Vendor import of Unbound 1.6.4.vendor/unbound/1.6.4

5 files changed, 167 insertions, 295 deletions

diff --git a/daemon/remote.c b/daemon/remote.c
index c15967c20888..bb41cc5df2db 100644
--- a/daemon/remote.c
+++ b/daemon/remote.c
@@ -124,7 +124,7 @@ timeval_subtract(struct timeval* d, const struct timeval* end,
 
 /** divide sum of timers to get average */
 static void
-timeval_divide(struct timeval* avg, const struct timeval* sum, size_t d)
+timeval_divide(struct timeval* avg, const struct timeval* sum, long long d)
 {
 #ifndef S_SPLINT_S
 	size_t leftover;
@@ -260,10 +260,10 @@ daemon_remote_create(struct config_file* cfg)
 		return NULL;
 	}
 #endif
-#ifdef SHA256_DIGEST_LENGTH
+#if defined(SHA256_DIGEST_LENGTH) && defined(USE_ECDSA)
 	/* if we have sha256, set the cipher list to have no known vulns */
 	if(!SSL_CTX_set_cipher_list(rc->ctx, "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256"))
-		log_crypto_err("coult not set cipher list with SSL_CTX_set_cipher_list");
+		log_crypto_err("could not set cipher list with SSL_CTX_set_cipher_list");
 #endif
 
 	if (cfg->remote_control_use_cert == 0) {
@@ -780,9 +780,9 @@ do_verbosity(SSL* ssl, char* str)
 
 /** print stats from statinfo */
 static int
-print_stats(SSL* ssl, const char* nm, struct stats_info* s)
+print_stats(SSL* ssl, const char* nm, struct ub_stats_info* s)
 {
-	struct timeval avg;
+	struct timeval sumwait, avg;
 	if(!ssl_printf(ssl, "%s.num.queries"SQ"%lu\n", nm, 
 		(unsigned long)s->svr.num_queries)) return 0;
 	if(!ssl_printf(ssl, "%s.num.queries_ip_ratelimited"SQ"%lu\n", nm,
@@ -799,19 +799,19 @@ print_stats(SSL* ssl, const char* nm, struct stats_info* s)
 	if(!ssl_printf(ssl, "%s.num.recursivereplies"SQ"%lu\n", nm, 
 		(unsigned long)s->mesh_replies_sent)) return 0;
 #ifdef USE_DNSCRYPT
-    if(!ssl_printf(ssl, "%s.num.dnscrypt.crypted"SQ"%lu\n", nm,
-        (unsigned long)s->svr.num_query_dnscrypt_crypted)) return 0;
-    if(!ssl_printf(ssl, "%s.num.dnscrypt.cert"SQ"%lu\n", nm,
-        (unsigned long)s->svr.num_query_dnscrypt_cert)) return 0;
-    if(!ssl_printf(ssl, "%s.num.dnscrypt.cleartext"SQ"%lu\n", nm,
-        (unsigned long)s->svr.num_query_dnscrypt_cleartext)) return 0;
-    if(!ssl_printf(ssl, "%s.num.dnscrypt.malformed"SQ"%lu\n", nm,
-        (unsigned long)s->svr.num_query_dnscrypt_crypted_malformed)) return 0;
+	if(!ssl_printf(ssl, "%s.num.dnscrypt.crypted"SQ"%lu\n", nm,
+		(unsigned long)s->svr.num_query_dnscrypt_crypted)) return 0;
+	if(!ssl_printf(ssl, "%s.num.dnscrypt.cert"SQ"%lu\n", nm,
+		(unsigned long)s->svr.num_query_dnscrypt_cert)) return 0;
+	if(!ssl_printf(ssl, "%s.num.dnscrypt.cleartext"SQ"%lu\n", nm,
+		(unsigned long)s->svr.num_query_dnscrypt_cleartext)) return 0;
+	if(!ssl_printf(ssl, "%s.num.dnscrypt.malformed"SQ"%lu\n", nm,
+		(unsigned long)s->svr.num_query_dnscrypt_crypted_malformed)) return 0;
 #endif
 	if(!ssl_printf(ssl, "%s.requestlist.avg"SQ"%g\n", nm,
 		(s->svr.num_queries_missed_cache+s->svr.num_queries_prefetch)?
 			(double)s->svr.sum_query_list_size/
-			(s->svr.num_queries_missed_cache+
+			(double)(s->svr.num_queries_missed_cache+
 			s->svr.num_queries_prefetch) : 0.0)) return 0;
 	if(!ssl_printf(ssl, "%s.requestlist.max"SQ"%lu\n", nm,
 		(unsigned long)s->svr.max_query_list_size)) return 0;
@@ -823,7 +823,11 @@ print_stats(SSL* ssl, const char* nm, struct stats_info* s)
 		(unsigned long)s->mesh_num_states)) return 0;
 	if(!ssl_printf(ssl, "%s.requestlist.current.user"SQ"%lu\n", nm,
 		(unsigned long)s->mesh_num_reply_states)) return 0;
-	timeval_divide(&avg, &s->mesh_replies_sum_wait, s->mesh_replies_sent);
+#ifndef S_SPLINT_S
+	sumwait.tv_sec = s->mesh_replies_sum_wait_sec;
+	sumwait.tv_usec = s->mesh_replies_sum_wait_usec;
+#endif
+	timeval_divide(&avg, &sumwait, s->mesh_replies_sent);
 	if(!ssl_printf(ssl, "%s.recursion.time.avg"SQ ARG_LL "d.%6.6d\n", nm,
 		(long long)avg.tv_sec, (int)avg.tv_usec)) return 0;
 	if(!ssl_printf(ssl, "%s.recursion.time.median"SQ"%g\n", nm, 
@@ -835,7 +839,7 @@ print_stats(SSL* ssl, const char* nm, struct stats_info* s)
 
 /** print stats for one thread */
 static int
-print_thread_stats(SSL* ssl, int i, struct stats_info* s)
+print_thread_stats(SSL* ssl, int i, struct ub_stats_info* s)
 {
 	char nm[16];
 	snprintf(nm, sizeof(nm), "thread%d", i);
@@ -862,46 +866,24 @@ print_longnum(SSL* ssl, const char* desc, size_t x)
 static int
 print_mem(SSL* ssl, struct worker* worker, struct daemon* daemon)
 {
-	int m;
 	size_t msg, rrset, val, iter, respip;
 #ifdef CLIENT_SUBNET
 	size_t subnet = 0;
 #endif /* CLIENT_SUBNET */
+#ifdef USE_IPSECMOD
+	size_t ipsecmod = 0;
+#endif /* USE_IPSECMOD */
 	msg = slabhash_get_mem(daemon->env->msg_cache);
 	rrset = slabhash_get_mem(&daemon->env->rrset_cache->table);
-	val=0;
-	iter=0;
-	respip=0;
-	m = modstack_find(&worker->env.mesh->mods, "validator");
-	if(m != -1) {
-		fptr_ok(fptr_whitelist_mod_get_mem(worker->env.mesh->
-			mods.mod[m]->get_mem));
-		val = (*worker->env.mesh->mods.mod[m]->get_mem)
-			(&worker->env, m);
-	}
-	m = modstack_find(&worker->env.mesh->mods, "iterator");
-	if(m != -1) {
-		fptr_ok(fptr_whitelist_mod_get_mem(worker->env.mesh->
-			mods.mod[m]->get_mem));
-		iter = (*worker->env.mesh->mods.mod[m]->get_mem)
-			(&worker->env, m);
-	}
-	m = modstack_find(&worker->env.mesh->mods, "respip");
-	if(m != -1) {
-		fptr_ok(fptr_whitelist_mod_get_mem(worker->env.mesh->
-			mods.mod[m]->get_mem));
-		respip = (*worker->env.mesh->mods.mod[m]->get_mem)
-			(&worker->env, m);
-	}
+	val = mod_get_mem(&worker->env, "validator");
+	iter = mod_get_mem(&worker->env, "iterator");
+	respip = mod_get_mem(&worker->env, "respip");
 #ifdef CLIENT_SUBNET
-	m = modstack_find(&worker->env.mesh->mods, "subnet");
-	if(m != -1) {
-		fptr_ok(fptr_whitelist_mod_get_mem(worker->env.mesh->
-			mods.mod[m]->get_mem));
-		subnet = (*worker->env.mesh->mods.mod[m]->get_mem)
-			(&worker->env, m);
-	}
+	subnet = mod_get_mem(&worker->env, "subnet");
 #endif /* CLIENT_SUBNET */
+#ifdef USE_IPSECMOD
+	ipsecmod = mod_get_mem(&worker->env, "ipsecmod");
+#endif /* USE_IPSECMOD */
 
 	if(!print_longnum(ssl, "mem.cache.rrset"SQ, rrset))
 		return 0;
@@ -917,6 +899,10 @@ print_mem(SSL* ssl, struct worker* worker, struct daemon* daemon)
 	if(!print_longnum(ssl, "mem.mod.subnet"SQ, subnet))
 		return 0;
 #endif /* CLIENT_SUBNET */
+#ifdef USE_IPSECMOD
+	if(!print_longnum(ssl, "mem.mod.ipsecmod"SQ, ipsecmod))
+		return 0;
+#endif /* USE_IPSECMOD */
 	return 1;
 }
 
@@ -941,7 +927,7 @@ print_uptime(SSL* ssl, struct worker* worker, int reset)
 
 /** print extended histogram */
 static int
-print_hist(SSL* ssl, struct stats_info* s)
+print_hist(SSL* ssl, struct ub_stats_info* s)
 {
 	struct timehist* hist;
 	size_t i;
@@ -969,14 +955,14 @@ print_hist(SSL* ssl, struct stats_info* s)
 
 /** print extended stats */
 static int
-print_ext(SSL* ssl, struct stats_info* s)
+print_ext(SSL* ssl, struct ub_stats_info* s)
 {
 	int i;
 	char nm[16];
 	const sldns_rr_descriptor* desc;
 	const sldns_lookup_table* lt;
 	/* TYPE */
-	for(i=0; i<STATS_QTYPE_NUM; i++) {
+	for(i=0; i<UB_STATS_QTYPE_NUM; i++) {
 		if(inhibit_zero && s->svr.qtype[i] == 0)
 			continue;
 		desc = sldns_rr_descript((uint16_t)i);
@@ -1003,7 +989,7 @@ print_ext(SSL* ssl, struct stats_info* s)
 			(unsigned long)s->svr.qtype_big)) return 0;
 	}
 	/* CLASS */
-	for(i=0; i<STATS_QCLASS_NUM; i++) {
+	for(i=0; i<UB_STATS_QCLASS_NUM; i++) {
 		if(inhibit_zero && s->svr.qclass[i] == 0)
 			continue;
 		lt = sldns_lookup_by_id(sldns_rr_classes, i);
@@ -1020,7 +1006,7 @@ print_ext(SSL* ssl, struct stats_info* s)
 			(unsigned long)s->svr.qclass_big)) return 0;
 	}
 	/* OPCODE */
-	for(i=0; i<STATS_OPCODE_NUM; i++) {
+	for(i=0; i<UB_STATS_OPCODE_NUM; i++) {
 		if(inhibit_zero && s->svr.qopcode[i] == 0)
 			continue;
 		lt = sldns_lookup_by_id(sldns_opcodes, i);
@@ -1062,7 +1048,7 @@ print_ext(SSL* ssl, struct stats_info* s)
 		(unsigned long)s->svr.qEDNS_DO)) return 0;
 
 	/* RCODE */
-	for(i=0; i<STATS_RCODE_NUM; i++) {
+	for(i=0; i<UB_STATS_RCODE_NUM; i++) {
 		/* Always include RCODEs 0-5 */
 		if(inhibit_zero && i > LDNS_RCODE_REFUSED && s->svr.ans_rcode[i] == 0)
 			continue;
@@ -1108,8 +1094,8 @@ static void
 do_stats(SSL* ssl, struct daemon_remote* rc, int reset)
 {
 	struct daemon* daemon = rc->worker->daemon;
-	struct stats_info total;
-	struct stats_info s;
+	struct ub_stats_info total;
+	struct ub_stats_info s;
 	int i;
 	log_assert(daemon->num > 0);
 	/* gather all thread statistics in one place */
@@ -1407,6 +1393,14 @@ do_view_zone_add(SSL* ssl, struct worker* worker, char* arg)
 			ssl_printf(ssl,"error out of memory\n");
 			return;
 		}
+		if(!v->isfirst) {
+			/* Global local-zone is not used for this view,
+			 * therefore add defaults to this view-specic
+			 * local-zone. */
+			struct config_file lz_cfg;
+			memset(&lz_cfg, 0, sizeof(lz_cfg));
+			local_zone_enter_defaults(v->local_zones, &lz_cfg);
+		}
 	}
 	do_zone_add(ssl, v->local_zones, arg2);
 	lock_rw_unlock(&v->lock);
diff --git a/daemon/stats.c b/daemon/stats.c
index 3665616be8be..599f39bcddda 100644
--- a/daemon/stats.c
+++ b/daemon/stats.c
@@ -63,42 +63,42 @@
 
 /** add timers and the values do not overflow or become negative */
 static void
-timeval_add(struct timeval* d, const struct timeval* add)
+stats_timeval_add(long long* d_sec, long long* d_usec, long long add_sec, long long add_usec)
 {
 #ifndef S_SPLINT_S
-	d->tv_sec += add->tv_sec;
-	d->tv_usec += add->tv_usec;
-	if(d->tv_usec > 1000000) {
-		d->tv_usec -= 1000000;
-		d->tv_sec++;
+	(*d_sec) += add_sec;
+	(*d_usec) += add_usec;
+	if((*d_usec) > 1000000) {
+		(*d_usec) -= 1000000;
+		(*d_sec)++;
 	}
 #endif
 }
 
-void server_stats_init(struct server_stats* stats, struct config_file* cfg)
+void server_stats_init(struct ub_server_stats* stats, struct config_file* cfg)
 {
 	memset(stats, 0, sizeof(*stats));
 	stats->extended = cfg->stat_extended;
 }
 
-void server_stats_querymiss(struct server_stats* stats, struct worker* worker)
+void server_stats_querymiss(struct ub_server_stats* stats, struct worker* worker)
 {
 	stats->num_queries_missed_cache++;
 	stats->sum_query_list_size += worker->env.mesh->all.count;
-	if(worker->env.mesh->all.count > stats->max_query_list_size)
-		stats->max_query_list_size = worker->env.mesh->all.count;
+	if((long long)worker->env.mesh->all.count > stats->max_query_list_size)
+		stats->max_query_list_size = (long long)worker->env.mesh->all.count;
 }
 
-void server_stats_prefetch(struct server_stats* stats, struct worker* worker)
+void server_stats_prefetch(struct ub_server_stats* stats, struct worker* worker)
 {
 	stats->num_queries_prefetch++;
 	/* changes the query list size so account that, like a querymiss */
 	stats->sum_query_list_size += worker->env.mesh->all.count;
-	if(worker->env.mesh->all.count > stats->max_query_list_size)
-		stats->max_query_list_size = worker->env.mesh->all.count;
+	if((long long)worker->env.mesh->all.count > stats->max_query_list_size)
+		stats->max_query_list_size = (long long)worker->env.mesh->all.count;
 }
 
-void server_stats_log(struct server_stats* stats, struct worker* worker,
+void server_stats_log(struct ub_server_stats* stats, struct worker* worker,
 	int threadnum)
 {
 	log_info("server stats for thread %d: %u queries, "
@@ -115,7 +115,7 @@ void server_stats_log(struct server_stats* stats, struct worker* worker,
 		(unsigned)stats->max_query_list_size,
 		(stats->num_queries_missed_cache+stats->num_queries_prefetch)?
 			(double)stats->sum_query_list_size/
-			(stats->num_queries_missed_cache+
+			(double)(stats->num_queries_missed_cache+
 			stats->num_queries_prefetch) : 0.0,
 		(unsigned)worker->env.mesh->stats_dropped,
 		(unsigned)worker->env.mesh->stats_jostled);
@@ -140,49 +140,50 @@ get_rrset_bogus(struct worker* worker)
 }
 
 void
-server_stats_compile(struct worker* worker, struct stats_info* s, int reset)
+server_stats_compile(struct worker* worker, struct ub_stats_info* s, int reset)
 {
 	int i;
 	struct listen_list* lp;
 
 	s->svr = worker->stats;
-	s->mesh_num_states = worker->env.mesh->all.count;
-	s->mesh_num_reply_states = worker->env.mesh->num_reply_states;
-	s->mesh_jostled = worker->env.mesh->stats_jostled;
-	s->mesh_dropped = worker->env.mesh->stats_dropped;
-	s->mesh_replies_sent = worker->env.mesh->replies_sent;
-	s->mesh_replies_sum_wait = worker->env.mesh->replies_sum_wait;
+	s->mesh_num_states = (long long)worker->env.mesh->all.count;
+	s->mesh_num_reply_states = (long long)worker->env.mesh->num_reply_states;
+	s->mesh_jostled = (long long)worker->env.mesh->stats_jostled;
+	s->mesh_dropped = (long long)worker->env.mesh->stats_dropped;
+	s->mesh_replies_sent = (long long)worker->env.mesh->replies_sent;
+	s->mesh_replies_sum_wait_sec = (long long)worker->env.mesh->replies_sum_wait.tv_sec;
+	s->mesh_replies_sum_wait_usec = (long long)worker->env.mesh->replies_sum_wait.tv_usec;
 	s->mesh_time_median = timehist_quartile(worker->env.mesh->histogram,
 		0.50);
 
 	/* add in the values from the mesh */
-	s->svr.ans_secure += worker->env.mesh->ans_secure;
-	s->svr.ans_bogus += worker->env.mesh->ans_bogus;
-	s->svr.ans_rcode_nodata += worker->env.mesh->ans_nodata;
+	s->svr.ans_secure += (long long)worker->env.mesh->ans_secure;
+	s->svr.ans_bogus += (long long)worker->env.mesh->ans_bogus;
+	s->svr.ans_rcode_nodata += (long long)worker->env.mesh->ans_nodata;
 	for(i=0; i<16; i++)
-		s->svr.ans_rcode[i] += worker->env.mesh->ans_rcode[i];
+		s->svr.ans_rcode[i] += (long long)worker->env.mesh->ans_rcode[i];
 	timehist_export(worker->env.mesh->histogram, s->svr.hist, 
 		NUM_BUCKETS_HIST);
 	/* values from outside network */
-	s->svr.unwanted_replies = worker->back->unwanted_replies;
-	s->svr.qtcp_outgoing = worker->back->num_tcp_outgoing;
+	s->svr.unwanted_replies = (long long)worker->back->unwanted_replies;
+	s->svr.qtcp_outgoing = (long long)worker->back->num_tcp_outgoing;
 
 	/* get and reset validator rrset bogus number */
-	s->svr.rrset_bogus = get_rrset_bogus(worker);
+	s->svr.rrset_bogus = (long long)get_rrset_bogus(worker);
 
 	/* get cache sizes */
-	s->svr.msg_cache_count = count_slabhash_entries(worker->env.msg_cache);
-	s->svr.rrset_cache_count = count_slabhash_entries(&worker->env.rrset_cache->table);
-	s->svr.infra_cache_count = count_slabhash_entries(worker->env.infra_cache->hosts);
+	s->svr.msg_cache_count = (long long)count_slabhash_entries(worker->env.msg_cache);
+	s->svr.rrset_cache_count = (long long)count_slabhash_entries(&worker->env.rrset_cache->table);
+	s->svr.infra_cache_count = (long long)count_slabhash_entries(worker->env.infra_cache->hosts);
 	if(worker->env.key_cache)
-		s->svr.key_cache_count = count_slabhash_entries(worker->env.key_cache->slab);
+		s->svr.key_cache_count = (long long)count_slabhash_entries(worker->env.key_cache->slab);
 	else	s->svr.key_cache_count = 0;
 
 	/* get tcp accept usage */
 	s->svr.tcp_accept_usage = 0;
 	for(lp = worker->front->cps; lp; lp = lp->next) {
 		if(lp->com->type == comm_tcp_accept)
-			s->svr.tcp_accept_usage += lp->com->cur_tcp_count;
+			s->svr.tcp_accept_usage += (long long)lp->com->cur_tcp_count;
 	}
 
 	if(reset && !worker->env.cfg->stat_cumulative) {
@@ -191,7 +192,7 @@ server_stats_compile(struct worker* worker, struct stats_info* s, int reset)
 }
 
 void server_stats_obtain(struct worker* worker, struct worker* who,
-	struct stats_info* s, int reset)
+	struct ub_stats_info* s, int reset)
 {
 	uint8_t *reply = NULL;
 	uint32_t len = 0;
@@ -217,7 +218,7 @@ void server_stats_obtain(struct worker* worker, struct worker* who,
 
 void server_stats_reply(struct worker* worker, int reset)
 {
-	struct stats_info s;
+	struct ub_stats_info s;
 	server_stats_compile(worker, &s, reset);
 	verbose(VERB_ALGO, "write stats replymsg");
 	if(!tube_write_msg(worker->daemon->workers[0]->cmd, 
@@ -225,7 +226,7 @@ void server_stats_reply(struct worker* worker, int reset)
 		fatal_exit("could not write stat values over cmd channel");
 }
 
-void server_stats_add(struct stats_info* total, struct stats_info* a)
+void server_stats_add(struct ub_stats_info* total, struct ub_stats_info* a)
 {
 	total->svr.num_queries += a->svr.num_queries;
 	total->svr.num_queries_ip_ratelimited += a->svr.num_queries_ip_ratelimited;
@@ -233,12 +234,12 @@ void server_stats_add(struct stats_info* total, struct stats_info* a)
 	total->svr.num_queries_prefetch += a->svr.num_queries_prefetch;
 	total->svr.sum_query_list_size += a->svr.sum_query_list_size;
 #ifdef USE_DNSCRYPT
-    total->svr.num_query_dnscrypt_crypted += a->svr.num_query_dnscrypt_crypted;
-    total->svr.num_query_dnscrypt_cert += a->svr.num_query_dnscrypt_cert;
-    total->svr.num_query_dnscrypt_cleartext += \
-        a->svr.num_query_dnscrypt_cleartext;
-    total->svr.num_query_dnscrypt_crypted_malformed += \
-        a->svr.num_query_dnscrypt_crypted_malformed;
+	total->svr.num_query_dnscrypt_crypted += a->svr.num_query_dnscrypt_crypted;
+	total->svr.num_query_dnscrypt_cert += a->svr.num_query_dnscrypt_cert;
+	total->svr.num_query_dnscrypt_cleartext += \
+		a->svr.num_query_dnscrypt_cleartext;
+	total->svr.num_query_dnscrypt_crypted_malformed += \
+		a->svr.num_query_dnscrypt_crypted_malformed;
 #endif
 	/* the max size reached is upped to higher of both */
 	if(a->svr.max_query_list_size > total->svr.max_query_list_size)
@@ -269,13 +270,13 @@ void server_stats_add(struct stats_info* total, struct stats_info* a)
 		total->svr.unwanted_replies += a->svr.unwanted_replies;
 		total->svr.unwanted_queries += a->svr.unwanted_queries;
 		total->svr.tcp_accept_usage += a->svr.tcp_accept_usage;
-		for(i=0; i<STATS_QTYPE_NUM; i++)
+		for(i=0; i<UB_STATS_QTYPE_NUM; i++)
 			total->svr.qtype[i] += a->svr.qtype[i];
-		for(i=0; i<STATS_QCLASS_NUM; i++)
+		for(i=0; i<UB_STATS_QCLASS_NUM; i++)
 			total->svr.qclass[i] += a->svr.qclass[i];
-		for(i=0; i<STATS_OPCODE_NUM; i++)
+		for(i=0; i<UB_STATS_OPCODE_NUM; i++)
 			total->svr.qopcode[i] += a->svr.qopcode[i];
-		for(i=0; i<STATS_RCODE_NUM; i++)
+		for(i=0; i<UB_STATS_RCODE_NUM; i++)
 			total->svr.ans_rcode[i] += a->svr.ans_rcode[i];
 		for(i=0; i<NUM_BUCKETS_HIST; i++)
 			total->svr.hist[i] += a->svr.hist[i];
@@ -286,22 +287,22 @@ void server_stats_add(struct stats_info* total, struct stats_info* a)
 	total->mesh_jostled += a->mesh_jostled;
 	total->mesh_dropped += a->mesh_dropped;
 	total->mesh_replies_sent += a->mesh_replies_sent;
-	timeval_add(&total->mesh_replies_sum_wait, &a->mesh_replies_sum_wait);
+	stats_timeval_add(&total->mesh_replies_sum_wait_sec, &total->mesh_replies_sum_wait_usec, a->mesh_replies_sum_wait_sec, a->mesh_replies_sum_wait_usec);
 	/* the medians are averaged together, this is not as accurate as
 	 * taking the median over all of the data, but is good and fast
 	 * added up here, division later*/
 	total->mesh_time_median += a->mesh_time_median;
 }
 
-void server_stats_insquery(struct server_stats* stats, struct comm_point* c,
+void server_stats_insquery(struct ub_server_stats* stats, struct comm_point* c,
 	uint16_t qtype, uint16_t qclass, struct edns_data* edns,
 	struct comm_reply* repinfo)
 {
 	uint16_t flags = sldns_buffer_read_u16_at(c->buffer, 2);
-	if(qtype < STATS_QTYPE_NUM)
+	if(qtype < UB_STATS_QTYPE_NUM)
 		stats->qtype[qtype]++;
 	else	stats->qtype_big++;
-	if(qclass < STATS_QCLASS_NUM)
+	if(qclass < UB_STATS_QCLASS_NUM)
 		stats->qclass[qclass]++;
 	else	stats->qclass_big++;
 	stats->qopcode[ LDNS_OPCODE_WIRE(sldns_buffer_begin(c->buffer)) ]++;
@@ -332,7 +333,7 @@ void server_stats_insquery(struct server_stats* stats, struct comm_point* c,
 	}
 }
 
-void server_stats_insrcode(struct server_stats* stats, sldns_buffer* buf)
+void server_stats_insrcode(struct ub_server_stats* stats, sldns_buffer* buf)
 {
 	if(stats->extended && sldns_buffer_limit(buf) != 0) {
 		int r = (int)LDNS_RCODE_WIRE( sldns_buffer_begin(buf) );
diff --git a/daemon/stats.h b/daemon/stats.h
index 39c4d21c5774..4e5e6cf8aed5 100644
--- a/daemon/stats.h
+++ b/daemon/stats.h
@@ -43,7 +43,6 @@
 #ifndef DAEMON_STATS_H
 #define DAEMON_STATS_H
 #include "util/timehist.h"
-#include "dnscrypt/dnscrypt_config.h"
 struct worker;
 struct config_file;
 struct comm_point;
@@ -51,156 +50,24 @@ struct comm_reply;
 struct edns_data;
 struct sldns_buffer;
 
-/** number of qtype that is stored for in array */
-#define STATS_QTYPE_NUM 256
-/** number of qclass that is stored for in array */
-#define STATS_QCLASS_NUM 256
-/** number of rcodes in stats */
-#define STATS_RCODE_NUM 16
-/** number of opcodes in stats */
-#define STATS_OPCODE_NUM 16
-
-/** per worker statistics */
-struct server_stats {
-	/** number of queries from clients received. */
-	size_t num_queries;
-	/** number of queries that have been dropped/ratelimited by ip. */
-	size_t num_queries_ip_ratelimited;
-	/** number of queries that had a cache-miss. */
-	size_t num_queries_missed_cache;
-	/** number of prefetch queries - cachehits with prefetch */
-	size_t num_queries_prefetch;
-
-	/**
-	 * Sum of the querylistsize of the worker for 
-	 * every query that missed cache. To calculate average.
-	 */
-	size_t sum_query_list_size;
-	/** max value of query list size reached. */
-	size_t max_query_list_size;
-
-	/** Extended stats below (bool) */
-	int extended;
-
-	/** qtype stats */
-	size_t qtype[STATS_QTYPE_NUM];
-	/** bigger qtype values not in array */
-	size_t qtype_big;
-	/** qclass stats */
-	size_t qclass[STATS_QCLASS_NUM];
-	/** bigger qclass values not in array */
-	size_t qclass_big;
-	/** query opcodes */
-	size_t qopcode[STATS_OPCODE_NUM];
-	/** number of queries over TCP */
-	size_t qtcp;
-	/** number of outgoing queries over TCP */
-	size_t qtcp_outgoing;
-	/** number of queries over IPv6 */
-	size_t qipv6;
-	/** number of queries with QR bit */
-	size_t qbit_QR;
-	/** number of queries with AA bit */
-	size_t qbit_AA;
-	/** number of queries with TC bit */
-	size_t qbit_TC;
-	/** number of queries with RD bit */
-	size_t qbit_RD;
-	/** number of queries with RA bit */
-	size_t qbit_RA;
-	/** number of queries with Z bit */
-	size_t qbit_Z;
-	/** number of queries with AD bit */
-	size_t qbit_AD;
-	/** number of queries with CD bit */
-	size_t qbit_CD;
-	/** number of queries with EDNS OPT record */
-	size_t qEDNS;
-	/** number of queries with EDNS with DO flag */
-	size_t qEDNS_DO;
-	/** answer rcodes */
-	size_t ans_rcode[STATS_RCODE_NUM];
-	/** answers with pseudo rcode 'nodata' */
-	size_t ans_rcode_nodata;
-	/** answers that were secure (AD) */
-	size_t ans_secure;
-	/** answers that were bogus (withheld as SERVFAIL) */
-	size_t ans_bogus;
-	/** rrsets marked bogus by validator */
-	size_t rrset_bogus;
-	/** unwanted traffic received on server-facing ports */
-	size_t unwanted_replies;
-	/** unwanted traffic received on client-facing ports */
-	size_t unwanted_queries;
-	/** usage of tcp accept list */
-	size_t tcp_accept_usage;
-	/** answers served from expired cache */
-	size_t zero_ttl_responses;
-	/** histogram data exported to array 
-	 * if the array is the same size, no data is lost, and
-	 * if all histograms are same size (is so by default) then
-	 * adding up works well. */
-	size_t hist[NUM_BUCKETS_HIST];
-	
-	/** number of message cache entries */
-	size_t msg_cache_count;
-	/** number of rrset cache entries */
-	size_t rrset_cache_count;
-	/** number of infra cache entries */
-	size_t infra_cache_count;
-	/** number of key cache entries */
-	size_t key_cache_count;
-#ifdef USE_DNSCRYPT
-    /** number of queries that used dnscrypt */
-    size_t num_query_dnscrypt_crypted;
-    /** number of queries that queried dnscrypt certificates */
-    size_t num_query_dnscrypt_cert;
-    /** number of queries in clear text and not asking for the certificates */
-    size_t num_query_dnscrypt_cleartext;
-    /** number of malformed encrypted queries */
-    size_t num_query_dnscrypt_crypted_malformed;
-#endif
-};
-
-/** 
- * Statistics to send over the control pipe when asked
- * This struct is made to be memcpied, sent in binary.
- */
-struct stats_info {
-	/** the thread stats */
-	struct server_stats svr;
-
-	/** mesh stats: current number of states */
-	size_t mesh_num_states;
-	/** mesh stats: current number of reply (user) states */
-	size_t mesh_num_reply_states;
-	/** mesh stats: number of reply states overwritten with a new one */
-	size_t mesh_jostled;
-	/** mesh stats: number of incoming queries dropped */
-	size_t mesh_dropped;
-	/** mesh stats: replies sent */
-	size_t mesh_replies_sent;
-	/** mesh stats: sum of waiting times for the replies */
-	struct timeval mesh_replies_sum_wait;
-	/** mesh stats: median of waiting times for replies (in sec) */
-	double mesh_time_median;
-};
+/* stats struct */
+#include "libunbound/unbound.h"
 
 /** 
  * Initialize server stats to 0.
  * @param stats: what to init (this is alloced by the caller).
  * @param cfg: with extended statistics option.
  */
-void server_stats_init(struct server_stats* stats, struct config_file* cfg);
+void server_stats_init(struct ub_server_stats* stats, struct config_file* cfg);
 
 /** add query if it missed the cache */
-void server_stats_querymiss(struct server_stats* stats, struct worker* worker);
+void server_stats_querymiss(struct ub_server_stats* stats, struct worker* worker);
 
 /** add query if was cached and also resulted in a prefetch */
-void server_stats_prefetch(struct server_stats* stats, struct worker* worker);
+void server_stats_prefetch(struct ub_server_stats* stats, struct worker* worker);
 
 /** display the stats to the log */
-void server_stats_log(struct server_stats* stats, struct worker* worker,
+void server_stats_log(struct ub_server_stats* stats, struct worker* worker,
 	int threadnum);
 
 /**
@@ -211,7 +78,7 @@ void server_stats_log(struct server_stats* stats, struct worker* worker,
  * @param reset: if stats can be reset.
  */
 void server_stats_obtain(struct worker* worker, struct worker* who,
-	struct stats_info* s, int reset);
+	struct ub_stats_info* s, int reset);
 
 /**
  * Compile stats into structure for this thread worker.
@@ -221,7 +88,7 @@ void server_stats_obtain(struct worker* worker, struct worker* who,
  * @param reset: if true, depending on config stats are reset.
  * 	if false, statistics are not reset.
  */
-void server_stats_compile(struct worker* worker, struct stats_info* s, 
+void server_stats_compile(struct worker* worker, struct ub_stats_info* s, 
 	int reset);
 
 /**
@@ -237,7 +104,7 @@ void server_stats_reply(struct worker* worker, int reset);
  * @param total: sum of the two entries.
  * @param a: to add to it.
  */
-void server_stats_add(struct stats_info* total, struct stats_info* a);
+void server_stats_add(struct ub_stats_info* total, struct ub_stats_info* a);
 
 /**
  * Add stats for this query
@@ -248,7 +115,7 @@ void server_stats_add(struct stats_info* total, struct stats_info* a);
  * @param edns: edns record
  * @param repinfo: reply info with remote address
  */
-void server_stats_insquery(struct server_stats* stats, struct comm_point* c,
+void server_stats_insquery(struct ub_server_stats* stats, struct comm_point* c,
 	uint16_t qtype, uint16_t qclass, struct edns_data* edns, 
 	struct comm_reply* repinfo);
 
@@ -257,6 +124,6 @@ void server_stats_insquery(struct server_stats* stats, struct comm_point* c,
  * @param stats: the stats
  * @param buf: buffer with rcode. If buffer is length0: not counted.
  */
-void server_stats_insrcode(struct server_stats* stats, struct sldns_buffer* buf);
+void server_stats_insrcode(struct ub_server_stats* stats, struct sldns_buffer* buf);
 
 #endif /* DAEMON_STATS_H */
diff --git a/daemon/worker.c b/daemon/worker.c
index b1cc974aa2e2..2c4cf5ba6c0a 100644
--- a/daemon/worker.c
+++ b/daemon/worker.c
@@ -811,7 +811,9 @@ chaos_replystr(sldns_buffer* pkt, char** str, int num, struct edns_data* edns,
 	if(!inplace_cb_reply_local_call(&worker->env, NULL, NULL, NULL,
 		LDNS_RCODE_NOERROR, edns, worker->scratchpad))
 			edns->opt_list = NULL;
-	attach_edns_record(pkt, edns);
+	if(sldns_buffer_capacity(pkt) >=
+		sldns_buffer_limit(pkt)+calc_edns_field_size(edns))
+		attach_edns_record(pkt, edns);
 }
 
 /** Reply with one string */
@@ -1014,43 +1016,48 @@ worker_handle_request(struct comm_point* c, void* arg, int error,
 		return 0;
 	}
 #ifdef USE_DNSCRYPT
-    repinfo->max_udp_size = worker->daemon->cfg->max_udp_size;
-    if(!dnsc_handle_curved_request(worker->daemon->dnscenv, repinfo)) {
-        worker->stats.num_query_dnscrypt_crypted_malformed++;
-        return 0;
-    }
-    if(c->dnscrypt && !repinfo->is_dnscrypted) {
-        char buf[LDNS_MAX_DOMAINLEN+1];
-        // Check if this is unencrypted and asking for certs
-        if(worker_check_request(c->buffer, worker) != 0) {
-            verbose(VERB_ALGO, "dnscrypt: worker check request: bad query.");
-            log_addr(VERB_CLIENT,"from",&repinfo->addr, repinfo->addrlen);
-            comm_point_drop_reply(repinfo);
-            return 0;
-        }
-        if(!query_info_parse(&qinfo, c->buffer)) {
-            verbose(VERB_ALGO, "dnscrypt: worker parse request: formerror.");
-            log_addr(VERB_CLIENT,"from",&repinfo->addr, repinfo->addrlen);
-            comm_point_drop_reply(repinfo);
-            return 0;
-        }
-        dname_str(qinfo.qname, buf);
-        if(!(qinfo.qtype == LDNS_RR_TYPE_TXT &&
-             strcasecmp(buf, worker->daemon->dnscenv->provider_name) == 0)) {
-            verbose(VERB_ALGO,
-                    "dnscrypt: not TXT %s. Receive: %s %s",
-                    worker->daemon->dnscenv->provider_name,
-                    sldns_rr_descript(qinfo.qtype)->_name,
-                    buf);
-            comm_point_drop_reply(repinfo);
-            worker->stats.num_query_dnscrypt_cleartext++;
-            return 0;
-        }
-        worker->stats.num_query_dnscrypt_cert++;
-        sldns_buffer_rewind(c->buffer);
-    } else if(c->dnscrypt && repinfo->is_dnscrypted) {
-        worker->stats.num_query_dnscrypt_crypted++;
-    }
+	repinfo->max_udp_size = worker->daemon->cfg->max_udp_size;
+	if(!dnsc_handle_curved_request(worker->daemon->dnscenv, repinfo)) {
+		worker->stats.num_query_dnscrypt_crypted_malformed++;
+		return 0;
+	}
+	if(c->dnscrypt && !repinfo->is_dnscrypted) {
+		char buf[LDNS_MAX_DOMAINLEN+1];
+		/* Check if this is unencrypted and asking for certs */
+		if(worker_check_request(c->buffer, worker) != 0) {
+			verbose(VERB_ALGO,
+				"dnscrypt: worker check request: bad query.");
+			log_addr(VERB_CLIENT,"from",&repinfo->addr,
+				repinfo->addrlen);
+			comm_point_drop_reply(repinfo);
+			return 0;
+		}
+		if(!query_info_parse(&qinfo, c->buffer)) {
+			verbose(VERB_ALGO,
+				"dnscrypt: worker parse request: formerror.");
+			log_addr(VERB_CLIENT, "from", &repinfo->addr,
+				repinfo->addrlen);
+			comm_point_drop_reply(repinfo);
+			return 0;
+		}
+		dname_str(qinfo.qname, buf);
+		if(!(qinfo.qtype == LDNS_RR_TYPE_TXT &&
+			strcasecmp(buf,
+			worker->daemon->dnscenv->provider_name) == 0)) {
+			verbose(VERB_ALGO,
+				"dnscrypt: not TXT %s. Receive: %s %s",
+				worker->daemon->dnscenv->provider_name,
+				sldns_rr_descript(qinfo.qtype)->_name,
+				buf);
+			comm_point_drop_reply(repinfo);
+			worker->stats.num_query_dnscrypt_cleartext++;
+			return 0;
+		}
+		worker->stats.num_query_dnscrypt_cert++;
+		sldns_buffer_rewind(c->buffer);
+	} else if(c->dnscrypt && repinfo->is_dnscrypted) {
+		worker->stats.num_query_dnscrypt_crypted++;
+	}
 #endif
 #ifdef USE_DNSTAP
 	if(worker->dtenv.log_client_query_messages)
@@ -1182,7 +1189,9 @@ worker_handle_request(struct comm_point* c, void* arg, int error,
 		error_encode(c->buffer, EDNS_RCODE_BADVERS&0xf, &qinfo,
 			*(uint16_t*)(void *)sldns_buffer_begin(c->buffer),
 			sldns_buffer_read_u16_at(c->buffer, 2), NULL);
-		attach_edns_record(c->buffer, &edns);
+		if(sldns_buffer_capacity(c->buffer) >=
+			sldns_buffer_limit(c->buffer)+calc_edns_field_size(&edns))
+			attach_edns_record(c->buffer, &edns);
 		regional_free_all(worker->scratchpad);
 		goto send_reply;
 	}
@@ -1420,9 +1429,9 @@ send_reply_rc:
 			tv, 1, c->buffer);
 	}
 #ifdef USE_DNSCRYPT
-    if(!dnsc_handle_uncurved_request(repinfo)) {
-        return 0;
-    }
+	if(!dnsc_handle_uncurved_request(repinfo)) {
+		return 0;
+	}
 #endif
 	return rc;
 }
@@ -1664,6 +1673,7 @@ worker_init(struct worker* worker, struct config_file *cfg,
 	worker->env.mesh = mesh_create(&worker->daemon->mods, &worker->env);
 	worker->env.detach_subs = &mesh_detach_subs;
 	worker->env.attach_sub = &mesh_attach_sub;
+	worker->env.add_sub = &mesh_add_sub;
 	worker->env.kill_sub = &mesh_state_delete;
 	worker->env.detect_cycle = &mesh_detect_cycle;
 	worker->env.scratch_buffer = sldns_buffer_new(cfg->msg_buffer_size);
diff --git a/daemon/worker.h b/daemon/worker.h
index 0d7ce9521610..3887d0405ae6 100644
--- a/daemon/worker.h
+++ b/daemon/worker.h
@@ -116,7 +116,7 @@ struct worker {
 	/** allocation cache for this thread */
 	struct alloc_cache alloc;
 	/** per thread statistics */
-	struct server_stats stats;
+	struct ub_server_stats stats;
 	/** thread scratch regional */
 	struct regional* scratchpad;