = 0; uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, (yyvsp[0].str), @@ -5011,11 +5129,11 @@ yyreduce: } } } -#line 5015 "util/configparser.c" +#line 5133 "util/configparser.c" break; - case 433: -#line 2131 "util/configparser.y" + case 442: +#line 2176 "util/configparser.y" { OUTYY(("P(server_ip_ratelimit:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -5023,11 +5141,11 @@ yyreduce: else cfg_parser->cfg->ip_ratelimit = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 5027 "util/configparser.c" +#line 5145 "util/configparser.c" break; - case 434: -#line 2141 "util/configparser.y" + case 443: +#line 2186 "util/configparser.y" { OUTYY(("P(server_ratelimit:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -5035,33 +5153,33 @@ yyreduce: else cfg_parser->cfg->ratelimit = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 5039 "util/configparser.c" +#line 5157 "util/configparser.c" break; - case 435: -#line 2150 "util/configparser.y" + case 444: +#line 2195 "util/configparser.y" { OUTYY(("P(server_ip_ratelimit_size:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->ip_ratelimit_size)) yyerror("memory size expected"); free((yyvsp[0].str)); } -#line 5050 "util/configparser.c" +#line 5168 "util/configparser.c" break; - case 436: -#line 2158 "util/configparser.y" + case 445: +#line 2203 "util/configparser.y" { OUTYY(("P(server_ratelimit_size:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->ratelimit_size)) yyerror("memory size expected"); free((yyvsp[0].str)); } -#line 5061 "util/configparser.c" +#line 5179 "util/configparser.c" break; - case 437: -#line 2166 "util/configparser.y" + case 446: +#line 2211 "util/configparser.y" { OUTYY(("P(server_ip_ratelimit_slabs:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -5073,11 +5191,11 @@ yyreduce: } free((yyvsp[0].str)); } -#line 5077 "util/configparser.c" +#line 5195 "util/configparser.c" break; - case 438: -#line 2179 "util/configparser.y" + case 447: +#line 2224 "util/configparser.y" { OUTYY(("P(server_ratelimit_slabs:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -5089,11 +5207,11 @@ yyreduce: } free((yyvsp[0].str)); } -#line 5093 "util/configparser.c" +#line 5211 "util/configparser.c" break; - case 439: -#line 2192 "util/configparser.y" + case 448: +#line 2237 "util/configparser.y" { OUTYY(("P(server_ratelimit_for_domain:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) { @@ -5107,11 +5225,11 @@ yyreduce: "ratelimit-for-domain"); } } -#line 5111 "util/configparser.c" +#line 5229 "util/configparser.c" break; - case 440: -#line 2207 "util/configparser.y" + case 449: +#line 2252 "util/configparser.y" { OUTYY(("P(server_ratelimit_below_domain:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) { @@ -5125,11 +5243,11 @@ yyreduce: "ratelimit-below-domain"); } } -#line 5129 "util/configparser.c" +#line 5247 "util/configparser.c" break; - case 441: -#line 2222 "util/configparser.y" + case 450: +#line 2267 "util/configparser.y" { OUTYY(("P(server_ip_ratelimit_factor:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -5137,11 +5255,11 @@ yyreduce: else cfg_parser->cfg->ip_ratelimit_factor = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 5141 "util/configparser.c" +#line 5259 "util/configparser.c" break; - case 442: -#line 2231 "util/configparser.y" + case 451: +#line 2276 "util/configparser.y" { OUTYY(("P(server_ratelimit_factor:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -5149,20 +5267,20 @@ yyreduce: else cfg_parser->cfg->ratelimit_factor = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 5153 "util/configparser.c" +#line 5271 "util/configparser.c" break; - case 443: -#line 2240 "util/configparser.y" + case 452: +#line 2285 "util/configparser.y" { OUTYY(("P(low-rtt option is deprecated, use fast-server-num instead)\n")); free((yyvsp[0].str)); } -#line 5162 "util/configparser.c" +#line 5280 "util/configparser.c" break; - case 444: -#line 2246 "util/configparser.y" + case 453: +#line 2291 "util/configparser.y" { OUTYY(("P(server_fast_server_num:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) <= 0) @@ -5170,11 +5288,11 @@ yyreduce: else cfg_parser->cfg->fast_server_num = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 5174 "util/configparser.c" +#line 5292 "util/configparser.c" break; - case 445: -#line 2255 "util/configparser.y" + case 454: +#line 2300 "util/configparser.y" { OUTYY(("P(server_fast_server_permil:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -5182,11 +5300,11 @@ yyreduce: else cfg_parser->cfg->fast_server_permil = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 5186 "util/configparser.c" +#line 5304 "util/configparser.c" break; - case 446: -#line 2264 "util/configparser.y" + case 455: +#line 2309 "util/configparser.y" { OUTYY(("P(server_qname_minimisation:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5195,11 +5313,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5199 "util/configparser.c" +#line 5317 "util/configparser.c" break; - case 447: -#line 2274 "util/configparser.y" + case 456: +#line 2319 "util/configparser.y" { OUTYY(("P(server_qname_minimisation_strict:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5208,11 +5326,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5212 "util/configparser.c" +#line 5330 "util/configparser.c" break; - case 448: -#line 2284 "util/configparser.y" + case 457: +#line 2329 "util/configparser.y" { #ifdef USE_IPSECMOD OUTYY(("P(server_ipsecmod_enabled:%s)\n", (yyvsp[0].str))); @@ -5224,11 +5342,11 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 5228 "util/configparser.c" +#line 5346 "util/configparser.c" break; - case 449: -#line 2297 "util/configparser.y" + case 458: +#line 2342 "util/configparser.y" { #ifdef USE_IPSECMOD OUTYY(("P(server_ipsecmod_ignore_bogus:%s)\n", (yyvsp[0].str))); @@ -5240,11 +5358,11 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 5244 "util/configparser.c" +#line 5362 "util/configparser.c" break; - case 450: -#line 2310 "util/configparser.y" + case 459: +#line 2355 "util/configparser.y" { #ifdef USE_IPSECMOD OUTYY(("P(server_ipsecmod_hook:%s)\n", (yyvsp[0].str))); @@ -5255,11 +5373,11 @@ yyreduce: free((yyvsp[0].str)); #endif } -#line 5259 "util/configparser.c" +#line 5377 "util/configparser.c" break; - case 451: -#line 2322 "util/configparser.y" + case 460: +#line 2367 "util/configparser.y" { #ifdef USE_IPSECMOD OUTYY(("P(server_ipsecmod_max_ttl:%s)\n", (yyvsp[0].str))); @@ -5272,11 +5390,11 @@ yyreduce: free((yyvsp[0].str)); #endif } -#line 5276 "util/configparser.c" +#line 5394 "util/configparser.c" break; - case 452: -#line 2336 "util/configparser.y" + case 461: +#line 2381 "util/configparser.y" { #ifdef USE_IPSECMOD OUTYY(("P(server_ipsecmod_whitelist:%s)\n", (yyvsp[0].str))); @@ -5287,11 +5405,11 @@ yyreduce: free((yyvsp[0].str)); #endif } -#line 5291 "util/configparser.c" +#line 5409 "util/configparser.c" break; - case 453: -#line 2348 "util/configparser.y" + case 462: +#line 2393 "util/configparser.y" { #ifdef USE_IPSECMOD OUTYY(("P(server_ipsecmod_strict:%s)\n", (yyvsp[0].str))); @@ -5304,11 +5422,11 @@ yyreduce: free((yyvsp[0].str)); #endif } -#line 5308 "util/configparser.c" +#line 5426 "util/configparser.c" break; - case 454: -#line 2362 "util/configparser.y" + case 463: +#line 2407 "util/configparser.y" { OUTYY(("P(name:%s)\n", (yyvsp[0].str))); if(cfg_parser->cfg->stubs->name) @@ -5317,31 +5435,31 @@ yyreduce: free(cfg_parser->cfg->stubs->name); cfg_parser->cfg->stubs->name = (yyvsp[0].str); } -#line 5321 "util/configparser.c" +#line 5439 "util/configparser.c" break; - case 455: -#line 2372 "util/configparser.y" + case 464: +#line 2417 "util/configparser.y" { OUTYY(("P(stub-host:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->hosts, (yyvsp[0].str))) yyerror("out of memory"); } -#line 5331 "util/configparser.c" +#line 5449 "util/configparser.c" break; - case 456: -#line 2379 "util/configparser.y" + case 465: +#line 2424 "util/configparser.y" { OUTYY(("P(stub-addr:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->addrs, (yyvsp[0].str))) yyerror("out of memory"); } -#line 5341 "util/configparser.c" +#line 5459 "util/configparser.c" break; - case 457: -#line 2386 "util/configparser.y" + case 466: +#line 2431 "util/configparser.y" { OUTYY(("P(stub-first:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5349,11 +5467,11 @@ yyreduce: else cfg_parser->cfg->stubs->isfirst=(strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5353 "util/configparser.c" +#line 5471 "util/configparser.c" break; - case 458: -#line 2395 "util/configparser.y" + case 467: +#line 2440 "util/configparser.y" { OUTYY(("P(stub-no-cache:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5361,11 +5479,11 @@ yyreduce: else cfg_parser->cfg->stubs->no_cache=(strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5365 "util/configparser.c" +#line 5483 "util/configparser.c" break; - case 459: -#line 2404 "util/configparser.y" + case 468: +#line 2449 "util/configparser.y" { OUTYY(("P(stub-ssl-upstream:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5374,11 +5492,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5378 "util/configparser.c" +#line 5496 "util/configparser.c" break; - case 460: -#line 2414 "util/configparser.y" + case 469: +#line 2459 "util/configparser.y" { OUTYY(("P(stub-prime:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5387,11 +5505,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5391 "util/configparser.c" +#line 5509 "util/configparser.c" break; - case 461: -#line 2424 "util/configparser.y" + case 470: +#line 2469 "util/configparser.y" { OUTYY(("P(name:%s)\n", (yyvsp[0].str))); if(cfg_parser->cfg->forwards->name) @@ -5400,31 +5518,31 @@ yyreduce: free(cfg_parser->cfg->forwards->name); cfg_parser->cfg->forwards->name = (yyvsp[0].str); } -#line 5404 "util/configparser.c" +#line 5522 "util/configparser.c" break; - case 462: -#line 2434 "util/configparser.y" + case 471: +#line 2479 "util/configparser.y" { OUTYY(("P(forward-host:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->hosts, (yyvsp[0].str))) yyerror("out of memory"); } -#line 5414 "util/configparser.c" +#line 5532 "util/configparser.c" break; - case 463: -#line 2441 "util/configparser.y" + case 472: +#line 2486 "util/configparser.y" { OUTYY(("P(forward-addr:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->addrs, (yyvsp[0].str))) yyerror("out of memory"); } -#line 5424 "util/configparser.c" +#line 5542 "util/configparser.c" break; - case 464: -#line 2448 "util/configparser.y" + case 473: +#line 2493 "util/configparser.y" { OUTYY(("P(forward-first:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5432,11 +5550,11 @@ yyreduce: else cfg_parser->cfg->forwards->isfirst=(strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5436 "util/configparser.c" +#line 5554 "util/configparser.c" break; - case 465: -#line 2457 "util/configparser.y" + case 474: +#line 2502 "util/configparser.y" { OUTYY(("P(forward-no-cache:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5444,11 +5562,11 @@ yyreduce: else cfg_parser->cfg->forwards->no_cache=(strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5448 "util/configparser.c" +#line 5566 "util/configparser.c" break; - case 466: -#line 2466 "util/configparser.y" + case 475: +#line 2511 "util/configparser.y" { OUTYY(("P(forward-ssl-upstream:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5457,11 +5575,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5461 "util/configparser.c" +#line 5579 "util/configparser.c" break; - case 467: -#line 2476 "util/configparser.y" + case 476: +#line 2521 "util/configparser.y" { OUTYY(("P(name:%s)\n", (yyvsp[0].str))); if(cfg_parser->cfg->auths->name) @@ -5470,52 +5588,52 @@ yyreduce: free(cfg_parser->cfg->auths->name); cfg_parser->cfg->auths->name = (yyvsp[0].str); } -#line 5474 "util/configparser.c" +#line 5592 "util/configparser.c" break; - case 468: -#line 2486 "util/configparser.y" + case 477: +#line 2531 "util/configparser.y" { OUTYY(("P(zonefile:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->auths->zonefile); cfg_parser->cfg->auths->zonefile = (yyvsp[0].str); } -#line 5484 "util/configparser.c" +#line 5602 "util/configparser.c" break; - case 469: -#line 2493 "util/configparser.y" + case 478: +#line 2538 "util/configparser.y" { OUTYY(("P(master:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->auths->masters, (yyvsp[0].str))) yyerror("out of memory"); } -#line 5494 "util/configparser.c" +#line 5612 "util/configparser.c" break; - case 470: -#line 2500 "util/configparser.y" + case 479: +#line 2545 "util/configparser.y" { OUTYY(("P(url:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->auths->urls, (yyvsp[0].str))) yyerror("out of memory"); } -#line 5504 "util/configparser.c" +#line 5622 "util/configparser.c" break; - case 471: -#line 2507 "util/configparser.y" + case 480: +#line 2552 "util/configparser.y" { OUTYY(("P(allow-notify:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->auths->allow_notify, (yyvsp[0].str))) yyerror("out of memory"); } -#line 5515 "util/configparser.c" +#line 5633 "util/configparser.c" break; - case 472: -#line 2515 "util/configparser.y" + case 481: +#line 2560 "util/configparser.y" { OUTYY(("P(for-downstream:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5524,11 +5642,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5528 "util/configparser.c" +#line 5646 "util/configparser.c" break; - case 473: -#line 2525 "util/configparser.y" + case 482: +#line 2570 "util/configparser.y" { OUTYY(("P(for-upstream:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5537,11 +5655,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5541 "util/configparser.c" +#line 5659 "util/configparser.c" break; - case 474: -#line 2535 "util/configparser.y" + case 483: +#line 2580 "util/configparser.y" { OUTYY(("P(fallback-enabled:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5550,11 +5668,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5554 "util/configparser.c" +#line 5672 "util/configparser.c" break; - case 475: -#line 2545 "util/configparser.y" + case 484: +#line 2590 "util/configparser.y" { OUTYY(("P(name:%s)\n", (yyvsp[0].str))); if(cfg_parser->cfg->views->name) @@ -5563,11 +5681,11 @@ yyreduce: free(cfg_parser->cfg->views->name); cfg_parser->cfg->views->name = (yyvsp[0].str); } -#line 5567 "util/configparser.c" +#line 5685 "util/configparser.c" break; - case 476: -#line 2555 "util/configparser.y" + case 485: +#line 2600 "util/configparser.y" { OUTYY(("P(view_local_zone:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "static")!=0 && strcmp((yyvsp[0].str), "deny")!=0 && @@ -5605,11 +5723,11 @@ yyreduce: fatal_exit("out of memory adding local-zone"); } } -#line 5609 "util/configparser.c" +#line 5727 "util/configparser.c" break; - case 477: -#line 2594 "util/configparser.y" + case 486: +#line 2639 "util/configparser.y" { OUTYY(("P(view_response_ip:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); validate_respip_action((yyvsp[0].str)); @@ -5618,33 +5736,33 @@ yyreduce: fatal_exit("out of memory adding per-view " "response-ip action"); } -#line 5622 "util/configparser.c" +#line 5740 "util/configparser.c" break; - case 478: -#line 2604 "util/configparser.y" + case 487: +#line 2649 "util/configparser.y" { OUTYY(("P(view_response_ip_data:%s)\n", (yyvsp[-1].str))); if(!cfg_str2list_insert( &cfg_parser->cfg->views->respip_data, (yyvsp[-1].str), (yyvsp[0].str))) fatal_exit("out of memory adding response-ip-data"); } -#line 5633 "util/configparser.c" +#line 5751 "util/configparser.c" break; - case 479: -#line 2612 "util/configparser.y" + case 488: +#line 2657 "util/configparser.y" { OUTYY(("P(view_local_data:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->views->local_data, (yyvsp[0].str))) { fatal_exit("out of memory adding local-data"); } } -#line 5644 "util/configparser.c" +#line 5762 "util/configparser.c" break; - case 480: -#line 2620 "util/configparser.y" + case 489: +#line 2665 "util/configparser.y" { char* ptr; OUTYY(("P(view_local_data_ptr:%s)\n", (yyvsp[0].str))); @@ -5658,11 +5776,11 @@ yyreduce: yyerror("local-data-ptr could not be reversed"); } } -#line 5662 "util/configparser.c" +#line 5780 "util/configparser.c" break; - case 481: -#line 2635 "util/configparser.y" + case 490: +#line 2680 "util/configparser.y" { OUTYY(("P(view-first:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5670,19 +5788,19 @@ yyreduce: else cfg_parser->cfg->views->isfirst=(strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5674 "util/configparser.c" +#line 5792 "util/configparser.c" break; - case 482: -#line 2644 "util/configparser.y" + case 491: +#line 2689 "util/configparser.y" { OUTYY(("\nP(remote-control:)\n")); } -#line 5682 "util/configparser.c" +#line 5800 "util/configparser.c" break; - case 493: -#line 2655 "util/configparser.y" + case 502: +#line 2700 "util/configparser.y" { OUTYY(("P(control_enable:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5691,11 +5809,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5695 "util/configparser.c" +#line 5813 "util/configparser.c" break; - case 494: -#line 2665 "util/configparser.y" + case 503: +#line 2710 "util/configparser.y" { OUTYY(("P(control_port:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -5703,79 +5821,79 @@ yyreduce: else cfg_parser->cfg->control_port = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 5707 "util/configparser.c" +#line 5825 "util/configparser.c" break; - case 495: -#line 2674 "util/configparser.y" + case 504: +#line 2719 "util/configparser.y" { OUTYY(("P(control_interface:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_append(&cfg_parser->cfg->control_ifs, (yyvsp[0].str))) yyerror("out of memory"); } -#line 5717 "util/configparser.c" +#line 5835 "util/configparser.c" break; - case 496: -#line 2681 "util/configparser.y" + case 505: +#line 2726 "util/configparser.y" { OUTYY(("P(control_use_cert:%s)\n", (yyvsp[0].str))); cfg_parser->cfg->control_use_cert = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5727 "util/configparser.c" +#line 5845 "util/configparser.c" break; - case 497: -#line 2688 "util/configparser.y" + case 506: +#line 2733 "util/configparser.y" { OUTYY(("P(rc_server_key_file:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->server_key_file); cfg_parser->cfg->server_key_file = (yyvsp[0].str); } -#line 5737 "util/configparser.c" +#line 5855 "util/configparser.c" break; - case 498: -#line 2695 "util/configparser.y" + case 507: +#line 2740 "util/configparser.y" { OUTYY(("P(rc_server_cert_file:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->server_cert_file); cfg_parser->cfg->server_cert_file = (yyvsp[0].str); } -#line 5747 "util/configparser.c" +#line 5865 "util/configparser.c" break; - case 499: -#line 2702 "util/configparser.y" + case 508: +#line 2747 "util/configparser.y" { OUTYY(("P(rc_control_key_file:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->control_key_file); cfg_parser->cfg->control_key_file = (yyvsp[0].str); } -#line 5757 "util/configparser.c" +#line 5875 "util/configparser.c" break; - case 500: -#line 2709 "util/configparser.y" + case 509: +#line 2754 "util/configparser.y" { OUTYY(("P(rc_control_cert_file:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->control_cert_file); cfg_parser->cfg->control_cert_file = (yyvsp[0].str); } -#line 5767 "util/configparser.c" +#line 5885 "util/configparser.c" break; - case 501: -#line 2716 "util/configparser.y" + case 510: +#line 2761 "util/configparser.y" { OUTYY(("\nP(dnstap:)\n")); } -#line 5775 "util/configparser.c" +#line 5893 "util/configparser.c" break; - case 516: -#line 2733 "util/configparser.y" + case 532: +#line 2781 "util/configparser.y" { OUTYY(("P(dt_dnstap_enable:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5783,21 +5901,96 @@ yyreduce: else cfg_parser->cfg->dnstap = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5787 "util/configparser.c" +#line 5905 "util/configparser.c" break; - case 517: -#line 2742 "util/configparser.y" + case 533: +#line 2790 "util/configparser.y" + { + OUTYY(("P(dt_dnstap_bidirectional:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->dnstap_bidirectional = + (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 5918 "util/configparser.c" + break; + + case 534: +#line 2800 "util/configparser.y" { OUTYY(("P(dt_dnstap_socket_path:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->dnstap_socket_path); cfg_parser->cfg->dnstap_socket_path = (yyvsp[0].str); } -#line 5797 "util/configparser.c" +#line 5928 "util/configparser.c" + break; + + case 535: +#line 2807 "util/configparser.y" + { + OUTYY(("P(dt_dnstap_ip:%s)\n", (yyvsp[0].str))); + free(cfg_parser->cfg->dnstap_ip); + cfg_parser->cfg->dnstap_ip = (yyvsp[0].str); + } +#line 5938 "util/configparser.c" + break; + + case 536: +#line 2814 "util/configparser.y" + { + OUTYY(("P(dt_dnstap_tls:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->dnstap_tls = (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 5950 "util/configparser.c" + break; + + case 537: +#line 2823 "util/configparser.y" + { + OUTYY(("P(dt_dnstap_tls_server_name:%s)\n", (yyvsp[0].str))); + free(cfg_parser->cfg->dnstap_tls_server_name); + cfg_parser->cfg->dnstap_tls_server_name = (yyvsp[0].str); + } +#line 5960 "util/configparser.c" + break; + + case 538: +#line 2830 "util/configparser.y" + { + OUTYY(("P(dt_dnstap_tls_cert_bundle:%s)\n", (yyvsp[0].str))); + free(cfg_parser->cfg->dnstap_tls_cert_bundle); + cfg_parser->cfg->dnstap_tls_cert_bundle = (yyvsp[0].str); + } +#line 5970 "util/configparser.c" break; - case 518: -#line 2749 "util/configparser.y" + case 539: +#line 2837 "util/configparser.y" + { + OUTYY(("P(dt_dnstap_tls_client_key_file:%s)\n", (yyvsp[0].str))); + free(cfg_parser->cfg->dnstap_tls_client_key_file); + cfg_parser->cfg->dnstap_tls_client_key_file = (yyvsp[0].str); + } +#line 5980 "util/configparser.c" + break; + + case 540: +#line 2844 "util/configparser.y" + { + OUTYY(("P(dt_dnstap_tls_client_cert_file:%s)\n", (yyvsp[0].str))); + free(cfg_parser->cfg->dnstap_tls_client_cert_file); + cfg_parser->cfg->dnstap_tls_client_cert_file = (yyvsp[0].str); + } +#line 5990 "util/configparser.c" + break; + + case 541: +#line 2851 "util/configparser.y" { OUTYY(("P(dt_dnstap_send_identity:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5805,11 +5998,11 @@ yyreduce: else cfg_parser->cfg->dnstap_send_identity = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5809 "util/configparser.c" +#line 6002 "util/configparser.c" break; - case 519: -#line 2758 "util/configparser.y" + case 542: +#line 2860 "util/configparser.y" { OUTYY(("P(dt_dnstap_send_version:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5817,31 +6010,31 @@ yyreduce: else cfg_parser->cfg->dnstap_send_version = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5821 "util/configparser.c" +#line 6014 "util/configparser.c" break; - case 520: -#line 2767 "util/configparser.y" + case 543: +#line 2869 "util/configparser.y" { OUTYY(("P(dt_dnstap_identity:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->dnstap_identity); cfg_parser->cfg->dnstap_identity = (yyvsp[0].str); } -#line 5831 "util/configparser.c" +#line 6024 "util/configparser.c" break; - case 521: -#line 2774 "util/configparser.y" + case 544: +#line 2876 "util/configparser.y" { OUTYY(("P(dt_dnstap_version:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->dnstap_version); cfg_parser->cfg->dnstap_version = (yyvsp[0].str); } -#line 5841 "util/configparser.c" +#line 6034 "util/configparser.c" break; - case 522: -#line 2781 "util/configparser.y" + case 545: +#line 2883 "util/configparser.y" { OUTYY(("P(dt_dnstap_log_resolver_query_messages:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5850,11 +6043,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5854 "util/configparser.c" +#line 6047 "util/configparser.c" break; - case 523: -#line 2791 "util/configparser.y" + case 546: +#line 2893 "util/configparser.y" { OUTYY(("P(dt_dnstap_log_resolver_response_messages:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5863,11 +6056,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5867 "util/configparser.c" +#line 6060 "util/configparser.c" break; - case 524: -#line 2801 "util/configparser.y" + case 547: +#line 2903 "util/configparser.y" { OUTYY(("P(dt_dnstap_log_client_query_messages:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5876,11 +6069,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5880 "util/configparser.c" +#line 6073 "util/configparser.c" break; - case 525: -#line 2811 "util/configparser.y" + case 548: +#line 2913 "util/configparser.y" { OUTYY(("P(dt_dnstap_log_client_response_messages:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5889,11 +6082,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5893 "util/configparser.c" +#line 6086 "util/configparser.c" break; - case 526: -#line 2821 "util/configparser.y" + case 549: +#line 2923 "util/configparser.y" { OUTYY(("P(dt_dnstap_log_forwarder_query_messages:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5902,11 +6095,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5906 "util/configparser.c" +#line 6099 "util/configparser.c" break; - case 527: -#line 2831 "util/configparser.y" + case 550: +#line 2933 "util/configparser.y" { OUTYY(("P(dt_dnstap_log_forwarder_response_messages:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5915,29 +6108,47 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5919 "util/configparser.c" +#line 6112 "util/configparser.c" break; - case 528: -#line 2841 "util/configparser.y" + case 551: +#line 2943 "util/configparser.y" { OUTYY(("\nP(python:)\n")); } -#line 5927 "util/configparser.c" +#line 6120 "util/configparser.c" break; - case 532: -#line 2850 "util/configparser.y" + case 555: +#line 2952 "util/configparser.y" { OUTYY(("P(python-script:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_append_ex(&cfg_parser->cfg->python_script, (yyvsp[0].str))) yyerror("out of memory"); } -#line 5937 "util/configparser.c" +#line 6130 "util/configparser.c" break; - case 533: -#line 2856 "util/configparser.y" + case 556: +#line 2958 "util/configparser.y" + { + OUTYY(("\nP(dynlib:)\n")); + } +#line 6138 "util/configparser.c" + break; + + case 560: +#line 2967 "util/configparser.y" + { + OUTYY(("P(dynlib-file:%s)\n", (yyvsp[0].str))); + if(!cfg_strlist_append_ex(&cfg_parser->cfg->dynlib_file, (yyvsp[0].str))) + yyerror("out of memory"); + } +#line 6148 "util/configparser.c" + break; + + case 561: +#line 2973 "util/configparser.y" { OUTYY(("P(disable_dnssec_lame_check:%s)\n", (yyvsp[0].str))); if (strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5946,21 +6157,21 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5950 "util/configparser.c" +#line 6161 "util/configparser.c" break; - case 534: -#line 2866 "util/configparser.y" + case 562: +#line 2983 "util/configparser.y" { OUTYY(("P(server_log_identity:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->log_identity); cfg_parser->cfg->log_identity = (yyvsp[0].str); } -#line 5960 "util/configparser.c" +#line 6171 "util/configparser.c" break; - case 535: -#line 2873 "util/configparser.y" + case 563: +#line 2990 "util/configparser.y" { OUTYY(("P(server_response_ip:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); validate_respip_action((yyvsp[0].str)); @@ -5968,30 +6179,30 @@ yyreduce: (yyvsp[-1].str), (yyvsp[0].str))) fatal_exit("out of memory adding response-ip"); } -#line 5972 "util/configparser.c" +#line 6183 "util/configparser.c" break; - case 536: -#line 2882 "util/configparser.y" + case 564: +#line 2999 "util/configparser.y" { OUTYY(("P(server_response_ip_data:%s)\n", (yyvsp[-1].str))); if(!cfg_str2list_insert(&cfg_parser->cfg->respip_data, (yyvsp[-1].str), (yyvsp[0].str))) fatal_exit("out of memory adding response-ip-data"); } -#line 5983 "util/configparser.c" +#line 6194 "util/configparser.c" break; - case 537: -#line 2890 "util/configparser.y" + case 565: +#line 3007 "util/configparser.y" { OUTYY(("\nP(dnscrypt:)\n")); } -#line 5991 "util/configparser.c" +#line 6202 "util/configparser.c" break; - case 550: -#line 2906 "util/configparser.y" + case 578: +#line 3023 "util/configparser.y" { OUTYY(("P(dnsc_dnscrypt_enable:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5999,11 +6210,11 @@ yyreduce: else cfg_parser->cfg->dnscrypt = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 6003 "util/configparser.c" +#line 6214 "util/configparser.c" break; - case 551: -#line 2916 "util/configparser.y" + case 579: +#line 3033 "util/configparser.y" { OUTYY(("P(dnsc_dnscrypt_port:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -6011,21 +6222,21 @@ yyreduce: else cfg_parser->cfg->dnscrypt_port = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 6015 "util/configparser.c" +#line 6226 "util/configparser.c" break; - case 552: -#line 2925 "util/configparser.y" + case 580: +#line 3042 "util/configparser.y" { OUTYY(("P(dnsc_dnscrypt_provider:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->dnscrypt_provider); cfg_parser->cfg->dnscrypt_provider = (yyvsp[0].str); } -#line 6025 "util/configparser.c" +#line 6236 "util/configparser.c" break; - case 553: -#line 2932 "util/configparser.y" + case 581: +#line 3049 "util/configparser.y" { OUTYY(("P(dnsc_dnscrypt_provider_cert:%s)\n", (yyvsp[0].str))); if(cfg_strlist_find(cfg_parser->cfg->dnscrypt_provider_cert, (yyvsp[0].str))) @@ -6033,21 +6244,21 @@ yyreduce: if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_provider_cert, (yyvsp[0].str))) fatal_exit("out of memory adding dnscrypt-provider-cert"); } -#line 6037 "util/configparser.c" +#line 6248 "util/configparser.c" break; - case 554: -#line 2941 "util/configparser.y" + case 582: +#line 3058 "util/configparser.y" { OUTYY(("P(dnsc_dnscrypt_provider_cert_rotated:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_provider_cert_rotated, (yyvsp[0].str))) fatal_exit("out of memory adding dnscrypt-provider-cert-rotated"); } -#line 6047 "util/configparser.c" +#line 6258 "util/configparser.c" break; - case 555: -#line 2948 "util/configparser.y" + case 583: +#line 3065 "util/configparser.y" { OUTYY(("P(dnsc_dnscrypt_secret_key:%s)\n", (yyvsp[0].str))); if(cfg_strlist_find(cfg_parser->cfg->dnscrypt_secret_key, (yyvsp[0].str))) @@ -6055,22 +6266,22 @@ yyreduce: if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_secret_key, (yyvsp[0].str))) fatal_exit("out of memory adding dnscrypt-secret-key"); } -#line 6059 "util/configparser.c" +#line 6270 "util/configparser.c" break; - case 556: -#line 2957 "util/configparser.y" + case 584: +#line 3074 "util/configparser.y" { OUTYY(("P(dnscrypt_shared_secret_cache_size:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->dnscrypt_shared_secret_cache_size)) yyerror("memory size expected"); free((yyvsp[0].str)); } -#line 6070 "util/configparser.c" +#line 6281 "util/configparser.c" break; - case 557: -#line 2965 "util/configparser.y" + case 585: +#line 3082 "util/configparser.y" { OUTYY(("P(dnscrypt_shared_secret_cache_slabs:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -6082,22 +6293,22 @@ yyreduce: } free((yyvsp[0].str)); } -#line 6086 "util/configparser.c" +#line 6297 "util/configparser.c" break; - case 558: -#line 2978 "util/configparser.y" + case 586: +#line 3095 "util/configparser.y" { OUTYY(("P(dnscrypt_nonce_cache_size:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->dnscrypt_nonce_cache_size)) yyerror("memory size expected"); free((yyvsp[0].str)); } -#line 6097 "util/configparser.c" +#line 6308 "util/configparser.c" break; - case 559: -#line 2986 "util/configparser.y" + case 587: +#line 3103 "util/configparser.y" { OUTYY(("P(dnscrypt_nonce_cache_slabs:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -6109,19 +6320,19 @@ yyreduce: } free((yyvsp[0].str)); } -#line 6113 "util/configparser.c" +#line 6324 "util/configparser.c" break; - case 560: -#line 2999 "util/configparser.y" + case 588: +#line 3116 "util/configparser.y" { OUTYY(("\nP(cachedb:)\n")); } -#line 6121 "util/configparser.c" +#line 6332 "util/configparser.c" break; - case 568: -#line 3009 "util/configparser.y" + case 597: +#line 3127 "util/configparser.y" { #ifdef USE_CACHEDB OUTYY(("P(backend:%s)\n", (yyvsp[0].str))); @@ -6132,11 +6343,11 @@ yyreduce: free((yyvsp[0].str)); #endif } -#line 6136 "util/configparser.c" +#line 6347 "util/configparser.c" break; - case 569: -#line 3021 "util/configparser.y" + case 598: +#line 3139 "util/configparser.y" { #ifdef USE_CACHEDB OUTYY(("P(secret-seed:%s)\n", (yyvsp[0].str))); @@ -6147,11 +6358,11 @@ yyreduce: free((yyvsp[0].str)); #endif } -#line 6151 "util/configparser.c" +#line 6362 "util/configparser.c" break; - case 570: -#line 3033 "util/configparser.y" + case 599: +#line 3151 "util/configparser.y" { #if defined(USE_CACHEDB) && defined(USE_REDIS) OUTYY(("P(redis_server_host:%s)\n", (yyvsp[0].str))); @@ -6162,11 +6373,11 @@ yyreduce: free((yyvsp[0].str)); #endif } -#line 6166 "util/configparser.c" +#line 6377 "util/configparser.c" break; - case 571: -#line 3045 "util/configparser.y" + case 600: +#line 3163 "util/configparser.y" { #if defined(USE_CACHEDB) && defined(USE_REDIS) int port; @@ -6180,11 +6391,11 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 6184 "util/configparser.c" +#line 6395 "util/configparser.c" break; - case 572: -#line 3060 "util/configparser.y" + case 601: +#line 3178 "util/configparser.y" { #if defined(USE_CACHEDB) && defined(USE_REDIS) OUTYY(("P(redis_timeout:%s)\n", (yyvsp[0].str))); @@ -6196,11 +6407,27 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 6200 "util/configparser.c" +#line 6411 "util/configparser.c" break; - case 573: -#line 3073 "util/configparser.y" + case 602: +#line 3191 "util/configparser.y" + { + #if defined(USE_CACHEDB) && defined(USE_REDIS) + OUTYY(("P(redis_expire_records:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->redis_expire_records = (strcmp((yyvsp[0].str), "yes")==0); + #else + OUTYY(("P(Compiled without cachedb or redis, ignoring)\n")); + #endif + free((yyvsp[0].str)); + } +#line 6427 "util/configparser.c" + break; + + case 603: +#line 3204 "util/configparser.y" { OUTYY(("P(server_tcp_connection_limit:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); if (atoi((yyvsp[0].str)) < 0) @@ -6210,19 +6437,19 @@ yyreduce: fatal_exit("out of memory adding tcp connection limit"); } } -#line 6214 "util/configparser.c" +#line 6441 "util/configparser.c" break; - case 574: -#line 3084 "util/configparser.y" + case 604: +#line 3215 "util/configparser.y" { OUTYY(("\nP(ipset:)\n")); } -#line 6222 "util/configparser.c" +#line 6449 "util/configparser.c" break; - case 579: -#line 3093 "util/configparser.y" + case 609: +#line 3224 "util/configparser.y" { #ifdef USE_IPSET OUTYY(("P(name-v4:%s)\n", (yyvsp[0].str))); @@ -6236,11 +6463,11 @@ yyreduce: free((yyvsp[0].str)); #endif } -#line 6240 "util/configparser.c" +#line 6467 "util/configparser.c" break; - case 580: -#line 3108 "util/configparser.y" + case 610: +#line 3239 "util/configparser.y" { #ifdef USE_IPSET OUTYY(("P(name-v6:%s)\n", (yyvsp[0].str))); @@ -6254,11 +6481,11 @@ yyreduce: free((yyvsp[0].str)); #endif } -#line 6258 "util/configparser.c" +#line 6485 "util/configparser.c" break; -#line 6262 "util/configparser.c" +#line 6489 "util/configparser.c" default: break; } @@ -6490,7 +6717,7 @@ yyreturn: #endif return yyresult; } -#line 3122 "util/configparser.y" +#line 3253 "util/configparser.y" /* parse helper routines could be here */ diff --git a/util/configparser.h b/util/configparser.h index 3e8effb5bfa4..2f56c42a6ad2 100644 --- a/util/configparser.h +++ b/util/configparser.h @@ -57,273 +57,287 @@ extern int yydebug; ANY = 263, ZONESTR = 264, STRING_ARG = 265, - VAR_SERVER = 266, - VAR_VERBOSITY = 267, - VAR_NUM_THREADS = 268, - VAR_PORT = 269, - VAR_OUTGOING_RANGE = 270, - VAR_INTERFACE = 271, - VAR_DO_IP4 = 272, - VAR_DO_IP6 = 273, - VAR_PREFER_IP6 = 274, - VAR_DO_UDP = 275, - VAR_DO_TCP = 276, - VAR_TCP_MSS = 277, - VAR_OUTGOING_TCP_MSS = 278, - VAR_TCP_IDLE_TIMEOUT = 279, - VAR_EDNS_TCP_KEEPALIVE = 280, - VAR_EDNS_TCP_KEEPALIVE_TIMEOUT = 281, - VAR_CHROOT = 282, - VAR_USERNAME = 283, - VAR_DIRECTORY = 284, - VAR_LOGFILE = 285, - VAR_PIDFILE = 286, - VAR_MSG_CACHE_SIZE = 287, - VAR_MSG_CACHE_SLABS = 288, - VAR_NUM_QUERIES_PER_THREAD = 289, - VAR_RRSET_CACHE_SIZE = 290, - VAR_RRSET_CACHE_SLABS = 291, - VAR_OUTGOING_NUM_TCP = 292, - VAR_INFRA_HOST_TTL = 293, - VAR_INFRA_LAME_TTL = 294, - VAR_INFRA_CACHE_SLABS = 295, - VAR_INFRA_CACHE_NUMHOSTS = 296, - VAR_INFRA_CACHE_LAME_SIZE = 297, - VAR_NAME = 298, - VAR_STUB_ZONE = 299, - VAR_STUB_HOST = 300, - VAR_STUB_ADDR = 301, - VAR_TARGET_FETCH_POLICY = 302, - VAR_HARDEN_SHORT_BUFSIZE = 303, - VAR_HARDEN_LARGE_QUERIES = 304, - VAR_FORWARD_ZONE = 305, - VAR_FORWARD_HOST = 306, - VAR_FORWARD_ADDR = 307, - VAR_DO_NOT_QUERY_ADDRESS = 308, - VAR_HIDE_IDENTITY = 309, - VAR_HIDE_VERSION = 310, - VAR_IDENTITY = 311, - VAR_VERSION = 312, - VAR_HARDEN_GLUE = 313, - VAR_MODULE_CONF = 314, - VAR_TRUST_ANCHOR_FILE = 315, - VAR_TRUST_ANCHOR = 316, - VAR_VAL_OVERRIDE_DATE = 317, - VAR_BOGUS_TTL = 318, - VAR_VAL_CLEAN_ADDITIONAL = 319, - VAR_VAL_PERMISSIVE_MODE = 320, - VAR_INCOMING_NUM_TCP = 321, - VAR_MSG_BUFFER_SIZE = 322, - VAR_KEY_CACHE_SIZE = 323, - VAR_KEY_CACHE_SLABS = 324, - VAR_TRUSTED_KEYS_FILE = 325, - VAR_VAL_NSEC3_KEYSIZE_ITERATIONS = 326, - VAR_USE_SYSLOG = 327, - VAR_OUTGOING_INTERFACE = 328, - VAR_ROOT_HINTS = 329, - VAR_DO_NOT_QUERY_LOCALHOST = 330, - VAR_CACHE_MAX_TTL = 331, - VAR_HARDEN_DNSSEC_STRIPPED = 332, - VAR_ACCESS_CONTROL = 333, - VAR_LOCAL_ZONE = 334, - VAR_LOCAL_DATA = 335, - VAR_INTERFACE_AUTOMATIC = 336, - VAR_STATISTICS_INTERVAL = 337, - VAR_DO_DAEMONIZE = 338, - VAR_USE_CAPS_FOR_ID = 339, - VAR_STATISTICS_CUMULATIVE = 340, - VAR_OUTGOING_PORT_PERMIT = 341, - VAR_OUTGOING_PORT_AVOID = 342, - VAR_DLV_ANCHOR_FILE = 343, - VAR_DLV_ANCHOR = 344, - VAR_NEG_CACHE_SIZE = 345, - VAR_HARDEN_REFERRAL_PATH = 346, - VAR_PRIVATE_ADDRESS = 347, - VAR_PRIVATE_DOMAIN = 348, - VAR_REMOTE_CONTROL = 349, - VAR_CONTROL_ENABLE = 350, - VAR_CONTROL_INTERFACE = 351, - VAR_CONTROL_PORT = 352, - VAR_SERVER_KEY_FILE = 353, - VAR_SERVER_CERT_FILE = 354, - VAR_CONTROL_KEY_FILE = 355, - VAR_CONTROL_CERT_FILE = 356, - VAR_CONTROL_USE_CERT = 357, - VAR_EXTENDED_STATISTICS = 358, - VAR_LOCAL_DATA_PTR = 359, - VAR_JOSTLE_TIMEOUT = 360, - VAR_STUB_PRIME = 361, - VAR_UNWANTED_REPLY_THRESHOLD = 362, - VAR_LOG_TIME_ASCII = 363, - VAR_DOMAIN_INSECURE = 364, - VAR_PYTHON = 365, - VAR_PYTHON_SCRIPT = 366, - VAR_VAL_SIG_SKEW_MIN = 367, - VAR_VAL_SIG_SKEW_MAX = 368, - VAR_CACHE_MIN_TTL = 369, - VAR_VAL_LOG_LEVEL = 370, - VAR_AUTO_TRUST_ANCHOR_FILE = 371, - VAR_KEEP_MISSING = 372, - VAR_ADD_HOLDDOWN = 373, - VAR_DEL_HOLDDOWN = 374, - VAR_SO_RCVBUF = 375, - VAR_EDNS_BUFFER_SIZE = 376, - VAR_PREFETCH = 377, - VAR_PREFETCH_KEY = 378, - VAR_SO_SNDBUF = 379, - VAR_SO_REUSEPORT = 380, - VAR_HARDEN_BELOW_NXDOMAIN = 381, - VAR_IGNORE_CD_FLAG = 382, - VAR_LOG_QUERIES = 383, - VAR_LOG_REPLIES = 384, - VAR_LOG_LOCAL_ACTIONS = 385, - VAR_TCP_UPSTREAM = 386, - VAR_SSL_UPSTREAM = 387, - VAR_SSL_SERVICE_KEY = 388, - VAR_SSL_SERVICE_PEM = 389, - VAR_SSL_PORT = 390, - VAR_FORWARD_FIRST = 391, - VAR_STUB_SSL_UPSTREAM = 392, - VAR_FORWARD_SSL_UPSTREAM = 393, - VAR_TLS_CERT_BUNDLE = 394, - VAR_STUB_FIRST = 395, - VAR_MINIMAL_RESPONSES = 396, - VAR_RRSET_ROUNDROBIN = 397, - VAR_MAX_UDP_SIZE = 398, - VAR_DELAY_CLOSE = 399, - VAR_UNBLOCK_LAN_ZONES = 400, - VAR_INSECURE_LAN_ZONES = 401, - VAR_INFRA_CACHE_MIN_RTT = 402, - VAR_DNS64_PREFIX = 403, - VAR_DNS64_SYNTHALL = 404, - VAR_DNS64_IGNORE_AAAA = 405, - VAR_DNSTAP = 406, - VAR_DNSTAP_ENABLE = 407, - VAR_DNSTAP_SOCKET_PATH = 408, - VAR_DNSTAP_SEND_IDENTITY = 409, - VAR_DNSTAP_SEND_VERSION = 410, - VAR_DNSTAP_IDENTITY = 411, - VAR_DNSTAP_VERSION = 412, - VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES = 413, - VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES = 414, - VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES = 415, - VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES = 416, - VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES = 417, - VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES = 418, - VAR_RESPONSE_IP_TAG = 419, - VAR_RESPONSE_IP = 420, - VAR_RESPONSE_IP_DATA = 421, - VAR_HARDEN_ALGO_DOWNGRADE = 422, - VAR_IP_TRANSPARENT = 423, - VAR_DISABLE_DNSSEC_LAME_CHECK = 424, - VAR_IP_RATELIMIT = 425, - VAR_IP_RATELIMIT_SLABS = 426, - VAR_IP_RATELIMIT_SIZE = 427, - VAR_RATELIMIT = 428, - VAR_RATELIMIT_SLABS = 429, - VAR_RATELIMIT_SIZE = 430, - VAR_RATELIMIT_FOR_DOMAIN = 431, - VAR_RATELIMIT_BELOW_DOMAIN = 432, - VAR_IP_RATELIMIT_FACTOR = 433, - VAR_RATELIMIT_FACTOR = 434, - VAR_SEND_CLIENT_SUBNET = 435, - VAR_CLIENT_SUBNET_ZONE = 436, - VAR_CLIENT_SUBNET_ALWAYS_FORWARD = 437, - VAR_CLIENT_SUBNET_OPCODE = 438, - VAR_MAX_CLIENT_SUBNET_IPV4 = 439, - VAR_MAX_CLIENT_SUBNET_IPV6 = 440, - VAR_MIN_CLIENT_SUBNET_IPV4 = 441, - VAR_MIN_CLIENT_SUBNET_IPV6 = 442, - VAR_MAX_ECS_TREE_SIZE_IPV4 = 443, - VAR_MAX_ECS_TREE_SIZE_IPV6 = 444, - VAR_CAPS_WHITELIST = 445, - VAR_CACHE_MAX_NEGATIVE_TTL = 446, - VAR_PERMIT_SMALL_HOLDDOWN = 447, - VAR_QNAME_MINIMISATION = 448, - VAR_QNAME_MINIMISATION_STRICT = 449, - VAR_IP_FREEBIND = 450, - VAR_DEFINE_TAG = 451, - VAR_LOCAL_ZONE_TAG = 452, - VAR_ACCESS_CONTROL_TAG = 453, - VAR_LOCAL_ZONE_OVERRIDE = 454, - VAR_ACCESS_CONTROL_TAG_ACTION = 455, - VAR_ACCESS_CONTROL_TAG_DATA = 456, - VAR_VIEW = 457, - VAR_ACCESS_CONTROL_VIEW = 458, - VAR_VIEW_FIRST = 459, - VAR_SERVE_EXPIRED = 460, - VAR_SERVE_EXPIRED_TTL = 461, - VAR_SERVE_EXPIRED_TTL_RESET = 462, - VAR_SERVE_EXPIRED_REPLY_TTL = 463, - VAR_SERVE_EXPIRED_CLIENT_TIMEOUT = 464, - VAR_FAKE_DSA = 465, - VAR_FAKE_SHA1 = 466, - VAR_LOG_IDENTITY = 467, - VAR_HIDE_TRUSTANCHOR = 468, - VAR_TRUST_ANCHOR_SIGNALING = 469, - VAR_AGGRESSIVE_NSEC = 470, - VAR_USE_SYSTEMD = 471, - VAR_SHM_ENABLE = 472, - VAR_SHM_KEY = 473, - VAR_ROOT_KEY_SENTINEL = 474, - VAR_DNSCRYPT = 475, - VAR_DNSCRYPT_ENABLE = 476, - VAR_DNSCRYPT_PORT = 477, - VAR_DNSCRYPT_PROVIDER = 478, - VAR_DNSCRYPT_SECRET_KEY = 479, - VAR_DNSCRYPT_PROVIDER_CERT = 480, - VAR_DNSCRYPT_PROVIDER_CERT_ROTATED = 481, - VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE = 482, - VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS = 483, - VAR_DNSCRYPT_NONCE_CACHE_SIZE = 484, - VAR_DNSCRYPT_NONCE_CACHE_SLABS = 485, - VAR_IPSECMOD_ENABLED = 486, - VAR_IPSECMOD_HOOK = 487, - VAR_IPSECMOD_IGNORE_BOGUS = 488, - VAR_IPSECMOD_MAX_TTL = 489, - VAR_IPSECMOD_WHITELIST = 490, - VAR_IPSECMOD_STRICT = 491, - VAR_CACHEDB = 492, - VAR_CACHEDB_BACKEND = 493, - VAR_CACHEDB_SECRETSEED = 494, - VAR_CACHEDB_REDISHOST = 495, - VAR_CACHEDB_REDISPORT = 496, - VAR_CACHEDB_REDISTIMEOUT = 497, - VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM = 498, - VAR_FOR_UPSTREAM = 499, - VAR_AUTH_ZONE = 500, - VAR_ZONEFILE = 501, - VAR_MASTER = 502, - VAR_URL = 503, - VAR_FOR_DOWNSTREAM = 504, - VAR_FALLBACK_ENABLED = 505, - VAR_TLS_ADDITIONAL_PORT = 506, - VAR_LOW_RTT = 507, - VAR_LOW_RTT_PERMIL = 508, - VAR_FAST_SERVER_PERMIL = 509, - VAR_FAST_SERVER_NUM = 510, - VAR_ALLOW_NOTIFY = 511, - VAR_TLS_WIN_CERT = 512, - VAR_TCP_CONNECTION_LIMIT = 513, - VAR_FORWARD_NO_CACHE = 514, - VAR_STUB_NO_CACHE = 515, - VAR_LOG_SERVFAIL = 516, - VAR_DENY_ANY = 517, - VAR_UNKNOWN_SERVER_TIME_LIMIT = 518, - VAR_LOG_TAG_QUERYREPLY = 519, - VAR_STREAM_WAIT_SIZE = 520, - VAR_TLS_CIPHERS = 521, - VAR_TLS_CIPHERSUITES = 522, - VAR_IPSET = 523, - VAR_IPSET_NAME_V4 = 524, - VAR_IPSET_NAME_V6 = 525, - VAR_TLS_SESSION_TICKET_KEYS = 526, - VAR_RPZ = 527, - VAR_TAGS = 528, - VAR_RPZ_ACTION_OVERRIDE = 529, - VAR_RPZ_CNAME_OVERRIDE = 530, - VAR_RPZ_LOG = 531, - VAR_RPZ_LOG_NAME = 532 + VAR_FORCE_TOPLEVEL = 266, + VAR_SERVER = 267, + VAR_VERBOSITY = 268, + VAR_NUM_THREADS = 269, + VAR_PORT = 270, + VAR_OUTGOING_RANGE = 271, + VAR_INTERFACE = 272, + VAR_PREFER_IP4 = 273, + VAR_DO_IP4 = 274, + VAR_DO_IP6 = 275, + VAR_PREFER_IP6 = 276, + VAR_DO_UDP = 277, + VAR_DO_TCP = 278, + VAR_TCP_MSS = 279, + VAR_OUTGOING_TCP_MSS = 280, + VAR_TCP_IDLE_TIMEOUT = 281, + VAR_EDNS_TCP_KEEPALIVE = 282, + VAR_EDNS_TCP_KEEPALIVE_TIMEOUT = 283, + VAR_CHROOT = 284, + VAR_USERNAME = 285, + VAR_DIRECTORY = 286, + VAR_LOGFILE = 287, + VAR_PIDFILE = 288, + VAR_MSG_CACHE_SIZE = 289, + VAR_MSG_CACHE_SLABS = 290, + VAR_NUM_QUERIES_PER_THREAD = 291, + VAR_RRSET_CACHE_SIZE = 292, + VAR_RRSET_CACHE_SLABS = 293, + VAR_OUTGOING_NUM_TCP = 294, + VAR_INFRA_HOST_TTL = 295, + VAR_INFRA_LAME_TTL = 296, + VAR_INFRA_CACHE_SLABS = 297, + VAR_INFRA_CACHE_NUMHOSTS = 298, + VAR_INFRA_CACHE_LAME_SIZE = 299, + VAR_NAME = 300, + VAR_STUB_ZONE = 301, + VAR_STUB_HOST = 302, + VAR_STUB_ADDR = 303, + VAR_TARGET_FETCH_POLICY = 304, + VAR_HARDEN_SHORT_BUFSIZE = 305, + VAR_HARDEN_LARGE_QUERIES = 306, + VAR_FORWARD_ZONE = 307, + VAR_FORWARD_HOST = 308, + VAR_FORWARD_ADDR = 309, + VAR_DO_NOT_QUERY_ADDRESS = 310, + VAR_HIDE_IDENTITY = 311, + VAR_HIDE_VERSION = 312, + VAR_IDENTITY = 313, + VAR_VERSION = 314, + VAR_HARDEN_GLUE = 315, + VAR_MODULE_CONF = 316, + VAR_TRUST_ANCHOR_FILE = 317, + VAR_TRUST_ANCHOR = 318, + VAR_VAL_OVERRIDE_DATE = 319, + VAR_BOGUS_TTL = 320, + VAR_VAL_CLEAN_ADDITIONAL = 321, + VAR_VAL_PERMISSIVE_MODE = 322, + VAR_INCOMING_NUM_TCP = 323, + VAR_MSG_BUFFER_SIZE = 324, + VAR_KEY_CACHE_SIZE = 325, + VAR_KEY_CACHE_SLABS = 326, + VAR_TRUSTED_KEYS_FILE = 327, + VAR_VAL_NSEC3_KEYSIZE_ITERATIONS = 328, + VAR_USE_SYSLOG = 329, + VAR_OUTGOING_INTERFACE = 330, + VAR_ROOT_HINTS = 331, + VAR_DO_NOT_QUERY_LOCALHOST = 332, + VAR_CACHE_MAX_TTL = 333, + VAR_HARDEN_DNSSEC_STRIPPED = 334, + VAR_ACCESS_CONTROL = 335, + VAR_LOCAL_ZONE = 336, + VAR_LOCAL_DATA = 337, + VAR_INTERFACE_AUTOMATIC = 338, + VAR_STATISTICS_INTERVAL = 339, + VAR_DO_DAEMONIZE = 340, + VAR_USE_CAPS_FOR_ID = 341, + VAR_STATISTICS_CUMULATIVE = 342, + VAR_OUTGOING_PORT_PERMIT = 343, + VAR_OUTGOING_PORT_AVOID = 344, + VAR_DLV_ANCHOR_FILE = 345, + VAR_DLV_ANCHOR = 346, + VAR_NEG_CACHE_SIZE = 347, + VAR_HARDEN_REFERRAL_PATH = 348, + VAR_PRIVATE_ADDRESS = 349, + VAR_PRIVATE_DOMAIN = 350, + VAR_REMOTE_CONTROL = 351, + VAR_CONTROL_ENABLE = 352, + VAR_CONTROL_INTERFACE = 353, + VAR_CONTROL_PORT = 354, + VAR_SERVER_KEY_FILE = 355, + VAR_SERVER_CERT_FILE = 356, + VAR_CONTROL_KEY_FILE = 357, + VAR_CONTROL_CERT_FILE = 358, + VAR_CONTROL_USE_CERT = 359, + VAR_EXTENDED_STATISTICS = 360, + VAR_LOCAL_DATA_PTR = 361, + VAR_JOSTLE_TIMEOUT = 362, + VAR_STUB_PRIME = 363, + VAR_UNWANTED_REPLY_THRESHOLD = 364, + VAR_LOG_TIME_ASCII = 365, + VAR_DOMAIN_INSECURE = 366, + VAR_PYTHON = 367, + VAR_PYTHON_SCRIPT = 368, + VAR_VAL_SIG_SKEW_MIN = 369, + VAR_VAL_SIG_SKEW_MAX = 370, + VAR_CACHE_MIN_TTL = 371, + VAR_VAL_LOG_LEVEL = 372, + VAR_AUTO_TRUST_ANCHOR_FILE = 373, + VAR_KEEP_MISSING = 374, + VAR_ADD_HOLDDOWN = 375, + VAR_DEL_HOLDDOWN = 376, + VAR_SO_RCVBUF = 377, + VAR_EDNS_BUFFER_SIZE = 378, + VAR_PREFETCH = 379, + VAR_PREFETCH_KEY = 380, + VAR_SO_SNDBUF = 381, + VAR_SO_REUSEPORT = 382, + VAR_HARDEN_BELOW_NXDOMAIN = 383, + VAR_IGNORE_CD_FLAG = 384, + VAR_LOG_QUERIES = 385, + VAR_LOG_REPLIES = 386, + VAR_LOG_LOCAL_ACTIONS = 387, + VAR_TCP_UPSTREAM = 388, + VAR_SSL_UPSTREAM = 389, + VAR_SSL_SERVICE_KEY = 390, + VAR_SSL_SERVICE_PEM = 391, + VAR_SSL_PORT = 392, + VAR_FORWARD_FIRST = 393, + VAR_STUB_SSL_UPSTREAM = 394, + VAR_FORWARD_SSL_UPSTREAM = 395, + VAR_TLS_CERT_BUNDLE = 396, + VAR_STUB_FIRST = 397, + VAR_MINIMAL_RESPONSES = 398, + VAR_RRSET_ROUNDROBIN = 399, + VAR_MAX_UDP_SIZE = 400, + VAR_DELAY_CLOSE = 401, + VAR_UNBLOCK_LAN_ZONES = 402, + VAR_INSECURE_LAN_ZONES = 403, + VAR_INFRA_CACHE_MIN_RTT = 404, + VAR_DNS64_PREFIX = 405, + VAR_DNS64_SYNTHALL = 406, + VAR_DNS64_IGNORE_AAAA = 407, + VAR_DNSTAP = 408, + VAR_DNSTAP_ENABLE = 409, + VAR_DNSTAP_SOCKET_PATH = 410, + VAR_DNSTAP_IP = 411, + VAR_DNSTAP_TLS = 412, + VAR_DNSTAP_TLS_SERVER_NAME = 413, + VAR_DNSTAP_TLS_CERT_BUNDLE = 414, + VAR_DNSTAP_TLS_CLIENT_KEY_FILE = 415, + VAR_DNSTAP_TLS_CLIENT_CERT_FILE = 416, + VAR_DNSTAP_SEND_IDENTITY = 417, + VAR_DNSTAP_SEND_VERSION = 418, + VAR_DNSTAP_BIDIRECTIONAL = 419, + VAR_DNSTAP_IDENTITY = 420, + VAR_DNSTAP_VERSION = 421, + VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES = 422, + VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES = 423, + VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES = 424, + VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES = 425, + VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES = 426, + VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES = 427, + VAR_RESPONSE_IP_TAG = 428, + VAR_RESPONSE_IP = 429, + VAR_RESPONSE_IP_DATA = 430, + VAR_HARDEN_ALGO_DOWNGRADE = 431, + VAR_IP_TRANSPARENT = 432, + VAR_IP_DSCP = 433, + VAR_DISABLE_DNSSEC_LAME_CHECK = 434, + VAR_IP_RATELIMIT = 435, + VAR_IP_RATELIMIT_SLABS = 436, + VAR_IP_RATELIMIT_SIZE = 437, + VAR_RATELIMIT = 438, + VAR_RATELIMIT_SLABS = 439, + VAR_RATELIMIT_SIZE = 440, + VAR_RATELIMIT_FOR_DOMAIN = 441, + VAR_RATELIMIT_BELOW_DOMAIN = 442, + VAR_IP_RATELIMIT_FACTOR = 443, + VAR_RATELIMIT_FACTOR = 444, + VAR_SEND_CLIENT_SUBNET = 445, + VAR_CLIENT_SUBNET_ZONE = 446, + VAR_CLIENT_SUBNET_ALWAYS_FORWARD = 447, + VAR_CLIENT_SUBNET_OPCODE = 448, + VAR_MAX_CLIENT_SUBNET_IPV4 = 449, + VAR_MAX_CLIENT_SUBNET_IPV6 = 450, + VAR_MIN_CLIENT_SUBNET_IPV4 = 451, + VAR_MIN_CLIENT_SUBNET_IPV6 = 452, + VAR_MAX_ECS_TREE_SIZE_IPV4 = 453, + VAR_MAX_ECS_TREE_SIZE_IPV6 = 454, + VAR_CAPS_WHITELIST = 455, + VAR_CACHE_MAX_NEGATIVE_TTL = 456, + VAR_PERMIT_SMALL_HOLDDOWN = 457, + VAR_QNAME_MINIMISATION = 458, + VAR_QNAME_MINIMISATION_STRICT = 459, + VAR_IP_FREEBIND = 460, + VAR_DEFINE_TAG = 461, + VAR_LOCAL_ZONE_TAG = 462, + VAR_ACCESS_CONTROL_TAG = 463, + VAR_LOCAL_ZONE_OVERRIDE = 464, + VAR_ACCESS_CONTROL_TAG_ACTION = 465, + VAR_ACCESS_CONTROL_TAG_DATA = 466, + VAR_VIEW = 467, + VAR_ACCESS_CONTROL_VIEW = 468, + VAR_VIEW_FIRST = 469, + VAR_SERVE_EXPIRED = 470, + VAR_SERVE_EXPIRED_TTL = 471, + VAR_SERVE_EXPIRED_TTL_RESET = 472, + VAR_SERVE_EXPIRED_REPLY_TTL = 473, + VAR_SERVE_EXPIRED_CLIENT_TIMEOUT = 474, + VAR_FAKE_DSA = 475, + VAR_FAKE_SHA1 = 476, + VAR_LOG_IDENTITY = 477, + VAR_HIDE_TRUSTANCHOR = 478, + VAR_TRUST_ANCHOR_SIGNALING = 479, + VAR_AGGRESSIVE_NSEC = 480, + VAR_USE_SYSTEMD = 481, + VAR_SHM_ENABLE = 482, + VAR_SHM_KEY = 483, + VAR_ROOT_KEY_SENTINEL = 484, + VAR_DNSCRYPT = 485, + VAR_DNSCRYPT_ENABLE = 486, + VAR_DNSCRYPT_PORT = 487, + VAR_DNSCRYPT_PROVIDER = 488, + VAR_DNSCRYPT_SECRET_KEY = 489, + VAR_DNSCRYPT_PROVIDER_CERT = 490, + VAR_DNSCRYPT_PROVIDER_CERT_ROTATED = 491, + VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE = 492, + VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS = 493, + VAR_DNSCRYPT_NONCE_CACHE_SIZE = 494, + VAR_DNSCRYPT_NONCE_CACHE_SLABS = 495, + VAR_IPSECMOD_ENABLED = 496, + VAR_IPSECMOD_HOOK = 497, + VAR_IPSECMOD_IGNORE_BOGUS = 498, + VAR_IPSECMOD_MAX_TTL = 499, + VAR_IPSECMOD_WHITELIST = 500, + VAR_IPSECMOD_STRICT = 501, + VAR_CACHEDB = 502, + VAR_CACHEDB_BACKEND = 503, + VAR_CACHEDB_SECRETSEED = 504, + VAR_CACHEDB_REDISHOST = 505, + VAR_CACHEDB_REDISPORT = 506, + VAR_CACHEDB_REDISTIMEOUT = 507, + VAR_CACHEDB_REDISEXPIRERECORDS = 508, + VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM = 509, + VAR_FOR_UPSTREAM = 510, + VAR_AUTH_ZONE = 511, + VAR_ZONEFILE = 512, + VAR_MASTER = 513, + VAR_URL = 514, + VAR_FOR_DOWNSTREAM = 515, + VAR_FALLBACK_ENABLED = 516, + VAR_TLS_ADDITIONAL_PORT = 517, + VAR_LOW_RTT = 518, + VAR_LOW_RTT_PERMIL = 519, + VAR_FAST_SERVER_PERMIL = 520, + VAR_FAST_SERVER_NUM = 521, + VAR_ALLOW_NOTIFY = 522, + VAR_TLS_WIN_CERT = 523, + VAR_TCP_CONNECTION_LIMIT = 524, + VAR_FORWARD_NO_CACHE = 525, + VAR_STUB_NO_CACHE = 526, + VAR_LOG_SERVFAIL = 527, + VAR_DENY_ANY = 528, + VAR_UNKNOWN_SERVER_TIME_LIMIT = 529, + VAR_LOG_TAG_QUERYREPLY = 530, + VAR_STREAM_WAIT_SIZE = 531, + VAR_TLS_CIPHERS = 532, + VAR_TLS_CIPHERSUITES = 533, + VAR_TLS_USE_SNI = 534, + VAR_IPSET = 535, + VAR_IPSET_NAME_V4 = 536, + VAR_IPSET_NAME_V6 = 537, + VAR_TLS_SESSION_TICKET_KEYS = 538, + VAR_RPZ = 539, + VAR_TAGS = 540, + VAR_RPZ_ACTION_OVERRIDE = 541, + VAR_RPZ_CNAME_OVERRIDE = 542, + VAR_RPZ_LOG = 543, + VAR_RPZ_LOG_NAME = 544, + VAR_DYNLIB = 545, + VAR_DYNLIB_FILE = 546 }; #endif /* Tokens. */ @@ -335,273 +349,287 @@ extern int yydebug; #define ANY 263 #define ZONESTR 264 #define STRING_ARG 265 -#define VAR_SERVER 266 -#define VAR_VERBOSITY 267 -#define VAR_NUM_THREADS 268 -#define VAR_PORT 269 -#define VAR_OUTGOING_RANGE 270 -#define VAR_INTERFACE 271 -#define VAR_DO_IP4 272 -#define VAR_DO_IP6 273 -#define VAR_PREFER_IP6 274 -#define VAR_DO_UDP 275 -#define VAR_DO_TCP 276 -#define VAR_TCP_MSS 277 -#define VAR_OUTGOING_TCP_MSS 278 -#define VAR_TCP_IDLE_TIMEOUT 279 -#define VAR_EDNS_TCP_KEEPALIVE 280 -#define VAR_EDNS_TCP_KEEPALIVE_TIMEOUT 281 -#define VAR_CHROOT 282 -#define VAR_USERNAME 283 -#define VAR_DIRECTORY 284 -#define VAR_LOGFILE 285 -#define VAR_PIDFILE 286 -#define VAR_MSG_CACHE_SIZE 287 -#define VAR_MSG_CACHE_SLABS 288 -#define VAR_NUM_QUERIES_PER_THREAD 289 -#define VAR_RRSET_CACHE_SIZE 290 -#define VAR_RRSET_CACHE_SLABS 291 -#define VAR_OUTGOING_NUM_TCP 292 -#define VAR_INFRA_HOST_TTL 293 -#define VAR_INFRA_LAME_TTL 294 -#define VAR_INFRA_CACHE_SLABS 295 -#define VAR_INFRA_CACHE_NUMHOSTS 296 -#define VAR_INFRA_CACHE_LAME_SIZE 297 -#define VAR_NAME 298 -#define VAR_STUB_ZONE 299 -#define VAR_STUB_HOST 300 -#define VAR_STUB_ADDR 301 -#define VAR_TARGET_FETCH_POLICY 302 -#define VAR_HARDEN_SHORT_BUFSIZE 303 -#define VAR_HARDEN_LARGE_QUERIES 304 -#define VAR_FORWARD_ZONE 305 -#define VAR_FORWARD_HOST 306 -#define VAR_FORWARD_ADDR 307 -#define VAR_DO_NOT_QUERY_ADDRESS 308 -#define VAR_HIDE_IDENTITY 309 -#define VAR_HIDE_VERSION 310 -#define VAR_IDENTITY 311 -#define VAR_VERSION 312 -#define VAR_HARDEN_GLUE 313 -#define VAR_MODULE_CONF 314 -#define VAR_TRUST_ANCHOR_FILE 315 -#define VAR_TRUST_ANCHOR 316 -#define VAR_VAL_OVERRIDE_DATE 317 -#define VAR_BOGUS_TTL 318 -#define VAR_VAL_CLEAN_ADDITIONAL 319 -#define VAR_VAL_PERMISSIVE_MODE 320 -#define VAR_INCOMING_NUM_TCP 321 -#define VAR_MSG_BUFFER_SIZE 322 -#define VAR_KEY_CACHE_SIZE 323 -#define VAR_KEY_CACHE_SLABS 324 -#define VAR_TRUSTED_KEYS_FILE 325 -#define VAR_VAL_NSEC3_KEYSIZE_ITERATIONS 326 -#define VAR_USE_SYSLOG 327 -#define VAR_OUTGOING_INTERFACE 328 -#define VAR_ROOT_HINTS 329 -#define VAR_DO_NOT_QUERY_LOCALHOST 330 -#define VAR_CACHE_MAX_TTL 331 -#define VAR_HARDEN_DNSSEC_STRIPPED 332 -#define VAR_ACCESS_CONTROL 333 -#define VAR_LOCAL_ZONE 334 -#define VAR_LOCAL_DATA 335 -#define VAR_INTERFACE_AUTOMATIC 336 -#define VAR_STATISTICS_INTERVAL 337 -#define VAR_DO_DAEMONIZE 338 -#define VAR_USE_CAPS_FOR_ID 339 -#define VAR_STATISTICS_CUMULATIVE 340 -#define VAR_OUTGOING_PORT_PERMIT 341 -#define VAR_OUTGOING_PORT_AVOID 342 -#define VAR_DLV_ANCHOR_FILE 343 -#define VAR_DLV_ANCHOR 344 -#define VAR_NEG_CACHE_SIZE 345 -#define VAR_HARDEN_REFERRAL_PATH 346 -#define VAR_PRIVATE_ADDRESS 347 -#define VAR_PRIVATE_DOMAIN 348 -#define VAR_REMOTE_CONTROL 349 -#define VAR_CONTROL_ENABLE 350 -#define VAR_CONTROL_INTERFACE 351 -#define VAR_CONTROL_PORT 352 -#define VAR_SERVER_KEY_FILE 353 -#define VAR_SERVER_CERT_FILE 354 -#define VAR_CONTROL_KEY_FILE 355 -#define VAR_CONTROL_CERT_FILE 356 -#define VAR_CONTROL_USE_CERT 357 -#define VAR_EXTENDED_STATISTICS 358 -#define VAR_LOCAL_DATA_PTR 359 -#define VAR_JOSTLE_TIMEOUT 360 -#define VAR_STUB_PRIME 361 -#define VAR_UNWANTED_REPLY_THRESHOLD 362 -#define VAR_LOG_TIME_ASCII 363 -#define VAR_DOMAIN_INSECURE 364 -#define VAR_PYTHON 365 -#define VAR_PYTHON_SCRIPT 366 -#define VAR_VAL_SIG_SKEW_MIN 367 -#define VAR_VAL_SIG_SKEW_MAX 368 -#define VAR_CACHE_MIN_TTL 369 -#define VAR_VAL_LOG_LEVEL 370 -#define VAR_AUTO_TRUST_ANCHOR_FILE 371 -#define VAR_KEEP_MISSING 372 -#define VAR_ADD_HOLDDOWN 373 -#define VAR_DEL_HOLDDOWN 374 -#define VAR_SO_RCVBUF 375 -#define VAR_EDNS_BUFFER_SIZE 376 -#define VAR_PREFETCH 377 -#define VAR_PREFETCH_KEY 378 -#define VAR_SO_SNDBUF 379 -#define VAR_SO_REUSEPORT 380 -#define VAR_HARDEN_BELOW_NXDOMAIN 381 -#define VAR_IGNORE_CD_FLAG 382 -#define VAR_LOG_QUERIES 383 -#define VAR_LOG_REPLIES 384 -#define VAR_LOG_LOCAL_ACTIONS 385 -#define VAR_TCP_UPSTREAM 386 -#define VAR_SSL_UPSTREAM 387 -#define VAR_SSL_SERVICE_KEY 388 -#define VAR_SSL_SERVICE_PEM 389 -#define VAR_SSL_PORT 390 -#define VAR_FORWARD_FIRST 391 -#define VAR_STUB_SSL_UPSTREAM 392 -#define VAR_FORWARD_SSL_UPSTREAM 393 -#define VAR_TLS_CERT_BUNDLE 394 -#define VAR_STUB_FIRST 395 -#define VAR_MINIMAL_RESPONSES 396 -#define VAR_RRSET_ROUNDROBIN 397 -#define VAR_MAX_UDP_SIZE 398 -#define VAR_DELAY_CLOSE 399 -#define VAR_UNBLOCK_LAN_ZONES 400 -#define VAR_INSECURE_LAN_ZONES 401 -#define VAR_INFRA_CACHE_MIN_RTT 402 -#define VAR_DNS64_PREFIX 403 -#define VAR_DNS64_SYNTHALL 404 -#define VAR_DNS64_IGNORE_AAAA 405 -#define VAR_DNSTAP 406 -#define VAR_DNSTAP_ENABLE 407 -#define VAR_DNSTAP_SOCKET_PATH 408 -#define VAR_DNSTAP_SEND_IDENTITY 409 -#define VAR_DNSTAP_SEND_VERSION 410 -#define VAR_DNSTAP_IDENTITY 411 -#define VAR_DNSTAP_VERSION 412 -#define VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES 413 -#define VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES 414 -#define VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES 415 -#define VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES 416 -#define VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES 417 -#define VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES 418 -#define VAR_RESPONSE_IP_TAG 419 -#define VAR_RESPONSE_IP 420 -#define VAR_RESPONSE_IP_DATA 421 -#define VAR_HARDEN_ALGO_DOWNGRADE 422 -#define VAR_IP_TRANSPARENT 423 -#define VAR_DISABLE_DNSSEC_LAME_CHECK 424 -#define VAR_IP_RATELIMIT 425 -#define VAR_IP_RATELIMIT_SLABS 426 -#define VAR_IP_RATELIMIT_SIZE 427 -#define VAR_RATELIMIT 428 -#define VAR_RATELIMIT_SLABS 429 -#define VAR_RATELIMIT_SIZE 430 -#define VAR_RATELIMIT_FOR_DOMAIN 431 -#define VAR_RATELIMIT_BELOW_DOMAIN 432 -#define VAR_IP_RATELIMIT_FACTOR 433 -#define VAR_RATELIMIT_FACTOR 434 -#define VAR_SEND_CLIENT_SUBNET 435 -#define VAR_CLIENT_SUBNET_ZONE 436 -#define VAR_CLIENT_SUBNET_ALWAYS_FORWARD 437 -#define VAR_CLIENT_SUBNET_OPCODE 438 -#define VAR_MAX_CLIENT_SUBNET_IPV4 439 -#define VAR_MAX_CLIENT_SUBNET_IPV6 440 -#define VAR_MIN_CLIENT_SUBNET_IPV4 441 -#define VAR_MIN_CLIENT_SUBNET_IPV6 442 -#define VAR_MAX_ECS_TREE_SIZE_IPV4 443 -#define VAR_MAX_ECS_TREE_SIZE_IPV6 444 -#define VAR_CAPS_WHITELIST 445 -#define VAR_CACHE_MAX_NEGATIVE_TTL 446 -#define VAR_PERMIT_SMALL_HOLDDOWN 447 -#define VAR_QNAME_MINIMISATION 448 -#define VAR_QNAME_MINIMISATION_STRICT 449 -#define VAR_IP_FREEBIND 450 -#define VAR_DEFINE_TAG 451 -#define VAR_LOCAL_ZONE_TAG 452 -#define VAR_ACCESS_CONTROL_TAG 453 -#define VAR_LOCAL_ZONE_OVERRIDE 454 -#define VAR_ACCESS_CONTROL_TAG_ACTION 455 -#define VAR_ACCESS_CONTROL_TAG_DATA 456 -#define VAR_VIEW 457 -#define VAR_ACCESS_CONTROL_VIEW 458 -#define VAR_VIEW_FIRST 459 -#define VAR_SERVE_EXPIRED 460 -#define VAR_SERVE_EXPIRED_TTL 461 -#define VAR_SERVE_EXPIRED_TTL_RESET 462 -#define VAR_SERVE_EXPIRED_REPLY_TTL 463 -#define VAR_SERVE_EXPIRED_CLIENT_TIMEOUT 464 -#define VAR_FAKE_DSA 465 -#define VAR_FAKE_SHA1 466 -#define VAR_LOG_IDENTITY 467 -#define VAR_HIDE_TRUSTANCHOR 468 -#define VAR_TRUST_ANCHOR_SIGNALING 469 -#define VAR_AGGRESSIVE_NSEC 470 -#define VAR_USE_SYSTEMD 471 -#define VAR_SHM_ENABLE 472 -#define VAR_SHM_KEY 473 -#define VAR_ROOT_KEY_SENTINEL 474 -#define VAR_DNSCRYPT 475 -#define VAR_DNSCRYPT_ENABLE 476 -#define VAR_DNSCRYPT_PORT 477 -#define VAR_DNSCRYPT_PROVIDER 478 -#define VAR_DNSCRYPT_SECRET_KEY 479 -#define VAR_DNSCRYPT_PROVIDER_CERT 480 -#define VAR_DNSCRYPT_PROVIDER_CERT_ROTATED 481 -#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE 482 -#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS 483 -#define VAR_DNSCRYPT_NONCE_CACHE_SIZE 484 -#define VAR_DNSCRYPT_NONCE_CACHE_SLABS 485 -#define VAR_IPSECMOD_ENABLED 486 -#define VAR_IPSECMOD_HOOK 487 -#define VAR_IPSECMOD_IGNORE_BOGUS 488 -#define VAR_IPSECMOD_MAX_TTL 489 -#define VAR_IPSECMOD_WHITELIST 490 -#define VAR_IPSECMOD_STRICT 491 -#define VAR_CACHEDB 492 -#define VAR_CACHEDB_BACKEND 493 -#define VAR_CACHEDB_SECRETSEED 494 -#define VAR_CACHEDB_REDISHOST 495 -#define VAR_CACHEDB_REDISPORT 496 -#define VAR_CACHEDB_REDISTIMEOUT 497 -#define VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM 498 -#define VAR_FOR_UPSTREAM 499 -#define VAR_AUTH_ZONE 500 -#define VAR_ZONEFILE 501 -#define VAR_MASTER 502 -#define VAR_URL 503 -#define VAR_FOR_DOWNSTREAM 504 -#define VAR_FALLBACK_ENABLED 505 -#define VAR_TLS_ADDITIONAL_PORT 506 -#define VAR_LOW_RTT 507 -#define VAR_LOW_RTT_PERMIL 508 -#define VAR_FAST_SERVER_PERMIL 509 -#define VAR_FAST_SERVER_NUM 510 -#define VAR_ALLOW_NOTIFY 511 -#define VAR_TLS_WIN_CERT 512 -#define VAR_TCP_CONNECTION_LIMIT 513 -#define VAR_FORWARD_NO_CACHE 514 -#define VAR_STUB_NO_CACHE 515 -#define VAR_LOG_SERVFAIL 516 -#define VAR_DENY_ANY 517 -#define VAR_UNKNOWN_SERVER_TIME_LIMIT 518 -#define VAR_LOG_TAG_QUERYREPLY 519 -#define VAR_STREAM_WAIT_SIZE 520 -#define VAR_TLS_CIPHERS 521 -#define VAR_TLS_CIPHERSUITES 522 -#define VAR_IPSET 523 -#define VAR_IPSET_NAME_V4 524 -#define VAR_IPSET_NAME_V6 525 -#define VAR_TLS_SESSION_TICKET_KEYS 526 -#define VAR_RPZ 527 -#define VAR_TAGS 528 -#define VAR_RPZ_ACTION_OVERRIDE 529 -#define VAR_RPZ_CNAME_OVERRIDE 530 -#define VAR_RPZ_LOG 531 -#define VAR_RPZ_LOG_NAME 532 +#define VAR_FORCE_TOPLEVEL 266 +#define VAR_SERVER 267 +#define VAR_VERBOSITY 268 +#define VAR_NUM_THREADS 269 +#define VAR_PORT 270 +#define VAR_OUTGOING_RANGE 271 +#define VAR_INTERFACE 272 +#define VAR_PREFER_IP4 273 +#define VAR_DO_IP4 274 +#define VAR_DO_IP6 275 +#define VAR_PREFER_IP6 276 +#define VAR_DO_UDP 277 +#define VAR_DO_TCP 278 +#define VAR_TCP_MSS 279 +#define VAR_OUTGOING_TCP_MSS 280 +#define VAR_TCP_IDLE_TIMEOUT 281 +#define VAR_EDNS_TCP_KEEPALIVE 282 +#define VAR_EDNS_TCP_KEEPALIVE_TIMEOUT 283 +#define VAR_CHROOT 284 +#define VAR_USERNAME 285 +#define VAR_DIRECTORY 286 +#define VAR_LOGFILE 287 +#define VAR_PIDFILE 288 +#define VAR_MSG_CACHE_SIZE 289 +#define VAR_MSG_CACHE_SLABS 290 +#define VAR_NUM_QUERIES_PER_THREAD 291 +#define VAR_RRSET_CACHE_SIZE 292 +#define VAR_RRSET_CACHE_SLABS 293 +#define VAR_OUTGOING_NUM_TCP 294 +#define VAR_INFRA_HOST_TTL 295 +#define VAR_INFRA_LAME_TTL 296 +#define VAR_INFRA_CACHE_SLABS 297 +#define VAR_INFRA_CACHE_NUMHOSTS 298 +#define VAR_INFRA_CACHE_LAME_SIZE 299 +#define VAR_NAME 300 +#define VAR_STUB_ZONE 301 +#define VAR_STUB_HOST 302 +#define VAR_STUB_ADDR 303 +#define VAR_TARGET_FETCH_POLICY 304 +#define VAR_HARDEN_SHORT_BUFSIZE 305 +#define VAR_HARDEN_LARGE_QUERIES 306 +#define VAR_FORWARD_ZONE 307 +#define VAR_FORWARD_HOST 308 +#define VAR_FORWARD_ADDR 309 +#define VAR_DO_NOT_QUERY_ADDRESS 310 +#define VAR_HIDE_IDENTITY 311 +#define VAR_HIDE_VERSION 312 +#define VAR_IDENTITY 313 +#define VAR_VERSION 314 +#define VAR_HARDEN_GLUE 315 +#define VAR_MODULE_CONF 316 +#define VAR_TRUST_ANCHOR_FILE 317 +#define VAR_TRUST_ANCHOR 318 +#define VAR_VAL_OVERRIDE_DATE 319 +#define VAR_BOGUS_TTL 320 +#define VAR_VAL_CLEAN_ADDITIONAL 321 +#define VAR_VAL_PERMISSIVE_MODE 322 +#define VAR_INCOMING_NUM_TCP 323 +#define VAR_MSG_BUFFER_SIZE 324 +#define VAR_KEY_CACHE_SIZE 325 +#define VAR_KEY_CACHE_SLABS 326 +#define VAR_TRUSTED_KEYS_FILE 327 +#define VAR_VAL_NSEC3_KEYSIZE_ITERATIONS 328 +#define VAR_USE_SYSLOG 329 +#define VAR_OUTGOING_INTERFACE 330 +#define VAR_ROOT_HINTS 331 +#define VAR_DO_NOT_QUERY_LOCALHOST 332 +#define VAR_CACHE_MAX_TTL 333 +#define VAR_HARDEN_DNSSEC_STRIPPED 334 +#define VAR_ACCESS_CONTROL 335 +#define VAR_LOCAL_ZONE 336 +#define VAR_LOCAL_DATA 337 +#define VAR_INTERFACE_AUTOMATIC 338 +#define VAR_STATISTICS_INTERVAL 339 +#define VAR_DO_DAEMONIZE 340 +#define VAR_USE_CAPS_FOR_ID 341 +#define VAR_STATISTICS_CUMULATIVE 342 +#define VAR_OUTGOING_PORT_PERMIT 343 +#define VAR_OUTGOING_PORT_AVOID 344 +#define VAR_DLV_ANCHOR_FILE 345 +#define VAR_DLV_ANCHOR 346 +#define VAR_NEG_CACHE_SIZE 347 +#define VAR_HARDEN_REFERRAL_PATH 348 +#define VAR_PRIVATE_ADDRESS 349 +#define VAR_PRIVATE_DOMAIN 350 +#define VAR_REMOTE_CONTROL 351 +#define VAR_CONTROL_ENABLE 352 +#define VAR_CONTROL_INTERFACE 353 +#define VAR_CONTROL_PORT 354 +#define VAR_SERVER_KEY_FILE 355 +#define VAR_SERVER_CERT_FILE 356 +#define VAR_CONTROL_KEY_FILE 357 +#define VAR_CONTROL_CERT_FILE 358 +#define VAR_CONTROL_USE_CERT 359 +#define VAR_EXTENDED_STATISTICS 360 +#define VAR_LOCAL_DATA_PTR 361 +#define VAR_JOSTLE_TIMEOUT 362 +#define VAR_STUB_PRIME 363 +#define VAR_UNWANTED_REPLY_THRESHOLD 364 +#define VAR_LOG_TIME_ASCII 365 +#define VAR_DOMAIN_INSECURE 366 +#define VAR_PYTHON 367 +#define VAR_PYTHON_SCRIPT 368 +#define VAR_VAL_SIG_SKEW_MIN 369 +#define VAR_VAL_SIG_SKEW_MAX 370 +#define VAR_CACHE_MIN_TTL 371 +#define VAR_VAL_LOG_LEVEL 372 +#define VAR_AUTO_TRUST_ANCHOR_FILE 373 +#define VAR_KEEP_MISSING 374 +#define VAR_ADD_HOLDDOWN 375 +#define VAR_DEL_HOLDDOWN 376 +#define VAR_SO_RCVBUF 377 +#define VAR_EDNS_BUFFER_SIZE 378 +#define VAR_PREFETCH 379 +#define VAR_PREFETCH_KEY 380 +#define VAR_SO_SNDBUF 381 +#define VAR_SO_REUSEPORT 382 +#define VAR_HARDEN_BELOW_NXDOMAIN 383 +#define VAR_IGNORE_CD_FLAG 384 +#define VAR_LOG_QUERIES 385 +#define VAR_LOG_REPLIES 386 +#define VAR_LOG_LOCAL_ACTIONS 387 +#define VAR_TCP_UPSTREAM 388 +#define VAR_SSL_UPSTREAM 389 +#define VAR_SSL_SERVICE_KEY 390 +#define VAR_SSL_SERVICE_PEM 391 +#define VAR_SSL_PORT 392 +#define VAR_FORWARD_FIRST 393 +#define VAR_STUB_SSL_UPSTREAM 394 +#define VAR_FORWARD_SSL_UPSTREAM 395 +#define VAR_TLS_CERT_BUNDLE 396 +#define VAR_STUB_FIRST 397 +#define VAR_MINIMAL_RESPONSES 398 +#define VAR_RRSET_ROUNDROBIN 399 +#define VAR_MAX_UDP_SIZE 400 +#define VAR_DELAY_CLOSE 401 +#define VAR_UNBLOCK_LAN_ZONES 402 +#define VAR_INSECURE_LAN_ZONES 403 +#define VAR_INFRA_CACHE_MIN_RTT 404 +#define VAR_DNS64_PREFIX 405 +#define VAR_DNS64_SYNTHALL 406 +#define VAR_DNS64_IGNORE_AAAA 407 +#define VAR_DNSTAP 408 +#define VAR_DNSTAP_ENABLE 409 +#define VAR_DNSTAP_SOCKET_PATH 410 +#define VAR_DNSTAP_IP 411 +#define VAR_DNSTAP_TLS 412 +#define VAR_DNSTAP_TLS_SERVER_NAME 413 +#define VAR_DNSTAP_TLS_CERT_BUNDLE 414 +#define VAR_DNSTAP_TLS_CLIENT_KEY_FILE 415 +#define VAR_DNSTAP_TLS_CLIENT_CERT_FILE 416 +#define VAR_DNSTAP_SEND_IDENTITY 417 +#define VAR_DNSTAP_SEND_VERSION 418 +#define VAR_DNSTAP_BIDIRECTIONAL 419 +#define VAR_DNSTAP_IDENTITY 420 +#define VAR_DNSTAP_VERSION 421 +#define VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES 422 +#define VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES 423 +#define VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES 424 +#define VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES 425 +#define VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES 426 +#define VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES 427 +#define VAR_RESPONSE_IP_TAG 428 +#define VAR_RESPONSE_IP 429 +#define VAR_RESPONSE_IP_DATA 430 +#define VAR_HARDEN_ALGO_DOWNGRADE 431 +#define VAR_IP_TRANSPARENT 432 +#define VAR_IP_DSCP 433 +#define VAR_DISABLE_DNSSEC_LAME_CHECK 434 +#define VAR_IP_RATELIMIT 435 +#define VAR_IP_RATELIMIT_SLABS 436 +#define VAR_IP_RATELIMIT_SIZE 437 +#define VAR_RATELIMIT 438 +#define VAR_RATELIMIT_SLABS 439 +#define VAR_RATELIMIT_SIZE 440 +#define VAR_RATELIMIT_FOR_DOMAIN 441 +#define VAR_RATELIMIT_BELOW_DOMAIN 442 +#define VAR_IP_RATELIMIT_FACTOR 443 +#define VAR_RATELIMIT_FACTOR 444 +#define VAR_SEND_CLIENT_SUBNET 445 +#define VAR_CLIENT_SUBNET_ZONE 446 +#define VAR_CLIENT_SUBNET_ALWAYS_FORWARD 447 +#define VAR_CLIENT_SUBNET_OPCODE 448 +#define VAR_MAX_CLIENT_SUBNET_IPV4 449 +#define VAR_MAX_CLIENT_SUBNET_IPV6 450 +#define VAR_MIN_CLIENT_SUBNET_IPV4 451 +#define VAR_MIN_CLIENT_SUBNET_IPV6 452 +#define VAR_MAX_ECS_TREE_SIZE_IPV4 453 +#define VAR_MAX_ECS_TREE_SIZE_IPV6 454 +#define VAR_CAPS_WHITELIST 455 +#define VAR_CACHE_MAX_NEGATIVE_TTL 456 +#define VAR_PERMIT_SMALL_HOLDDOWN 457 +#define VAR_QNAME_MINIMISATION 458 +#define VAR_QNAME_MINIMISATION_STRICT 459 +#define VAR_IP_FREEBIND 460 +#define VAR_DEFINE_TAG 461 +#define VAR_LOCAL_ZONE_TAG 462 +#define VAR_ACCESS_CONTROL_TAG 463 +#define VAR_LOCAL_ZONE_OVERRIDE 464 +#define VAR_ACCESS_CONTROL_TAG_ACTION 465 +#define VAR_ACCESS_CONTROL_TAG_DATA 466 +#define VAR_VIEW 467 +#define VAR_ACCESS_CONTROL_VIEW 468 +#define VAR_VIEW_FIRST 469 +#define VAR_SERVE_EXPIRED 470 +#define VAR_SERVE_EXPIRED_TTL 471 +#define VAR_SERVE_EXPIRED_TTL_RESET 472 +#define VAR_SERVE_EXPIRED_REPLY_TTL 473 +#define VAR_SERVE_EXPIRED_CLIENT_TIMEOUT 474 +#define VAR_FAKE_DSA 475 +#define VAR_FAKE_SHA1 476 +#define VAR_LOG_IDENTITY 477 +#define VAR_HIDE_TRUSTANCHOR 478 +#define VAR_TRUST_ANCHOR_SIGNALING 479 +#define VAR_AGGRESSIVE_NSEC 480 +#define VAR_USE_SYSTEMD 481 +#define VAR_SHM_ENABLE 482 +#define VAR_SHM_KEY 483 +#define VAR_ROOT_KEY_SENTINEL 484 +#define VAR_DNSCRYPT 485 +#define VAR_DNSCRYPT_ENABLE 486 +#define VAR_DNSCRYPT_PORT 487 +#define VAR_DNSCRYPT_PROVIDER 488 +#define VAR_DNSCRYPT_SECRET_KEY 489 +#define VAR_DNSCRYPT_PROVIDER_CERT 490 +#define VAR_DNSCRYPT_PROVIDER_CERT_ROTATED 491 +#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE 492 +#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS 493 +#define VAR_DNSCRYPT_NONCE_CACHE_SIZE 494 +#define VAR_DNSCRYPT_NONCE_CACHE_SLABS 495 +#define VAR_IPSECMOD_ENABLED 496 +#define VAR_IPSECMOD_HOOK 497 +#define VAR_IPSECMOD_IGNORE_BOGUS 498 +#define VAR_IPSECMOD_MAX_TTL 499 +#define VAR_IPSECMOD_WHITELIST 500 +#define VAR_IPSECMOD_STRICT 501 +#define VAR_CACHEDB 502 +#define VAR_CACHEDB_BACKEND 503 +#define VAR_CACHEDB_SECRETSEED 504 +#define VAR_CACHEDB_REDISHOST 505 +#define VAR_CACHEDB_REDISPORT 506 +#define VAR_CACHEDB_REDISTIMEOUT 507 +#define VAR_CACHEDB_REDISEXPIRERECORDS 508 +#define VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM 509 +#define VAR_FOR_UPSTREAM 510 +#define VAR_AUTH_ZONE 511 +#define VAR_ZONEFILE 512 +#define VAR_MASTER 513 +#define VAR_URL 514 +#define VAR_FOR_DOWNSTREAM 515 +#define VAR_FALLBACK_ENABLED 516 +#define VAR_TLS_ADDITIONAL_PORT 517 +#define VAR_LOW_RTT 518 +#define VAR_LOW_RTT_PERMIL 519 +#define VAR_FAST_SERVER_PERMIL 520 +#define VAR_FAST_SERVER_NUM 521 +#define VAR_ALLOW_NOTIFY 522 +#define VAR_TLS_WIN_CERT 523 +#define VAR_TCP_CONNECTION_LIMIT 524 +#define VAR_FORWARD_NO_CACHE 525 +#define VAR_STUB_NO_CACHE 526 +#define VAR_LOG_SERVFAIL 527 +#define VAR_DENY_ANY 528 +#define VAR_UNKNOWN_SERVER_TIME_LIMIT 529 +#define VAR_LOG_TAG_QUERYREPLY 530 +#define VAR_STREAM_WAIT_SIZE 531 +#define VAR_TLS_CIPHERS 532 +#define VAR_TLS_CIPHERSUITES 533 +#define VAR_TLS_USE_SNI 534 +#define VAR_IPSET 535 +#define VAR_IPSET_NAME_V4 536 +#define VAR_IPSET_NAME_V6 537 +#define VAR_TLS_SESSION_TICKET_KEYS 538 +#define VAR_RPZ 539 +#define VAR_TAGS 540 +#define VAR_RPZ_ACTION_OVERRIDE 541 +#define VAR_RPZ_CNAME_OVERRIDE 542 +#define VAR_RPZ_LOG 543 +#define VAR_RPZ_LOG_NAME 544 +#define VAR_DYNLIB 545 +#define VAR_DYNLIB_FILE 546 /* Value type. */ #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED @@ -611,7 +639,7 @@ union YYSTYPE char* str; -#line 615 "util/configparser.h" +#line 643 "util/configparser.h" }; typedef union YYSTYPE YYSTYPE; diff --git a/util/configparser.y b/util/configparser.y index 798f4a972fd8..fe600a999d45 100644 --- a/util/configparser.y +++ b/util/configparser.y @@ -69,8 +69,9 @@ extern struct config_parser_state* cfg_parser; %token SPACE LETTER NEWLINE COMMENT COLON ANY ZONESTR %token <str> STRING_ARG +%token VAR_FORCE_TOPLEVEL %token VAR_SERVER VAR_VERBOSITY VAR_NUM_THREADS VAR_PORT -%token VAR_OUTGOING_RANGE VAR_INTERFACE +%token VAR_OUTGOING_RANGE VAR_INTERFACE VAR_PREFER_IP4 %token VAR_DO_IP4 VAR_DO_IP6 VAR_PREFER_IP6 VAR_DO_UDP VAR_DO_TCP %token VAR_TCP_MSS VAR_OUTGOING_TCP_MSS VAR_TCP_IDLE_TIMEOUT %token VAR_EDNS_TCP_KEEPALIVE VAR_EDNS_TCP_KEEPALIVE_TIMEOUT @@ -116,8 +117,10 @@ extern struct config_parser_state* cfg_parser; %token VAR_UNBLOCK_LAN_ZONES VAR_INSECURE_LAN_ZONES %token VAR_INFRA_CACHE_MIN_RTT %token VAR_DNS64_PREFIX VAR_DNS64_SYNTHALL VAR_DNS64_IGNORE_AAAA -%token VAR_DNSTAP VAR_DNSTAP_ENABLE VAR_DNSTAP_SOCKET_PATH -%token VAR_DNSTAP_SEND_IDENTITY VAR_DNSTAP_SEND_VERSION +%token VAR_DNSTAP VAR_DNSTAP_ENABLE VAR_DNSTAP_SOCKET_PATH VAR_DNSTAP_IP +%token VAR_DNSTAP_TLS VAR_DNSTAP_TLS_SERVER_NAME VAR_DNSTAP_TLS_CERT_BUNDLE +%token VAR_DNSTAP_TLS_CLIENT_KEY_FILE VAR_DNSTAP_TLS_CLIENT_CERT_FILE +%token VAR_DNSTAP_SEND_IDENTITY VAR_DNSTAP_SEND_VERSION VAR_DNSTAP_BIDIRECTIONAL %token VAR_DNSTAP_IDENTITY VAR_DNSTAP_VERSION %token VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES %token VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES @@ -127,6 +130,7 @@ extern struct config_parser_state* cfg_parser; %token VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES %token VAR_RESPONSE_IP_TAG VAR_RESPONSE_IP VAR_RESPONSE_IP_DATA %token VAR_HARDEN_ALGO_DOWNGRADE VAR_IP_TRANSPARENT +%token VAR_IP_DSCP %token VAR_DISABLE_DNSSEC_LAME_CHECK %token VAR_IP_RATELIMIT VAR_IP_RATELIMIT_SLABS VAR_IP_RATELIMIT_SIZE %token VAR_RATELIMIT VAR_RATELIMIT_SLABS VAR_RATELIMIT_SIZE @@ -159,6 +163,7 @@ extern struct config_parser_state* cfg_parser; %token VAR_IPSECMOD_MAX_TTL VAR_IPSECMOD_WHITELIST VAR_IPSECMOD_STRICT %token VAR_CACHEDB VAR_CACHEDB_BACKEND VAR_CACHEDB_SECRETSEED %token VAR_CACHEDB_REDISHOST VAR_CACHEDB_REDISPORT VAR_CACHEDB_REDISTIMEOUT +%token VAR_CACHEDB_REDISEXPIRERECORDS %token VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM VAR_FOR_UPSTREAM %token VAR_AUTH_ZONE VAR_ZONEFILE VAR_MASTER VAR_URL VAR_FOR_DOWNSTREAM %token VAR_FALLBACK_ENABLED VAR_TLS_ADDITIONAL_PORT VAR_LOW_RTT VAR_LOW_RTT_PERMIL @@ -166,10 +171,11 @@ extern struct config_parser_state* cfg_parser; %token VAR_ALLOW_NOTIFY VAR_TLS_WIN_CERT VAR_TCP_CONNECTION_LIMIT %token VAR_FORWARD_NO_CACHE VAR_STUB_NO_CACHE VAR_LOG_SERVFAIL VAR_DENY_ANY %token VAR_UNKNOWN_SERVER_TIME_LIMIT VAR_LOG_TAG_QUERYREPLY -%token VAR_STREAM_WAIT_SIZE VAR_TLS_CIPHERS VAR_TLS_CIPHERSUITES +%token VAR_STREAM_WAIT_SIZE VAR_TLS_CIPHERS VAR_TLS_CIPHERSUITES VAR_TLS_USE_SNI %token VAR_IPSET VAR_IPSET_NAME_V4 VAR_IPSET_NAME_V6 %token VAR_TLS_SESSION_TICKET_KEYS VAR_RPZ VAR_TAGS VAR_RPZ_ACTION_OVERRIDE %token VAR_RPZ_CNAME_OVERRIDE VAR_RPZ_LOG VAR_RPZ_LOG_NAME +%token VAR_DYNLIB VAR_DYNLIB_FILE %% toplevelvars: /* empty */ | toplevelvars toplevelvar ; @@ -178,20 +184,25 @@ toplevelvar: serverstart contents_server | stubstart contents_stub | rcstart contents_rc | dtstart contents_dt | viewstart contents_view | dnscstart contents_dnsc | cachedbstart contents_cachedb | ipsetstart contents_ipset | authstart contents_auth | - rpzstart contents_rpz + rpzstart contents_rpz | dynlibstart contents_dl | + force_toplevel + ; +force_toplevel: VAR_FORCE_TOPLEVEL + { + OUTYY(("\nP(force-toplevel)\n")); + } ; - /* server: declaration */ serverstart: VAR_SERVER { - OUTYY(("\nP(server:)\n")); + OUTYY(("\nP(server:)\n")); } ; -contents_server: contents_server content_server +contents_server: contents_server content_server | ; content_server: server_num_threads | server_verbosity | server_port | server_outgoing_range | server_do_ip4 | - server_do_ip6 | server_prefer_ip6 | + server_do_ip6 | server_prefer_ip4 | server_prefer_ip6 | server_do_udp | server_do_tcp | server_tcp_mss | server_outgoing_tcp_mss | server_tcp_idle_timeout | server_tcp_keepalive | server_tcp_keepalive_timeout | @@ -239,6 +250,7 @@ content_server: server_num_threads | server_verbosity | server_port | server_dns64_prefix | server_dns64_synthall | server_dns64_ignore_aaaa | server_infra_cache_min_rtt | server_harden_algo_downgrade | server_ip_transparent | server_ip_ratelimit | server_ratelimit | + server_ip_dscp | server_ip_ratelimit_slabs | server_ratelimit_slabs | server_ip_ratelimit_size | server_ratelimit_size | server_ratelimit_for_domain | @@ -272,7 +284,8 @@ content_server: server_num_threads | server_verbosity | server_port | server_tcp_connection_limit | server_log_servfail | server_deny_any | server_unknown_server_time_limit | server_log_tag_queryreply | server_stream_wait_size | server_tls_ciphers | - server_tls_ciphersuites | server_tls_session_ticket_keys + server_tls_ciphersuites | server_tls_session_ticket_keys | + server_tls_use_sni ; stubstart: VAR_STUB_ZONE { @@ -780,6 +793,15 @@ server_do_tcp: VAR_DO_TCP STRING_ARG free($2); } ; +server_prefer_ip4: VAR_PREFER_IP4 STRING_ARG + { + OUTYY(("P(server_prefer_ip4:%s)\n", $2)); + if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->prefer_ip4 = (strcmp($2, "yes")==0); + free($2); + } + ; server_prefer_ip6: VAR_PREFER_IP6 STRING_ARG { OUTYY(("P(server_prefer_ip6:%s)\n", $2)); @@ -938,6 +960,15 @@ server_tls_session_ticket_keys: VAR_TLS_SESSION_TICKET_KEYS STRING_ARG yyerror("out of memory"); } ; +server_tls_use_sni: VAR_TLS_USE_SNI STRING_ARG + { + OUTYY(("P(server_tls_use_sni:%s)\n", $2)); + if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->tls_use_sni = (strcmp($2, "yes")==0); + free($2); + } + ; server_use_systemd: VAR_USE_SYSTEMD STRING_ARG { OUTYY(("P(server_use_systemd:%s)\n", $2)); @@ -1247,6 +1278,20 @@ server_ip_freebind: VAR_IP_FREEBIND STRING_ARG free($2); } ; +server_ip_dscp: VAR_IP_DSCP STRING_ARG + { + OUTYY(("P(server_ip_dscp:%s)\n", $2)); + if(atoi($2) == 0 && strcmp($2, "0") != 0) + yyerror("number expected"); + else if (atoi($2) > 63) + yyerror("value too large (max 63)"); + else if (atoi($2) < 0) + yyerror("value too small (min 0)"); + else + cfg_parser->cfg->ip_dscp = atoi($2); + free($2); + } + ; server_stream_wait_size: VAR_STREAM_WAIT_SIZE STRING_ARG { OUTYY(("P(server_stream_wait_size:%s)\n", $2)); @@ -2719,7 +2764,10 @@ dtstart: VAR_DNSTAP ; contents_dt: contents_dt content_dt | ; -content_dt: dt_dnstap_enable | dt_dnstap_socket_path | +content_dt: dt_dnstap_enable | dt_dnstap_socket_path | dt_dnstap_bidirectional | + dt_dnstap_ip | dt_dnstap_tls | dt_dnstap_tls_server_name | + dt_dnstap_tls_cert_bundle | + dt_dnstap_tls_client_key_file | dt_dnstap_tls_client_cert_file | dt_dnstap_send_identity | dt_dnstap_send_version | dt_dnstap_identity | dt_dnstap_version | dt_dnstap_log_resolver_query_messages | @@ -2738,6 +2786,16 @@ dt_dnstap_enable: VAR_DNSTAP_ENABLE STRING_ARG free($2); } ; +dt_dnstap_bidirectional: VAR_DNSTAP_BIDIRECTIONAL STRING_ARG + { + OUTYY(("P(dt_dnstap_bidirectional:%s)\n", $2)); + if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->dnstap_bidirectional = + (strcmp($2, "yes")==0); + free($2); + } + ; dt_dnstap_socket_path: VAR_DNSTAP_SOCKET_PATH STRING_ARG { OUTYY(("P(dt_dnstap_socket_path:%s)\n", $2)); @@ -2745,6 +2803,50 @@ dt_dnstap_socket_path: VAR_DNSTAP_SOCKET_PATH STRING_ARG cfg_parser->cfg->dnstap_socket_path = $2; } ; +dt_dnstap_ip: VAR_DNSTAP_IP STRING_ARG + { + OUTYY(("P(dt_dnstap_ip:%s)\n", $2)); + free(cfg_parser->cfg->dnstap_ip); + cfg_parser->cfg->dnstap_ip = $2; + } + ; +dt_dnstap_tls: VAR_DNSTAP_TLS STRING_ARG + { + OUTYY(("P(dt_dnstap_tls:%s)\n", $2)); + if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->dnstap_tls = (strcmp($2, "yes")==0); + free($2); + } + ; +dt_dnstap_tls_server_name: VAR_DNSTAP_TLS_SERVER_NAME STRING_ARG + { + OUTYY(("P(dt_dnstap_tls_server_name:%s)\n", $2)); + free(cfg_parser->cfg->dnstap_tls_server_name); + cfg_parser->cfg->dnstap_tls_server_name = $2; + } + ; +dt_dnstap_tls_cert_bundle: VAR_DNSTAP_TLS_CERT_BUNDLE STRING_ARG + { + OUTYY(("P(dt_dnstap_tls_cert_bundle:%s)\n", $2)); + free(cfg_parser->cfg->dnstap_tls_cert_bundle); + cfg_parser->cfg->dnstap_tls_cert_bundle = $2; + } + ; +dt_dnstap_tls_client_key_file: VAR_DNSTAP_TLS_CLIENT_KEY_FILE STRING_ARG + { + OUTYY(("P(dt_dnstap_tls_client_key_file:%s)\n", $2)); + free(cfg_parser->cfg->dnstap_tls_client_key_file); + cfg_parser->cfg->dnstap_tls_client_key_file = $2; + } + ; +dt_dnstap_tls_client_cert_file: VAR_DNSTAP_TLS_CLIENT_CERT_FILE STRING_ARG + { + OUTYY(("P(dt_dnstap_tls_client_cert_file:%s)\n", $2)); + free(cfg_parser->cfg->dnstap_tls_client_cert_file); + cfg_parser->cfg->dnstap_tls_client_cert_file = $2; + } + ; dt_dnstap_send_identity: VAR_DNSTAP_SEND_IDENTITY STRING_ARG { OUTYY(("P(dt_dnstap_send_identity:%s)\n", $2)); @@ -2852,6 +2954,21 @@ py_script: VAR_PYTHON_SCRIPT STRING_ARG if(!cfg_strlist_append_ex(&cfg_parser->cfg->python_script, $2)) yyerror("out of memory"); } +dynlibstart: VAR_DYNLIB + { + OUTYY(("\nP(dynlib:)\n")); + } + ; +contents_dl: contents_dl content_dl + | ; +content_dl: dl_file + ; +dl_file: VAR_DYNLIB_FILE STRING_ARG + { + OUTYY(("P(dynlib-file:%s)\n", $2)); + if(!cfg_strlist_append_ex(&cfg_parser->cfg->dynlib_file, $2)) + yyerror("out of memory"); + } server_disable_dnssec_lame_check: VAR_DISABLE_DNSSEC_LAME_CHECK STRING_ARG { OUTYY(("P(disable_dnssec_lame_check:%s)\n", $2)); @@ -3003,7 +3120,8 @@ cachedbstart: VAR_CACHEDB contents_cachedb: contents_cachedb content_cachedb | ; content_cachedb: cachedb_backend_name | cachedb_secret_seed | - redis_server_host | redis_server_port | redis_timeout + redis_server_host | redis_server_port | redis_timeout | + redis_expire_records ; cachedb_backend_name: VAR_CACHEDB_BACKEND STRING_ARG { @@ -3069,6 +3187,19 @@ redis_timeout: VAR_CACHEDB_REDISTIMEOUT STRING_ARG free($2); } ; +redis_expire_records: VAR_CACHEDB_REDISEXPIRERECORDS STRING_ARG + { + #if defined(USE_CACHEDB) && defined(USE_REDIS) + OUTYY(("P(redis_expire_records:%s)\n", $2)); + if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->redis_expire_records = (strcmp($2, "yes")==0); + #else + OUTYY(("P(Compiled without cachedb or redis, ignoring)\n")); + #endif + free($2); + } + ; server_tcp_connection_limit: VAR_TCP_CONNECTION_LIMIT STRING_ARG STRING_ARG { OUTYY(("P(server_tcp_connection_limit:%s %s)\n", $2, $3)); diff --git a/util/fptr_wlist.c b/util/fptr_wlist.c index 84d41cc84641..aa275ed534b7 100644 --- a/util/fptr_wlist.c +++ b/util/fptr_wlist.c @@ -81,6 +81,9 @@ #ifdef WITH_PYTHONMODULE #include "pythonmod/pythonmod.h" #endif +#ifdef WITH_DYNLIBMODULE +#include "dynlibmod/dynlibmod.h" +#endif #ifdef USE_CACHEDB #include "cachedb/cachedb.h" #endif @@ -93,6 +96,9 @@ #ifdef USE_IPSET #include "ipset/ipset.h" #endif +#ifdef USE_DNSTAP +#include "dnstap/dtstream.h" +#endif int fptr_whitelist_comm_point(comm_point_callback_type *fptr) @@ -168,6 +174,15 @@ fptr_whitelist_event(void (*fptr)(int, short, void *)) else if(fptr == &tube_handle_signal) return 1; else if(fptr == &comm_base_handle_slow_accept) return 1; else if(fptr == &comm_point_http_handle_callback) return 1; +#ifdef USE_DNSTAP + else if(fptr == &dtio_output_cb) return 1; + else if(fptr == &dtio_cmd_cb) return 1; + else if(fptr == &dtio_reconnect_timeout_cb) return 1; + else if(fptr == &dtio_stop_timer_cb) return 1; + else if(fptr == &dtio_stop_ev_cb) return 1; + else if(fptr == &dtio_tap_callback) return 1; + else if(fptr == &dtio_mainfdcallback) return 1; +#endif #ifdef UB_ON_WINDOWS else if(fptr == &worker_win_stop_cb) return 1; #endif @@ -380,6 +395,9 @@ fptr_whitelist_mod_init(int (*fptr)(struct module_env* env, int id)) #ifdef WITH_PYTHONMODULE else if(fptr == &pythonmod_init) return 1; #endif +#ifdef WITH_DYNLIBMODULE + else if(fptr == &dynlibmod_init) return 1; +#endif #ifdef USE_CACHEDB else if(fptr == &cachedb_init) return 1; #endif @@ -405,6 +423,9 @@ fptr_whitelist_mod_deinit(void (*fptr)(struct module_env* env, int id)) #ifdef WITH_PYTHONMODULE else if(fptr == &pythonmod_deinit) return 1; #endif +#ifdef WITH_DYNLIBMODULE + else if(fptr == &dynlibmod_deinit) return 1; +#endif #ifdef USE_CACHEDB else if(fptr == &cachedb_deinit) return 1; #endif @@ -431,6 +452,9 @@ fptr_whitelist_mod_operate(void (*fptr)(struct module_qstate* qstate, #ifdef WITH_PYTHONMODULE else if(fptr == &pythonmod_operate) return 1; #endif +#ifdef WITH_DYNLIBMODULE + else if(fptr == &dynlibmod_operate) return 1; +#endif #ifdef USE_CACHEDB else if(fptr == &cachedb_operate) return 1; #endif @@ -457,6 +481,9 @@ fptr_whitelist_mod_inform_super(void (*fptr)( #ifdef WITH_PYTHONMODULE else if(fptr == &pythonmod_inform_super) return 1; #endif +#ifdef WITH_DYNLIBMODULE + else if(fptr == &dynlibmod_inform_super) return 1; +#endif #ifdef USE_CACHEDB else if(fptr == &cachedb_inform_super) return 1; #endif @@ -483,6 +510,9 @@ fptr_whitelist_mod_clear(void (*fptr)(struct module_qstate* qstate, #ifdef WITH_PYTHONMODULE else if(fptr == &pythonmod_clear) return 1; #endif +#ifdef WITH_DYNLIBMODULE + else if(fptr == &dynlibmod_clear) return 1; +#endif #ifdef USE_CACHEDB else if(fptr == &cachedb_clear) return 1; #endif @@ -508,6 +538,9 @@ fptr_whitelist_mod_get_mem(size_t (*fptr)(struct module_env* env, int id)) #ifdef WITH_PYTHONMODULE else if(fptr == &pythonmod_get_mem) return 1; #endif +#ifdef WITH_DYNLIBMODULE + else if(fptr == &dynlibmod_get_mem) return 1; +#endif #ifdef USE_CACHEDB else if(fptr == &cachedb_get_mem) return 1; #endif @@ -566,18 +599,30 @@ int fptr_whitelist_inplace_cb_reply_generic(inplace_cb_reply_func_type* fptr, #ifdef WITH_PYTHONMODULE if(fptr == &python_inplace_cb_reply_generic) return 1; #endif +#ifdef WITH_DYNLIBMODULE + if(fptr == &dynlib_inplace_cb_reply_generic) return 1; +#endif } else if(type == inplace_cb_reply_cache) { #ifdef WITH_PYTHONMODULE if(fptr == &python_inplace_cb_reply_generic) return 1; #endif +#ifdef WITH_DYNLIBMODULE + if(fptr == &dynlib_inplace_cb_reply_generic) return 1; +#endif } else if(type == inplace_cb_reply_local) { #ifdef WITH_PYTHONMODULE if(fptr == &python_inplace_cb_reply_generic) return 1; #endif +#ifdef WITH_DYNLIBMODULE + if(fptr == &dynlib_inplace_cb_reply_generic) return 1; +#endif } else if(type == inplace_cb_reply_servfail) { #ifdef WITH_PYTHONMODULE if(fptr == &python_inplace_cb_reply_generic) return 1; #endif +#ifdef WITH_DYNLIBMODULE + if(fptr == &dynlib_inplace_cb_reply_generic) return 1; +#endif } return 0; } @@ -592,6 +637,10 @@ int fptr_whitelist_inplace_cb_query(inplace_cb_query_func_type* fptr) if(fptr == &python_inplace_cb_query_generic) return 1; #endif +#ifdef WITH_DYNLIBMODULE + if(fptr == &dynlib_inplace_cb_query_generic) + return 1; +#endif (void)fptr; return 0; } @@ -605,6 +654,10 @@ int fptr_whitelist_inplace_cb_edns_back_parsed( #else (void)fptr; #endif +#ifdef WITH_DYNLIBMODULE + if(fptr == &dynlib_inplace_cb_edns_back_parsed) + return 1; +#endif return 0; } @@ -617,6 +670,10 @@ int fptr_whitelist_inplace_cb_query_response( #else (void)fptr; #endif +#ifdef WITH_DYNLIBMODULE + if(fptr == &dynlib_inplace_cb_query_response) + return 1; +#endif return 0; } diff --git a/util/iana_ports.inc b/util/iana_ports.inc index 3b8afe54e829..79488f49a2c9 100644 --- a/util/iana_ports.inc +++ b/util/iana_ports.inc @@ -3771,6 +3771,7 @@ 4188, 4191, 4192, +4195, 4197, 4199, 4300, @@ -4539,6 +4540,7 @@ 6850, 6868, 6888, +6924, 6935, 6936, 6946, @@ -5229,6 +5231,7 @@ 18241, 18262, 18463, +18516, 18634, 18635, 18668, diff --git a/util/log.h b/util/log.h index 098a850a5599..29a1ba38009f 100644 --- a/util/log.h +++ b/util/log.h @@ -121,7 +121,7 @@ void log_ident_set_default(const char* id); /** * Revert identity to print, back to the recorded default value. */ -void log_ident_revert_to_default(); +void log_ident_revert_to_default(void); /** * Set identity to print if there is an identity, otherwise diff --git a/util/mini_event.h b/util/mini_event.h index 204894d97af2..1734ca574c60 100644 --- a/util/mini_event.h +++ b/util/mini_event.h @@ -54,6 +54,8 @@ #if defined(USE_MINI_EVENT) && !defined(USE_WINSOCK) +#include <sys/time.h> + #ifndef HAVE_EVENT_BASE_FREE #define HAVE_EVENT_BASE_FREE #endif diff --git a/util/net_help.c b/util/net_help.c index 0869f91f954e..f59a4d65370d 100644 --- a/util/net_help.c +++ b/util/net_help.c @@ -55,6 +55,9 @@ #ifdef HAVE_OPENSSL_ERR_H #include <openssl/err.h> #endif +#ifdef HAVE_OPENSSL_CORE_NAMES_H +#include <openssl/core_names.h> +#endif #ifdef USE_WINSOCK #include <wincrypt.h> #endif @@ -67,8 +70,8 @@ uint16_t EDNS_ADVERTISED_SIZE = 4096; /** minimal responses when positive answer: default is no */ int MINIMAL_RESPONSES = 0; -/** rrset order roundrobin: default is no */ -int RRSET_ROUNDROBIN = 0; +/** rrset order roundrobin: default is yes */ +int RRSET_ROUNDROBIN = 1; /** log tag queries with name instead of 'info' for filtering */ int LOG_TAG_QUERYREPLY = 0; @@ -79,6 +82,32 @@ static struct tls_session_ticket_key { unsigned char *hmac_key; } *ticket_keys; +/** + * callback TLS session ticket encrypt and decrypt + * For use with SSL_CTX_set_tlsext_ticket_key_cb or + * SSL_CTX_set_tlsext_ticket_key_evp_cb + * @param s: the SSL_CTX to use (from connect_sslctx_create()) + * @param key_name: secret name, 16 bytes + * @param iv: up to EVP_MAX_IV_LENGTH. + * @param evp_ctx: the evp cipher context, function sets this. + * @param hmac_ctx: the hmac context, function sets this. + * with ..key_cb it is of type HMAC_CTX* + * with ..key_evp_cb it is of type EVP_MAC_CTX* + * @param enc: 1 is encrypt, 0 is decrypt + * @return 0 on no ticket, 1 for okay, and 2 for okay but renew the ticket + * (the ticket is decrypt only). and <0 for failures. + */ +#ifdef HAVE_SSL +int tls_session_ticket_key_cb(SSL *s, unsigned char* key_name, + unsigned char* iv, EVP_CIPHER_CTX *evp_ctx, +#ifdef HAVE_SSL_CTX_SET_TLSEXT_TICKET_KEY_EVP_CB + EVP_MAC_CTX *hmac_ctx, +#else + HMAC_CTX* hmac_ctx, +#endif + int enc); +#endif /* HAVE_SSL */ + /* returns true is string addr is an ip6 specced address */ int str_is_ip6(const char* str) @@ -829,6 +858,32 @@ void log_crypto_err_code(const char* str, unsigned long err) #endif /* HAVE_SSL */ } +#ifdef HAVE_SSL +/** log certificate details */ +void +log_cert(unsigned level, const char* str, void* cert) +{ + BIO* bio; + char nul = 0; + char* pp = NULL; + long len; + if(verbosity < level) return; + bio = BIO_new(BIO_s_mem()); + if(!bio) return; + X509_print_ex(bio, (X509*)cert, 0, (unsigned long)-1 + ^(X509_FLAG_NO_SUBJECT + |X509_FLAG_NO_ISSUER|X509_FLAG_NO_VALIDITY + |X509_FLAG_NO_EXTENSIONS|X509_FLAG_NO_AUX + |X509_FLAG_NO_ATTRIBUTES)); + BIO_write(bio, &nul, (int)sizeof(nul)); + len = BIO_get_mem_data(bio, &pp); + if(len != 0 && pp) { + verbose(level, "%s: \n%s", str, pp); + } + BIO_free(bio); +} +#endif /* HAVE_SSL */ + int listen_sslctx_setup(void* ctxt) { @@ -970,7 +1025,7 @@ void* listen_sslctx_create(char* key, char* pem, char* verifypem) } SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file( verifypem)); - SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL); + SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL); } return ctx; #else @@ -1191,6 +1246,60 @@ void* outgoing_ssl_fd(void* sslctx, int fd) #endif } +int check_auth_name_for_ssl(char* auth_name) +{ + if(!auth_name) return 1; +#if defined(HAVE_SSL) && !defined(HAVE_SSL_SET1_HOST) && !defined(HAVE_X509_VERIFY_PARAM_SET1_HOST) + log_err("the query has an auth_name %s, but libssl has no call to " + "perform TLS authentication. Remove that name from config " + "or upgrade the ssl crypto library.", auth_name); + return 0; +#else + return 1; +#endif +} + +/** set the authname on an SSL structure, SSL* ssl */ +int set_auth_name_on_ssl(void* ssl, char* auth_name, int use_sni) +{ + if(!auth_name) return 1; +#ifdef HAVE_SSL + if(use_sni) { + (void)SSL_set_tlsext_host_name(ssl, auth_name); + } +#else + (void)ssl; + (void)use_sni; +#endif +#ifdef HAVE_SSL_SET1_HOST + SSL_set_verify(ssl, SSL_VERIFY_PEER, NULL); + /* setting the hostname makes openssl verify the + * host name in the x509 certificate in the + * SSL connection*/ + if(!SSL_set1_host(ssl, auth_name)) { + log_err("SSL_set1_host failed"); + return 0; + } +#elif defined(HAVE_X509_VERIFY_PARAM_SET1_HOST) + /* openssl 1.0.2 has this function that can be used for + * set1_host like verification */ + if(auth_name) { + X509_VERIFY_PARAM* param = SSL_get0_param(ssl); +# ifdef X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS + X509_VERIFY_PARAM_set_hostflags(param, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS); +# endif + if(!X509_VERIFY_PARAM_set1_host(param, auth_name, strlen(auth_name))) { + log_err("X509_VERIFY_PARAM_set1_host failed"); + return 0; + } + SSL_set_verify(ssl, SSL_VERIFY_PEER, NULL); + } +#else + verbose(VERB_ALGO, "the query has an auth_name, but libssl has no call to perform TLS authentication"); +#endif /* HAVE_SSL_SET1_HOST */ + return 1; +} + #if defined(HAVE_SSL) && defined(OPENSSL_THREADS) && !defined(THREADS_DISABLED) && defined(CRYPTO_LOCK) && OPENSSL_VERSION_NUMBER < 0x10100000L /** global lock list for openssl locks */ static lock_basic_type *ub_openssl_locks = NULL; @@ -1285,7 +1394,7 @@ int listen_sslctx_setup_ticket_keys(void* sslctx, struct config_strlist* tls_ses if(!data) return 0; - f = fopen(p->str, "r"); + f = fopen(p->str, "rb"); if(!f) { log_err("could not read tls-session-ticket-key %s: %s", p->str, strerror(errno)); free(data); @@ -1308,10 +1417,17 @@ int listen_sslctx_setup_ticket_keys(void* sslctx, struct config_strlist* tls_ses } /* terminate array with NULL key name entry */ keys->key_name = NULL; +# ifdef HAVE_SSL_CTX_SET_TLSEXT_TICKET_KEY_EVP_CB + if(SSL_CTX_set_tlsext_ticket_key_evp_cb(sslctx, tls_session_ticket_key_cb) == 0) { + log_err("no support for TLS session ticket"); + return 0; + } +# else if(SSL_CTX_set_tlsext_ticket_key_cb(sslctx, tls_session_ticket_key_cb) == 0) { log_err("no support for TLS session ticket"); return 0; } +# endif return 1; #else (void)sslctx; @@ -1321,13 +1437,27 @@ int listen_sslctx_setup_ticket_keys(void* sslctx, struct config_strlist* tls_ses } -int tls_session_ticket_key_cb(void *ATTR_UNUSED(sslctx), unsigned char* key_name, unsigned char* iv, void *evp_sctx, void *hmac_ctx, int enc) +#ifdef HAVE_SSL +int tls_session_ticket_key_cb(SSL *ATTR_UNUSED(sslctx), unsigned char* key_name, + unsigned char* iv, EVP_CIPHER_CTX *evp_sctx, +#ifdef HAVE_SSL_CTX_SET_TLSEXT_TICKET_KEY_EVP_CB + EVP_MAC_CTX *hmac_ctx, +#else + HMAC_CTX* hmac_ctx, +#endif + int enc) { #ifdef HAVE_SSL +# ifdef HAVE_SSL_CTX_SET_TLSEXT_TICKET_KEY_EVP_CB + OSSL_PARAM params[3]; +# else const EVP_MD *digest; +# endif const EVP_CIPHER *cipher; int evp_cipher_length; +# ifndef HAVE_SSL_CTX_SET_TLSEXT_TICKET_KEY_EVP_CB digest = EVP_sha256(); +# endif cipher = EVP_aes_256_cbc(); evp_cipher_length = EVP_CIPHER_iv_length(cipher); if( enc == 1 ) { @@ -1342,7 +1472,14 @@ int tls_session_ticket_key_cb(void *ATTR_UNUSED(sslctx), unsigned char* key_name verbose(VERB_CLIENT, "EVP_EncryptInit_ex failed"); return -1; } -#ifndef HMAC_INIT_EX_RETURNS_VOID +#ifdef HAVE_SSL_CTX_SET_TLSEXT_TICKET_KEY_EVP_CB + params[0] = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY, + ticket_keys->hmac_key, 32); + params[1] = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST, + "sha256", 0); + params[2] = OSSL_PARAM_construct_end(); + EVP_MAC_set_ctx_params(hmac_ctx, params); +#elif !defined(HMAC_INIT_EX_RETURNS_VOID) if (HMAC_Init_ex(hmac_ctx, ticket_keys->hmac_key, 32, digest, NULL) != 1) { verbose(VERB_CLIENT, "HMAC_Init_ex failed"); return -1; @@ -1366,7 +1503,14 @@ int tls_session_ticket_key_cb(void *ATTR_UNUSED(sslctx), unsigned char* key_name return 0; } -#ifndef HMAC_INIT_EX_RETURNS_VOID +#ifdef HAVE_SSL_CTX_SET_TLSEXT_TICKET_KEY_EVP_CB + params[0] = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, + key->hmac_key, 32); + params[1] = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST, + "sha256", 0); + params[2] = OSSL_PARAM_construct_end(); + EVP_MAC_set_ctx_params(hmac_ctx, params); +#elif !defined(HMAC_INIT_EX_RETURNS_VOID) if (HMAC_Init_ex(hmac_ctx, key->hmac_key, 32, digest, NULL) != 1) { verbose(VERB_CLIENT, "HMAC_Init_ex failed"); return -1; @@ -1391,6 +1535,7 @@ int tls_session_ticket_key_cb(void *ATTR_UNUSED(sslctx), unsigned char* key_name return 0; #endif } +#endif /* HAVE_SSL */ void listen_sslctx_delete_ticket_keys(void) diff --git a/util/net_help.h b/util/net_help.h index 7a33a72035d5..29943ada090f 100644 --- a/util/net_help.h +++ b/util/net_help.h @@ -386,6 +386,14 @@ void log_crypto_err(const char* str); void log_crypto_err_code(const char* str, unsigned long err); /** + * Log certificate details verbosity, string, of X509 cert + * @param level: verbosity level + * @param str: string to prefix on output + * @param cert: X509* structure. + */ +void log_cert(unsigned level, const char* str, void* cert); + +/** * Set SSL_OP_NOxxx options on SSL context to disable bad crypto * @param ctxt: SSL_CTX* * @return false on failure. @@ -435,6 +443,22 @@ void* incoming_ssl_fd(void* sslctx, int fd); void* outgoing_ssl_fd(void* sslctx, int fd); /** + * check if authname SSL functionality is available, false if not + * @param auth_name: the name for the remote server, used for error print. + * @return false if SSL functionality to check the SSL name is not available. + */ +int check_auth_name_for_ssl(char* auth_name); + +/** + * set auth name on SSL for verification + * @param ssl: SSL* to set + * @param auth_name: if NULL nothing happens, otherwise the name to check. + * @param use_sni: if SNI will be used. + * @return 1 on success or NULL auth_name, 0 on failure. + */ +int set_auth_name_on_ssl(void* ssl, char* auth_name, int use_sni); + +/** * Initialize openssl locking for thread safety * @return false on failure (alloc failure). */ @@ -454,20 +478,6 @@ void ub_openssl_lock_delete(void); int listen_sslctx_setup_ticket_keys(void* sslctx, struct config_strlist* tls_session_ticket_keys); -/** - * callback TLS session ticket encrypt and decrypt - * For use with SSL_CTX_set_tlsext_ticket_key_cb - * @param s: the SSL_CTX to use (from connect_sslctx_create()) - * @param key_name: secret name, 16 bytes - * @param iv: up to EVP_MAX_IV_LENGTH. - * @param evp_ctx: the evp cipher context, function sets this. - * @param hmac_ctx: the hmax context, function sets this. - * @param enc: 1 is encrypt, 0 is decrypt - * @return 0 on no ticket, 1 for okay, and 2 for okay but renew the ticket - * (the ticket is decrypt only). and <0 for failures. - */ -int tls_session_ticket_key_cb(void *s, unsigned char* key_name,unsigned char* iv, void *evp_ctx, void *hmac_ctx, int enc); - /** Free memory used for TLS session ticket keys */ void listen_sslctx_delete_ticket_keys(void); diff --git a/util/netevent.c b/util/netevent.c index 9fe5da2d45a3..3e7a433e5021 100644 --- a/util/netevent.c +++ b/util/netevent.c @@ -447,7 +447,10 @@ comm_point_send_udp_msg_if(struct comm_point *c, sldns_buffer* packet, ssize_t sent; struct msghdr msg; struct iovec iov[1]; - char control[256]; + union { + struct cmsghdr hdr; + char buf[256]; + } control; #ifndef S_SPLINT_S struct cmsghdr *cmsg; #endif /* S_SPLINT_S */ @@ -465,9 +468,9 @@ comm_point_send_udp_msg_if(struct comm_point *c, sldns_buffer* packet, iov[0].iov_len = sldns_buffer_remaining(packet); msg.msg_iov = iov; msg.msg_iovlen = 1; - msg.msg_control = control; + msg.msg_control = control.buf; #ifndef S_SPLINT_S - msg.msg_controllen = sizeof(control); + msg.msg_controllen = sizeof(control.buf); #endif /* S_SPLINT_S */ msg.msg_flags = 0; @@ -477,7 +480,7 @@ comm_point_send_udp_msg_if(struct comm_point *c, sldns_buffer* packet, #ifdef IP_PKTINFO void* cmsg_data; msg.msg_controllen = CMSG_SPACE(sizeof(struct in_pktinfo)); - log_assert(msg.msg_controllen <= sizeof(control)); + log_assert(msg.msg_controllen <= sizeof(control.buf)); cmsg->cmsg_level = IPPROTO_IP; cmsg->cmsg_type = IP_PKTINFO; memmove(CMSG_DATA(cmsg), &r->pktinfo.v4info, @@ -488,7 +491,7 @@ comm_point_send_udp_msg_if(struct comm_point *c, sldns_buffer* packet, cmsg->cmsg_len = CMSG_LEN(sizeof(struct in_pktinfo)); #elif defined(IP_SENDSRCADDR) msg.msg_controllen = CMSG_SPACE(sizeof(struct in_addr)); - log_assert(msg.msg_controllen <= sizeof(control)); + log_assert(msg.msg_controllen <= sizeof(control.buf)); cmsg->cmsg_level = IPPROTO_IP; cmsg->cmsg_type = IP_SENDSRCADDR; memmove(CMSG_DATA(cmsg), &r->pktinfo.v4addr, @@ -501,7 +504,7 @@ comm_point_send_udp_msg_if(struct comm_point *c, sldns_buffer* packet, } else if(r->srctype == 6) { void* cmsg_data; msg.msg_controllen = CMSG_SPACE(sizeof(struct in6_pktinfo)); - log_assert(msg.msg_controllen <= sizeof(control)); + log_assert(msg.msg_controllen <= sizeof(control.buf)); cmsg->cmsg_level = IPPROTO_IPV6; cmsg->cmsg_type = IPV6_PKTINFO; memmove(CMSG_DATA(cmsg), &r->pktinfo.v6info, @@ -513,7 +516,7 @@ comm_point_send_udp_msg_if(struct comm_point *c, sldns_buffer* packet, } else { /* try to pass all 0 to use default route */ msg.msg_controllen = CMSG_SPACE(sizeof(struct in6_pktinfo)); - log_assert(msg.msg_controllen <= sizeof(control)); + log_assert(msg.msg_controllen <= sizeof(control.buf)); cmsg->cmsg_level = IPPROTO_IPV6; cmsg->cmsg_type = IPV6_PKTINFO; memset(CMSG_DATA(cmsg), 0, sizeof(struct in6_pktinfo)); @@ -584,7 +587,10 @@ comm_point_udp_ancil_callback(int fd, short event, void* arg) struct msghdr msg; struct iovec iov[1]; ssize_t rcv; - char ancil[256]; + union { + struct cmsghdr hdr; + char buf[256]; + } ancil; int i; #ifndef S_SPLINT_S struct cmsghdr* cmsg; @@ -608,9 +614,9 @@ comm_point_udp_ancil_callback(int fd, short event, void* arg) iov[0].iov_len = sldns_buffer_remaining(rep.c->buffer); msg.msg_iov = iov; msg.msg_iovlen = 1; - msg.msg_control = ancil; + msg.msg_control = ancil.buf; #ifndef S_SPLINT_S - msg.msg_controllen = sizeof(ancil); + msg.msg_controllen = sizeof(ancil.buf); #endif /* S_SPLINT_S */ msg.msg_flags = 0; rcv = recvmsg(fd, &msg, 0); @@ -1027,34 +1033,8 @@ tcp_callback_reader(struct comm_point* c) } #ifdef HAVE_SSL -/** log certificate details */ -static void -log_cert(unsigned level, const char* str, X509* cert) -{ - BIO* bio; - char nul = 0; - char* pp = NULL; - long len; - if(verbosity < level) return; - bio = BIO_new(BIO_s_mem()); - if(!bio) return; - X509_print_ex(bio, cert, 0, (unsigned long)-1 - ^(X509_FLAG_NO_SUBJECT - |X509_FLAG_NO_ISSUER|X509_FLAG_NO_VALIDITY - |X509_FLAG_NO_EXTENSIONS|X509_FLAG_NO_AUX - |X509_FLAG_NO_ATTRIBUTES)); - BIO_write(bio, &nul, (int)sizeof(nul)); - len = BIO_get_mem_data(bio, &pp); - if(len != 0 && pp) { - verbose(level, "%s: \n%s", str, pp); - } - BIO_free(bio); -} -#endif /* HAVE_SSL */ - -#ifdef HAVE_SSL /** true if the ssl handshake error has to be squelched from the logs */ -static int +int squelch_err_ssl_handshake(unsigned long err) { if(verbosity >= VERB_QUERY) @@ -3183,7 +3163,10 @@ comm_point_send_reply(struct comm_reply *repinfo) if(repinfo->c->tcp_parent->dtenv != NULL && repinfo->c->tcp_parent->dtenv->log_client_response_messages) dt_msg_send_client_response(repinfo->c->tcp_parent->dtenv, - &repinfo->addr, repinfo->c->type, repinfo->c->buffer); + &repinfo->addr, repinfo->c->type, + ( repinfo->c->tcp_req_info + ? repinfo->c->tcp_req_info->spool_buffer + : repinfo->c->buffer )); #endif if(repinfo->c->tcp_req_info) { tcp_req_info_send_reply(repinfo->c->tcp_req_info); diff --git a/util/netevent.h b/util/netevent.h index d80c72b33431..bb2cd1e53732 100644 --- a/util/netevent.h +++ b/util/netevent.h @@ -783,7 +783,23 @@ void comm_base_handle_slow_accept(int fd, short event, void* arg); void comm_point_tcp_win_bio_cb(struct comm_point* c, void* ssl); #endif -/** see if errno for tcp connect has to be logged or not. This uses errno */ +/** + * See if errno for tcp connect has to be logged or not. This uses errno + * @param addr: apart from checking errno, the addr is checked for ip4mapped + * and broadcast type, hence passed. + * @param addrlen: length of the addr parameter. + * @return true if it needs to be logged. + */ int tcp_connect_errno_needs_log(struct sockaddr* addr, socklen_t addrlen); +#ifdef HAVE_SSL +/** + * True if the ssl handshake error has to be squelched from the logs + * @param err: the error returned by the openssl routine, ERR_get_error. + * This is a packed structure with elements that are examined. + * @return true if the error is squelched (not logged). + */ +int squelch_err_ssl_handshake(unsigned long err); +#endif + #endif /* NET_EVENT_H */ diff --git a/util/shm_side/shm_main.c b/util/shm_side/shm_main.c index 46a71510fea3..af8c5bcf3705 100644 --- a/util/shm_side/shm_main.c +++ b/util/shm_side/shm_main.c @@ -285,6 +285,10 @@ void shm_main_run(struct worker *worker) shm_stat->mem.ipsecmod = (long long)mod_get_mem(&worker->env, "ipsecmod"); #endif +#ifdef WITH_DYNLIBMODULE + shm_stat->mem.dynlib = (long long)mod_get_mem(&worker->env, + "dynlib"); +#endif } server_stats_add(stat_total, stat_info); diff --git a/util/ub_event.c b/util/ub_event.c index 9af476ad4084..68f633bb0ef2 100644 --- a/util/ub_event.c +++ b/util/ub_event.c @@ -148,7 +148,7 @@ const char* ub_event_get_version(void) return event_get_version(); } -#if (defined(HAVE_EV_LOOP) || defined(HAVE_EV_DEFAULT_LOOP)) && defined(EVBACKEND_SELECT) +#if (defined(HAVE_EV_LOOP) || defined(HAVE_EV_DEFAULT_LOOP)) && defined(EV_FEATURE_BACKENDS) static const char* ub_ev_backend2str(int b) { switch(b) { @@ -184,7 +184,7 @@ ub_get_event_sys(struct ub_event_base* base, const char** n, const char** s, *n = "libev"; if (!b) b = (struct event_base*)ev_default_loop(EVFLAG_AUTO); -# ifdef EVBACKEND_SELECT +# ifdef EV_FEATURE_BACKENDS *m = ub_ev_backend2str(ev_backend((struct ev_loop*)b)); # else *m = "not obtainable"; diff --git a/validator/val_secalgo.c b/validator/val_secalgo.c index 8f17c53e86de..65bca8b69d6e 100644 --- a/validator/val_secalgo.c +++ b/validator/val_secalgo.c @@ -77,6 +77,10 @@ int fake_sha1 = 0; #include <openssl/engine.h> #endif +#if defined(HAVE_OPENSSL_DSA_H) && defined(USE_DSA) +#include <openssl/dsa.h> +#endif + /** * Output a libcrypto openssl error to the logfile. * @param str: string to add to it. @@ -1746,6 +1750,7 @@ _verify_nettle_ecdsa(sldns_buffer* buf, unsigned int digest_size, unsigned char* res &= nettle_ecdsa_verify (&pubkey, SHA256_DIGEST_SIZE, digest, &signature); mpz_clear(x); mpz_clear(y); + nettle_ecc_point_clear(&pubkey); break; } case SHA384_DIGEST_SIZE: diff --git a/validator/val_sigcrypt.c b/validator/val_sigcrypt.c index 33d206de8d7f..de730f681893 100644 --- a/validator/val_sigcrypt.c +++ b/validator/val_sigcrypt.c @@ -1343,7 +1343,7 @@ adjust_ttl(struct val_env* ve, uint32_t unow, if(ve->date_override) { now = ve->date_override; } else now = (int32_t)unow; - expittl = expi - now; + expittl = (int32_t)((uint32_t)expi - (uint32_t)now); /* so now: * d->ttl: rrset ttl read from message or cache. May be reduced |