diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md new file mode 100644 index 000000000000..35d7ee94f9da --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -0,0 +1,41 @@ +--- +name: Bug report +about: Create a report to help us improve Unbound +title: '' +labels: '' +assignees: '' + +--- + + + +**Describe the bug** +A clear and concise description of what the bug is. + +**To reproduce** +Steps to reproduce the behavior: +1. +2. +3. + +**Expected behavior** +A clear and concise description of what you expected to happen. + +**System:** + - Unbound version: + - OS: + - `unbound -V` output: + +**Additional information** +Add any other information that you may have gathered about the issue here. diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md new file mode 100644 index 000000000000..e9ca08b7ab65 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/feature_request.md @@ -0,0 +1,31 @@ +--- +name: Feature request +about: Suggest an idea for Unbound +title: "[FR]" +labels: '' +assignees: '' + +--- + + + +**Current behavior** +Is there a current behavior that the feature relates to? +If yes, would you wish the current behavior to change? + +**Describe the desired feature** +A clear and concise description of what the feature should be. + +**Potential use-case** +Describe how you see this feature being useful to other Unbound users. diff --git a/.github/workflows/analysis_ports.yml b/.github/workflows/analysis_ports.yml new file mode 100644 index 000000000000..fbbdd80185a9 --- /dev/null +++ b/.github/workflows/analysis_ports.yml @@ -0,0 +1,346 @@ +name: Analysis and Ports + +on: + workflow_dispatch: + inputs: + start: + description: 'Start analysis and port workflow' + default: 'yes' + required: true + +jobs: + build: + runs-on: ${{ matrix.os }} + strategy: + matrix: + include: + - name: GCC on Linux + os: ubuntu-latest + config: "--enable-debug --disable-flto" + make_test: "yes" + - name: Clang-analyzer + os: ubuntu-latest + config: "CC=clang --enable-debug --disable-flto --disable-static" + make_test: "yes" + clang_analysis: "yes" + - name: libevent + os: ubuntu-latest + install_libevent: "yes" + config: "CC=clang --enable-debug --disable-flto --with-libevent --disable-static" + make_test: "yes" + clang_analysis: "yes" + - name: OS X + os: macos-latest + install_expat: "yes" + config: "--enable-debug --disable-flto --with-ssl=/usr/local/opt/openssl --with-libexpat=/usr/local/opt/expat" + make_test: "yes" + - name: Clang on OS X + os: macos-latest + install_expat: "yes" + config: "CC=clang --enable-debug --disable-flto --with-ssl=/usr/local/opt/openssl --with-libexpat=/usr/local/opt/expat --disable-static" + make_test: "yes" + clang_analysis: "yes" + - name: ubsan (gcc undefined behaviour sanitizer) + os: ubuntu-latest + config: 'CFLAGS="-DNDEBUG -g2 -O3 -fsanitize=undefined -fno-sanitize-recover=all" --disable-flto --disable-static' + make_test: "yes" + - name: asan (gcc address sanitizer) + os: ubuntu-latest + config: 'CFLAGS="-DNDEBUG -g2 -O3 -fsanitize=address" --disable-flto --disable-static' + make_test: "yes" + - name: Apple iPhone on iOS, armv7 + os: macos-latest + AUTOTOOLS_HOST: armv7-apple-ios + OPENSSL_HOST: ios-cross + IOS_SDK: iPhoneOS + IOS_CPU: armv7s + test_ios: "yes" + config: "no" + make: "no" + - name: Apple iPhone on iOS, arm64 + os: macos-latest + AUTOTOOLS_HOST: aarch64-apple-ios + OPENSSL_HOST: ios64-cross + IOS_SDK: iPhoneOS + IOS_CPU: arm64 + test_ios: "yes" + config: "no" + make: "no" + - name: Apple TV on iOS, arm64 + os: macos-latest + AUTOTOOLS_HOST: aarch64-apple-ios + OPENSSL_HOST: ios64-cross + IOS_SDK: AppleTVOS + IOS_CPU: arm64 + test_ios: "yes" + config: "no" + make: "no" + - name: Apple Watch on iOS, armv7 + os: macos-latest + AUTOTOOLS_HOST: armv7-apple-ios + OPENSSL_HOST: ios-cross + IOS_SDK: WatchOS + IOS_CPU: armv7k + test_ios: "yes" + config: "no" + make: "no" + - name: iPhoneSimulator on OS X, i386 + os: macos-latest + AUTOTOOLS_HOST: i386-apple-ios + OPENSSL_HOST: iphoneos-cross + IOS_SDK: iPhoneSimulator + IOS_CPU: i386 + test_ios: "yes" + config: "no" + make: "no" + - name: iPhoneSimulator on OS X, x86_64 + os: macos-latest + AUTOTOOLS_HOST: x86_64-apple-ios + OPENSSL_HOST: iphoneos-cross + IOS_SDK: iPhoneSimulator + IOS_CPU: x86_64 + test_ios: "yes" + config: "no" + make: "no" + - name: AppleTVSimulator on OS X, x86_64 + os: macos-latest + AUTOTOOLS_HOST: x86_64-apple-ios + OPENSSL_HOST: iphoneos-cross + IOS_SDK: AppleTVSimulator + IOS_CPU: x86_64 + test_ios: "yes" + config: "no" + make: "no" + - name: WatchSimulator on OS X, i386 + os: macos-latest + AUTOTOOLS_HOST: i386-apple-ios + OPENSSL_HOST: iphoneos-cross + IOS_SDK: WatchSimulator + IOS_CPU: i386 + test_ios: "yes" + config: "no" + make: "no" + - name: Android armv7a + os: ubuntu-latest + AUTOTOOLS_HOST: armv7a-linux-androidabi + OPENSSL_HOST: android-arm + ANDROID_CPU: armv7a + ANDROID_API: 23 + test_android: "yes" + config: "no" + make: "no" + - name: Android aarch64 + os: ubuntu-latest + AUTOTOOLS_HOST: aarch64-linux-android + OPENSSL_HOST: android-arm64 + ANDROID_CPU: aarch64 + ANDROID_API: 23 + test_android: "yes" + config: "no" + make: "no" + - name: Android x86 + os: ubuntu-latest + AUTOTOOLS_HOST: i686-linux-android + OPENSSL_HOST: android-x86 + ANDROID_CPU: x86 + ANDROID_API: 23 + test_android: "yes" + config: "no" + make: "no" + - name: Android x86_64 + os: ubuntu-latest + AUTOTOOLS_HOST: x86_64-linux-android + OPENSSL_HOST: android-x86_64 + ANDROID_CPU: x86_64 + ANDROID_API: 23 + test_android: "yes" + config: "no" + make: "no" + - name: Windows + os: windows-latest + test_windows: "yes" + config: "no" + make: "no" + + steps: + - uses: actions/checkout@v2 + with: + submodules: false + - name: test_windows + if: ${{ matrix.test_windows == 'yes' }} + shell: bash + run: | + export unboundpath=`pwd` + echo unboundpath=${unboundpath} + cd .. + export prepath=`pwd` + echo prepath=${prepath} + #echo "curl cpanm" + #curl -L -k -s -S -o cpanm https://cpanmin.us/ + #echo "perl cpanm Pod::Usage" + #perl cpanm Pod::Usage + mkdir openssl + echo "curl openssl" + curl -L -k -s -S -o openssl-1.1.1j.tar.gz https://www.openssl.org/source/openssl-1.1.1j.tar.gz + tar xzf openssl-1.1.1j.tar.gz + cd openssl-1.1.1j + # remove pod::Usage because we do not need -help or -man output + # from the Configure script + echo "Fixup ./Configure by removing use Pod::Usage require" + sed -e 's/use Pod::Usage//' < Configure > Configure.fix + echo "./Configure.fix no-shared no-asm -DOPENSSL_NO_CAPIENG mingw64 --prefix=\""$prepath/openssl\""" + ./Configure.fix no-shared no-asm -DOPENSSL_NO_CAPIENG mingw64 --prefix="$prepath/openssl" + # make the libs only, build faster + echo "make build_libs" + #make + make build_libs + mv Makefile Makefile.orig + # fixup \\ in the installtop to /. + echo "fixup INSTALLTOP" + sed -e 's?^INSTALLTOP=.*$?INSTALLTOP='"$prepath"'/openssl?' < Makefile.orig > Makefile + # install the includes and libs only, build faster + echo "make install_dev" + #make install_sw + make install_dev + cd .. + mkdir expat + echo "curl expat" + curl -L -k -s -S -o expat-2.2.10.tar.gz https://github.com/libexpat/libexpat/releases/download/R_2_2_10/expat-2.2.10.tar.gz + tar xzf expat-2.2.10.tar.gz + cd expat-2.2.10 + echo "./configure SHELL=/usr/bin/bash CONFIG_SHELL=/usr/bin/bash --prefix=\"$prepath/expat\" --exec-prefix=\"$prepath/expat\" --bindir=\"$prepath/expat/bin\" --includedir=\"$prepath/expat/include\" --mandir=\"$prepath/expat/man\" --libdir=\"$prepath/expat/lib\"" + ./configure SHELL=/usr/bin/bash CONFIG_SHELL=/usr/bin/bash --prefix="$prepath/expat" --exec-prefix="$prepath/expat" --bindir="$prepath/expat/bin" --includedir="$prepath/expat/include" --mandir="$prepath/expat/man" --libdir="$prepath/expat/lib" + # fixup SHELL is treated specially, but SHELZZ is not by make. + echo "Fixup Makefiles by renaming SHELL to SHELLZZ" + mv Makefile Makefile.orig + sed -e 's/SHELL/SHELLZZ/g' < Makefile.orig > Makefile + mv lib/Makefile lib/Makefile.orig + sed -e 's/SHELL/SHELLZZ/g' < lib/Makefile.orig > lib/Makefile + mv doc/Makefile doc/Makefile.orig + sed -e 's/SHELL/SHELLZZ/g' < doc/Makefile.orig > doc/Makefile + mv examples/Makefile examples/Makefile.orig + sed -e 's/SHELL/SHELLZZ/g' < examples/Makefile.orig > examples/Makefile + mv tests/Makefile tests/Makefile.orig + sed -e 's/SHELL/SHELLZZ/g' < tests/Makefile.orig > tests/Makefile + mv xmlwf/Makefile xmlwf/Makefile.orig + sed -e 's/SHELL/SHELLZZ/g' < xmlwf/Makefile.orig > xmlwf/Makefile + echo "make" + make + echo "make install" + make install + cd .. + echo "unbound" + cd unbound + echo "./configure --enable-debug --enable-static-exe --disable-flto \"--with-ssl=$prepath/openssl\" --with-libexpat=\"$prepath/expat\" --disable-shared" + ./configure --enable-debug --enable-static-exe --disable-flto "--with-ssl=$prepath/openssl" --with-libexpat="$prepath/expat" --disable-shared + make + # specific test output + #make testbound.exe; ./testbound.exe -s + #make testbound; ./testbound.exe -p testdata/acl.rpl -o -vvvv + make test + - name: test_android + if: ${{ matrix.test_android == 'yes' }} + env: + AUTOTOOLS_HOST: ${{ matrix.AUTOTOOLS_HOST }} + OPENSSL_HOST: ${{ matrix.OPENSSL_HOST }} + ANDROID_API: ${{ matrix.ANDROID_API }} + ANDROID_CPU: ${{ matrix.ANDROID_CPU }} + run: | + #(already installed) ./contrib/android/install_tools.sh + export ANDROID_PREFIX="$HOME/android$ANDROID_API-$ANDROID_CPU" + echo ANDROID_PREFIX=${ANDROID_PREFIX} + export ANDROID_SDK_ROOT="$HOME/android-sdk" + echo ANDROID_SDK_ROOT=${ANDROID_SDK_ROOT} + export ANDROID_NDK_ROOT="$HOME/android-ndk" + echo ANDROID_NDK_ROOT=${ANDROID_NDK_ROOT} + export AUTOTOOLS_BUILD="$(./config.guess)" + echo AUTOTOOLS_BUILD=${AUTOTOOLS_BUILD} + export PKG_CONFIG_PATH="$ANDROID_PREFIX/lib/pkgconfig" + echo PKG_CONFIG_PATH=${PKG_CONFIG_PATH} + export CONFIG_OPTS="--build=$AUTOTOOLS_BUILD --host=$AUTOTOOLS_HOST --prefix=$ANDROID_PREFIX --with-ssl=$ANDROID_PREFIX --disable-gost --with-libexpat=$ANDROID_PREFIX" + echo CONFIG_OPTS=${CONFIG_OPTS} + echo "::group::install_ndk" + echo "./contrib/android/install_ndk.sh" + ./contrib/android/install_ndk.sh + echo "::endgroup::" + echo "::group::setenv_android.sh" + echo "./contrib/android/setenv_android.sh" + source ./contrib/android/setenv_android.sh + echo "::endgroup::" + echo "::group::install_openssl" + echo "./contrib/android/install_openssl.sh" + ./contrib/android/install_openssl.sh + echo "::endgroup::" + echo "::group::install_expat" + echo "./contrib/android/install_expat.sh" + ./contrib/android/install_expat.sh + echo "::endgroup::" + echo "::group::configure" + echo "./configure ${CONFIG_OPTS}" + ./configure ${CONFIG_OPTS} + echo "::endgroup::" + echo "::group::make" + # make is here to preserve environment variables + make + echo "::endgroup::" + echo "::group::make install" + make install + echo "::endgroup::" + - name: test ios + if: ${{ matrix.test_ios == 'yes' }} + env: + AUTOTOOLS_HOST: ${{ matrix.AUTOTOOLS_HOST }} + OPENSSL_HOST: ${{ matrix.OPENSSL_HOST }} + IOS_SDK: ${{ matrix.IOS_SDK }} + IOS_CPU: ${{ matrix.IOS_CPU }} + run: | + #(already installed) ./contrib/ios/install_tools.sh + export AUTOTOOLS_BUILD="$(./config.guess)" + echo AUTOTOOLS_BUILD=${AUTOTOOLS_BUILD} + export IOS_PREFIX="$HOME/$IOS_SDK-$IOS_CPU" + echo IOS_PREFIX=${IOS_PREFIX} + export PKG_CONFIG_PATH="$IOS_PREFIX/lib/pkgconfig" + echo PKG_CONFIG_PATH=${PKG_CONFIG_PATH} + export CONFIG_OPTS="--build=$AUTOTOOLS_BUILD --host=$AUTOTOOLS_HOST --prefix=$IOS_PREFIX --with-ssl=$IOS_PREFIX --disable-gost --with-libexpat=$IOS_PREFIX" + echo CONFIG_OPTS=${CONFIG_OPTS} + echo "::group::setenv_ios.sh" + echo "./contrib/ios/setenv_ios.sh" + source ./contrib/ios/setenv_ios.sh + echo "::endgroup::" + echo "::group::install_openssl" + echo "./contrib/ios/install_openssl.sh" + ./contrib/ios/install_openssl.sh + echo "::endgroup::" + echo "::group::install_expat" + echo "./contrib/ios/install_expat.sh" + ./contrib/ios/install_expat.sh + echo "::endgroup::" + echo "::group::configure" + echo "./configure ${CONFIG_OPTS}" + ./configure ${CONFIG_OPTS} + echo "::endgroup::" + echo "::group::make" + # make is here to preserve environment variables + make + echo "::endgroup::" + echo "::group::make install" + make install + echo "::endgroup::" + - name: install libevent + if: ${{ matrix.install_libevent == 'yes' }} + run: sudo apt-get install libevent-dev + - name: install expat + if: ${{ matrix.install_expat == 'yes' }} + run: brew install expat + - name: configure + if: ${{ matrix.config != 'no' }} + run: ./configure ${{ matrix.config }} + - name: make + if: ${{ matrix.make != 'no' }} + run: make + - name: make test + if: ${{ matrix.make_test == 'yes' }} + run: make test + - name: clang-analysis + if: ${{ matrix.clang_analysis == 'yes' }} + run: (cd testdata/clang-analysis.tdir; bash clang-analysis.test) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 000000000000..73d68fbf35c9 --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,21 @@ +name: ci + +on: + push: + branches: [ master ] + pull_request: + branches: [ master ] + +jobs: + build: + + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v2 + - name: configure + run: ./configure --enable-debug + - name: make + run: make + - name: make test + run: make test diff --git a/.travis.yml b/.travis.yml index 37ea672b3494..1f514b5d08d4 100644 --- a/.travis.yml +++ b/.travis.yml @@ -15,7 +15,8 @@ addons: - openssl - libevent - expat - update: true + # homebrew update takes 20min or hangs, so disable update + #update: true jobs: include: @@ -26,18 +27,22 @@ jobs: env: - CONFIG_OPTS="--enable-debug --disable-flto" - os: linux - name: Clang on Linux, Amd64 + name: Clang on Linux, Amd64, clang-analysis compiler: clang arch: amd64 env: - CONFIG_OPTS="--enable-debug --disable-flto" + - TEST_ANALYZER=yes - os: osx - name: Clang on OS X, Amd64 + osx_image: xcode12.2 + name: Clang on OS X, Amd64, clang-analysis compiler: clang arch: amd64 env: - TEST_OSX=yes - - CONFIG_OPTS="--enable-debug --disable-flto --with-ssl=/usr/local/opt/openssl/" + - CONFIG_OPTS="--enable-debug --disable-flto --with-ssl=/usr/local/opt/openssl --with-libexpat=/usr/local/opt/expat" + - TEST_ANALYZER=yes + - HOMEBREW_NO_AUTO_UPDATE=1 - os: linux name: Libevent, GCC on Linux, Amd64 compiler: gcc @@ -53,13 +58,15 @@ jobs: - TEST_LIBEVENT=yes - CONFIG_OPTS="--with-libevent" - os: osx + osx_image: xcode12.2 name: Libevent, Clang on OS X, Amd64 compiler: clang arch: amd64 env: - TEST_OSX=yes - TEST_LIBEVENT=yes - - CONFIG_OPTS="--with-ssl=/usr/local/opt/openssl/ --with-libevent=/usr/local/opt/libevent/" + - CONFIG_OPTS="--disable-flto --with-ssl=/usr/local/opt/openssl --with-libevent=/usr/local/opt/libevent --with-libexpat=/usr/local/opt/expat" + - HOMEBREW_NO_AUTO_UPDATE=1 - os: linux name: UBsan, GCC on Linux, Amd64 compiler: gcc @@ -131,7 +138,7 @@ jobs: env: - CONFIG_OPTS="--enable-debug --disable-flto" - os: osx - osx_image: xcode10 + osx_image: xcode12.2 name: Apple iPhone on iOS, armv7 compiler: clang env: @@ -141,8 +148,9 @@ jobs: - IOS_SDK=iPhoneOS - IOS_CPU=armv7s - IOS_PREFIX="$HOME/$IOS_SDK-$IOS_CPU" + - HOMEBREW_NO_AUTO_UPDATE=1 - os: osx - osx_image: xcode10 + osx_image: xcode12.2 name: Apple iPhone on iOS, arm64 compiler: clang env: @@ -152,8 +160,9 @@ jobs: - IOS_SDK=iPhoneOS - IOS_CPU=arm64 - IOS_PREFIX="$HOME/$IOS_SDK-$IOS_CPU" + - HOMEBREW_NO_AUTO_UPDATE=1 - os: osx - osx_image: xcode10 + osx_image: xcode12.2 name: Apple TV on iOS, arm64 compiler: clang env: @@ -163,8 +172,9 @@ jobs: - IOS_SDK=AppleTVOS - IOS_CPU=arm64 - IOS_PREFIX="$HOME/$IOS_SDK-$IOS_CPU" + - HOMEBREW_NO_AUTO_UPDATE=1 - os: osx - osx_image: xcode10 + osx_image: xcode12.2 name: Apple Watch on iOS, armv7 compiler: clang env: @@ -174,8 +184,9 @@ jobs: - IOS_SDK=WatchOS - IOS_CPU=armv7k - IOS_PREFIX="$HOME/$IOS_SDK-$IOS_CPU" + - HOMEBREW_NO_AUTO_UPDATE=1 - os: osx - osx_image: xcode10 + osx_image: xcode12.2 name: iPhoneSimulator on OS X, i386 env: - TEST_IOS=yes @@ -184,8 +195,9 @@ jobs: - IOS_CPU=i386 - IOS_SDK=iPhoneSimulator - IOS_PREFIX="$HOME/$IOS_SDK-$IOS_CPU" + - HOMEBREW_NO_AUTO_UPDATE=1 - os: osx - osx_image: xcode10 + osx_image: xcode12.2 name: iPhoneSimulator on OS X, x86_64 env: - TEST_IOS=yes @@ -194,8 +206,9 @@ jobs: - IOS_CPU=x86_64 - IOS_SDK=iPhoneSimulator - IOS_PREFIX="$HOME/$IOS_SDK-$IOS_CPU" + - HOMEBREW_NO_AUTO_UPDATE=1 - os: osx - osx_image: xcode10 + osx_image: xcode12.2 name: AppleTVSimulator on OS X, x86_64 env: - TEST_IOS=yes @@ -204,8 +217,9 @@ jobs: - IOS_CPU=x86_64 - IOS_SDK=AppleTVSimulator - IOS_PREFIX="$HOME/$IOS_SDK-$IOS_CPU" + - HOMEBREW_NO_AUTO_UPDATE=1 - os: osx - osx_image: xcode10 + osx_image: xcode12.2 name: WatchSimulator on OS X, i386 env: - TEST_IOS=yes @@ -214,6 +228,7 @@ jobs: - IOS_CPU=i386 - IOS_SDK=WatchSimulator - IOS_PREFIX="$HOME/$IOS_SDK-$IOS_CPU" + - HOMEBREW_NO_AUTO_UPDATE=1 - os: linux name: Android armv7a, Linux, Amd64 compiler: clang @@ -272,6 +287,22 @@ jobs: - ANDROID_NDK_ROOT="$HOME/android-ndk" allow_failures: + - os: osx + name: Apple iPhone on iOS, armv7 + - os: osx + name: Apple iPhone on iOS, arm64 + - os: osx + name: Apple TV on iOS, arm64 + - os: osx + name: Apple Watch on iOS, armv7 + - os: osx + name: iPhoneSimulator on OS X, i386 + - os: osx + name: iPhoneSimulator on OS X, x86_64 + - os: osx + name: AppleTVSimulator on OS X, x86_64 + - os: osx + name: WatchSimulator on OS X, i386 - os: linux name: Android armv7a, Linux, Amd64 - os: linux @@ -294,51 +325,56 @@ before_script: # https://docs.travis-ci.com/user/job-lifecycle/ in the Travis docs. script: - | + export MAKE_TEST="yes" if [ "$TEST_UBSAN" = "yes" ]; then - export CFLAGS="-DNDEBUG -g2 -O3 -fsanitize=undefined -fno-sanitize-recover" - ./configure - make -j 2 - make test + export CFLAGS="-DNDEBUG -g2 -O3 -fsanitize=undefined -fno-sanitize-recover=all" elif [ "$TEST_ASAN" = "yes" ]; then export CFLAGS="-DNDEBUG -g2 -O3 -fsanitize=address" - ./configure - make -j 2 - make test - elif [ "$TEST_IOS" = "yes" ]; then + fi + - | + if [ "$TEST_IOS" = "yes" ]; then export AUTOTOOLS_BUILD="$(./config.guess)" export PKG_CONFIG_PATH="$IOS_PREFIX/lib/pkgconfig" source ./contrib/ios/setenv_ios.sh ./contrib/ios/install_openssl.sh ./contrib/ios/install_expat.sh - ./configure \ - --build="$AUTOTOOLS_BUILD" --host="$AUTOTOOLS_HOST" \ - --prefix="$IOS_PREFIX" \ - --with-ssl="$IOS_PREFIX" --disable-gost \ - --with-libexpat="$IOS_PREFIX"; - make -j 2 - make install - elif [ "$TEST_ANDROID" = "yes" ]; then + export CONFIG_OPTS="\ + --build=$AUTOTOOLS_BUILD --host=$AUTOTOOLS_HOST \ + --prefix=$IOS_PREFIX \ + --with-ssl=$IOS_PREFIX --disable-gost \ + --with-libexpat=$IOS_PREFIX " + echo CONFIG_OPTS ${CONFIG_OPTS} + export MAKE_TEST=no + export TEST_INSTALL=yes + fi + - | + if [ "$TEST_ANDROID" = "yes" ]; then export AUTOTOOLS_BUILD="$(./config.guess)" export PKG_CONFIG_PATH="$ANDROID_PREFIX/lib/pkgconfig" ./contrib/android/install_ndk.sh source ./contrib/android/setenv_android.sh ./contrib/android/install_openssl.sh ./contrib/android/install_expat.sh - ./configure \ - --build="$AUTOTOOLS_BUILD" --host="$AUTOTOOLS_HOST" \ - --prefix="$ANDROID_PREFIX" \ - --with-ssl="$ANDROID_PREFIX" --disable-gost \ - --with-libexpat="$ANDROID_PREFIX"; - make -j 2 + export CONFIG_OPTS="\ + --build=$AUTOTOOLS_BUILD --host=$AUTOTOOLS_HOST \ + --prefix=$ANDROID_PREFIX \ + --with-ssl=$ANDROID_PREFIX --disable-gost \ + --with-libexpat=$ANDROID_PREFIX " + echo CONFIG_OPTS ${CONFIG_OPTS} + export MAKE_TEST=no + export TEST_INSTALL=yes + fi + - ./configure ${CONFIG_OPTS} + - make -j 2 + - | + if [ "$MAKE_TEST" = "yes" ]; then + make test + fi + - | + if [ "$TEST_INSTALL" = "yes" ]; then make install - elif [ "$TEST_OSX" = "yes" ]; then - ./configure --enable-debug --disable-flto --with-ssl=/usr/local/opt/openssl/ - make -j 2 - make test - (cd testdata/clang-analysis.tdir; bash clang-analysis.test) - else - ./configure ${CONFIG_OPTS} - make -j 2 - make test + fi + - | + if [ "$TEST_ANALYZER" = "yes" ]; then (cd testdata/clang-analysis.tdir; bash clang-analysis.test) fi diff --git a/Makefile.in b/Makefile.in index 6809881b6a95..ff5dc8fae856 100644 --- a/Makefile.in +++ b/Makefile.in @@ -110,6 +110,8 @@ SUBNET_HEADER=@SUBNET_HEADER@ IPSECMOD_SRC=ipsecmod/ipsecmod.c ipsecmod/ipsecmod-whitelist.c IPSECMOD_OBJ=@IPSECMOD_OBJ@ IPSECMOD_HEADER=@IPSECMOD_HEADER@ +CACHEDB_SRC=@CACHEDB_SRC@ +CACHEDB_OBJ=@CACHEDB_OBJ@ COMMON_SRC=services/cache/dns.c services/cache/infra.c services/cache/rrset.c \ util/as112.c util/data/dname.c util/data/msgencode.c util/data/msgparse.c \ util/data/msgreply.c util/data/packed_rrset.c iterator/iterator.c \ @@ -133,7 +135,7 @@ validator/val_nsec3.c validator/val_nsec.c validator/val_secalgo.c \ validator/val_sigcrypt.c validator/val_utils.c dns64/dns64.c \ edns-subnet/edns-subnet.c edns-subnet/subnetmod.c \ edns-subnet/addrtree.c edns-subnet/subnet-whitelist.c \ -cachedb/cachedb.c cachedb/redis.c respip/respip.c $(CHECKLOCK_SRC) \ +$(CACHEDB_SRC) respip/respip.c $(CHECKLOCK_SRC) \ $(DNSTAP_SRC) $(DNSCRYPT_SRC) $(IPSECMOD_SRC) $(IPSET_SRC) COMMON_OBJ_WITHOUT_NETCALL=dns.lo infra.lo rrset.lo dname.lo msgencode.lo \ as112.lo msgparse.lo msgreply.lo packed_rrset.lo iterator.lo iter_delegpt.lo \ @@ -145,7 +147,7 @@ random.lo rbtree.lo regional.lo rtt.lo dnstree.lo lookup3.lo lruhash.lo \ slabhash.lo tcp_conn_limit.lo timehist.lo tube.lo winsock_event.lo \ autotrust.lo val_anchor.lo rpz.lo \ validator.lo val_kcache.lo val_kentry.lo val_neg.lo val_nsec3.lo val_nsec.lo \ -val_secalgo.lo val_sigcrypt.lo val_utils.lo dns64.lo cachedb.lo redis.lo authzone.lo \ +val_secalgo.lo val_sigcrypt.lo val_utils.lo dns64.lo $(CACHEDB_OBJ) authzone.lo \ $(SUBNET_OBJ) $(PYTHONMOD_OBJ) $(CHECKLOCK_OBJ) $(DNSTAP_OBJ) $(DNSCRYPT_OBJ) \ $(IPSECMOD_OBJ) $(IPSET_OBJ) $(DYNLIBMOD_OBJ) respip.lo COMMON_OBJ_WITHOUT_UB_EVENT=$(COMMON_OBJ_WITHOUT_NETCALL) netevent.lo listen_dnsport.lo \ @@ -173,10 +175,12 @@ UNITTEST_SRC=testcode/unitanchor.c testcode/unitdname.c \ testcode/unitlruhash.c testcode/unitmain.c testcode/unitmsgparse.c \ testcode/unitneg.c testcode/unitregional.c testcode/unitslabhash.c \ testcode/unitverify.c testcode/readhex.c testcode/testpkts.c testcode/unitldns.c \ -testcode/unitecs.c testcode/unitauth.c +testcode/unitecs.c testcode/unitauth.c testcode/unitzonemd.c \ +testcode/unittcpreuse.c UNITTEST_OBJ=unitanchor.lo unitdname.lo unitlruhash.lo unitmain.lo \ unitmsgparse.lo unitneg.lo unitregional.lo unitslabhash.lo unitverify.lo \ -readhex.lo testpkts.lo unitldns.lo unitecs.lo unitauth.lo +readhex.lo testpkts.lo unitldns.lo unitecs.lo unitauth.lo unitzonemd.lo \ +unittcpreuse.lo UNITTEST_OBJ_LINK=$(UNITTEST_OBJ) worker_cb.lo $(COMMON_OBJ) $(SLDNS_OBJ) \ $(COMPAT_OBJ) DAEMON_SRC=daemon/acl_list.c daemon/cachedump.c daemon/daemon.c \ @@ -242,6 +246,9 @@ DELAYER_SRC=testcode/delayer.c DELAYER_OBJ=delayer.lo DELAYER_OBJ_LINK=$(DELAYER_OBJ) worker_cb.lo $(COMMON_OBJ) $(COMPAT_OBJ) \ $(SLDNS_OBJ) +READZONE_SRC=testcode/readzone.c +READZONE_OBJ=readzone.lo +READZONE_OBJ_LINK=$(READZONE_OBJ) worker_cb.lo $(COMMON_OBJ) $(COMPAT_OBJ) $(SLDNS_OBJ) IPSET_SRC=@IPSET_SRC@ IPSET_OBJ=@IPSET_OBJ@ DNSTAP_SOCKET_SRC=dnstap/unbound-dnstap-socket.c @@ -278,7 +285,7 @@ ALL_SRC=$(COMMON_SRC) $(UNITTEST_SRC) $(DAEMON_SRC) \ $(CONTROL_SRC) $(UBANCHOR_SRC) $(PETAL_SRC) $(DNSTAP_SOCKET_SRC)\ $(PYTHONMOD_SRC) $(PYUNBOUND_SRC) $(WIN_DAEMON_THE_SRC) \ $(SVCINST_SRC) $(SVCUNINST_SRC) $(ANCHORUPD_SRC) $(SLDNS_SRC) \ - $(DOHCLIENT_SRC) + $(DOHCLIENT_SRC) $(READZONE_SRC) ALL_OBJ=$(COMMON_OBJ) $(UNITTEST_OBJ) $(DAEMON_OBJ) \ $(TESTBOUND_OBJ) $(LOCKVERIFY_OBJ) $(PKTVIEW_OBJ) \ @@ -287,7 +294,7 @@ ALL_OBJ=$(COMMON_OBJ) $(UNITTEST_OBJ) $(DAEMON_OBJ) \ $(CONTROL_OBJ) $(UBANCHOR_OBJ) $(PETAL_OBJ) $(DNSTAP_SOCKET_OBJ)\ $(COMPAT_OBJ) $(PYUNBOUND_OBJ) \ $(SVCINST_OBJ) $(SVCUNINST_OBJ) $(ANCHORUPD_OBJ) $(SLDNS_OBJ) \ - $(DOHCLIENT_OBJ) + $(DOHCLIENT_OBJ) $(READZONE_OBJ) COMPILE=$(LIBTOOL) --tag=CC --mode=compile $(CC) $(CPPFLAGS) $(CFLAGS) @PTHREAD_CFLAGS_ONLY@ LINK=$(LIBTOOL) --tag=CC --mode=link $(CC) $(staticexe) $(RUNTIME_PATH) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) @@ -325,7 +332,7 @@ TEST_BIN=asynclook$(EXEEXT) delayer$(EXEEXT) \ lock-verify$(EXEEXT) memstats$(EXEEXT) perf$(EXEEXT) \ petal$(EXEEXT) pktview$(EXEEXT) streamtcp$(EXEEXT) \ $(DNSTAP_SOCKET_TESTBIN) dohclient$(EXEEXT) \ - testbound$(EXEEXT) unittest$(EXEEXT) + testbound$(EXEEXT) unittest$(EXEEXT) readzone$(EXEEXT) tests: all $(TEST_BIN) check: test @@ -356,10 +363,10 @@ unbound-control$(EXEEXT): $(CONTROL_OBJ_LINK) libunbound.la $(LINK) -o $@ $(CONTROL_OBJ_LINK) $(EXTRALINK) $(SSLLIB) $(LIBS) unbound-host$(EXEEXT): $(HOST_OBJ_LINK) libunbound.la - $(LINK) -o $@ $(HOST_OBJ_LINK) -L. -L.libs -lunbound $(SSLLIB) $(LIBS) + $(LINK) -o $@ $(HOST_OBJ_LINK) libunbound.la $(SSLLIB) $(LIBS) unbound-anchor$(EXEEXT): $(UBANCHOR_OBJ_LINK) libunbound.la - $(LINK) -o $@ $(UBANCHOR_OBJ_LINK) -L. -L.libs -lunbound -lexpat $(SSLLIB) $(LIBS) + $(LINK) -o $@ $(UBANCHOR_OBJ_LINK) libunbound.la -lexpat $(SSLLIB) $(LIBS) unbound-service-install$(EXEEXT): $(SVCINST_OBJ_LINK) $(LINK) -o $@ $(SVCINST_OBJ_LINK) $(LIBS) @@ -368,7 +375,7 @@ unbound-service-remove$(EXEEXT): $(SVCUNINST_OBJ_LINK) $(LINK) -o $@ $(SVCUNINST_OBJ_LINK) $(LIBS) anchor-update$(EXEEXT): $(ANCHORUPD_OBJ_LINK) libunbound.la - $(LINK) -o $@ $(ANCHORUPD_OBJ_LINK) -L. -L.libs -lunbound $(LIBS) + $(LINK) -o $@ $(ANCHORUPD_OBJ_LINK) libunbound.la $(LIBS) unittest$(EXEEXT): $(UNITTEST_OBJ_LINK) $(LINK) -o $@ $(UNITTEST_OBJ_LINK) $(SSLLIB) $(LIBS) @@ -389,7 +396,7 @@ memstats$(EXEEXT): $(MEMSTATS_OBJ_LINK) $(LINK) -o $@ $(MEMSTATS_OBJ_LINK) $(SSLLIB) $(LIBS) asynclook$(EXEEXT): $(ASYNCLOOK_OBJ_LINK) libunbound.la - $(LINK) -o $@ $(ASYNCLOOK_OBJ_LINK) -L. -L.libs -lunbound $(SSLLIB) $(LIBS) + $(LINK) -o $@ $(ASYNCLOOK_OBJ_LINK) libunbound.la $(SSLLIB) $(LIBS) streamtcp$(EXEEXT): $(STREAMTCP_OBJ_LINK) $(LINK) -o $@ $(STREAMTCP_OBJ_LINK) $(SSLLIB) $(LIBS) @@ -403,6 +410,9 @@ perf$(EXEEXT): $(PERF_OBJ_LINK) delayer$(EXEEXT): $(DELAYER_OBJ_LINK) $(LINK) -o $@ $(DELAYER_OBJ_LINK) $(SSLLIB) $(LIBS) +readzone$(EXEEXT): $(READZONE_OBJ_LINK) + $(LINK) -o $@ $(READZONE_OBJ_LINK) $(SSLLIB) $(LIBS) + signit$(EXEEXT): testcode/signit.c $(CC) $(CPPFLAGS) $(CFLAGS) @PTHREAD_CFLAGS_ONLY@ -o $@ testcode/signit.c $(LDFLAGS) -lldns $(SSLLIB) $(LIBS) @@ -431,6 +441,8 @@ dtstream.lo dtstream.o: $(srcdir)/dnstap/dtstream.c config.h $(srcdir)/dnstap/dt dnstap_fstrm.lo dnstap_fstrm.o: $(srcdir)/dnstap/dnstap_fstrm.c config.h $(srcdir)/dnstap/dnstap_fstrm.h unbound-dnstap-socket.lo unbound-dnstap-socket.o: $(srcdir)/dnstap/unbound-dnstap-socket.c config.h $(srcdir)/dnstap/dtstream.h dynlibmod.lo dynlibdmod.o: $(srcdir)/dynlibmod/dynlibmod.c config.h $(srcdir)/dynlibmod/dynlibmod.h +cachedb.lo cachedb.o: $(srcdir)/cachedb/cachedb.c config.h $(srcdir)/cachedb/cachedb.h +redis.lo redis.o: $(srcdir)/cachedb/redis.c config.h $(srcdir)/cachedb/redis.h # dnscrypt dnscrypt.lo dnscrypt.o: $(srcdir)/dnscrypt/dnscrypt.c config.h \ @@ -464,7 +476,7 @@ libunbound/python/libunbound_wrap.c: $(srcdir)/libunbound/python/libunbound.i un # Pyunbound python unbound wrapper _unbound.la: libunbound_wrap.lo libunbound.la - $(LIBTOOL) --tag=CC --mode=link $(CC) $(RUNTIME_PATH) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) -module -avoid-version -no-undefined -shared -o $@ libunbound_wrap.lo -rpath $(PYTHON_SITE_PKG) -L. -L.libs -lunbound + $(LIBTOOL) --tag=CC --mode=link $(CC) $(RUNTIME_PATH) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) -module -avoid-version -no-undefined -shared -o $@ libunbound_wrap.lo -rpath $(PYTHON_SITE_PKG) -L. -L.libs libunbound.la $(LIBS) util/config_file.c: util/configparser.h util/configlexer.c: $(srcdir)/util/configlexer.lex util/configparser.h @@ -697,7 +709,8 @@ infra.lo infra.o: $(srcdir)/services/cache/infra.c config.h $(srcdir)/sldns/rrde rrset.lo rrset.o: $(srcdir)/services/cache/rrset.c config.h $(srcdir)/services/cache/rrset.h \ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/storage/slabhash.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/config_file.h \ - $(srcdir)/util/data/msgreply.h $(srcdir)/util/regional.h $(srcdir)/util/alloc.h $(srcdir)/util/net_help.h + $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/util/regional.h \ + $(srcdir)/util/alloc.h $(srcdir)/util/net_help.h as112.lo as112.o: $(srcdir)/util/as112.c $(srcdir)/util/as112.h dname.lo dname.o: $(srcdir)/util/data/dname.c config.h $(srcdir)/util/data/dname.h \ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgparse.h \ @@ -786,7 +799,8 @@ iter_utils.lo iter_utils.o: $(srcdir)/iterator/iter_utils.c config.h $(srcdir)/i $(srcdir)/iterator/iter_donotq.h $(srcdir)/iterator/iter_delegpt.h $(srcdir)/iterator/iter_priv.h \ $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ $(srcdir)/services/cache/dns.h $(srcdir)/services/cache/rrset.h \ - $(srcdir)/util/storage/slabhash.h $(srcdir)/util/net_help.h $(srcdir)/util/config_file.h \ + $(srcdir)/util/storage/slabhash.h $(srcdir)/services/outside_network.h \ + $(srcdir)/util/net_help.h $(srcdir)/util/config_file.h \ $(srcdir)/util/regional.h $(srcdir)/util/data/dname.h $(srcdir)/util/random.h $(srcdir)/util/fptr_wlist.h \ $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h \ $(srcdir)/services/localzone.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/services/authzone.h \ @@ -833,11 +847,7 @@ modstack.lo modstack.o: $(srcdir)/services/modstack.c config.h $(srcdir)/service $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h \ $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \ $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/dns64/dns64.h $(srcdir)/iterator/iterator.h \ - $(srcdir)/services/outbound_list.h $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h \ - $(PYTHONMOD_HEADER) $(DYNLIBMOD_HEADER) $(srcdir)/cachedb/cachedb.h \ - $(srcdir)/ipsecmod/ipsecmod.h $(srcdir)/edns-subnet/subnetmod.h $(srcdir)/util/alloc.h $(srcdir)/util/net_help.h \ - $(srcdir)/util/storage/slabhash.h $(srcdir)/util/data/dname.h $(srcdir)/edns-subnet/addrtree.h \ - $(srcdir)/edns-subnet/edns-subnet.h $(srcdir)/ipset/ipset.h + $(srcdir)/services/outbound_list.h $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h view.lo view.o: $(srcdir)/services/view.c config.h $(srcdir)/services/view.h $(srcdir)/util/rbtree.h \ $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h \ $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/data/msgreply.h \ @@ -868,8 +878,7 @@ outside_network.lo outside_network.o: $(srcdir)/services/outside_network.c confi $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \ $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h \ $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h \ - $(srcdir)/util/edns.h $(srcdir)/dnstap/dnstap.h \ - + $(srcdir)/util/edns.h $(srcdir)/dnstap/dnstap.h alloc.lo alloc.o: $(srcdir)/util/alloc.c config.h $(srcdir)/util/alloc.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ $(srcdir)/util/regional.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ @@ -890,8 +899,7 @@ config_file.lo config_file.o: $(srcdir)/util/config_file.c config.h $(srcdir)/ut $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h \ $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/util/data/dname.h \ $(srcdir)/util/rtt.h $(srcdir)/services/cache/infra.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/parseutil.h \ - $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/edns-subnet/edns-subnet.h \ - $(srcdir)/util/iana_ports.inc + $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/util/iana_ports.inc configlexer.lo configlexer.o: util/configlexer.c config.h $(srcdir)/util/configyyrename.h \ $(srcdir)/util/config_file.h util/configparser.h configparser.lo configparser.o: util/configparser.c config.h $(srcdir)/util/configyyrename.h \ @@ -920,8 +928,9 @@ authzone.lo authzone.o: $(srcdir)/services/authzone.c config.h $(srcdir)/service $(srcdir)/util/data/msgencode.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h $(srcdir)/util/random.h \ $(srcdir)/services/cache/dns.h $(srcdir)/services/outside_network.h \ $(srcdir)/services/listen_dnsport.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/wire2str.h \ - $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/keyraw.h \ - $(srcdir)/validator/val_nsec3.h $(srcdir)/validator/val_secalgo.h + $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/keyraw.h $(srcdir)/validator/val_nsec3.h \ + $(srcdir)/validator/val_nsec.h $(srcdir)/validator/val_secalgo.h $(srcdir)/validator/val_sigcrypt.h \ + $(srcdir)/validator/val_anchor.h $(srcdir)/validator/val_utils.h fptr_wlist.lo fptr_wlist.o: $(srcdir)/util/fptr_wlist.c config.h $(srcdir)/util/fptr_wlist.h \ $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/module.h \ @@ -930,7 +939,7 @@ fptr_wlist.lo fptr_wlist.o: $(srcdir)/util/fptr_wlist.c config.h $(srcdir)/util/ $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \ $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h \ $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \ - $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/util/mini_event.h \ + $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h \ $(srcdir)/services/outside_network.h $(srcdir)/services/cache/infra.h \ $(srcdir)/util/rtt.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/dns64/dns64.h \ $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/iterator/iter_fwd.h \ @@ -938,13 +947,18 @@ fptr_wlist.lo fptr_wlist.o: $(srcdir)/util/fptr_wlist.c config.h $(srcdir)/util/ $(srcdir)/validator/val_nsec3.h $(srcdir)/validator/val_sigcrypt.h $(srcdir)/validator/val_kentry.h \ $(srcdir)/validator/val_neg.h $(srcdir)/validator/autotrust.h $(srcdir)/libunbound/libworker.h \ $(srcdir)/libunbound/context.h $(srcdir)/util/alloc.h $(srcdir)/libunbound/unbound-event.h \ - $(srcdir)/libunbound/worker.h $(PYTHONMOD_HEADER) $(DYNLIBMOD_HEADER) \ - $(srcdir)/cachedb/cachedb.h $(srcdir)/ipsecmod/ipsecmod.h $(srcdir)/edns-subnet/subnetmod.h \ - $(srcdir)/util/net_help.h $(srcdir)/util/data/dname.h $(srcdir)/edns-subnet/addrtree.h \ - $(srcdir)/edns-subnet/edns-subnet.h $(srcdir)/ipset/ipset.h $(srcdir)/dnstap/dtstream.h + $(srcdir)/libunbound/worker.h locks.lo locks.o: $(srcdir)/util/locks.c config.h $(srcdir)/util/locks.h $(srcdir)/util/log.h log.lo log.o: $(srcdir)/util/log.c config.h $(srcdir)/util/log.h $(srcdir)/util/locks.h $(srcdir)/sldns/sbuffer.h -mini_event.lo mini_event.o: $(srcdir)/util/mini_event.c config.h $(srcdir)/util/mini_event.h +mini_event.lo mini_event.o: $(srcdir)/util/mini_event.c config.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h \ + $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ + $(srcdir)/util/log.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ + $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \ + $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h \ + $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h \ + $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h \ + $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h module.lo module.o: $(srcdir)/util/module.c config.h $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h \ $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/wire2str.h @@ -957,14 +971,12 @@ netevent.lo netevent.o: $(srcdir)/util/netevent.c config.h $(srcdir)/util/neteve $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h $(srcdir)/services/view.h \ $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h \ $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/sldns/str2wire.h \ - $(srcdir)/dnstap/dnstap.h $(srcdir)/services/listen_dnsport.h \ - + $(srcdir)/dnstap/dnstap.h $(srcdir)/services/listen_dnsport.h net_help.lo net_help.o: $(srcdir)/util/net_help.c config.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h \ $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/module.h \ $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h \ - $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/wire2str.h \ - + $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/wire2str.h random.lo random.o: $(srcdir)/util/random.c config.h $(srcdir)/util/random.h $(srcdir)/util/log.h rbtree.lo rbtree.o: $(srcdir)/util/rbtree.c config.h $(srcdir)/util/log.h $(srcdir)/util/fptr_wlist.h \ $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ @@ -1018,8 +1030,7 @@ tube.lo tube.o: $(srcdir)/util/tube.c config.h $(srcdir)/util/tube.h $(srcdir)/u $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/util/ub_event.h ub_event.lo ub_event.o: $(srcdir)/util/ub_event.c config.h $(srcdir)/util/ub_event.h $(srcdir)/util/log.h \ $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/util/tube.h \ - + $(srcdir)/util/tube.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h ub_event_pluggable.lo ub_event_pluggable.o: $(srcdir)/util/ub_event_pluggable.c config.h $(srcdir)/util/ub_event.h \ $(srcdir)/libunbound/unbound-event.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ $(srcdir)/util/log.h $(srcdir)/util/fptr_wlist.h \ @@ -1029,8 +1040,7 @@ ub_event_pluggable.lo ub_event_pluggable.o: $(srcdir)/util/ub_event_pluggable.c $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \ $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h \ $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \ - $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h \ - + $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h winsock_event.lo winsock_event.o: $(srcdir)/util/winsock_event.c config.h autotrust.lo autotrust.o: $(srcdir)/validator/autotrust.c config.h $(srcdir)/validator/autotrust.h \ $(srcdir)/util/rbtree.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ @@ -1043,8 +1053,7 @@ autotrust.lo autotrust.o: $(srcdir)/validator/autotrust.c config.h $(srcdir)/val $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h \ $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \ $(srcdir)/respip/respip.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \ - $(srcdir)/validator/val_kcache.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/keyraw.h \ - + $(srcdir)/validator/val_kcache.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/keyraw.h val_anchor.lo val_anchor.o: $(srcdir)/validator/val_anchor.c config.h $(srcdir)/validator/val_anchor.h \ $(srcdir)/util/rbtree.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/validator/val_sigcrypt.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/pkthdr.h \ @@ -1074,13 +1083,11 @@ val_kcache.lo val_kcache.o: $(srcdir)/validator/val_kcache.c config.h $(srcdir)/ val_kentry.lo val_kentry.o: $(srcdir)/validator/val_kentry.c config.h $(srcdir)/validator/val_kentry.h \ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/packed_rrset.h \ $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lookup3.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/keyraw.h \ - -val_neg.lo val_neg.o: $(srcdir)/validator/val_neg.c config.h \ - $(srcdir)/validator/val_neg.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/rbtree.h \ - $(srcdir)/validator/val_nsec.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ - $(srcdir)/validator/val_nsec3.h $(srcdir)/validator/val_utils.h $(srcdir)/sldns/pkthdr.h \ - $(srcdir)/util/data/dname.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/net_help.h \ + $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/keyraw.h +val_neg.lo val_neg.o: $(srcdir)/validator/val_neg.c config.h $(srcdir)/validator/val_neg.h $(srcdir)/util/locks.h \ + $(srcdir)/util/log.h $(srcdir)/util/rbtree.h $(srcdir)/validator/val_nsec.h $(srcdir)/util/data/packed_rrset.h \ + $(srcdir)/util/storage/lruhash.h $(srcdir)/validator/val_nsec3.h $(srcdir)/validator/val_utils.h \ + $(srcdir)/sldns/pkthdr.h $(srcdir)/util/data/dname.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/net_help.h \ $(srcdir)/util/config_file.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \ $(srcdir)/services/cache/dns.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/sbuffer.h val_nsec3.lo val_nsec3.o: $(srcdir)/validator/val_nsec3.c config.h $(srcdir)/validator/val_nsec3.h \ @@ -1098,17 +1105,15 @@ val_nsec.lo val_nsec.o: $(srcdir)/validator/val_nsec.c config.h $(srcdir)/valida val_secalgo.lo val_secalgo.o: $(srcdir)/validator/val_secalgo.c config.h $(srcdir)/util/data/packed_rrset.h \ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/validator/val_secalgo.h \ $(srcdir)/validator/val_nsec3.h $(srcdir)/util/rbtree.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/keyraw.h \ - $(srcdir)/sldns/sbuffer.h \ - + $(srcdir)/sldns/sbuffer.h val_sigcrypt.lo val_sigcrypt.o: $(srcdir)/validator/val_sigcrypt.c config.h \ $(srcdir)/validator/val_sigcrypt.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/sldns/pkthdr.h $(srcdir)/validator/val_secalgo.h \ $(srcdir)/validator/validator.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \ $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/rrdef.h $(srcdir)/validator/val_utils.h \ $(srcdir)/util/data/dname.h $(srcdir)/util/rbtree.h $(srcdir)/util/net_help.h $(srcdir)/util/regional.h \ - $(srcdir)/util/config_file.h $(srcdir)/sldns/keyraw.h \ - $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/wire2str.h \ - + $(srcdir)/util/config_file.h $(srcdir)/sldns/keyraw.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/parseutil.h \ + $(srcdir)/sldns/wire2str.h val_utils.lo val_utils.o: $(srcdir)/validator/val_utils.c config.h $(srcdir)/validator/val_utils.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ $(srcdir)/sldns/pkthdr.h $(srcdir)/validator/validator.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \ @@ -1129,43 +1134,13 @@ dns64.lo dns64.o: $(srcdir)/dns64/dns64.c config.h $(srcdir)/dns64/dns64.h $(src $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h \ $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/util/net_help.h \ $(srcdir)/util/regional.h $(srcdir)/util/data/dname.h $(srcdir)/sldns/str2wire.h -edns-subnet.lo edns-subnet.o: $(srcdir)/edns-subnet/edns-subnet.c config.h \ - $(srcdir)/edns-subnet/edns-subnet.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h -subnetmod.lo subnetmod.o: $(srcdir)/edns-subnet/subnetmod.c config.h $(srcdir)/edns-subnet/subnetmod.h \ - $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ - $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ - $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/services/outbound_list.h $(srcdir)/util/alloc.h \ - $(srcdir)/util/net_help.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/data/dname.h \ - $(srcdir)/edns-subnet/addrtree.h $(srcdir)/edns-subnet/edns-subnet.h \ - $(srcdir)/edns-subnet/subnet-whitelist.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h \ - $(srcdir)/services/mesh.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h \ - $(srcdir)/services/localzone.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h \ - $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \ - $(srcdir)/respip/respip.h $(srcdir)/services/cache/dns.h $(srcdir)/util/regional.h \ - $(srcdir)/iterator/iter_utils.h $(srcdir)/iterator/iter_resptype.h +edns-subnet.lo edns-subnet.o: $(srcdir)/edns-subnet/edns-subnet.c config.h +subnetmod.lo subnetmod.o: $(srcdir)/edns-subnet/subnetmod.c config.h addrtree.lo addrtree.o: $(srcdir)/edns-subnet/addrtree.c config.h $(srcdir)/util/log.h \ $(srcdir)/util/data/msgreply.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h \ $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/edns-subnet/addrtree.h -subnet-whitelist.lo subnet-whitelist.o: $(srcdir)/edns-subnet/subnet-whitelist.c config.h \ - $(srcdir)/edns-subnet/edns-subnet.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h \ - $(srcdir)/edns-subnet/subnet-whitelist.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h \ - $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h \ - $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h -cachedb.lo cachedb.o: $(srcdir)/cachedb/cachedb.c config.h $(srcdir)/cachedb/cachedb.h $(srcdir)/util/module.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h \ - $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/cachedb/redis.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h \ - $(srcdir)/util/config_file.h $(srcdir)/util/data/msgencode.h $(srcdir)/services/cache/dns.h \ - $(srcdir)/validator/val_neg.h $(srcdir)/util/rbtree.h $(srcdir)/validator/val_secalgo.h \ - $(srcdir)/iterator/iter_utils.h $(srcdir)/iterator/iter_resptype.h $(srcdir)/sldns/parseutil.h \ - $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/sbuffer.h -redis.lo redis.o: $(srcdir)/cachedb/redis.c config.h $(srcdir)/cachedb/redis.h $(srcdir)/cachedb/cachedb.h \ - $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ - $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ - $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/alloc.h $(srcdir)/util/config_file.h \ - $(srcdir)/sldns/sbuffer.h +subnet-whitelist.lo subnet-whitelist.o: $(srcdir)/edns-subnet/subnet-whitelist.c config.h respip.lo respip.o: $(srcdir)/respip/respip.c config.h $(srcdir)/services/localzone.h $(srcdir)/util/rbtree.h \ $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/module.h \ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ @@ -1178,42 +1153,8 @@ respip.lo respip.o: $(srcdir)/respip/respip.c config.h $(srcdir)/services/localz $(srcdir)/util/regional.h checklocks.lo checklocks.o: $(srcdir)/testcode/checklocks.c config.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ $(srcdir)/testcode/checklocks.h -dnstap.lo dnstap.o: $(srcdir)/dnstap/dnstap.c config.h $(srcdir)/sldns/sbuffer.h \ - $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h $(srcdir)/util/netevent.h \ - $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/dnstap/dnstap.h \ - $(srcdir)/dnstap/dtstream.h $(srcdir)/util/locks.h dnstap/dnstap.pb-c.h -dnstap.pb-c.lo dnstap.pb-c.o: dnstap/dnstap.pb-c.c dnstap/dnstap.pb-c.h \ - -dnstap_fstrm.lo dnstap_fstrm.o: $(srcdir)/dnstap/dnstap_fstrm.c config.h $(srcdir)/dnstap/dnstap_fstrm.h \ - $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h -dtstream.lo dtstream.o: $(srcdir)/dnstap/dtstream.c config.h $(srcdir)/dnstap/dtstream.h $(srcdir)/util/locks.h \ - $(srcdir)/util/log.h $(srcdir)/dnstap/dnstap_fstrm.h $(srcdir)/util/config_file.h $(srcdir)/util/ub_event.h \ - $(srcdir)/util/net_help.h $(srcdir)/services/outside_network.h $(srcdir)/util/rbtree.h $(srcdir)/util/netevent.h \ - $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/sldns/sbuffer.h \ - -ipsecmod.lo ipsecmod.o: $(srcdir)/ipsecmod/ipsecmod.c config.h $(srcdir)/ipsecmod/ipsecmod.h \ - $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ - $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ - $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/rbtree.h $(srcdir)/ipsecmod/ipsecmod-whitelist.h \ - $(srcdir)/util/storage/dnstree.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h \ - $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/tube.h \ - $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \ - $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h \ - $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h \ - $(srcdir)/util/regional.h $(srcdir)/util/net_help.h $(srcdir)/services/cache/dns.h $(srcdir)/sldns/wire2str.h -ipsecmod-whitelist.lo ipsecmod-whitelist.o: $(srcdir)/ipsecmod/ipsecmod-whitelist.c config.h \ - $(srcdir)/ipsecmod/ipsecmod.h $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ - $(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ - $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/rbtree.h \ - $(srcdir)/ipsecmod/ipsecmod-whitelist.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/regional.h \ - $(srcdir)/util/config_file.h $(srcdir)/util/data/dname.h $(srcdir)/sldns/str2wire.h -ipset.lo ipset.o: $(srcdir)/ipset/ipset.c config.h $(srcdir)/ipset/ipset.h $(srcdir)/util/module.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h \ - $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h $(srcdir)/util/config_file.h \ - $(srcdir)/services/cache/dns.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/parseutil.h +ipsecmod.lo ipsecmod.o: $(srcdir)/ipsecmod/ipsecmod.c config.h +ipsecmod-whitelist.lo ipsecmod-whitelist.o: $(srcdir)/ipsecmod/ipsecmod-whitelist.c config.h unitanchor.lo unitanchor.o: $(srcdir)/testcode/unitanchor.c config.h $(srcdir)/util/log.h $(srcdir)/util/data/dname.h \ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/testcode/unitmain.h \ $(srcdir)/validator/val_anchor.h $(srcdir)/util/rbtree.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/rrdef.h @@ -1222,8 +1163,7 @@ unitdname.lo unitdname.o: $(srcdir)/testcode/unitdname.c config.h $(srcdir)/util $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h unitlruhash.lo unitlruhash.o: $(srcdir)/testcode/unitlruhash.c config.h $(srcdir)/testcode/unitmain.h \ $(srcdir)/util/log.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/storage/slabhash.h -unitmain.lo unitmain.o: $(srcdir)/testcode/unitmain.c config.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/keyraw.h \ +unitmain.lo unitmain.o: $(srcdir)/testcode/unitmain.c config.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/keyraw.h \ $(srcdir)/util/log.h $(srcdir)/testcode/unitmain.h $(srcdir)/util/alloc.h $(srcdir)/util/locks.h $(srcdir)/util/net_help.h \ $(srcdir)/util/config_file.h $(srcdir)/util/rtt.h $(srcdir)/util/timehist.h $(srcdir)/iterator/iterator.h \ $(srcdir)/services/outbound_list.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/storage/lruhash.h \ @@ -1264,13 +1204,7 @@ testpkts.lo testpkts.o: $(srcdir)/testcode/testpkts.c config.h $(srcdir)/testcod unitldns.lo unitldns.o: $(srcdir)/testcode/unitldns.c config.h $(srcdir)/util/log.h $(srcdir)/testcode/unitmain.h \ $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/wire2str.h \ $(srcdir)/sldns/parseutil.h -unitecs.lo unitecs.o: $(srcdir)/testcode/unitecs.c config.h $(srcdir)/util/log.h $(srcdir)/util/module.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/data/msgreply.h \ - $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/testcode/unitmain.h $(srcdir)/edns-subnet/addrtree.h \ - $(srcdir)/edns-subnet/subnetmod.h $(srcdir)/services/outbound_list.h $(srcdir)/util/alloc.h \ - $(srcdir)/util/net_help.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/data/dname.h \ - $(srcdir)/edns-subnet/edns-subnet.h +unitecs.lo unitecs.o: $(srcdir)/testcode/unitecs.c config.h unitauth.lo unitauth.o: $(srcdir)/testcode/unitauth.c config.h $(srcdir)/services/authzone.h \ $(srcdir)/util/rbtree.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/services/mesh.h $(srcdir)/util/netevent.h \ $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/data/msgparse.h \ @@ -1281,49 +1215,58 @@ unitauth.lo unitauth.o: $(srcdir)/testcode/unitauth.c config.h $(srcdir)/service $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/testcode/unitmain.h \ $(srcdir)/util/regional.h $(srcdir)/util/net_help.h $(srcdir)/services/cache/dns.h $(srcdir)/sldns/str2wire.h \ $(srcdir)/sldns/wire2str.h +unitzonemd.lo unitzonemd.o: $(srcdir)/testcode/unitzonemd.c config.h $(srcdir)/util/log.h \ + $(srcdir)/testcode/unitmain.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h $(srcdir)/services/authzone.h \ + $(srcdir)/util/rbtree.h $(srcdir)/util/locks.h $(srcdir)/services/mesh.h $(srcdir)/util/netevent.h \ + $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/data/msgparse.h \ + $(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/pkthdr.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \ + $(srcdir)/util/data/packed_rrset.h $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h \ + $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h \ + $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \ + $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/util/data/dname.h $(srcdir)/util/regional.h \ + $(srcdir)/validator/val_anchor.h +unittcpreuse.lo unittcpreuse.o: $(srcdir)/testcode/unittcpreuse.c config.h $(srcdir)/services/outside_network.h \ +$(srcdir)/util/random.h acl_list.lo acl_list.o: $(srcdir)/daemon/acl_list.c config.h $(srcdir)/daemon/acl_list.h \ $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h $(srcdir)/util/locks.h \ $(srcdir)/util/log.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h \ $(srcdir)/services/localzone.h $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h \ $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/str2wire.h -cachedump.lo cachedump.o: $(srcdir)/daemon/cachedump.c config.h \ - $(srcdir)/daemon/cachedump.h $(srcdir)/daemon/remote.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h \ - $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ - $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h \ - $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h \ - $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \ - $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \ - $(srcdir)/services/cache/dns.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h \ - $(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h \ - $(srcdir)/util/data/dname.h $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h \ - $(srcdir)/iterator/iter_delegpt.h $(srcdir)/iterator/iter_utils.h $(srcdir)/iterator/iter_resptype.h \ - $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h $(srcdir)/sldns/wire2str.h \ - $(srcdir)/sldns/str2wire.h -daemon.lo daemon.o: $(srcdir)/daemon/daemon.c config.h \ - $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ - $(srcdir)/daemon/worker.h \ - $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ - $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/util/module.h \ - $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/remote.h \ - $(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h \ - $(srcdir)/util/config_file.h $(srcdir)/util/shm_side/shm_main.h $(srcdir)/util/storage/lookup3.h \ - $(srcdir)/util/storage/slabhash.h $(srcdir)/util/tcp_conn_limit.h $(srcdir)/util/edns.h \ - $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h \ - $(srcdir)/util/rtt.h $(srcdir)/services/localzone.h $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h \ - $(srcdir)/services/rpz.h $(srcdir)/respip/respip.h $(srcdir)/util/random.h $(srcdir)/util/tube.h $(srcdir)/util/net_help.h \ - $(srcdir)/sldns/keyraw.h -remote.lo remote.o: $(srcdir)/daemon/remote.c config.h \ - $(srcdir)/daemon/remote.h \ - $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \ +cachedump.lo cachedump.o: $(srcdir)/daemon/cachedump.c config.h $(srcdir)/daemon/cachedump.h \ + $(srcdir)/daemon/remote.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \ - $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/daemon.h \ + $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \ + $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/dns.h \ + $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h \ + $(srcdir)/util/regional.h $(srcdir)/util/net_help.h $(srcdir)/util/data/dname.h $(srcdir)/iterator/iterator.h \ + $(srcdir)/services/outbound_list.h $(srcdir)/iterator/iter_delegpt.h $(srcdir)/iterator/iter_utils.h \ + $(srcdir)/iterator/iter_resptype.h $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h \ + $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h +daemon.lo daemon.o: $(srcdir)/daemon/daemon.c config.h $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h \ + $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ + $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h \ + $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ + $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/data/msgreply.h \ + $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h \ + $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \ + $(srcdir)/daemon/remote.h $(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h \ + $(srcdir)/services/view.h $(srcdir)/util/config_file.h $(srcdir)/util/shm_side/shm_main.h \ + $(srcdir)/util/storage/lookup3.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/tcp_conn_limit.h \ + $(srcdir)/util/edns.h $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h \ + $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/services/localzone.h \ + $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h $(srcdir)/services/rpz.h $(srcdir)/respip/respip.h \ + $(srcdir)/util/random.h $(srcdir)/util/tube.h $(srcdir)/util/net_help.h $(srcdir)/sldns/keyraw.h +remote.lo remote.o: $(srcdir)/daemon/remote.c config.h $(srcdir)/daemon/remote.h $(srcdir)/daemon/worker.h \ + $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h \ + $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/netevent.h \ + $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/alloc.h \ + $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ + $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/util/module.h \ + $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/daemon.h \ $(srcdir)/services/modstack.h $(srcdir)/daemon/cachedump.h $(srcdir)/util/config_file.h \ $(srcdir)/util/net_help.h $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h \ $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h \ @@ -1348,21 +1291,19 @@ stats.lo stats.o: $(srcdir)/daemon/stats.c config.h $(srcdir)/daemon/stats.h $(s $(srcdir)/util/net_help.h $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h \ $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/services/cache/rrset.h \ $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \ - $(srcdir)/validator/val_kcache.h $(srcdir)/validator/val_neg.h $(srcdir)/edns-subnet/subnetmod.h \ - $(srcdir)/util/data/dname.h $(srcdir)/edns-subnet/addrtree.h $(srcdir)/edns-subnet/edns-subnet.h \ - + $(srcdir)/validator/val_kcache.h $(srcdir)/validator/val_neg.h unbound.lo unbound.o: $(srcdir)/daemon/unbound.c config.h $(srcdir)/util/log.h $(srcdir)/daemon/daemon.h \ $(srcdir)/util/locks.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ - $(srcdir)/daemon/remote.h \ - $(srcdir)/util/config_file.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/storage/lruhash.h \ - $(srcdir)/services/listen_dnsport.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/services/cache/rrset.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/services/cache/infra.h \ - $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h $(srcdir)/util/data/msgreply.h \ - $(srcdir)/util/fptr_wlist.h $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/rpz.h \ - $(srcdir)/services/localzone.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/services/authzone.h \ - $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h \ - $(srcdir)/util/net_help.h $(srcdir)/util/ub_event.h + $(srcdir)/daemon/remote.h $(srcdir)/util/config_file.h \ + $(srcdir)/util/storage/slabhash.h $(srcdir)/util/storage/lruhash.h $(srcdir)/services/listen_dnsport.h \ + $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/services/cache/rrset.h \ + $(srcdir)/util/data/packed_rrset.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h \ + $(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/fptr_wlist.h \ + $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ + $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \ + $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h \ + $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/util/net_help.h \ + $(srcdir)/util/ub_event.h worker.lo worker.o: $(srcdir)/daemon/worker.c config.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h \ $(srcdir)/util/random.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ @@ -1370,32 +1311,32 @@ worker.lo worker.o: $(srcdir)/daemon/worker.c config.h $(srcdir)/util/log.h $(sr $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \ $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/daemon.h \ - $(srcdir)/services/modstack.h $(srcdir)/daemon/remote.h \ - $(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h \ - $(srcdir)/util/config_file.h $(srcdir)/util/regional.h $(srcdir)/util/storage/slabhash.h \ - $(srcdir)/services/listen_dnsport.h $(srcdir)/services/outside_network.h \ - $(srcdir)/services/outbound_list.h $(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h \ - $(srcdir)/util/rtt.h $(srcdir)/services/cache/dns.h $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h \ - $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h $(srcdir)/respip/respip.h \ - $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/dname.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h \ - $(srcdir)/util/edns.h $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h \ - $(srcdir)/validator/autotrust.h $(srcdir)/validator/val_anchor.h $(srcdir)/libunbound/context.h \ - $(srcdir)/libunbound/unbound-event.h $(srcdir)/libunbound/libworker.h $(srcdir)/sldns/wire2str.h \ - $(srcdir)/util/shm_side/shm_main.h $(srcdir)/dnstap/dtstream.h + $(srcdir)/services/modstack.h $(srcdir)/daemon/remote.h $(srcdir)/daemon/acl_list.h \ + $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h $(srcdir)/util/config_file.h \ + $(srcdir)/util/regional.h $(srcdir)/util/storage/slabhash.h $(srcdir)/services/listen_dnsport.h \ + $(srcdir)/services/outside_network.h $(srcdir)/services/outbound_list.h \ + $(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \ + $(srcdir)/services/cache/dns.h $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h $(srcdir)/services/rpz.h \ + $(srcdir)/services/localzone.h $(srcdir)/respip/respip.h $(srcdir)/util/data/msgencode.h \ + $(srcdir)/util/data/dname.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/util/edns.h \ + $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h $(srcdir)/iterator/iter_utils.h \ + $(srcdir)/iterator/iter_resptype.h $(srcdir)/validator/autotrust.h $(srcdir)/validator/val_anchor.h \ + $(srcdir)/libunbound/context.h $(srcdir)/libunbound/unbound-event.h $(srcdir)/libunbound/libworker.h \ + $(srcdir)/sldns/wire2str.h $(srcdir)/util/shm_side/shm_main.h $(srcdir)/dnstap/dtstream.h testbound.lo testbound.o: $(srcdir)/testcode/testbound.c config.h $(srcdir)/testcode/testpkts.h \ $(srcdir)/testcode/replay.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ $(srcdir)/util/rbtree.h $(srcdir)/testcode/fake_event.h \ - $(srcdir)/daemon/remote.h \ - $(srcdir)/util/config_file.h $(srcdir)/sldns/keyraw.h $(srcdir)/daemon/unbound.c $(srcdir)/util/log.h \ - $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ - $(srcdir)/util/storage/slabhash.h $(srcdir)/util/storage/lruhash.h \ - $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h \ - $(srcdir)/util/data/packed_rrset.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h \ - $(srcdir)/util/rtt.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/module.h \ + $(srcdir)/daemon/remote.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \ + $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ + $(srcdir)/util/config_file.h $(srcdir)/sldns/keyraw.h $(srcdir)/daemon/unbound.c $(srcdir)/daemon/daemon.h \ + $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ + $(srcdir)/util/storage/slabhash.h $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h \ + $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rtt.h \ + $(srcdir)/util/data/msgreply.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/module.h \ $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \ $(srcdir)/services/mesh.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h $(srcdir)/services/view.h \ - $(srcdir)/sldns/sbuffer.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \ - $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/util/net_help.h $(srcdir)/util/ub_event.h + $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \ + $(srcdir)/respip/respip.h $(srcdir)/util/net_help.h $(srcdir)/util/ub_event.h testpkts.lo testpkts.o: $(srcdir)/testcode/testpkts.c config.h $(srcdir)/testcode/testpkts.h \ $(srcdir)/util/net_help.h $(srcdir)/util/log.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/pkthdr.h \ $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/wire2str.h @@ -1406,39 +1347,38 @@ worker.lo worker.o: $(srcdir)/daemon/worker.c config.h $(srcdir)/util/log.h $(sr $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \ $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/daemon.h \ - $(srcdir)/services/modstack.h $(srcdir)/daemon/remote.h \ - $(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h \ - $(srcdir)/util/config_file.h $(srcdir)/util/regional.h $(srcdir)/util/storage/slabhash.h \ - $(srcdir)/services/listen_dnsport.h $(srcdir)/services/outside_network.h \ - $(srcdir)/services/outbound_list.h $(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h \ - $(srcdir)/util/rtt.h $(srcdir)/services/cache/dns.h $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h \ - $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h $(srcdir)/respip/respip.h \ - $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/dname.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h \ - $(srcdir)/util/edns.h $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h \ - $(srcdir)/validator/autotrust.h $(srcdir)/validator/val_anchor.h $(srcdir)/libunbound/context.h \ - $(srcdir)/libunbound/unbound-event.h $(srcdir)/libunbound/libworker.h $(srcdir)/sldns/wire2str.h \ - $(srcdir)/util/shm_side/shm_main.h $(srcdir)/dnstap/dtstream.h + $(srcdir)/services/modstack.h $(srcdir)/daemon/remote.h $(srcdir)/daemon/acl_list.h \ + $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h $(srcdir)/util/config_file.h \ + $(srcdir)/util/regional.h $(srcdir)/util/storage/slabhash.h $(srcdir)/services/listen_dnsport.h \ + $(srcdir)/services/outside_network.h $(srcdir)/services/outbound_list.h \ + $(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \ + $(srcdir)/services/cache/dns.h $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h $(srcdir)/services/rpz.h \ + $(srcdir)/services/localzone.h $(srcdir)/respip/respip.h $(srcdir)/util/data/msgencode.h \ + $(srcdir)/util/data/dname.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/util/edns.h \ + $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h $(srcdir)/iterator/iter_utils.h \ + $(srcdir)/iterator/iter_resptype.h $(srcdir)/validator/autotrust.h $(srcdir)/validator/val_anchor.h \ + $(srcdir)/libunbound/context.h $(srcdir)/libunbound/unbound-event.h $(srcdir)/libunbound/libworker.h \ + $(srcdir)/sldns/wire2str.h $(srcdir)/util/shm_side/shm_main.h $(srcdir)/dnstap/dtstream.h acl_list.lo acl_list.o: $(srcdir)/daemon/acl_list.c config.h $(srcdir)/daemon/acl_list.h \ $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h $(srcdir)/util/locks.h \ $(srcdir)/util/log.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h \ $(srcdir)/services/localzone.h $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h \ $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/str2wire.h -daemon.lo daemon.o: $(srcdir)/daemon/daemon.c config.h \ - $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ - $(srcdir)/daemon/worker.h \ - $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ - $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/util/module.h \ - $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/remote.h \ - $(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h \ - $(srcdir)/util/config_file.h $(srcdir)/util/shm_side/shm_main.h $(srcdir)/util/storage/lookup3.h \ - $(srcdir)/util/storage/slabhash.h $(srcdir)/util/tcp_conn_limit.h $(srcdir)/util/edns.h \ - $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h \ - $(srcdir)/util/rtt.h $(srcdir)/services/localzone.h $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h \ - $(srcdir)/services/rpz.h $(srcdir)/respip/respip.h $(srcdir)/util/random.h $(srcdir)/util/tube.h $(srcdir)/util/net_help.h \ - $(srcdir)/sldns/keyraw.h +daemon.lo daemon.o: $(srcdir)/daemon/daemon.c config.h $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h \ + $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ + $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h \ + $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ + $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/data/msgreply.h \ + $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h \ + $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \ + $(srcdir)/daemon/remote.h $(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h \ + $(srcdir)/services/view.h $(srcdir)/util/config_file.h $(srcdir)/util/shm_side/shm_main.h \ + $(srcdir)/util/storage/lookup3.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/tcp_conn_limit.h \ + $(srcdir)/util/edns.h $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h \ + $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/services/localzone.h \ + $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h $(srcdir)/services/rpz.h $(srcdir)/respip/respip.h \ + $(srcdir)/util/random.h $(srcdir)/util/tube.h $(srcdir)/util/net_help.h $(srcdir)/sldns/keyraw.h stats.lo stats.o: $(srcdir)/daemon/stats.c config.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \ $(srcdir)/libunbound/unbound.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ @@ -1452,9 +1392,7 @@ stats.lo stats.o: $(srcdir)/daemon/stats.c config.h $(srcdir)/daemon/stats.h $(s $(srcdir)/util/net_help.h $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h \ $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/services/cache/rrset.h \ $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \ - $(srcdir)/validator/val_kcache.h $(srcdir)/validator/val_neg.h $(srcdir)/edns-subnet/subnetmod.h \ - $(srcdir)/util/data/dname.h $(srcdir)/edns-subnet/addrtree.h $(srcdir)/edns-subnet/edns-subnet.h \ - + $(srcdir)/validator/val_kcache.h $(srcdir)/validator/val_neg.h replay.lo replay.o: $(srcdir)/testcode/replay.c config.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h \ $(srcdir)/util/config_file.h $(srcdir)/testcode/replay.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ $(srcdir)/testcode/testpkts.h $(srcdir)/util/rbtree.h \ @@ -1471,7 +1409,7 @@ fake_event.lo fake_event.o: $(srcdir)/testcode/fake_event.c config.h $(srcdir)/t $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h \ $(srcdir)/services/localzone.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/services/authzone.h \ $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h \ - $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h + $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h $(srcdir)/daemon/remote.h lock_verify.lo lock_verify.o: $(srcdir)/testcode/lock_verify.c config.h $(srcdir)/util/log.h $(srcdir)/util/rbtree.h \ $(srcdir)/util/locks.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/module.h \ @@ -1506,8 +1444,7 @@ unbound-checkconf.lo unbound-checkconf.o: $(srcdir)/smallapp/unbound-checkconf.c $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h \ $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \ - $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/sldns/str2wire.h \ - $(PYTHONMOD_HEADER) $(srcdir)/edns-subnet/subnet-whitelist.h + $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/sldns/str2wire.h worker_cb.lo worker_cb.o: $(srcdir)/smallapp/worker_cb.c config.h $(srcdir)/libunbound/context.h \ $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h \ $(srcdir)/libunbound/unbound.h $(srcdir)/libunbound/unbound-event.h $(srcdir)/util/data/packed_rrset.h \ @@ -1541,70 +1478,72 @@ libunbound.lo libunbound.o: $(srcdir)/libunbound/libunbound.c $(srcdir)/libunbou $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/services/cache/rrset.h \ $(srcdir)/util/storage/slabhash.h $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h \ $(srcdir)/services/rpz.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/respip/respip.h -libworker.lo libworker.o: $(srcdir)/libunbound/libworker.c config.h \ - $(srcdir)/libunbound/libworker.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ - $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/libunbound/context.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h \ - $(srcdir)/services/modstack.h $(srcdir)/libunbound/unbound.h $(srcdir)/libunbound/unbound-event.h \ - $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/services/outside_network.h \ - $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/services/mesh.h $(srcdir)/util/data/msgparse.h \ - $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \ - $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h \ - $(srcdir)/services/view.h $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h \ - $(srcdir)/util/timehist.h $(srcdir)/respip/respip.h $(srcdir)/services/cache/rrset.h \ - $(srcdir)/util/storage/slabhash.h $(srcdir)/services/outbound_list.h $(srcdir)/util/fptr_wlist.h \ - $(srcdir)/util/tube.h $(srcdir)/util/regional.h $(srcdir)/util/random.h $(srcdir)/util/storage/lookup3.h \ - $(srcdir)/util/net_help.h $(srcdir)/util/data/dname.h $(srcdir)/util/data/msgencode.h \ - $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h $(srcdir)/sldns/str2wire.h +libworker.lo libworker.o: $(srcdir)/libunbound/libworker.c config.h $(srcdir)/libunbound/libworker.h \ + $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ + $(srcdir)/libunbound/context.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h \ + $(srcdir)/libunbound/unbound.h $(srcdir)/libunbound/unbound-event.h $(srcdir)/libunbound/worker.h \ + $(srcdir)/sldns/sbuffer.h $(srcdir)/services/outside_network.h $(srcdir)/util/netevent.h \ + $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/services/mesh.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ + $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \ + $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/util/config_file.h \ + $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/respip/respip.h \ + $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/services/outbound_list.h \ + $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/util/regional.h $(srcdir)/util/random.h \ + $(srcdir)/util/storage/lookup3.h $(srcdir)/util/net_help.h $(srcdir)/util/data/dname.h \ + $(srcdir)/util/data/msgencode.h $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h \ + $(srcdir)/sldns/str2wire.h unbound-host.lo unbound-host.o: $(srcdir)/smallapp/unbound-host.c config.h $(srcdir)/libunbound/unbound.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/wire2str.h \ - + $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/wire2str.h asynclook.lo asynclook.o: $(srcdir)/testcode/asynclook.c config.h $(srcdir)/libunbound/unbound.h \ $(srcdir)/libunbound/context.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h \ $(srcdir)/services/modstack.h $(srcdir)/libunbound/unbound-event.h $(srcdir)/util/data/packed_rrset.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/rrdef.h \ - + $(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/rrdef.h streamtcp.lo streamtcp.o: $(srcdir)/testcode/streamtcp.c config.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ $(srcdir)/util/net_help.h $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/msgparse.h \ $(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgreply.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/dname.h $(srcdir)/sldns/sbuffer.h \ - $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/wire2str.h \ - + $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/wire2str.h perf.lo perf.o: $(srcdir)/testcode/perf.c config.h $(srcdir)/util/log.h $(srcdir)/util/locks.h $(srcdir)/util/net_help.h \ $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/storage/lruhash.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h delayer.lo delayer.o: $(srcdir)/testcode/delayer.c config.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h \ $(srcdir)/util/config_file.h $(srcdir)/sldns/sbuffer.h -unbound-control.lo unbound-control.o: $(srcdir)/smallapp/unbound-control.c config.h \ - $(srcdir)/util/log.h $(srcdir)/util/config_file.h $(srcdir)/util/locks.h $(srcdir)/util/net_help.h \ - $(srcdir)/util/shm_side/shm_main.h $(srcdir)/libunbound/unbound.h $(srcdir)/daemon/stats.h \ - $(srcdir)/util/timehist.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/pkthdr.h $(srcdir)/services/rpz.h \ - $(srcdir)/services/localzone.h $(srcdir)/util/rbtree.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/module.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ - $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/rrdef.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h \ - $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/services/modstack.h $(srcdir)/respip/respip.h +unbound-control.lo unbound-control.o: $(srcdir)/smallapp/unbound-control.c config.h $(srcdir)/util/log.h \ + $(srcdir)/util/config_file.h $(srcdir)/util/locks.h $(srcdir)/util/net_help.h $(srcdir)/util/shm_side/shm_main.h \ + $(srcdir)/libunbound/unbound.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/sldns/wire2str.h \ + $(srcdir)/sldns/pkthdr.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h $(srcdir)/util/rbtree.h \ + $(srcdir)/util/storage/dnstree.h $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h \ + $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ + $(srcdir)/sldns/rrdef.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/services/authzone.h \ + $(srcdir)/services/mesh.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/services/modstack.h $(srcdir)/respip/respip.h \ + $(srcdir)/services/listen_dnsport.h unbound-anchor.lo unbound-anchor.o: $(srcdir)/smallapp/unbound-anchor.c config.h $(srcdir)/libunbound/unbound.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/parseutil.h \ - -petal.lo petal.o: $(srcdir)/testcode/petal.c config.h \ - + $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/parseutil.h +petal.lo petal.o: $(srcdir)/testcode/petal.c config.h unbound-dnstap-socket.lo unbound-dnstap-socket.o: $(srcdir)/dnstap/unbound-dnstap-socket.c config.h \ $(srcdir)/dnstap/dtstream.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/dnstap/dnstap_fstrm.h \ $(srcdir)/util/ub_event.h $(srcdir)/util/net_help.h $(srcdir)/services/listen_dnsport.h \ $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h \ - dnstap/dnstap.pb-c.h \ - $(srcdir)/util/config_file.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h -pythonmod_utils.lo pythonmod_utils.o: $(srcdir)/pythonmod/pythonmod_utils.c config.h $(srcdir)/util/module.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h \ - $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/util/net_help.h $(srcdir)/services/cache/dns.h \ - $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/regional.h \ - $(srcdir)/iterator/iter_delegpt.h $(srcdir)/sldns/sbuffer.h \ - + $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h $(srcdir)/util/config_file.h \ + $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/daemon/worker.h \ + $(srcdir)/libunbound/worker.h $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h \ + $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h \ + $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \ + $(srcdir)/daemon/remote.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h \ + $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h \ + $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h \ + $(srcdir)/services/authzone.h $(srcdir)/respip/respip.h $(srcdir)/libunbound/context.h \ + $(srcdir)/libunbound/unbound-event.h +pythonmod_utils.lo pythonmod_utils.o: $(srcdir)/pythonmod/pythonmod_utils.c config.h \ + $(srcdir)/pythonmod/pythonmod_utils.h $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h \ + $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ + $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/netevent.h \ + $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/net_help.h \ + $(srcdir)/services/cache/dns.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \ + $(srcdir)/util/regional.h $(srcdir)/iterator/iter_delegpt.h $(srcdir)/sldns/sbuffer.h win_svc.lo win_svc.o: $(srcdir)/winrc/win_svc.c config.h $(srcdir)/winrc/win_svc.h $(srcdir)/winrc/w_inst.h \ $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ $(srcdir)/daemon/worker.h \ @@ -1612,8 +1551,8 @@ win_svc.lo win_svc.o: $(srcdir)/winrc/win_svc.c config.h $(srcdir)/winrc/win_svc $(srcdir)/util/storage/lruhash.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/util/module.h \ - $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/remote.h \ - $(srcdir)/util/config_file.h $(srcdir)/util/ub_event.h $(srcdir)/util/net_help.h + $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/remote.h $(srcdir)/util/config_file.h $(srcdir)/util/ub_event.h \ + $(srcdir)/util/net_help.h w_inst.lo w_inst.o: $(srcdir)/winrc/w_inst.c config.h $(srcdir)/winrc/w_inst.h $(srcdir)/winrc/win_svc.h unbound-service-install.lo unbound-service-install.o: $(srcdir)/winrc/unbound-service-install.c config.h \ $(srcdir)/winrc/w_inst.h @@ -1621,14 +1560,12 @@ unbound-service-remove.lo unbound-service-remove.o: $(srcdir)/winrc/unbound-serv $(srcdir)/winrc/w_inst.h anchor-update.lo anchor-update.o: $(srcdir)/winrc/anchor-update.c config.h $(srcdir)/libunbound/unbound.h \ $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/wire2str.h -keyraw.lo keyraw.o: $(srcdir)/sldns/keyraw.c config.h $(srcdir)/sldns/keyraw.h \ - $(srcdir)/sldns/rrdef.h \ - +keyraw.lo keyraw.o: $(srcdir)/sldns/keyraw.c config.h $(srcdir)/sldns/keyraw.h $(srcdir)/sldns/rrdef.h sbuffer.lo sbuffer.o: $(srcdir)/sldns/sbuffer.c config.h $(srcdir)/sldns/sbuffer.h wire2str.lo wire2str.o: $(srcdir)/sldns/wire2str.c config.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h \ $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/sbuffer.h \ - $(srcdir)/sldns/keyraw.h \ - $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h + $(srcdir)/sldns/keyraw.h $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ + $(srcdir)/util/log.h parse.lo parse.o: $(srcdir)/sldns/parse.c config.h $(srcdir)/sldns/parse.h $(srcdir)/sldns/parseutil.h \ $(srcdir)/sldns/sbuffer.h parseutil.lo parseutil.o: $(srcdir)/sldns/parseutil.c config.h $(srcdir)/sldns/parseutil.h @@ -1639,8 +1576,8 @@ dohclient.lo dohclient.o: $(srcdir)/testcode/dohclient.c config.h $(srcdir)/sldn $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/parseutil.h \ $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/storage/lruhash.h \ $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ - $(srcdir)/sldns/pkthdr.h $(srcdir)/util/net_help.h \ - + $(srcdir)/sldns/pkthdr.h $(srcdir)/util/net_help.h +readzone.lo readzone.o: $(srcdir)/testcode/readzone.c ctime_r.lo ctime_r.o: $(srcdir)/compat/ctime_r.c config.h $(srcdir)/util/locks.h $(srcdir)/util/log.h fake-rfc2553.lo fake-rfc2553.o: $(srcdir)/compat/fake-rfc2553.c $(srcdir)/compat/fake-rfc2553.h config.h gmtime_r.lo gmtime_r.o: $(srcdir)/compat/gmtime_r.c config.h @@ -1655,11 +1592,9 @@ strlcat.lo strlcat.o: $(srcdir)/compat/strlcat.c config.h strlcpy.lo strlcpy.o: $(srcdir)/compat/strlcpy.c config.h strptime.lo strptime.o: $(srcdir)/compat/strptime.c config.h getentropy_freebsd.lo getentropy_freebsd.o: $(srcdir)/compat/getentropy_freebsd.c -getentropy_linux.lo getentropy_linux.o: $(srcdir)/compat/getentropy_linux.c config.h \ - +getentropy_linux.lo getentropy_linux.o: $(srcdir)/compat/getentropy_linux.c config.h getentropy_osx.lo getentropy_osx.o: $(srcdir)/compat/getentropy_osx.c -getentropy_solaris.lo getentropy_solaris.o: $(srcdir)/compat/getentropy_solaris.c config.h \ - +getentropy_solaris.lo getentropy_solaris.o: $(srcdir)/compat/getentropy_solaris.c config.h getentropy_win.lo getentropy_win.o: $(srcdir)/compat/getentropy_win.c explicit_bzero.lo explicit_bzero.o: $(srcdir)/compat/explicit_bzero.c config.h arc4random.lo arc4random.o: $(srcdir)/compat/arc4random.c config.h $(srcdir)/compat/chacha_private.h diff --git a/README.md b/README.md index 3e11ce58ce0d..c8877d1e9df5 100644 --- a/README.md +++ b/README.md @@ -3,6 +3,7 @@ [![Travis Build Status](https://travis-ci.org/NLnetLabs/unbound.svg?branch=master)](https://travis-ci.org/NLnetLabs/unbound) [![Packaging status](https://repology.org/badge/tiny-repos/unbound.svg)](https://repology.org/project/unbound/versions) [![Fuzzing Status](https://oss-fuzz-build-logs.storage.googleapis.com/badges/unbound.svg)](https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:unbound) +[![Documentation Status](https://readthedocs.org/projects/unbound/badge/?version=latest)](https://unbound.readthedocs.io/en/latest/?badge=latest) Unbound is a validating, recursive, caching DNS resolver. It is designed to be fast and lean and incorporates modern features based on open standards. If you diff --git a/acx_nlnetlabs.m4 b/acx_nlnetlabs.m4 index d33352f17b80..39e92d875331 100644 --- a/acx_nlnetlabs.m4 +++ b/acx_nlnetlabs.m4 @@ -2,7 +2,12 @@ # Copyright 2009, Wouter Wijngaards, NLnet Labs. # BSD licensed. # -# Version 37 +# Version 41 +# 2021-07-30 fix for openssl use of lib64 directory. +# 2021-06-14 fix nonblocking test to use host instead of target for mingw test. +# 2021-05-17 fix nonblocking socket test from grep on mingw32 to mingw for +# 64bit compatibility. +# 2021-03-24 fix ACX_FUNC_DEPRECATED to use CPPFLAGS and CFLAGS. # 2021-01-05 fix defun for aclocal # 2021-01-05 autoconf 2.70 autoupdate and fixes, no AC_TRY_COMPILE # 2020-08-24 Use EVP_sha256 instead of HMAC_Update (for openssl-3.0.0). @@ -665,9 +670,15 @@ AC_DEFUN([ACX_SSL_CHECKS], [ HAVE_SSL=yes dnl assume /usr is already in the lib and dynlib paths. if test "$ssldir" != "/usr" -a "$ssldir" != ""; then - LDFLAGS="$LDFLAGS -L$ssldir/lib" - LIBSSL_LDFLAGS="$LIBSSL_LDFLAGS -L$ssldir/lib" - ACX_RUNTIME_PATH_ADD([$ssldir/lib]) + if test ! -d "$ssldir/lib" -a -d "$ssldir/lib64"; then + LDFLAGS="$LDFLAGS -L$ssldir/lib64" + LIBSSL_LDFLAGS="$LIBSSL_LDFLAGS -L$ssldir/lib64" + ACX_RUNTIME_PATH_ADD([$ssldir/lib64]) + else + LDFLAGS="$LDFLAGS -L$ssldir/lib" + LIBSSL_LDFLAGS="$LIBSSL_LDFLAGS -L$ssldir/lib" + ACX_RUNTIME_PATH_ADD([$ssldir/lib]) + fi fi AC_MSG_CHECKING([for EVP_sha256 in -lcrypto]) @@ -888,7 +899,7 @@ AC_CACHE_VAL(cv_cc_deprecated_$cache, [ echo '$3' >conftest.c echo 'void f(){ $2 }' >>conftest.c -if test -z "`$CC -c conftest.c 2>&1 | grep deprecated`"; then +if test -z "`$CC $CPPFLAGS $CFLAGS -c conftest.c 2>&1 | grep -e deprecated -e unavailable`"; then eval "cv_cc_deprecated_$cache=no" else eval "cv_cc_deprecated_$cache=yes" @@ -914,7 +925,7 @@ dnl a nonblocking socket do not work, a new call to select is necessary. AC_DEFUN([ACX_CHECK_NONBLOCKING_BROKEN], [ AC_MSG_CHECKING([if nonblocking sockets work]) -if echo $target | grep mingw32 >/dev/null; then +if echo $host | grep mingw >/dev/null; then AC_MSG_RESULT([no (windows)]) AC_DEFINE([NONBLOCKING_IS_BROKEN], 1, [Define if the network stack does not fully support nonblocking io (causes lower performance).]) else diff --git a/cachedb/cachedb.c b/cachedb/cachedb.c index e948a6b0dd34..af4ffe5f28b5 100644 --- a/cachedb/cachedb.c +++ b/cachedb/cachedb.c @@ -617,12 +617,18 @@ cachedb_extcache_store(struct module_qstate* qstate, struct cachedb_env* ie) static int cachedb_intcache_lookup(struct module_qstate* qstate) { + uint8_t* dpname=NULL; + size_t dpnamelen=0; struct dns_msg* msg; + if(iter_stub_fwd_no_cache(qstate, &qstate->qinfo, + &dpname, &dpnamelen)) + return 0; /* no cache for these queries */ msg = dns_cache_lookup(qstate->env, qstate->qinfo.qname, qstate->qinfo.qname_len, qstate->qinfo.qtype, qstate->qinfo.qclass, qstate->query_flags, qstate->region, qstate->env->scratch, - 1 /* no partial messages with only a CNAME */ + 1, /* no partial messages with only a CNAME */ + dpname, dpnamelen ); if(!msg && qstate->env->neg_cache && iter_qname_indicates_dnssec(qstate->env, &qstate->qinfo)) { diff --git a/compat/ctime_r.c b/compat/ctime_r.c index 87c2609a8408..9f2bf15bcbed 100644 --- a/compat/ctime_r.c +++ b/compat/ctime_r.c @@ -38,5 +38,5 @@ char *ctime_r(const time_t *timep, char *buf) strcpy(buf, result); } lock_basic_unlock(&ctime_lock); - return result; + return buf; } diff --git a/config.guess b/config.guess index 1972fda8eb05..e81d3ae7c210 100755 --- a/config.guess +++ b/config.guess @@ -2,7 +2,9 @@ # Attempt to guess a canonical system name. # Copyright 1992-2021 Free Software Foundation, Inc. -timestamp='2021-01-25' +# shellcheck disable=SC2006,SC2268 # see below for rationale + +timestamp='2021-06-03' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by @@ -32,7 +34,15 @@ timestamp='2021-01-25' # Please send patches to . -me=$(echo "$0" | sed -e 's,.*/,,') +# The "shellcheck disable" line above the timestamp inhibits complaints +# about features and limitations of the classic Bourne shell that were +# superseded or lifted in POSIX. However, this script identifies a wide +# variety of pre-POSIX systems that do not have POSIX shells at all, and +# even some reasonably current systems (Solaris 10 as case-in-point) still +# have a pre-POSIX /bin/sh. + + +me=`echo "$0" | sed -e 's,.*/,,'` usage="\ Usage: $0 [OPTION] @@ -84,6 +94,9 @@ if test $# != 0; then exit 1 fi +# Just in case it came from the environment. +GUESS= + # CC_FOR_BUILD -- compiler used by this script. Note that the use of a # compiler to aid in system detection is discouraged as it requires # temporary files to be created and, as you can see below, it is a @@ -102,8 +115,8 @@ set_cc_for_build() { # prevent multiple calls if $tmp is already set test "$tmp" && return 0 : "${TMPDIR=/tmp}" - # shellcheck disable=SC2039 - { tmp=$( (umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null) && test -n "$tmp" && test -d "$tmp" ; } || + # shellcheck disable=SC2039,SC3028 + { tmp=`(umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } || { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir "$tmp" 2>/dev/null) ; } || { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir "$tmp" 2>/dev/null) && echo "Warning: creating insecure temp directory" >&2 ; } || { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } @@ -112,7 +125,7 @@ set_cc_for_build() { ,,) echo "int x;" > "$dummy.c" for driver in cc gcc c89 c99 ; do if ($driver -c -o "$dummy.o" "$dummy.c") >/dev/null 2>&1 ; then - CC_FOR_BUILD="$driver" + CC_FOR_BUILD=$driver break fi done @@ -131,12 +144,12 @@ if test -f /.attbin/uname ; then PATH=$PATH:/.attbin ; export PATH fi -UNAME_MACHINE=$( (uname -m) 2>/dev/null) || UNAME_MACHINE=unknown -UNAME_RELEASE=$( (uname -r) 2>/dev/null) || UNAME_RELEASE=unknown -UNAME_SYSTEM=$( (uname -s) 2>/dev/null) || UNAME_SYSTEM=unknown -UNAME_VERSION=$( (uname -v) 2>/dev/null) || UNAME_VERSION=unknown +UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown +UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown +UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown +UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown -case "$UNAME_SYSTEM" in +case $UNAME_SYSTEM in Linux|GNU|GNU/*) LIBC=unknown @@ -157,7 +170,8 @@ Linux|GNU|GNU/*) #endif #endif EOF - eval "$($CC_FOR_BUILD -E "$dummy.c" 2>/dev/null | grep '^LIBC' | sed 's, ,,g')" + cc_set_libc=`$CC_FOR_BUILD -E "$dummy.c" 2>/dev/null | grep '^LIBC' | sed 's, ,,g'` + eval "$cc_set_libc" # Second heuristic to detect musl libc. if [ "$LIBC" = unknown ] && @@ -176,7 +190,7 @@ esac # Note: order is significant - the case branches are not exclusive. -case "$UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION" in +case $UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION in *:NetBSD:*:*) # NetBSD (nbsd) targets should (where applicable) match one or # more of the tuples: *-*-netbsdelf*, *-*-netbsdaout*, @@ -188,11 +202,11 @@ case "$UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION" in # # Note: NetBSD doesn't particularly care about the vendor # portion of the name. We always set it to "unknown". - UNAME_MACHINE_ARCH=$( (uname -p 2>/dev/null || \ + UNAME_MACHINE_ARCH=`(uname -p 2>/dev/null || \ /sbin/sysctl -n hw.machine_arch 2>/dev/null || \ /usr/sbin/sysctl -n hw.machine_arch 2>/dev/null || \ - echo unknown)) - case "$UNAME_MACHINE_ARCH" in + echo unknown)` + case $UNAME_MACHINE_ARCH in aarch64eb) machine=aarch64_be-unknown ;; armeb) machine=armeb-unknown ;; arm*) machine=arm-unknown ;; @@ -200,15 +214,15 @@ case "$UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION" in sh3eb) machine=sh-unknown ;; sh5el) machine=sh5le-unknown ;; earmv*) - arch=$(echo "$UNAME_MACHINE_ARCH" | sed -e 's,^e\(armv[0-9]\).*$,\1,') - endian=$(echo "$UNAME_MACHINE_ARCH" | sed -ne 's,^.*\(eb\)$,\1,p') - machine="${arch}${endian}"-unknown + arch=`echo "$UNAME_MACHINE_ARCH" | sed -e 's,^e\(armv[0-9]\).*$,\1,'` + endian=`echo "$UNAME_MACHINE_ARCH" | sed -ne 's,^.*\(eb\)$,\1,p'` + machine=${arch}${endian}-unknown ;; - *) machine="$UNAME_MACHINE_ARCH"-unknown ;; + *) machine=$UNAME_MACHINE_ARCH-unknown ;; esac # The Operating System including object format, if it has switched # to ELF recently (or will in the future) and ABI. - case "$UNAME_MACHINE_ARCH" in + case $UNAME_MACHINE_ARCH in earm*) os=netbsdelf ;; @@ -229,10 +243,10 @@ case "$UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION" in ;; esac # Determine ABI tags. - case "$UNAME_MACHINE_ARCH" in + case $UNAME_MACHINE_ARCH in earm*) expr='s/^earmv[0-9]/-eabi/;s/eb$//' - abi=$(echo "$UNAME_MACHINE_ARCH" | sed -e "$expr") + abi=`echo "$UNAME_MACHINE_ARCH" | sed -e "$expr"` ;; esac # The OS release @@ -240,76 +254,82 @@ case "$UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION" in # thus, need a distinct triplet. However, they do not need # kernel version information, so it can be replaced with a # suitable tag, in the style of linux-gnu. - case "$UNAME_VERSION" in + case $UNAME_VERSION in Debian*) release='-gnu' ;; *) - release=$(echo "$UNAME_RELEASE" | sed -e 's/[-_].*//' | cut -d. -f1,2) + release=`echo "$UNAME_RELEASE" | sed -e 's/[-_].*//' | cut -d. -f1,2` ;; esac # Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM: # contains redundant information, the shorter form: # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used. - echo "$machine-${os}${release}${abi-}" - exit ;; + GUESS=$machine-${os}${release}${abi-} + ;; *:Bitrig:*:*) - UNAME_MACHINE_ARCH=$(arch | sed 's/Bitrig.//') - echo "$UNAME_MACHINE_ARCH"-unknown-bitrig"$UNAME_RELEASE" - exit ;; + UNAME_MACHINE_ARCH=`arch | sed 's/Bitrig.//'` + GUESS=$UNAME_MACHINE_ARCH-unknown-bitrig$UNAME_RELEASE + ;; *:OpenBSD:*:*) - UNAME_MACHINE_ARCH=$(arch | sed 's/OpenBSD.//') - echo "$UNAME_MACHINE_ARCH"-unknown-openbsd"$UNAME_RELEASE" - exit ;; + UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'` + GUESS=$UNAME_MACHINE_ARCH-unknown-openbsd$UNAME_RELEASE + ;; + *:SecBSD:*:*) + UNAME_MACHINE_ARCH=`arch | sed 's/SecBSD.//'` + GUESS=$UNAME_MACHINE_ARCH-unknown-secbsd$UNAME_RELEASE + ;; *:LibertyBSD:*:*) - UNAME_MACHINE_ARCH=$(arch | sed 's/^.*BSD\.//') - echo "$UNAME_MACHINE_ARCH"-unknown-libertybsd"$UNAME_RELEASE" - exit ;; + UNAME_MACHINE_ARCH=`arch | sed 's/^.*BSD\.//'` + GUESS=$UNAME_MACHINE_ARCH-unknown-libertybsd$UNAME_RELEASE + ;; *:MidnightBSD:*:*) - echo "$UNAME_MACHINE"-unknown-midnightbsd"$UNAME_RELEASE" - exit ;; + GUESS=$UNAME_MACHINE-unknown-midnightbsd$UNAME_RELEASE + ;; *:ekkoBSD:*:*) - echo "$UNAME_MACHINE"-unknown-ekkobsd"$UNAME_RELEASE" - exit ;; + GUESS=$UNAME_MACHINE-unknown-ekkobsd$UNAME_RELEASE + ;; *:SolidBSD:*:*) - echo "$UNAME_MACHINE"-unknown-solidbsd"$UNAME_RELEASE" - exit ;; + GUESS=$UNAME_MACHINE-unknown-solidbsd$UNAME_RELEASE + ;; *:OS108:*:*) - echo "$UNAME_MACHINE"-unknown-os108_"$UNAME_RELEASE" - exit ;; + GUESS=$UNAME_MACHINE-unknown-os108_$UNAME_RELEASE + ;; macppc:MirBSD:*:*) - echo powerpc-unknown-mirbsd"$UNAME_RELEASE" - exit ;; + GUESS=powerpc-unknown-mirbsd$UNAME_RELEASE + ;; *:MirBSD:*:*) - echo "$UNAME_MACHINE"-unknown-mirbsd"$UNAME_RELEASE" - exit ;; + GUESS=$UNAME_MACHINE-unknown-mirbsd$UNAME_RELEASE + ;; *:Sortix:*:*) - echo "$UNAME_MACHINE"-unknown-sortix - exit ;; + GUESS=$UNAME_MACHINE-unknown-sortix + ;; *:Twizzler:*:*) - echo "$UNAME_MACHINE"-unknown-twizzler - exit ;; + GUESS=$UNAME_MACHINE-unknown-twizzler + ;; *:Redox:*:*) - echo "$UNAME_MACHINE"-unknown-redox - exit ;; + GUESS=$UNAME_MACHINE-unknown-redox + ;; mips:OSF1:*.*) - echo mips-dec-osf1 - exit ;; + GUESS=mips-dec-osf1 + ;; alpha:OSF1:*:*) + # Reset EXIT trap before exiting to avoid spurious non-zero exit code. + trap '' 0 case $UNAME_RELEASE in *4.0) - UNAME_RELEASE=$(/usr/sbin/sizer -v | awk '{print $3}') + UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'` ;; *5.*) - UNAME_RELEASE=$(/usr/sbin/sizer -v | awk '{print $4}') + UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'` ;; esac # According to Compaq, /usr/sbin/psrinfo has been available on # OSF/1 and Tru64 systems produced since 1995. I hope that # covers most systems running today. This code pipes the CPU # types through head -n 1, so we only detect the type of CPU 0. - ALPHA_CPU_TYPE=$(/usr/sbin/psrinfo -v | sed -n -e 's/^ The alpha \(.*\) processor.*$/\1/p' | head -n 1) - case "$ALPHA_CPU_TYPE" in + ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^ The alpha \(.*\) processor.*$/\1/p' | head -n 1` + case $ALPHA_CPU_TYPE in "EV4 (21064)") UNAME_MACHINE=alpha ;; "EV4.5 (21064)") @@ -346,68 +366,69 @@ case "$UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION" in # A Tn.n version is a released field test version. # A Xn.n version is an unreleased experimental baselevel. # 1.2 uses "1.2" for uname -r. - echo "$UNAME_MACHINE"-dec-osf"$(echo "$UNAME_RELEASE" | sed -e 's/^[PVTX]//' | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz)" - # Reset EXIT trap before exiting to avoid spurious non-zero exit code. - exitcode=$? - trap '' 0 - exit $exitcode ;; + OSF_REL=`echo "$UNAME_RELEASE" | sed -e 's/^[PVTX]//' | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz` + GUESS=$UNAME_MACHINE-dec-osf$OSF_REL + ;; Amiga*:UNIX_System_V:4.0:*) - echo m68k-unknown-sysv4 - exit ;; + GUESS=m68k-unknown-sysv4 + ;; *:[Aa]miga[Oo][Ss]:*:*) - echo "$UNAME_MACHINE"-unknown-amigaos - exit ;; + GUESS=$UNAME_MACHINE-unknown-amigaos + ;; *:[Mm]orph[Oo][Ss]:*:*) - echo "$UNAME_MACHINE"-unknown-morphos - exit ;; + GUESS=$UNAME_MACHINE-unknown-morphos + ;; *:OS/390:*:*) - echo i370-ibm-openedition - exit ;; + GUESS=i370-ibm-openedition + ;; *:z/VM:*:*) - echo s390-ibm-zvmoe - exit ;; + GUESS=s390-ibm-zvmoe + ;; *:OS400:*:*) - echo powerpc-ibm-os400 - exit ;; + GUESS=powerpc-ibm-os400 + ;; arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*) - echo arm-acorn-riscix"$UNAME_RELEASE" - exit ;; + GUESS=arm-acorn-riscix$UNAME_RELEASE + ;; arm*:riscos:*:*|arm*:RISCOS:*:*) - echo arm-unknown-riscos - exit ;; + GUESS=arm-unknown-riscos + ;; SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*) - echo hppa1.1-hitachi-hiuxmpp - exit ;; + GUESS=hppa1.1-hitachi-hiuxmpp + ;; Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*) # akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE. - if test "$( (/bin/universe) 2>/dev/null)" = att ; then - echo pyramid-pyramid-sysv3 - else - echo pyramid-pyramid-bsd - fi - exit ;; + case `(/bin/universe) 2>/dev/null` in + att) GUESS=pyramid-pyramid-sysv3 ;; + *) GUESS=pyramid-pyramid-bsd ;; + esac + ;; NILE*:*:*:dcosx) - echo pyramid-pyramid-svr4 - exit ;; + GUESS=pyramid-pyramid-svr4 + ;; DRS?6000:unix:4.0:6*) - echo sparc-icl-nx6 - exit ;; + GUESS=sparc-icl-nx6 + ;; DRS?6000:UNIX_SV:4.2*:7* | DRS?6000:isis:4.2*:7*) - case $(/usr/bin/uname -p) in - sparc) echo sparc-icl-nx7; exit ;; - esac ;; + case `/usr/bin/uname -p` in + sparc) GUESS=sparc-icl-nx7 ;; + esac + ;; s390x:SunOS:*:*) - echo "$UNAME_MACHINE"-ibm-solaris2"$(echo "$UNAME_RELEASE" | sed -e 's/[^.]*//')" - exit ;; + SUN_REL=`echo "$UNAME_RELEASE" | sed -e 's/[^.]*//'` + GUESS=$UNAME_MACHINE-ibm-solaris2$SUN_REL + ;; sun4H:SunOS:5.*:*) - echo sparc-hal-solaris2"$(echo "$UNAME_RELEASE"|sed -e 's/[^.]*//')" - exit ;; + SUN_REL=`echo "$UNAME_RELEASE" | sed -e 's/[^.]*//'` + GUESS=sparc-hal-solaris2$SUN_REL + ;; sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*) - echo sparc-sun-solaris2"$(echo "$UNAME_RELEASE" | sed -e 's/[^.]*//')" - exit ;; + SUN_REL=`echo "$UNAME_RELEASE" | sed -e 's/[^.]*//'` + GUESS=sparc-sun-solaris2$SUN_REL + ;; i86pc:AuroraUX:5.*:* | i86xen:AuroraUX:5.*:*) - echo i386-pc-auroraux"$UNAME_RELEASE" - exit ;; + GUESS=i386-pc-auroraux$UNAME_RELEASE + ;; i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*) set_cc_for_build SUN_ARCH=i386 @@ -422,41 +443,44 @@ case "$UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION" in SUN_ARCH=x86_64 fi fi - echo "$SUN_ARCH"-pc-solaris2"$(echo "$UNAME_RELEASE"|sed -e 's/[^.]*//')" - exit ;; + SUN_REL=`echo "$UNAME_RELEASE" | sed -e 's/[^.]*//'` + GUESS=$SUN_ARCH-pc-solaris2$SUN_REL + ;; sun4*:SunOS:6*:*) # According to config.sub, this is the proper way to canonicalize # SunOS6. Hard to guess exactly what SunOS6 will be like, but # it's likely to be more like Solaris than SunOS4. - echo sparc-sun-solaris3"$(echo "$UNAME_RELEASE"|sed -e 's/[^.]*//')" - exit ;; + SUN_REL=`echo "$UNAME_RELEASE" | sed -e 's/[^.]*//'` + GUESS=sparc-sun-solaris3$SUN_REL + ;; sun4*:SunOS:*:*) - case "$(/usr/bin/arch -k)" in + case `/usr/bin/arch -k` in Series*|S4*) - UNAME_RELEASE=$(uname -v) + UNAME_RELEASE=`uname -v` ;; esac # Japanese Language versions have a version number like `4.1.3-JL'. - echo sparc-sun-sunos"$(echo "$UNAME_RELEASE"|sed -e 's/-/_/')" - exit ;; + SUN_REL=`echo "$UNAME_RELEASE" | sed -e 's/-/_/'` + GUESS=sparc-sun-sunos$SUN_REL + ;; sun3*:SunOS:*:*) - echo m68k-sun-sunos"$UNAME_RELEASE" - exit ;; + GUESS=m68k-sun-sunos$UNAME_RELEASE + ;; sun*:*:4.2BSD:*) - UNAME_RELEASE=$( (sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null) + UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null` test "x$UNAME_RELEASE" = x && UNAME_RELEASE=3 - case "$(/bin/arch)" in + case `/bin/arch` in sun3) - echo m68k-sun-sunos"$UNAME_RELEASE" + GUESS=m68k-sun-sunos$UNAME_RELEASE ;; sun4) - echo sparc-sun-sunos"$UNAME_RELEASE" + GUESS=sparc-sun-sunos$UNAME_RELEASE ;; esac - exit ;; + ;; aushp:SunOS:*:*) - echo sparc-auspex-sunos"$UNAME_RELEASE" - exit ;; + GUESS=sparc-auspex-sunos$UNAME_RELEASE + ;; # The situation for MiNT is a little confusing. The machine name # can be virtually everything (everything which is not # "atarist" or "atariste" at least should have a processor @@ -466,41 +490,41 @@ case "$UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION" in # MiNT. But MiNT is downward compatible to TOS, so this should # be no problem. atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*) - echo m68k-atari-mint"$UNAME_RELEASE" - exit ;; + GUESS=m68k-atari-mint$UNAME_RELEASE + ;; atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*) - echo m68k-atari-mint"$UNAME_RELEASE" - exit ;; + GUESS=m68k-atari-mint$UNAME_RELEASE + ;; *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*) - echo m68k-atari-mint"$UNAME_RELEASE" - exit ;; + GUESS=m68k-atari-mint$UNAME_RELEASE + ;; milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*) - echo m68k-milan-mint"$UNAME_RELEASE" - exit ;; + GUESS=m68k-milan-mint$UNAME_RELEASE + ;; hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*) - echo m68k-hades-mint"$UNAME_RELEASE" - exit ;; + GUESS=m68k-hades-mint$UNAME_RELEASE + ;; *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*) - echo m68k-unknown-mint"$UNAME_RELEASE" - exit ;; + GUESS=m68k-unknown-mint$UNAME_RELEASE + ;; m68k:machten:*:*) - echo m68k-apple-machten"$UNAME_RELEASE" - exit ;; + GUESS=m68k-apple-machten$UNAME_RELEASE + ;; powerpc:machten:*:*) - echo powerpc-apple-machten"$UNAME_RELEASE" - exit ;; + GUESS=powerpc-apple-machten$UNAME_RELEASE + ;; RISC*:Mach:*:*) - echo mips-dec-mach_bsd4.3 - exit ;; + GUESS=mips-dec-mach_bsd4.3 + ;; RISC*:ULTRIX:*:*) - echo mips-dec-ultrix"$UNAME_RELEASE" - exit ;; + GUESS=mips-dec-ultrix$UNAME_RELEASE + ;; VAX*:ULTRIX*:*:*) - echo vax-dec-ultrix"$UNAME_RELEASE" - exit ;; + GUESS=vax-dec-ultrix$UNAME_RELEASE + ;; 2020:CLIX:*:* | 2430:CLIX:*:*) - echo clipper-intergraph-clix"$UNAME_RELEASE" - exit ;; + GUESS=clipper-intergraph-clix$UNAME_RELEASE + ;; mips:*:*:UMIPS | mips:*:*:RISCos) set_cc_for_build sed 's/^ //' << EOF > "$dummy.c" @@ -525,78 +549,79 @@ case "$UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION" in } EOF $CC_FOR_BUILD -o "$dummy" "$dummy.c" && - dummyarg=$(echo "$UNAME_RELEASE" | sed -n 's/\([0-9]*\).*/\1/p') && - SYSTEM_NAME=$("$dummy" "$dummyarg") && + dummyarg=`echo "$UNAME_RELEASE" | sed -n 's/\([0-9]*\).*/\1/p'` && + SYSTEM_NAME=`"$dummy" "$dummyarg"` && { echo "$SYSTEM_NAME"; exit; } - echo mips-mips-riscos"$UNAME_RELEASE" - exit ;; + GUESS=mips-mips-riscos$UNAME_RELEASE + ;; Motorola:PowerMAX_OS:*:*) - echo powerpc-motorola-powermax - exit ;; + GUESS=powerpc-motorola-powermax + ;; Motorola:*:4.3:PL8-*) - echo powerpc-harris-powermax - exit ;; + GUESS=powerpc-harris-powermax + ;; Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*) - echo powerpc-harris-powermax - exit ;; + GUESS=powerpc-harris-powermax + ;; Night_Hawk:Power_UNIX:*:*) - echo powerpc-harris-powerunix - exit ;; + GUESS=powerpc-harris-powerunix + ;; m88k:CX/UX:7*:*) - echo m88k-harris-cxux7 - exit ;; + GUESS=m88k-harris-cxux7 + ;; m88k:*:4*:R4*) - echo m88k-motorola-sysv4 - exit ;; + GUESS=m88k-motorola-sysv4 + ;; m88k:*:3*:R3*) - echo m88k-motorola-sysv3 - exit ;; + GUESS=m88k-motorola-sysv3 + ;; AViiON:dgux:*:*) # DG/UX returns AViiON for all architectures - UNAME_PROCESSOR=$(/usr/bin/uname -p) + UNAME_PROCESSOR=`/usr/bin/uname -p` if test "$UNAME_PROCESSOR" = mc88100 || test "$UNAME_PROCESSOR" = mc88110 then if test "$TARGET_BINARY_INTERFACE"x = m88kdguxelfx || \ test "$TARGET_BINARY_INTERFACE"x = x then - echo m88k-dg-dgux"$UNAME_RELEASE" + GUESS=m88k-dg-dgux$UNAME_RELEASE else - echo m88k-dg-dguxbcs"$UNAME_RELEASE" + GUESS=m88k-dg-dguxbcs$UNAME_RELEASE fi else - echo i586-dg-dgux"$UNAME_RELEASE" + GUESS=i586-dg-dgux$UNAME_RELEASE fi - exit ;; + ;; M88*:DolphinOS:*:*) # DolphinOS (SVR3) - echo m88k-dolphin-sysv3 - exit ;; + GUESS=m88k-dolphin-sysv3 + ;; M88*:*:R3*:*) # Delta 88k system running SVR3 - echo m88k-motorola-sysv3 - exit ;; + GUESS=m88k-motorola-sysv3 + ;; XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3) - echo m88k-tektronix-sysv3 - exit ;; + GUESS=m88k-tektronix-sysv3 + ;; Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD) - echo m68k-tektronix-bsd - exit ;; + GUESS=m68k-tektronix-bsd + ;; *:IRIX*:*:*) - echo mips-sgi-irix"$(echo "$UNAME_RELEASE"|sed -e 's/-/_/g')" - exit ;; + IRIX_REL=`echo "$UNAME_RELEASE" | sed -e 's/-/_/g'` + GUESS=mips-sgi-irix$IRIX_REL + ;; ????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX. - echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id - exit ;; # Note that: echo "'$(uname -s)'" gives 'AIX ' + GUESS=romp-ibm-aix # uname -m gives an 8 hex-code CPU id + ;; # Note that: echo "'`uname -s`'" gives 'AIX ' i*86:AIX:*:*) - echo i386-ibm-aix - exit ;; + GUESS=i386-ibm-aix + ;; ia64:AIX:*:*) if test -x /usr/bin/oslevel ; then - IBM_REV=$(/usr/bin/oslevel) + IBM_REV=`/usr/bin/oslevel` else - IBM_REV="$UNAME_VERSION.$UNAME_RELEASE" + IBM_REV=$UNAME_VERSION.$UNAME_RELEASE fi - echo "$UNAME_MACHINE"-ibm-aix"$IBM_REV" - exit ;; + GUESS=$UNAME_MACHINE-ibm-aix$IBM_REV + ;; *:AIX:2:3) if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then set_cc_for_build @@ -611,68 +636,68 @@ EOF exit(0); } EOF - if $CC_FOR_BUILD -o "$dummy" "$dummy.c" && SYSTEM_NAME=$("$dummy") + if $CC_FOR_BUILD -o "$dummy" "$dummy.c" && SYSTEM_NAME=`"$dummy"` then - echo "$SYSTEM_NAME" + GUESS=$SYSTEM_NAME else - echo rs6000-ibm-aix3.2.5 + GUESS=rs6000-ibm-aix3.2.5 fi elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then - echo rs6000-ibm-aix3.2.4 + GUESS=rs6000-ibm-aix3.2.4 else - echo rs6000-ibm-aix3.2 + GUESS=rs6000-ibm-aix3.2 fi - exit ;; + ;; *:AIX:*:[4567]) - IBM_CPU_ID=$(/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }') + IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'` if /usr/sbin/lsattr -El "$IBM_CPU_ID" | grep ' POWER' >/dev/null 2>&1; then IBM_ARCH=rs6000 else IBM_ARCH=powerpc fi if test -x /usr/bin/lslpp ; then - IBM_REV=$(/usr/bin/lslpp -Lqc bos.rte.libc | - awk -F: '{ print $3 }' | sed s/[0-9]*$/0/) + IBM_REV=`/usr/bin/lslpp -Lqc bos.rte.libc | \ + awk -F: '{ print $3 }' | sed s/[0-9]*$/0/` else - IBM_REV="$UNAME_VERSION.$UNAME_RELEASE" + IBM_REV=$UNAME_VERSION.$UNAME_RELEASE fi - echo "$IBM_ARCH"-ibm-aix"$IBM_REV" - exit ;; + GUESS=$IBM_ARCH-ibm-aix$IBM_REV + ;; *:AIX:*:*) - echo rs6000-ibm-aix - exit ;; + GUESS=rs6000-ibm-aix + ;; ibmrt:4.4BSD:*|romp-ibm:4.4BSD:*) - echo romp-ibm-bsd4.4 - exit ;; + GUESS=romp-ibm-bsd4.4 + ;; ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC BSD and - echo romp-ibm-bsd"$UNAME_RELEASE" # 4.3 with uname added to - exit ;; # report: romp-ibm BSD 4.3 + GUESS=romp-ibm-bsd$UNAME_RELEASE # 4.3 with uname added to + ;; # report: romp-ibm BSD 4.3 *:BOSX:*:*) - echo rs6000-bull-bosx - exit ;; + GUESS=rs6000-bull-bosx + ;; DPX/2?00:B.O.S.:*:*) - echo m68k-bull-sysv3 - exit ;; + GUESS=m68k-bull-sysv3 + ;; 9000/[34]??:4.3bsd:1.*:*) - echo m68k-hp-bsd - exit ;; + GUESS=m68k-hp-bsd + ;; hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*) - echo m68k-hp-bsd4.4 - exit ;; + GUESS=m68k-hp-bsd4.4 + ;; 9000/[34678]??:HP-UX:*:*) - HPUX_REV=$(echo "$UNAME_RELEASE"|sed -e 's/[^.]*.[0B]*//') - case "$UNAME_MACHINE" in + HPUX_REV=`echo "$UNAME_RELEASE" | sed -e 's/[^.]*.[0B]*//'` + case $UNAME_MACHINE in 9000/31?) HP_ARCH=m68000 ;; 9000/[34]??) HP_ARCH=m68k ;; 9000/[678][0-9][0-9]) if test -x /usr/bin/getconf; then - sc_cpu_version=$(/usr/bin/getconf SC_CPU_VERSION 2>/dev/null) - sc_kernel_bits=$(/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null) - case "$sc_cpu_version" in + sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null` + sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null` + case $sc_cpu_version in 523) HP_ARCH=hppa1.0 ;; # CPU_PA_RISC1_0 528) HP_ARCH=hppa1.1 ;; # CPU_PA_RISC1_1 532) # CPU_PA_RISC2_0 - case "$sc_kernel_bits" in + case $sc_kernel_bits in 32) HP_ARCH=hppa2.0n ;; 64) HP_ARCH=hppa2.0w ;; '') HP_ARCH=hppa2.0 ;; # HP-UX 10.20 @@ -714,7 +739,7 @@ EOF exit (0); } EOF - (CCOPTS="" $CC_FOR_BUILD -o "$dummy" "$dummy.c" 2>/dev/null) && HP_ARCH=$("$dummy") + (CCOPTS="" $CC_FOR_BUILD -o "$dummy" "$dummy.c" 2>/dev/null) && HP_ARCH=`"$dummy"` test -z "$HP_ARCH" && HP_ARCH=hppa fi ;; esac @@ -739,12 +764,12 @@ EOF HP_ARCH=hppa64 fi fi - echo "$HP_ARCH"-hp-hpux"$HPUX_REV" - exit ;; + GUESS=$HP_ARCH-hp-hpux$HPUX_REV + ;; ia64:HP-UX:*:*) - HPUX_REV=$(echo "$UNAME_RELEASE"|sed -e 's/[^.]*.[0B]*//') - echo ia64-hp-hpux"$HPUX_REV" - exit ;; + HPUX_REV=`echo "$UNAME_RELEASE" | sed -e 's/[^.]*.[0B]*//'` + GUESS=ia64-hp-hpux$HPUX_REV + ;; 3050*:HI-UX:*:*) set_cc_for_build sed 's/^ //' << EOF > "$dummy.c" @@ -772,38 +797,38 @@ EOF exit (0); } EOF - $CC_FOR_BUILD -o "$dummy" "$dummy.c" && SYSTEM_NAME=$("$dummy") && + $CC_FOR_BUILD -o "$dummy" "$dummy.c" && SYSTEM_NAME=`"$dummy"` && { echo "$SYSTEM_NAME"; exit; } - echo unknown-hitachi-hiuxwe2 - exit ;; + GUESS=unknown-hitachi-hiuxwe2 + ;; 9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:*) - echo hppa1.1-hp-bsd - exit ;; + GUESS=hppa1.1-hp-bsd + ;; 9000/8??:4.3bsd:*:*) - echo hppa1.0-hp-bsd - exit ;; + GUESS=hppa1.0-hp-bsd + ;; *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*) - echo hppa1.0-hp-mpeix - exit ;; + GUESS=hppa1.0-hp-mpeix + ;; hp7??:OSF1:*:* | hp8?[79]:OSF1:*:*) - echo hppa1.1-hp-osf - exit ;; + GUESS=hppa1.1-hp-osf + ;; hp8??:OSF1:*:*) - echo hppa1.0-hp-osf - exit ;; + GUESS=hppa1.0-hp-osf + ;; i*86:OSF1:*:*) if test -x /usr/sbin/sysversion ; then - echo "$UNAME_MACHINE"-unknown-osf1mk + GUESS=$UNAME_MACHINE-unknown-osf1mk else - echo "$UNAME_MACHINE"-unknown-osf1 + GUESS=$UNAME_MACHINE-unknown-osf1 fi - exit ;; + ;; parisc*:Lites*:*:*) - echo hppa1.1-hp-lites - exit ;; + GUESS=hppa1.1-hp-lites + ;; C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*) - echo c1-convex-bsd - exit ;; + GUESS=c1-convex-bsd + ;; C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*) if getsysinfo -f scalar_acc then echo c32-convex-bsd @@ -811,17 +836,18 @@ EOF fi exit ;; C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*) - echo c34-convex-bsd - exit ;; + GUESS=c34-convex-bsd + ;; C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*) - echo c38-convex-bsd - exit ;; + GUESS=c38-convex-bsd + ;; C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*) - echo c4-convex-bsd - exit ;; + GUESS=c4-convex-bsd + ;; CRAY*Y-MP:*:*:*) - echo ymp-cray-unicos"$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/' - exit ;; + CRAY_REL=`echo "$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/'` + GUESS=ymp-cray-unicos$CRAY_REL + ;; CRAY*[A-Z]90:*:*:*) echo "$UNAME_MACHINE"-cray-unicos"$UNAME_RELEASE" \ | sed -e 's/CRAY.*\([A-Z]90\)/\1/' \ @@ -829,114 +855,126 @@ EOF -e 's/\.[^.]*$/.X/' exit ;; CRAY*TS:*:*:*) - echo t90-cray-unicos"$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/' - exit ;; + CRAY_REL=`echo "$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/'` + GUESS=t90-cray-unicos$CRAY_REL + ;; CRAY*T3E:*:*:*) - echo alphaev5-cray-unicosmk"$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/' - exit ;; + CRAY_REL=`echo "$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/'` + GUESS=alphaev5-cray-unicosmk$CRAY_REL + ;; CRAY*SV1:*:*:*) - echo sv1-cray-unicos"$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/' - exit ;; + CRAY_REL=`echo "$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/'` + GUESS=sv1-cray-unicos$CRAY_REL + ;; *:UNICOS/mp:*:*) - echo craynv-cray-unicosmp"$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/' - exit ;; + CRAY_REL=`echo "$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/'` + GUESS=craynv-cray-unicosmp$CRAY_REL + ;; F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*) - FUJITSU_PROC=$(uname -m | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz) - FUJITSU_SYS=$(uname -p | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/\///') - FUJITSU_REL=$(echo "$UNAME_RELEASE" | sed -e 's/ /_/') - echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" - exit ;; + FUJITSU_PROC=`uname -m | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz` + FUJITSU_SYS=`uname -p | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/\///'` + FUJITSU_REL=`echo "$UNAME_RELEASE" | sed -e 's/ /_/'` + GUESS=${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL} + ;; 5000:UNIX_System_V:4.*:*) - FUJITSU_SYS=$(uname -p | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/\///') - FUJITSU_REL=$(echo "$UNAME_RELEASE" | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/ /_/') - echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" - exit ;; + FUJITSU_SYS=`uname -p | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/\///'` + FUJITSU_REL=`echo "$UNAME_RELEASE" | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/ /_/'` + GUESS=sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL} + ;; i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*) - echo "$UNAME_MACHINE"-pc-bsdi"$UNAME_RELEASE" - exit ;; + GUESS=$UNAME_MACHINE-pc-bsdi$UNAME_RELEASE + ;; sparc*:BSD/OS:*:*) - echo sparc-unknown-bsdi"$UNAME_RELEASE" - exit ;; + GUESS=sparc-unknown-bsdi$UNAME_RELEASE + ;; *:BSD/OS:*:*) - echo "$UNAME_MACHINE"-unknown-bsdi"$UNAME_RELEASE" - exit ;; + GUESS=$UNAME_MACHINE-unknown-bsdi$UNAME_RELEASE + ;; arm:FreeBSD:*:*) - UNAME_PROCESSOR=$(uname -p) + UNAME_PROCESSOR=`uname -p` set_cc_for_build if echo __ARM_PCS_VFP | $CC_FOR_BUILD -E - 2>/dev/null \ | grep -q __ARM_PCS_VFP then - echo "${UNAME_PROCESSOR}"-unknown-freebsd"$(echo ${UNAME_RELEASE}|sed -e 's/[-(].*//')"-gnueabi + FREEBSD_REL=`echo "$UNAME_RELEASE" | sed -e 's/[-(].*//'` + GUESS=$UNAME_PROCESSOR-unknown-freebsd$FREEBSD_REL-gnueabi else - echo "${UNAME_PROCESSOR}"-unknown-freebsd"$(echo ${UNAME_RELEASE}|sed -e 's/[-(].*//')"-gnueabihf + FREEBSD_REL=`echo "$UNAME_RELEASE" | sed -e 's/[-(].*//'` + GUESS=$UNAME_PROCESSOR-unknown-freebsd$FREEBSD_REL-gnueabihf fi - exit ;; + ;; *:FreeBSD:*:*) - UNAME_PROCESSOR=$(/usr/bin/uname -p) - case "$UNAME_PROCESSOR" in + UNAME_PROCESSOR=`/usr/bin/uname -p` + case $UNAME_PROCESSOR in amd64) UNAME_PROCESSOR=x86_64 ;; i386) UNAME_PROCESSOR=i586 ;; esac - echo "$UNAME_PROCESSOR"-unknown-freebsd"$(echo "$UNAME_RELEASE"|sed -e 's/[-(].*//')" - exit ;; + FREEBSD_REL=`echo "$UNAME_RELEASE" | sed -e 's/[-(].*//'` + GUESS=$UNAME_PROCESSOR-unknown-freebsd$FREEBSD_REL + ;; i*:CYGWIN*:*) - echo "$UNAME_MACHINE"-pc-cygwin - exit ;; + GUESS=$UNAME_MACHINE-pc-cygwin + ;; *:MINGW64*:*) - echo "$UNAME_MACHINE"-pc-mingw64 - exit ;; + GUESS=$UNAME_MACHINE-pc-mingw64 + ;; *:MINGW*:*) - echo "$UNAME_MACHINE"-pc-mingw32 - exit ;; + GUESS=$UNAME_MACHINE-pc-mingw32 + ;; *:MSYS*:*) - echo "$UNAME_MACHINE"-pc-msys - exit ;; + GUESS=$UNAME_MACHINE-pc-msys + ;; i*:PW*:*) - echo "$UNAME_MACHINE"-pc-pw32 - exit ;; + GUESS=$UNAME_MACHINE-pc-pw32 + ;; *:Interix*:*) - case "$UNAME_MACHINE" in + case $UNAME_MACHINE in x86) - echo i586-pc-interix"$UNAME_RELEASE" - exit ;; + GUESS=i586-pc-interix$UNAME_RELEASE + ;; authenticamd | genuineintel | EM64T) - echo x86_64-unknown-interix"$UNAME_RELEASE" - exit ;; + GUESS=x86_64-unknown-interix$UNAME_RELEASE + ;; IA64) - echo ia64-unknown-interix"$UNAME_RELEASE" - exit ;; + GUESS=ia64-unknown-interix$UNAME_RELEASE + ;; esac ;; i*:UWIN*:*) - echo "$UNAME_MACHINE"-pc-uwin - exit ;; + GUESS=$UNAME_MACHINE-pc-uwin + ;; amd64:CYGWIN*:*:* | x86_64:CYGWIN*:*:*) - echo x86_64-pc-cygwin - exit ;; + GUESS=x86_64-pc-cygwin + ;; prep*:SunOS:5.*:*) - echo powerpcle-unknown-solaris2"$(echo "$UNAME_RELEASE"|sed -e 's/[^.]*//')" - exit ;; + SUN_REL=`echo "$UNAME_RELEASE" | sed -e 's/[^.]*//'` + GUESS=powerpcle-unknown-solaris2$SUN_REL + ;; *:GNU:*:*) # the GNU system - echo "$(echo "$UNAME_MACHINE"|sed -e 's,[-/].*$,,')-unknown-$LIBC$(echo "$UNAME_RELEASE"|sed -e 's,/.*$,,')" - exit ;; + GNU_ARCH=`echo "$UNAME_MACHINE" | sed -e 's,[-/].*$,,'` + GNU_REL=`echo "$UNAME_RELEASE" | sed -e 's,/.*$,,'` + GUESS=$GNU_ARCH-unknown-$LIBC$GNU_REL + ;; *:GNU/*:*:*) # other systems with GNU libc and userland - echo "$UNAME_MACHINE-unknown-$(echo "$UNAME_SYSTEM" | sed 's,^[^/]*/,,' | tr "[:upper:]" "[:lower:]")$(echo "$UNAME_RELEASE"|sed -e 's/[-(].*//')-$LIBC" - exit ;; + GNU_SYS=`echo "$UNAME_SYSTEM" | sed 's,^[^/]*/,,' | tr "[:upper:]" "[:lower:]"` + GNU_REL=`echo "$UNAME_RELEASE" | sed -e 's/[-(].*//'` + GUESS=$UNAME_MACHINE-unknown-$GNU_SYS$GNU_REL-$LIBC + ;; *:Minix:*:*) - echo "$UNAME_MACHINE"-unknown-minix - exit ;; + GUESS=$UNAME_MACHINE-unknown-minix + ;; aarch64:Linux:*:*) - echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" - exit ;; + GUESS=$UNAME_MACHINE-unknown-linux-$LIBC + ;; aarch64_be:Linux:*:*) UNAME_MACHINE=aarch64_be - echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" - exit ;; + GUESS=$UNAME_MACHINE-unknown-linux-$LIBC + ;; alpha:Linux:*:*) - case $(sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' /proc/cpuinfo 2>/dev/null) in + case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' /proc/cpuinfo 2>/dev/null` in EV5) UNAME_MACHINE=alphaev5 ;; EV56) UNAME_MACHINE=alphaev56 ;; PCA56) UNAME_MACHINE=alphapca56 ;; @@ -947,63 +985,63 @@ EOF esac objdump --private-headers /bin/sh | grep -q ld.so.1 if test "$?" = 0 ; then LIBC=gnulibc1 ; fi - echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" - exit ;; - arc:Linux:*:* | arceb:Linux:*:*) - echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" - exit ;; + GUESS=$UNAME_MACHINE-unknown-linux-$LIBC + ;; + arc:Linux:*:* | arceb:Linux:*:* | arc32:Linux:*:* | arc64:Linux:*:*) + GUESS=$UNAME_MACHINE-unknown-linux-$LIBC + ;; arm*:Linux:*:*) set_cc_for_build if echo __ARM_EABI__ | $CC_FOR_BUILD -E - 2>/dev/null \ | grep -q __ARM_EABI__ then - echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + GUESS=$UNAME_MACHINE-unknown-linux-$LIBC else if echo __ARM_PCS_VFP | $CC_FOR_BUILD -E - 2>/dev/null \ | grep -q __ARM_PCS_VFP then - echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"eabi + GUESS=$UNAME_MACHINE-unknown-linux-${LIBC}eabi else - echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"eabihf + GUESS=$UNAME_MACHINE-unknown-linux-${LIBC}eabihf fi fi - exit ;; + ;; avr32*:Linux:*:*) - echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" - exit ;; + GUESS=$UNAME_MACHINE-unknown-linux-$LIBC + ;; cris:Linux:*:*) - echo "$UNAME_MACHINE"-axis-linux-"$LIBC" - exit ;; + GUESS=$UNAME_MACHINE-axis-linux-$LIBC + ;; crisv32:Linux:*:*) - echo "$UNAME_MACHINE"-axis-linux-"$LIBC" - exit ;; + GUESS=$UNAME_MACHINE-axis-linux-$LIBC + ;; e2k:Linux:*:*) - echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" - exit ;; + GUESS=$UNAME_MACHINE-unknown-linux-$LIBC + ;; frv:Linux:*:*) - echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" - exit ;; + GUESS=$UNAME_MACHINE-unknown-linux-$LIBC + ;; hexagon:Linux:*:*) - echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" - exit ;; + GUESS=$UNAME_MACHINE-unknown-linux-$LIBC + ;; i*86:Linux:*:*) - echo "$UNAME_MACHINE"-pc-linux-"$LIBC" - exit ;; + GUESS=$UNAME_MACHINE-pc-linux-$LIBC + ;; ia64:Linux:*:*) - echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" - exit ;; + GUESS=$UNAME_MACHINE-unknown-linux-$LIBC + ;; k1om:Linux:*:*) - echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" - exit ;; + GUESS=$UNAME_MACHINE-unknown-linux-$LIBC + ;; loongarch32:Linux:*:* | loongarch64:Linux:*:* | loongarchx32:Linux:*:*) - echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" - exit ;; + GUESS=$UNAME_MACHINE-unknown-linux-$LIBC + ;; m32r*:Linux:*:*) - echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" - exit ;; + GUESS=$UNAME_MACHINE-unknown-linux-$LIBC + ;; m68*:Linux:*:*) - echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" - exit ;; + GUESS=$UNAME_MACHINE-unknown-linux-$LIBC + ;; mips:Linux:*:* | mips64:Linux:*:*) set_cc_for_build IS_GLIBC=0 @@ -1048,65 +1086,66 @@ EOF #endif #endif EOF - eval "$($CC_FOR_BUILD -E "$dummy.c" 2>/dev/null | grep '^CPU\|^MIPS_ENDIAN\|^LIBCABI')" + cc_set_vars=`$CC_FOR_BUILD -E "$dummy.c" 2>/dev/null | grep '^CPU\|^MIPS_ENDIAN\|^LIBCABI'` + eval "$cc_set_vars" test "x$CPU" != x && { echo "$CPU${MIPS_ENDIAN}-unknown-linux-$LIBCABI"; exit; } ;; mips64el:Linux:*:*) - echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" - exit ;; + GUESS=$UNAME_MACHINE-unknown-linux-$LIBC + ;; openrisc*:Linux:*:*) - echo or1k-unknown-linux-"$LIBC" - exit ;; + GUESS=or1k-unknown-linux-$LIBC + ;; or32:Linux:*:* | or1k*:Linux:*:*) - echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" - exit ;; + GUESS=$UNAME_MACHINE-unknown-linux-$LIBC + ;; padre:Linux:*:*) - echo sparc-unknown-linux-"$LIBC" - exit ;; + GUESS=sparc-unknown-linux-$LIBC + ;; parisc64:Linux:*:* | hppa64:Linux:*:*) - echo hppa64-unknown-linux-"$LIBC" - exit ;; + GUESS=hppa64-unknown-linux-$LIBC + ;; parisc:Linux:*:* | hppa:Linux:*:*) # Look for CPU level - case $(grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2) in - PA7*) echo hppa1.1-unknown-linux-"$LIBC" ;; - PA8*) echo hppa2.0-unknown-linux-"$LIBC" ;; - *) echo hppa-unknown-linux-"$LIBC" ;; + case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in + PA7*) GUESS=hppa1.1-unknown-linux-$LIBC ;; + PA8*) GUESS=hppa2.0-unknown-linux-$LIBC ;; + *) GUESS=hppa-unknown-linux-$LIBC ;; esac - exit ;; + ;; ppc64:Linux:*:*) - echo powerpc64-unknown-linux-"$LIBC" - exit ;; + GUESS=powerpc64-unknown-linux-$LIBC + ;; ppc:Linux:*:*) - echo powerpc-unknown-linux-"$LIBC" - exit ;; + GUESS=powerpc-unknown-linux-$LIBC + ;; ppc64le:Linux:*:*) - echo powerpc64le-unknown-linux-"$LIBC" - exit ;; + GUESS=powerpc64le-unknown-linux-$LIBC + ;; ppcle:Linux:*:*) - echo powerpcle-unknown-linux-"$LIBC" - exit ;; + GUESS=powerpcle-unknown-linux-$LIBC + ;; riscv32:Linux:*:* | riscv32be:Linux:*:* | riscv64:Linux:*:* | riscv64be:Linux:*:*) - echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" - exit ;; + GUESS=$UNAME_MACHINE-unknown-linux-$LIBC + ;; s390:Linux:*:* | s390x:Linux:*:*) - echo "$UNAME_MACHINE"-ibm-linux-"$LIBC" - exit ;; + GUESS=$UNAME_MACHINE-ibm-linux-$LIBC + ;; sh64*:Linux:*:*) - echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" - exit ;; + GUESS=$UNAME_MACHINE-unknown-linux-$LIBC + ;; sh*:Linux:*:*) - echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" - exit ;; + GUESS=$UNAME_MACHINE-unknown-linux-$LIBC + ;; sparc:Linux:*:* | sparc64:Linux:*:*) - echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" - exit ;; + GUESS=$UNAME_MACHINE-unknown-linux-$LIBC + ;; tile*:Linux:*:*) - echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" - exit ;; + GUESS=$UNAME_MACHINE-unknown-linux-$LIBC + ;; vax:Linux:*:*) - echo "$UNAME_MACHINE"-dec-linux-"$LIBC" - exit ;; + GUESS=$UNAME_MACHINE-dec-linux-$LIBC + ;; x86_64:Linux:*:*) set_cc_for_build LIBCABI=$LIBC @@ -1115,71 +1154,71 @@ EOF (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \ grep IS_X32 >/dev/null then - LIBCABI="$LIBC"x32 + LIBCABI=${LIBC}x32 fi fi - echo "$UNAME_MACHINE"-pc-linux-"$LIBCABI" - exit ;; + GUESS=$UNAME_MACHINE-pc-linux-$LIBCABI + ;; xtensa*:Linux:*:*) - echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" - exit ;; + GUESS=$UNAME_MACHINE-unknown-linux-$LIBC + ;; i*86:DYNIX/ptx:4*:*) # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. # earlier versions are messed up and put the nodename in both # sysname and nodename. - echo i386-sequent-sysv4 - exit ;; + GUESS=i386-sequent-sysv4 + ;; i*86:UNIX_SV:4.2MP:2.*) # Unixware is an offshoot of SVR4, but it has its own version # number series starting with 2... # I am not positive that other SVR4 systems won't match this, # I just have to hope. -- rms. # Use sysv4.2uw... so that sysv4* matches it. - echo "$UNAME_MACHINE"-pc-sysv4.2uw"$UNAME_VERSION" - exit ;; + GUESS=$UNAME_MACHINE-pc-sysv4.2uw$UNAME_VERSION + ;; i*86:OS/2:*:*) # If we were able to find `uname', then EMX Unix compatibility # is probably installed. - echo "$UNAME_MACHINE"-pc-os2-emx - exit ;; + GUESS=$UNAME_MACHINE-pc-os2-emx + ;; i*86:XTS-300:*:STOP) - echo "$UNAME_MACHINE"-unknown-stop - exit ;; + GUESS=$UNAME_MACHINE-unknown-stop + ;; i*86:atheos:*:*) - echo "$UNAME_MACHINE"-unknown-atheos - exit ;; + GUESS=$UNAME_MACHINE-unknown-atheos + ;; i*86:syllable:*:*) - echo "$UNAME_MACHINE"-pc-syllable - exit ;; + GUESS=$UNAME_MACHINE-pc-syllable + ;; i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.[02]*:*) - echo i386-unknown-lynxos"$UNAME_RELEASE" - exit ;; + GUESS=i386-unknown-lynxos$UNAME_RELEASE + ;; i*86:*DOS:*:*) - echo "$UNAME_MACHINE"-pc-msdosdjgpp - exit ;; + GUESS=$UNAME_MACHINE-pc-msdosdjgpp + ;; i*86:*:4.*:*) - UNAME_REL=$(echo "$UNAME_RELEASE" | sed 's/\/MP$//') + UNAME_REL=`echo "$UNAME_RELEASE" | sed 's/\/MP$//'` if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then - echo "$UNAME_MACHINE"-univel-sysv"$UNAME_REL" + GUESS=$UNAME_MACHINE-univel-sysv$UNAME_REL else - echo "$UNAME_MACHINE"-pc-sysv"$UNAME_REL" + GUESS=$UNAME_MACHINE-pc-sysv$UNAME_REL fi - exit ;; + ;; i*86:*:5:[678]*) # UnixWare 7.x, OpenUNIX and OpenServer 6. - case $(/bin/uname -X | grep "^Machine") in + case `/bin/uname -X | grep "^Machine"` in *486*) UNAME_MACHINE=i486 ;; *Pentium) UNAME_MACHINE=i586 ;; *Pent*|*Celeron) UNAME_MACHINE=i686 ;; esac - echo "$UNAME_MACHINE-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION}" - exit ;; + GUESS=$UNAME_MACHINE-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION} + ;; i*86:*:3.2:*) if test -f /usr/options/cb.name; then - UNAME_REL=$(sed -n 's/.*Version //p' /dev/null >/dev/null ; then - UNAME_REL=$( (/bin/uname -X|grep Release|sed -e 's/.*= //')) + UNAME_REL=`(/bin/uname -X|grep Release|sed -e 's/.*= //')` (/bin/uname -X|grep i80486 >/dev/null) && UNAME_MACHINE=i486 (/bin/uname -X|grep '^Machine.*Pentium' >/dev/null) \ && UNAME_MACHINE=i586 @@ -1187,11 +1226,11 @@ EOF && UNAME_MACHINE=i686 (/bin/uname -X|grep '^Machine.*Pentium Pro' >/dev/null) \ && UNAME_MACHINE=i686 - echo "$UNAME_MACHINE"-pc-sco"$UNAME_REL" + GUESS=$UNAME_MACHINE-pc-sco$UNAME_REL else - echo "$UNAME_MACHINE"-pc-sysv32 + GUESS=$UNAME_MACHINE-pc-sysv32 fi - exit ;; + ;; pc:*:*:*) # Left here for compatibility: # uname -m prints for DJGPP always 'pc', but it prints nothing about @@ -1199,37 +1238,37 @@ EOF # Note: whatever this is, it MUST be the same as what config.sub # prints for the "djgpp" host, or else GDB configure will decide that # this is a cross-build. - echo i586-pc-msdosdjgpp - exit ;; + GUESS=i586-pc-msdosdjgpp + ;; Intel:Mach:3*:*) - echo i386-pc-mach3 - exit ;; + GUESS=i386-pc-mach3 + ;; paragon:*:*:*) - echo i860-intel-osf1 - exit ;; + GUESS=i860-intel-osf1 + ;; i860:*:4.*:*) # i860-SVR4 if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then - echo i860-stardent-sysv"$UNAME_RELEASE" # Stardent Vistra i860-SVR4 + GUESS=i860-stardent-sysv$UNAME_RELEASE # Stardent Vistra i860-SVR4 else # Add other i860-SVR4 vendors below as they are discovered. - echo i860-unknown-sysv"$UNAME_RELEASE" # Unknown i860-SVR4 + GUESS=i860-unknown-sysv$UNAME_RELEASE # Unknown i860-SVR4 fi - exit ;; + ;; mini*:CTIX:SYS*5:*) # "miniframe" - echo m68010-convergent-sysv - exit ;; + GUESS=m68010-convergent-sysv + ;; mc68k:UNIX:SYSTEM5:3.51m) - echo m68k-convergent-sysv - exit ;; + GUESS=m68k-convergent-sysv + ;; M680?0:D-NIX:5.3:*) - echo m68k-diab-dnix - exit ;; + GUESS=m68k-diab-dnix + ;; M68*:*:R3V[5678]*:*) test -r /sysV68 && { echo 'm68k-motorola-sysv'; exit; } ;; 3[345]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0 | S7501*:*:4.0:3.0) OS_REL='' test -r /etc/.relid \ - && OS_REL=.$(sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid) + && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ && { echo i486-ncr-sysv4.3"$OS_REL"; exit; } /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ @@ -1240,7 +1279,7 @@ EOF NCR*:*:4.2:* | MPRAS*:*:4.2:*) OS_REL='.3' test -r /etc/.relid \ - && OS_REL=.$(sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid) + && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ && { echo i486-ncr-sysv4.3"$OS_REL"; exit; } /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ @@ -1248,118 +1287,118 @@ EOF /bin/uname -p 2>/dev/null | /bin/grep pteron >/dev/null \ && { echo i586-ncr-sysv4.3"$OS_REL"; exit; } ;; m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*) - echo m68k-unknown-lynxos"$UNAME_RELEASE" - exit ;; + GUESS=m68k-unknown-lynxos$UNAME_RELEASE + ;; mc68030:UNIX_System_V:4.*:*) - echo m68k-atari-sysv4 - exit ;; + GUESS=m68k-atari-sysv4 + ;; TSUNAMI:LynxOS:2.*:*) - echo sparc-unknown-lynxos"$UNAME_RELEASE" - exit ;; + GUESS=sparc-unknown-lynxos$UNAME_RELEASE + ;; rs6000:LynxOS:2.*:*) - echo rs6000-unknown-lynxos"$UNAME_RELEASE" - exit ;; + GUESS=rs6000-unknown-lynxos$UNAME_RELEASE + ;; PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.[02]*:*) - echo powerpc-unknown-lynxos"$UNAME_RELEASE" - exit ;; + GUESS=powerpc-unknown-lynxos$UNAME_RELEASE + ;; SM[BE]S:UNIX_SV:*:*) - echo mips-dde-sysv"$UNAME_RELEASE" - exit ;; + GUESS=mips-dde-sysv$UNAME_RELEASE + ;; RM*:ReliantUNIX-*:*:*) - echo mips-sni-sysv4 - exit ;; + GUESS=mips-sni-sysv4 + ;; RM*:SINIX-*:*:*) - echo mips-sni-sysv4 - exit ;; + GUESS=mips-sni-sysv4 + ;; *:SINIX-*:*:*) if uname -p 2>/dev/null >/dev/null ; then - UNAME_MACHINE=$( (uname -p) 2>/dev/null) - echo "$UNAME_MACHINE"-sni-sysv4 + UNAME_MACHINE=`(uname -p) 2>/dev/null` + GUESS=$UNAME_MACHINE-sni-sysv4 else - echo ns32k-sni-sysv + GUESS=ns32k-sni-sysv fi - exit ;; + ;; PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort # says - echo i586-unisys-sysv4 - exit ;; + GUESS=i586-unisys-sysv4 + ;; *:UNIX_System_V:4*:FTX*) # From Gerald Hewes . # How about differentiating between stratus architectures? -djm - echo hppa1.1-stratus-sysv4 - exit ;; + GUESS=hppa1.1-stratus-sysv4 + ;; *:*:*:FTX*) # From seanf@swdc.stratus.com. - echo i860-stratus-sysv4 - exit ;; + GUESS=i860-stratus-sysv4 + ;; i*86:VOS:*:*) # From Paul.Green@stratus.com. - echo "$UNAME_MACHINE"-stratus-vos - exit ;; + GUESS=$UNAME_MACHINE-stratus-vos + ;; *:VOS:*:*) # From Paul.Green@stratus.com. - echo hppa1.1-stratus-vos - exit ;; + GUESS=hppa1.1-stratus-vos + ;; mc68*:A/UX:*:*) - echo m68k-apple-aux"$UNAME_RELEASE" - exit ;; + GUESS=m68k-apple-aux$UNAME_RELEASE + ;; news*:NEWS-OS:6*:*) - echo mips-sony-newsos6 - exit ;; + GUESS=mips-sony-newsos6 + ;; R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*) if test -d /usr/nec; then - echo mips-nec-sysv"$UNAME_RELEASE" + GUESS=mips-nec-sysv$UNAME_RELEASE else - echo mips-unknown-sysv"$UNAME_RELEASE" + GUESS=mips-unknown-sysv$UNAME_RELEASE fi - exit ;; + ;; BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only. - echo powerpc-be-beos - exit ;; + GUESS=powerpc-be-beos + ;; BeMac:BeOS:*:*) # BeOS running on Mac or Mac clone, PPC only. - echo powerpc-apple-beos - exit ;; + GUESS=powerpc-apple-beos + ;; BePC:BeOS:*:*) # BeOS running on Intel PC compatible. - echo i586-pc-beos - exit ;; + GUESS=i586-pc-beos + ;; BePC:Haiku:*:*) # Haiku running on Intel PC compatible. - echo i586-pc-haiku - exit ;; + GUESS=i586-pc-haiku + ;; x86_64:Haiku:*:*) - echo x86_64-unknown-haiku - exit ;; + GUESS=x86_64-unknown-haiku + ;; SX-4:SUPER-UX:*:*) - echo sx4-nec-superux"$UNAME_RELEASE" - exit ;; + GUESS=sx4-nec-superux$UNAME_RELEASE + ;; SX-5:SUPER-UX:*:*) - echo sx5-nec-superux"$UNAME_RELEASE" - exit ;; + GUESS=sx5-nec-superux$UNAME_RELEASE + ;; SX-6:SUPER-UX:*:*) - echo sx6-nec-superux"$UNAME_RELEASE" - exit ;; + GUESS=sx6-nec-superux$UNAME_RELEASE + ;; SX-7:SUPER-UX:*:*) - echo sx7-nec-superux"$UNAME_RELEASE" - exit ;; + GUESS=sx7-nec-superux$UNAME_RELEASE + ;; SX-8:SUPER-UX:*:*) - echo sx8-nec-superux"$UNAME_RELEASE" - exit ;; + GUESS=sx8-nec-superux$UNAME_RELEASE + ;; SX-8R:SUPER-UX:*:*) - echo sx8r-nec-superux"$UNAME_RELEASE" - exit ;; + GUESS=sx8r-nec-superux$UNAME_RELEASE + ;; SX-ACE:SUPER-UX:*:*) - echo sxace-nec-superux"$UNAME_RELEASE" - exit ;; + GUESS=sxace-nec-superux$UNAME_RELEASE + ;; Power*:Rhapsody:*:*) - echo powerpc-apple-rhapsody"$UNAME_RELEASE" - exit ;; + GUESS=powerpc-apple-rhapsody$UNAME_RELEASE + ;; *:Rhapsody:*:*) - echo "$UNAME_MACHINE"-apple-rhapsody"$UNAME_RELEASE" - exit ;; + GUESS=$UNAME_MACHINE-apple-rhapsody$UNAME_RELEASE + ;; arm64:Darwin:*:*) - echo aarch64-apple-darwin"$UNAME_RELEASE" - exit ;; + GUESS=aarch64-apple-darwin$UNAME_RELEASE + ;; *:Darwin:*:*) - UNAME_PROCESSOR=$(uname -p) + UNAME_PROCESSOR=`uname -p` case $UNAME_PROCESSOR in unknown) UNAME_PROCESSOR=powerpc ;; esac @@ -1393,109 +1432,116 @@ EOF # uname -m returns i386 or x86_64 UNAME_PROCESSOR=$UNAME_MACHINE fi - echo "$UNAME_PROCESSOR"-apple-darwin"$UNAME_RELEASE" - exit ;; + GUESS=$UNAME_PROCESSOR-apple-darwin$UNAME_RELEASE + ;; *:procnto*:*:* | *:QNX:[0123456789]*:*) - UNAME_PROCESSOR=$(uname -p) + UNAME_PROCESSOR=`uname -p` if test "$UNAME_PROCESSOR" = x86; then UNAME_PROCESSOR=i386 UNAME_MACHINE=pc fi - echo "$UNAME_PROCESSOR"-"$UNAME_MACHINE"-nto-qnx"$UNAME_RELEASE" - exit ;; + GUESS=$UNAME_PROCESSOR-$UNAME_MACHINE-nto-qnx$UNAME_RELEASE + ;; *:QNX:*:4*) - echo i386-pc-qnx - exit ;; + GUESS=i386-pc-qnx + ;; NEO-*:NONSTOP_KERNEL:*:*) - echo neo-tandem-nsk"$UNAME_RELEASE" - exit ;; + GUESS=neo-tandem-nsk$UNAME_RELEASE + ;; NSE-*:NONSTOP_KERNEL:*:*) - echo nse-tandem-nsk"$UNAME_RELEASE" - exit ;; + GUESS=nse-tandem-nsk$UNAME_RELEASE + ;; NSR-*:NONSTOP_KERNEL:*:*) - echo nsr-tandem-nsk"$UNAME_RELEASE" - exit ;; + GUESS=nsr-tandem-nsk$UNAME_RELEASE + ;; NSV-*:NONSTOP_KERNEL:*:*) - echo nsv-tandem-nsk"$UNAME_RELEASE" - exit ;; + GUESS=nsv-tandem-nsk$UNAME_RELEASE + ;; NSX-*:NONSTOP_KERNEL:*:*) - echo nsx-tandem-nsk"$UNAME_RELEASE" - exit ;; + GUESS=nsx-tandem-nsk$UNAME_RELEASE + ;; *:NonStop-UX:*:*) - echo mips-compaq-nonstopux - exit ;; + GUESS=mips-compaq-nonstopux + ;; BS2000:POSIX*:*:*) - echo bs2000-siemens-sysv - exit ;; + GUESS=bs2000-siemens-sysv + ;; DS/*:UNIX_System_V:*:*) - echo "$UNAME_MACHINE"-"$UNAME_SYSTEM"-"$UNAME_RELEASE" - exit ;; + GUESS=$UNAME_MACHINE-$UNAME_SYSTEM-$UNAME_RELEASE + ;; *:Plan9:*:*) # "uname -m" is not consistent, so use $cputype instead. 386 # is converted to i386 for consistency with other x86 # operating systems. - # shellcheck disable=SC2154 - if test "$cputype" = 386; then + if test "${cputype-}" = 386; then UNAME_MACHINE=i386 - else - UNAME_MACHINE="$cputype" + elif test "x${cputype-}" != x; then + UNAME_MACHINE=$cputype fi - echo "$UNAME_MACHINE"-unknown-plan9 - exit ;; + GUESS=$UNAME_MACHINE-unknown-plan9 + ;; *:TOPS-10:*:*) - echo pdp10-unknown-tops10 - exit ;; + GUESS=pdp10-unknown-tops10 + ;; *:TENEX:*:*) - echo pdp10-unknown-tenex - exit ;; + GUESS=pdp10-unknown-tenex + ;; KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*) - echo pdp10-dec-tops20 - exit ;; + GUESS=pdp10-dec-tops20 + ;; XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*) - echo pdp10-xkl-tops20 - exit ;; + GUESS=pdp10-xkl-tops20 + ;; *:TOPS-20:*:*) - echo pdp10-unknown-tops20 - exit ;; + GUESS=pdp10-unknown-tops20 + ;; *:ITS:*:*) - echo pdp10-unknown-its - exit ;; + GUESS=pdp10-unknown-its + ;; SEI:*:*:SEIUX) - echo mips-sei-seiux"$UNAME_RELEASE" - exit ;; + GUESS=mips-sei-seiux$UNAME_RELEASE + ;; *:DragonFly:*:*) - echo "$UNAME_MACHINE"-unknown-dragonfly"$(echo "$UNAME_RELEASE"|sed -e 's/[-(].*//')" - exit ;; + DRAGONFLY_REL=`echo "$UNAME_RELEASE" | sed -e 's/[-(].*//'` + GUESS=$UNAME_MACHINE-unknown-dragonfly$DRAGONFLY_REL + ;; *:*VMS:*:*) - UNAME_MACHINE=$( (uname -p) 2>/dev/null) - case "$UNAME_MACHINE" in - A*) echo alpha-dec-vms ; exit ;; - I*) echo ia64-dec-vms ; exit ;; - V*) echo vax-dec-vms ; exit ;; + UNAME_MACHINE=`(uname -p) 2>/dev/null` + case $UNAME_MACHINE in + A*) GUESS=alpha-dec-vms ;; + I*) GUESS=ia64-dec-vms ;; + V*) GUESS=vax-dec-vms ;; esac ;; *:XENIX:*:SysV) - echo i386-pc-xenix - exit ;; + GUESS=i386-pc-xenix + ;; i*86:skyos:*:*) - echo "$UNAME_MACHINE"-pc-skyos"$(echo "$UNAME_RELEASE" | sed -e 's/ .*$//')" - exit ;; + SKYOS_REL=`echo "$UNAME_RELEASE" | sed -e 's/ .*$//'` + GUESS=$UNAME_MACHINE-pc-skyos$SKYOS_REL + ;; i*86:rdos:*:*) - echo "$UNAME_MACHINE"-pc-rdos - exit ;; + GUESS=$UNAME_MACHINE-pc-rdos + ;; *:AROS:*:*) - echo "$UNAME_MACHINE"-unknown-aros - exit ;; + GUESS=$UNAME_MACHINE-unknown-aros + ;; x86_64:VMkernel:*:*) - echo "$UNAME_MACHINE"-unknown-esx - exit ;; + GUESS=$UNAME_MACHINE-unknown-esx + ;; amd64:Isilon\ OneFS:*:*) - echo x86_64-unknown-onefs - exit ;; + GUESS=x86_64-unknown-onefs + ;; *:Unleashed:*:*) - echo "$UNAME_MACHINE"-unknown-unleashed"$UNAME_RELEASE" - exit ;; + GUESS=$UNAME_MACHINE-unknown-unleashed$UNAME_RELEASE + ;; esac +# Do we have a guess based on uname results? +if test "x$GUESS" != x; then + echo "$GUESS" + exit +fi + # No uname command or uname output not recognized. set_cc_for_build cat > "$dummy.c" </dev/null); + version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`; if (version < 4) printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version); else @@ -1627,7 +1673,7 @@ main () } EOF -$CC_FOR_BUILD -o "$dummy" "$dummy.c" 2>/dev/null && SYSTEM_NAME=$($dummy) && +$CC_FOR_BUILD -o "$dummy" "$dummy.c" 2>/dev/null && SYSTEM_NAME=`"$dummy"` && { echo "$SYSTEM_NAME"; exit; } # Apollos put the system type in the environment. @@ -1635,7 +1681,7 @@ test -d /usr/apollo && { echo "$ISP-apollo-$SYSTYPE"; exit; } echo "$0: unable to guess system type" >&2 -case "$UNAME_MACHINE:$UNAME_SYSTEM" in +case $UNAME_MACHINE:$UNAME_SYSTEM in mips:Linux | mips64:Linux) # If we got here on MIPS GNU/Linux, output extra information. cat >&2 <&2 </dev/null || echo unknown) -uname -r = $( (uname -r) 2>/dev/null || echo unknown) -uname -s = $( (uname -s) 2>/dev/null || echo unknown) -uname -v = $( (uname -v) 2>/dev/null || echo unknown) +uname -m = `(uname -m) 2>/dev/null || echo unknown` +uname -r = `(uname -r) 2>/dev/null || echo unknown` +uname -s = `(uname -s) 2>/dev/null || echo unknown` +uname -v = `(uname -v) 2>/dev/null || echo unknown` -/usr/bin/uname -p = $( (/usr/bin/uname -p) 2>/dev/null) -/bin/uname -X = $( (/bin/uname -X) 2>/dev/null) +/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null` +/bin/uname -X = `(/bin/uname -X) 2>/dev/null` -hostinfo = $( (hostinfo) 2>/dev/null) -/bin/universe = $( (/bin/universe) 2>/dev/null) -/usr/bin/arch -k = $( (/usr/bin/arch -k) 2>/dev/null) -/bin/arch = $( (/bin/arch) 2>/dev/null) -/usr/bin/oslevel = $( (/usr/bin/oslevel) 2>/dev/null) -/usr/convex/getsysinfo = $( (/usr/convex/getsysinfo) 2>/dev/null) +hostinfo = `(hostinfo) 2>/dev/null` +/bin/universe = `(/bin/universe) 2>/dev/null` +/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null` +/bin/arch = `(/bin/arch) 2>/dev/null` +/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null` +/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null` UNAME_MACHINE = "$UNAME_MACHINE" UNAME_RELEASE = "$UNAME_RELEASE" diff --git a/config.h.in b/config.h.in index 103ad9f0068c..ea6afa4802ee 100644 --- a/config.h.in +++ b/config.h.in @@ -28,6 +28,9 @@ /* Whether daemon is deprecated */ #undef DEPRECATED_DAEMON +/* Deprecate RSA 1024 bit length, makes that an unsupported key */ +#undef DEPRECATE_RSA_1024 + /* Define this to enable kernel based UDP source port randomization. */ #undef DISABLE_EXPLICIT_PORT_RANDOMISATION @@ -426,6 +429,9 @@ /* Define to 1 if you have the `OPENSSL_init_ssl' function. */ #undef HAVE_OPENSSL_INIT_SSL +/* Define to 1 if you have the header file. */ +#undef HAVE_OPENSSL_PARAM_BUILD_H + /* Define to 1 if you have the header file. */ #undef HAVE_OPENSSL_RAND_H @@ -435,6 +441,9 @@ /* Define to 1 if you have the header file. */ #undef HAVE_OPENSSL_SSL_H +/* Define to 1 if you have the `OSSL_PARAM_BLD_new' function. */ +#undef HAVE_OSSL_PARAM_BLD_NEW + /* Define if you have POSIX threads libraries and header files. */ #undef HAVE_PTHREAD @@ -516,6 +525,9 @@ /* Define if you have the SSL libraries installed. */ #undef HAVE_SSL +/* Define to 1 if you have the `SSL_CTX_set_alpn_protos' function. */ +#undef HAVE_SSL_CTX_SET_ALPN_PROTOS + /* Define to 1 if you have the `SSL_CTX_set_alpn_select_cb' function. */ #undef HAVE_SSL_CTX_SET_ALPN_SELECT_CB @@ -529,9 +541,15 @@ function. */ #undef HAVE_SSL_CTX_SET_TLSEXT_TICKET_KEY_EVP_CB +/* Define to 1 if you have the `SSL_get0_alpn_selected' function. */ +#undef HAVE_SSL_GET0_ALPN_SELECTED + /* Define to 1 if you have the `SSL_get0_peername' function. */ #undef HAVE_SSL_GET0_PEERNAME +/* Define to 1 if you have the `SSL_get1_peer_certificate' function. */ +#undef HAVE_SSL_GET1_PEER_CERTIFICATE + /* Define to 1 if you have the `SSL_set1_host' function. */ #undef HAVE_SSL_SET1_HOST @@ -847,6 +865,14 @@ /* Define if you enable libevent */ #undef USE_LIBEVENT +/* Define this to enable use of /proc/sys/net/ipv4/ip_local_port_range as a + default outgoing port range. This is only for the libunbound on Linux and + does not affect unbound resolving daemon itself. This may severely limit + the number of available outgoing ports and thus decrease randomness. Define + this only when the target system restricts (e.g. some of SELinux enabled + distributions) the use of non-ephemeral ports. */ +#undef USE_LINUX_IP_LOCAL_PORT_RANGE + /* Define if you want to use internal select based events */ #undef USE_MINI_EVENT diff --git a/config.sub b/config.sub index 63c1f1c8b5e2..d80c5d759e48 100755 --- a/config.sub +++ b/config.sub @@ -2,7 +2,9 @@ # Configuration validation subroutine script. # Copyright 1992-2021 Free Software Foundation, Inc. -timestamp='2021-01-08' +# shellcheck disable=SC2006,SC2268 # see below for rationale + +timestamp='2021-07-03' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by @@ -50,7 +52,14 @@ timestamp='2021-01-08' # CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM # It is wrong to echo any other type of specification. -me=$(echo "$0" | sed -e 's,.*/,,') +# The "shellcheck disable" line above the timestamp inhibits complaints +# about features and limitations of the classic Bourne shell that were +# superseded or lifted in POSIX. However, this script identifies a wide +# variety of pre-POSIX systems that do not have POSIX shells at all, and +# even some reasonably current systems (Solaris 10 as case-in-point) still +# have a pre-POSIX /bin/sh. + +me=`echo "$0" | sed -e 's,.*/,,'` usage="\ Usage: $0 [OPTION] CPU-MFR-OPSYS or ALIAS @@ -769,22 +778,22 @@ case $basic_machine in vendor=hp ;; i*86v32) - cpu=$(echo "$1" | sed -e 's/86.*/86/') + cpu=`echo "$1" | sed -e 's/86.*/86/'` vendor=pc basic_os=sysv32 ;; i*86v4*) - cpu=$(echo "$1" | sed -e 's/86.*/86/') + cpu=`echo "$1" | sed -e 's/86.*/86/'` vendor=pc basic_os=sysv4 ;; i*86v) - cpu=$(echo "$1" | sed -e 's/86.*/86/') + cpu=`echo "$1" | sed -e 's/86.*/86/'` vendor=pc basic_os=sysv ;; i*86sol2) - cpu=$(echo "$1" | sed -e 's/86.*/86/') + cpu=`echo "$1" | sed -e 's/86.*/86/'` vendor=pc basic_os=solaris2 ;; @@ -917,7 +926,7 @@ case $basic_machine in ;; leon-*|leon[3-9]-*) cpu=sparc - vendor=$(echo "$basic_machine" | sed 's/-.*//') + vendor=`echo "$basic_machine" | sed 's/-.*//'` ;; *-*) @@ -1084,7 +1093,7 @@ case $cpu-$vendor in cpu=mipsisa64sb1el ;; sh5e[lb]-*) - cpu=$(echo "$cpu" | sed 's/^\(sh.\)e\(.\)$/\1\2e/') + cpu=`echo "$cpu" | sed 's/^\(sh.\)e\(.\)$/\1\2e/'` ;; spur-*) cpu=spur @@ -1102,7 +1111,7 @@ case $cpu-$vendor in cpu=x86_64 ;; xscale-* | xscalee[bl]-*) - cpu=$(echo "$cpu" | sed 's/^xscale/arm/') + cpu=`echo "$cpu" | sed 's/^xscale/arm/'` ;; arm64-*) cpu=aarch64 @@ -1165,7 +1174,7 @@ case $cpu-$vendor in | alphapca5[67] | alpha64pca5[67] \ | am33_2.0 \ | amdgcn \ - | arc | arceb \ + | arc | arceb | arc32 | arc64 \ | arm | arm[lb]e | arme[lb] | armv* \ | avr | avr32 \ | asmjs \ @@ -1204,9 +1213,13 @@ case $cpu-$vendor in | mips64vr5900 | mips64vr5900el \ | mipsisa32 | mipsisa32el \ | mipsisa32r2 | mipsisa32r2el \ + | mipsisa32r3 | mipsisa32r3el \ + | mipsisa32r5 | mipsisa32r5el \ | mipsisa32r6 | mipsisa32r6el \ | mipsisa64 | mipsisa64el \ | mipsisa64r2 | mipsisa64r2el \ + | mipsisa64r3 | mipsisa64r3el \ + | mipsisa64r5 | mipsisa64r5el \ | mipsisa64r6 | mipsisa64r6el \ | mipsisa64sb1 | mipsisa64sb1el \ | mipsisa64sr71k | mipsisa64sr71kel \ @@ -1288,15 +1301,15 @@ then case $basic_os in gnu/linux*) kernel=linux - os=$(echo $basic_os | sed -e 's|gnu/linux|gnu|') + os=`echo "$basic_os" | sed -e 's|gnu/linux|gnu|'` ;; os2-emx) kernel=os2 - os=$(echo $basic_os | sed -e 's|os2-emx|emx|') + os=`echo "$basic_os" | sed -e 's|os2-emx|emx|'` ;; nto-qnx*) kernel=nto - os=$(echo $basic_os | sed -e 's|nto-qnx|qnx|') + os=`echo "$basic_os" | sed -e 's|nto-qnx|qnx|'` ;; *-*) # shellcheck disable=SC2162 @@ -1307,11 +1320,11 @@ EOF # Default OS when just kernel was specified nto*) kernel=nto - os=$(echo $basic_os | sed -e 's|nto|qnx|') + os=`echo "$basic_os" | sed -e 's|nto|qnx|'` ;; linux*) kernel=linux - os=$(echo $basic_os | sed -e 's|linux|gnu|') + os=`echo "$basic_os" | sed -e 's|linux|gnu|'` ;; *) kernel= @@ -1332,7 +1345,7 @@ case $os in os=cnk ;; solaris1 | solaris1.*) - os=$(echo $os | sed -e 's|solaris1|sunos4|') + os=`echo "$os" | sed -e 's|solaris1|sunos4|'` ;; solaris) os=solaris2 @@ -1361,7 +1374,7 @@ case $os in os=sco3.2v4 ;; sco3.2.[4-9]*) - os=$(echo $os | sed -e 's/sco3.2./sco3.2v/') + os=`echo "$os" | sed -e 's/sco3.2./sco3.2v/'` ;; sco*v* | scout) # Don't match below @@ -1391,7 +1404,7 @@ case $os in os=lynxos ;; mac[0-9]*) - os=$(echo "$os" | sed -e 's|mac|macos|') + os=`echo "$os" | sed -e 's|mac|macos|'` ;; opened*) os=openedition @@ -1400,10 +1413,10 @@ case $os in os=os400 ;; sunos5*) - os=$(echo "$os" | sed -e 's|sunos5|solaris2|') + os=`echo "$os" | sed -e 's|sunos5|solaris2|'` ;; sunos6*) - os=$(echo "$os" | sed -e 's|sunos6|solaris3|') + os=`echo "$os" | sed -e 's|sunos6|solaris3|'` ;; wince*) os=wince @@ -1437,7 +1450,7 @@ case $os in ;; # Preserve the version number of sinix5. sinix5.*) - os=$(echo $os | sed -e 's|sinix|sysv|') + os=`echo "$os" | sed -e 's|sinix|sysv|'` ;; sinix*) os=sysv4 @@ -1707,12 +1720,12 @@ case $os in | nindy* | vxsim* | vxworks* | ebmon* | hms* | mvs* \ | clix* | riscos* | uniplus* | iris* | isc* | rtu* | xenix* \ | mirbsd* | netbsd* | dicos* | openedition* | ose* \ - | bitrig* | openbsd* | solidbsd* | libertybsd* | os108* \ + | bitrig* | openbsd* | secbsd* | solidbsd* | libertybsd* | os108* \ | ekkobsd* | freebsd* | riscix* | lynxos* | os400* \ | bosx* | nextstep* | cxux* | aout* | elf* | oabi* \ | ptx* | coff* | ecoff* | winnt* | domain* | vsta* \ | udi* | lites* | ieee* | go32* | aux* | hcos* \ - | chorusrdb* | cegcc* | glidix* \ + | chorusrdb* | cegcc* | glidix* | serenity* \ | cygwin* | msys* | pe* | moss* | proelf* | rtems* \ | midipix* | mingw32* | mingw64* | mint* \ | uxpv* | beos* | mpeix* | udk* | moxiebox* \ diff --git a/configure b/configure index c91e8a3a656e..346fd5e5b076 100755 --- a/configure +++ b/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for unbound 1.13.1. +# Generated by GNU Autoconf 2.69 for unbound 1.13.2. # # Report bugs to . # @@ -591,8 +591,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='unbound' PACKAGE_TARNAME='unbound' -PACKAGE_VERSION='1.13.1' -PACKAGE_STRING='unbound 1.13.1' +PACKAGE_VERSION='1.13.2' +PACKAGE_STRING='unbound 1.13.2' PACKAGE_BUGREPORT='unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues' PACKAGE_URL='' @@ -643,6 +643,8 @@ IPSET_OBJ IPSET_SRC IPSECMOD_HEADER IPSECMOD_OBJ +CACHEDB_OBJ +CACHEDB_SRC DNSCRYPT_OBJ DNSCRYPT_SRC ENABLE_DNSCRYPT @@ -875,6 +877,7 @@ enable_subnet enable_gost enable_ecdsa enable_dsa +with_deprecate_rsa_1024 enable_ed25519 enable_ed448 enable_event_api @@ -898,6 +901,7 @@ enable_ipsecmod enable_ipset with_libmnl enable_explicit_port_randomisation +enable_linux_ip_local_port_range with_libunbound_only ' ac_precious_vars='build_alias @@ -1460,7 +1464,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures unbound 1.13.1 to adapt to many kinds of systems. +\`configure' configures unbound 1.13.2 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1525,7 +1529,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of unbound 1.13.1:";; + short | recursive ) echo "Configuration of unbound 1.13.2:";; esac cat <<\_ACEOF @@ -1590,6 +1594,16 @@ Optional Features: --disable-explicit-port-randomisation disable explicit source port randomisation and rely on the kernel to provide random source ports + --enable-linux-ip-local-port-range + Define this to enable use of + /proc/sys/net/ipv4/ip_local_port_range as a default + outgoing port range. This is only for the libunbound + on Linux and does not affect unbound resolving + daemon itself. This may severely limit the number of + available outgoing ports and thus decrease + randomness. Define this only when the target system + restricts (e.g. some of SELinux enabled + distributions) the use of non-ephemeral ports. Optional Packages: --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] @@ -1637,6 +1651,10 @@ Optional Packages: /usr/ssl /usr/pkg /usr/local /opt/local /usr/sfw /usr) --with-libbsd Use portable libbsd functions + --with-deprecate-rsa-1024 + Deprecate RSA 1024 bit length, makes that an + unsupported key, for use when OpenSSL FIPS refuses + 1024 bit verification --with-libevent=pathname use libevent (will check /usr/local /opt/local /usr/lib /usr/pkg /usr/sfw /usr or you can specify @@ -1753,7 +1771,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -unbound configure 1.13.1 +unbound configure 1.13.2 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2462,7 +2480,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by unbound $as_me 1.13.1, which was +It was created by unbound $as_me 1.13.2, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -2814,11 +2832,11 @@ UNBOUND_VERSION_MAJOR=1 UNBOUND_VERSION_MINOR=13 -UNBOUND_VERSION_MICRO=1 +UNBOUND_VERSION_MICRO=2 LIBUNBOUND_CURRENT=9 -LIBUNBOUND_REVISION=12 +LIBUNBOUND_REVISION=13 LIBUNBOUND_AGE=1 # 1.0.0 had 0:12:0 # 1.0.1 had 0:13:0 @@ -2898,6 +2916,7 @@ LIBUNBOUND_AGE=1 # 1.12.0 had 9:10:1 # 1.13.0 had 9:11:1 # 1.13.1 had 9:12:1 +# 1.13.2 had 9:13:1 # Current -- the number of the binary API that we're implementing # Revision -- which iteration of the implementation of the binary @@ -4196,9 +4215,9 @@ case "$exec_prefix" in esac # are we on MinGW? -if uname -s 2>&1 | grep MINGW32 >/dev/null; then on_mingw="yes" +if uname -s 2>&1 | grep MINGW >/dev/null; then on_mingw="yes" else - if echo $host $target | grep mingw32 >/dev/null; then on_mingw="yes" + if echo $host | grep mingw >/dev/null; then on_mingw="yes" else on_mingw="no"; fi fi @@ -14608,6 +14627,8 @@ CC=$lt_save_CC +# pkg-config is only needed for these options, do not require it otherwise +if test "$enable_systemd" = "yes" -o "$with_pyunbound" = "yes" -o "$with_pythonmod" = "yes"; then @@ -14728,6 +14749,7 @@ $as_echo "no" >&6; } PKG_CONFIG="" fi fi +fi # Checks for header files. for ac_header in stdarg.h stdbool.h netinet/in.h netinet/tcp.h sys/param.h sys/select.h sys/socket.h sys/un.h sys/uio.h sys/resource.h arpa/inet.h syslog.h netdb.h sys/wait.h pwd.h glob.h grp.h login_cap.h winsock2.h ws2tcpip.h endian.h sys/endian.h libkern/OSByteOrder.h sys/ipc.h sys/shm.h ifaddrs.h @@ -14776,7 +14798,8 @@ done # Check for Apple header. This uncovers TARGET_OS_IPHONE, TARGET_OS_TV or TARGET_OS_WATCH for ac_header in TargetConditionals.h do : - ac_fn_c_check_header_mongrel "$LINENO" "TargetConditionals.h" "ac_cv_header_TargetConditionals_h" "$ac_includes_default" + ac_fn_c_check_header_compile "$LINENO" "TargetConditionals.h" "ac_cv_header_TargetConditionals_h" "$ac_includes_default +" if test "x$ac_cv_header_TargetConditionals_h" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_TARGETCONDITIONALS_H 1 @@ -15918,7 +15941,7 @@ fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking if nonblocking sockets work" >&5 $as_echo_n "checking if nonblocking sockets work... " >&6; } -if echo $target | grep mingw32 >/dev/null; then +if echo $host | grep mingw >/dev/null; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: no (windows)" >&5 $as_echo "no (windows)" >&6; } @@ -16186,7 +16209,10 @@ done # check if we can use SO_REUSEPORT -if echo "$host" | $GREP -i -e linux -e dragonfly >/dev/null; then +reuseport_default=0 +if echo "$host" | $GREP -i -e linux >/dev/null; then reuseport_default=1; fi +if echo "$host" | $GREP -i -e dragonfly >/dev/null; then reuseport_default=1; fi +if test "$reuseport_default" = 1; then $as_echo "#define REUSEPORT_DEFAULT 1" >>confdefs.h @@ -17993,8 +18019,19 @@ _ACEOF $as_echo "found in $ssldir" >&6; } HAVE_SSL=yes if test "$ssldir" != "/usr" -a "$ssldir" != ""; then - LDFLAGS="$LDFLAGS -L$ssldir/lib" - LIBSSL_LDFLAGS="$LIBSSL_LDFLAGS -L$ssldir/lib" + if test ! -d "$ssldir/lib" -a -d "$ssldir/lib64"; then + LDFLAGS="$LDFLAGS -L$ssldir/lib64" + LIBSSL_LDFLAGS="$LIBSSL_LDFLAGS -L$ssldir/lib64" + + if test "x$enable_rpath" = xyes; then + if echo "$ssldir/lib64" | grep "^/" >/dev/null; then + RUNTIME_PATH="$RUNTIME_PATH -R$ssldir/lib64" + fi + fi + + else + LDFLAGS="$LDFLAGS -L$ssldir/lib" + LIBSSL_LDFLAGS="$LIBSSL_LDFLAGS -L$ssldir/lib" if test "x$enable_rpath" = xyes; then if echo "$ssldir/lib" | grep "^/" >/dev/null; then @@ -18002,6 +18039,7 @@ $as_echo "found in $ssldir" >&6; } fi fi + fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for EVP_sha256 in -lcrypto" >&5 @@ -18384,7 +18422,7 @@ else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi -for ac_header in openssl/conf.h openssl/engine.h openssl/bn.h openssl/dh.h openssl/dsa.h openssl/rsa.h openssl/core_names.h +for ac_header in openssl/conf.h openssl/engine.h openssl/bn.h openssl/dh.h openssl/dsa.h openssl/rsa.h openssl/core_names.h openssl/param_build.h do : as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default @@ -18398,7 +18436,7 @@ fi done -for ac_func in OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode EVP_MD_CTX_new OpenSSL_add_all_digests OPENSSL_init_crypto EVP_cleanup ENGINE_cleanup ERR_load_crypto_strings CRYPTO_cleanup_all_ex_data ERR_free_strings RAND_cleanup DSA_SIG_set0 EVP_dss1 EVP_DigestVerify EVP_aes_256_cbc EVP_EncryptInit_ex HMAC_Init_ex CRYPTO_THREADID_set_callback EVP_MAC_CTX_set_params +for ac_func in OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode EVP_MD_CTX_new OpenSSL_add_all_digests OPENSSL_init_crypto EVP_cleanup ENGINE_cleanup ERR_load_crypto_strings CRYPTO_cleanup_all_ex_data ERR_free_strings RAND_cleanup DSA_SIG_set0 EVP_dss1 EVP_DigestVerify EVP_aes_256_cbc EVP_EncryptInit_ex HMAC_Init_ex CRYPTO_THREADID_set_callback EVP_MAC_CTX_set_params OSSL_PARAM_BLD_new do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" @@ -18414,7 +18452,7 @@ done # these check_funcs need -lssl BAKLIBS="$LIBS" LIBS="-lssl $LIBS" -for ac_func in OPENSSL_init_ssl SSL_CTX_set_security_level SSL_set1_host SSL_get0_peername X509_VERIFY_PARAM_set1_host SSL_CTX_set_ciphersuites SSL_CTX_set_tlsext_ticket_key_evp_cb SSL_CTX_set_alpn_select_cb +for ac_func in OPENSSL_init_ssl SSL_CTX_set_security_level SSL_set1_host SSL_get0_peername X509_VERIFY_PARAM_set1_host SSL_CTX_set_ciphersuites SSL_CTX_set_tlsext_ticket_key_evp_cb SSL_CTX_set_alpn_select_cb SSL_get0_alpn_selected SSL_CTX_set_alpn_protos SSL_get1_peer_certificate do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" @@ -19031,6 +19069,18 @@ _ACEOF ;; esac + +# Check whether --with-deprecate-rsa-1024 was given. +if test "${with_deprecate_rsa_1024+set}" = set; then : + withval=$with_deprecate_rsa_1024; +fi + +if test "$with_deprecate_rsa_1024" = "yes"; then + +$as_echo "#define DEPRECATE_RSA_1024 1" >>confdefs.h + +fi + # Check whether --enable-ed25519 was given. if test "${enable_ed25519+set}" = set; then : enableval=$enable_ed25519; @@ -19157,8 +19207,8 @@ fi case "$enable_tfo_client" in yes) - case `uname` in - Linux) ac_fn_c_check_decl "$LINENO" "MSG_FASTOPEN" "ac_cv_have_decl_MSG_FASTOPEN" "$ac_includes_default + case "$host_os" in + linux*) ac_fn_c_check_decl "$LINENO" "MSG_FASTOPEN" "ac_cv_have_decl_MSG_FASTOPEN" "$ac_includes_default #include " @@ -19174,8 +19224,8 @@ cat >>confdefs.h <<_ACEOF #define USE_MSG_FASTOPEN 1 _ACEOF - ;; - Darwin) ac_fn_c_check_decl "$LINENO" "CONNECT_RESUME_ON_READ_WRITE" "ac_cv_have_decl_CONNECT_RESUME_ON_READ_WRITE" "$ac_includes_default + ;; + darwin*) ac_fn_c_check_decl "$LINENO" "CONNECT_RESUME_ON_READ_WRITE" "ac_cv_have_decl_CONNECT_RESUME_ON_READ_WRITE" "$ac_includes_default #include " @@ -19191,9 +19241,9 @@ cat >>confdefs.h <<_ACEOF #define USE_OSX_MSG_FASTOPEN 1 _ACEOF - ;; + ;; esac - ;; + ;; no|*) ;; esac @@ -20132,9 +20182,10 @@ else echo ' #include +#include ' >conftest.c echo 'void f(){ (void)daemon(0, 0); }' >>conftest.c -if test -z "`$CC -c conftest.c 2>&1 | grep deprecated`"; then +if test -z "`$CC $CPPFLAGS $CFLAGS -c conftest.c 2>&1 | grep -e deprecated -e unavailable`"; then eval "cv_cc_deprecated_$cache=no" else eval "cv_cc_deprecated_$cache=yes" @@ -20407,7 +20458,7 @@ done # check if setreuid en setregid fail, on MacOSX10.4(darwin8). -if echo $target_os | grep darwin8 > /dev/null; then +if echo $host_os | grep darwin8 > /dev/null; then $as_echo "#define DARWIN_BROKEN_SETREUID 1" >>confdefs.h @@ -21044,7 +21095,7 @@ case "$enable_allsymbols" in yes) COMMON_OBJ_ALL_SYMBOLS="" UBSYMS="" - EXTRALINK="-L. -L.libs -lunbound" + EXTRALINK="libunbound.la" $as_echo "#define EXPORT_ALL_SYMBOLS 1" >>confdefs.h @@ -21494,6 +21545,10 @@ case "$enable_cachedb" in $as_echo "#define USE_CACHEDB 1" >>confdefs.h + CACHEDB_SRC="cachedb/cachedb.c cachedb/redis.c" + + CACHEDB_OBJ="cachedb.lo redis.lo" + ;; no|*) # nothing @@ -21588,6 +21643,23 @@ $as_echo "#define DISABLE_EXPLICIT_PORT_RANDOMISATION 1" >>confdefs.h ;; esac +if echo "$host" | $GREP -i -e linux >/dev/null; then + # Check whether --enable-linux-ip-local-port-range was given. +if test "${enable_linux_ip_local_port_range+set}" = set; then : + enableval=$enable_linux_ip_local_port_range; +fi + + case "$enable_linux_ip_local_port_range" in + yes) + +$as_echo "#define USE_LINUX_IP_LOCAL_PORT_RANGE 1" >>confdefs.h + + ;; + no|*) + ;; + esac +fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if ${MAKE:-make} supports $< with implicit rule in scope" >&5 $as_echo_n "checking if ${MAKE:-make} supports $< with implicit rule in scope... " >&6; } @@ -21744,7 +21816,7 @@ _ACEOF -version=1.13.1 +version=1.13.2 date=`date +'%b %e, %Y'` @@ -22263,7 +22335,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by unbound $as_me 1.13.1, which was +This file was extended by unbound $as_me 1.13.2, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -22329,7 +22401,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -unbound config.status 1.13.1 +unbound config.status 1.13.2 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff --git a/configure.ac b/configure.ac index 2d88048f754d..fe911723c87e 100644 --- a/configure.ac +++ b/configure.ac @@ -11,14 +11,14 @@ sinclude(dnscrypt/dnscrypt.m4) # must be numbers. ac_defun because of later processing m4_define([VERSION_MAJOR],[1]) m4_define([VERSION_MINOR],[13]) -m4_define([VERSION_MICRO],[1]) +m4_define([VERSION_MICRO],[2]) AC_INIT([unbound],m4_defn([VERSION_MAJOR]).m4_defn([VERSION_MINOR]).m4_defn([VERSION_MICRO]),[unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues],[unbound]) AC_SUBST(UNBOUND_VERSION_MAJOR, [VERSION_MAJOR]) AC_SUBST(UNBOUND_VERSION_MINOR, [VERSION_MINOR]) AC_SUBST(UNBOUND_VERSION_MICRO, [VERSION_MICRO]) LIBUNBOUND_CURRENT=9 -LIBUNBOUND_REVISION=12 +LIBUNBOUND_REVISION=13 LIBUNBOUND_AGE=1 # 1.0.0 had 0:12:0 # 1.0.1 had 0:13:0 @@ -98,6 +98,7 @@ LIBUNBOUND_AGE=1 # 1.12.0 had 9:10:1 # 1.13.0 had 9:11:1 # 1.13.1 had 9:12:1 +# 1.13.2 had 9:13:1 # Current -- the number of the binary API that we're implementing # Revision -- which iteration of the implementation of the binary @@ -146,9 +147,9 @@ case "$exec_prefix" in esac # are we on MinGW? -if uname -s 2>&1 | grep MINGW32 >/dev/null; then on_mingw="yes" +if uname -s 2>&1 | grep MINGW >/dev/null; then on_mingw="yes" else - if echo $host $target | grep mingw32 >/dev/null; then on_mingw="yes" + if echo $host | grep mingw >/dev/null; then on_mingw="yes" else on_mingw="no"; fi fi @@ -384,7 +385,10 @@ AC_CHECK_PROG(doxygen, doxygen, doxygen) AC_CHECK_TOOL(STRIP, strip) ACX_LIBTOOL_C_ONLY +# pkg-config is only needed for these options, do not require it otherwise +if test "$enable_systemd" = "yes" -o "$with_pyunbound" = "yes" -o "$with_pythonmod" = "yes"; then PKG_PROG_PKG_CONFIG +fi # Checks for header files. AC_CHECK_HEADERS([stdarg.h stdbool.h netinet/in.h netinet/tcp.h sys/param.h sys/select.h sys/socket.h sys/un.h sys/uio.h sys/resource.h arpa/inet.h syslog.h netdb.h sys/wait.h pwd.h glob.h grp.h login_cap.h winsock2.h ws2tcpip.h endian.h sys/endian.h libkern/OSByteOrder.h sys/ipc.h sys/shm.h ifaddrs.h],,, [AC_INCLUDES_DEFAULT]) @@ -406,7 +410,7 @@ AC_CHECK_HEADERS([net/if.h],,, [ ]) # Check for Apple header. This uncovers TARGET_OS_IPHONE, TARGET_OS_TV or TARGET_OS_WATCH -AC_CHECK_HEADERS([TargetConditionals.h]) +AC_CHECK_HEADERS([TargetConditionals.h],,, [AC_INCLUDES_DEFAULT]) # check for types. # Using own tests for int64* because autoconf builtin only give 32bit. @@ -489,7 +493,10 @@ ACX_MKDIR_ONE_ARG AC_CHECK_FUNCS([strptime],[AC_CHECK_STRPTIME_WORKS],[AC_LIBOBJ([strptime])]) # check if we can use SO_REUSEPORT -if echo "$host" | $GREP -i -e linux -e dragonfly >/dev/null; then +reuseport_default=0 +if echo "$host" | $GREP -i -e linux >/dev/null; then reuseport_default=1; fi +if echo "$host" | $GREP -i -e dragonfly >/dev/null; then reuseport_default=1; fi +if test "$reuseport_default" = 1; then AC_DEFINE(REUSEPORT_DEFAULT, 1, [if REUSEPORT is enabled by default]) else AC_DEFINE(REUSEPORT_DEFAULT, 0, [if REUSEPORT is enabled by default]) @@ -852,13 +859,13 @@ if grep VERSION_TEXT $ssldir/include/openssl/opensslv.h | grep "LibreSSL" >/dev/ else AC_MSG_RESULT([no]) fi -AC_CHECK_HEADERS([openssl/conf.h openssl/engine.h openssl/bn.h openssl/dh.h openssl/dsa.h openssl/rsa.h openssl/core_names.h],,, [AC_INCLUDES_DEFAULT]) -AC_CHECK_FUNCS([OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode EVP_MD_CTX_new OpenSSL_add_all_digests OPENSSL_init_crypto EVP_cleanup ENGINE_cleanup ERR_load_crypto_strings CRYPTO_cleanup_all_ex_data ERR_free_strings RAND_cleanup DSA_SIG_set0 EVP_dss1 EVP_DigestVerify EVP_aes_256_cbc EVP_EncryptInit_ex HMAC_Init_ex CRYPTO_THREADID_set_callback EVP_MAC_CTX_set_params]) +AC_CHECK_HEADERS([openssl/conf.h openssl/engine.h openssl/bn.h openssl/dh.h openssl/dsa.h openssl/rsa.h openssl/core_names.h openssl/param_build.h],,, [AC_INCLUDES_DEFAULT]) +AC_CHECK_FUNCS([OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode EVP_MD_CTX_new OpenSSL_add_all_digests OPENSSL_init_crypto EVP_cleanup ENGINE_cleanup ERR_load_crypto_strings CRYPTO_cleanup_all_ex_data ERR_free_strings RAND_cleanup DSA_SIG_set0 EVP_dss1 EVP_DigestVerify EVP_aes_256_cbc EVP_EncryptInit_ex HMAC_Init_ex CRYPTO_THREADID_set_callback EVP_MAC_CTX_set_params OSSL_PARAM_BLD_new]) # these check_funcs need -lssl BAKLIBS="$LIBS" LIBS="-lssl $LIBS" -AC_CHECK_FUNCS([OPENSSL_init_ssl SSL_CTX_set_security_level SSL_set1_host SSL_get0_peername X509_VERIFY_PARAM_set1_host SSL_CTX_set_ciphersuites SSL_CTX_set_tlsext_ticket_key_evp_cb SSL_CTX_set_alpn_select_cb]) +AC_CHECK_FUNCS([OPENSSL_init_ssl SSL_CTX_set_security_level SSL_set1_host SSL_get0_peername X509_VERIFY_PARAM_set1_host SSL_CTX_set_ciphersuites SSL_CTX_set_tlsext_ticket_key_evp_cb SSL_CTX_set_alpn_select_cb SSL_get0_alpn_selected SSL_CTX_set_alpn_protos SSL_get1_peer_certificate]) LIBS="$BAKLIBS" AC_CHECK_DECLS([SSL_COMP_get_compression_methods,sk_SSL_COMP_pop_free,SSL_CTX_set_ecdh_auto], [], [], [ @@ -1154,6 +1161,11 @@ AC_INCLUDES_DEFAULT ;; esac +AC_ARG_WITH(deprecate-rsa-1024, AS_HELP_STRING([--with-deprecate-rsa-1024],[Deprecate RSA 1024 bit length, makes that an unsupported key, for use when OpenSSL FIPS refuses 1024 bit verification])) +if test "$with_deprecate_rsa_1024" = "yes"; then + AC_DEFINE([DEPRECATE_RSA_1024], [1], [Deprecate RSA 1024 bit length, makes that an unsupported key]) +fi + AC_ARG_ENABLE(ed25519, AS_HELP_STRING([--disable-ed25519],[Disable ED25519 support])) use_ed25519="no" case "$enable_ed25519" in @@ -1210,23 +1222,23 @@ esac AC_ARG_ENABLE(tfo-client, AS_HELP_STRING([--enable-tfo-client],[Enable TCP Fast Open for client mode])) case "$enable_tfo_client" in yes) - case `uname` in - Linux) AC_CHECK_DECL([MSG_FASTOPEN], [AC_MSG_WARN([Check the platform specific TFO kernel parameters are correctly configured to support client mode TFO])], - [AC_MSG_ERROR([TCP Fast Open is not available for client mode: please rerun without --enable-tfo-client])], - [AC_INCLUDES_DEFAULT + case "$host_os" in + linux*) AC_CHECK_DECL([MSG_FASTOPEN], [AC_MSG_WARN([Check the platform specific TFO kernel parameters are correctly configured to support client mode TFO])], + [AC_MSG_ERROR([TCP Fast Open is not available for client mode: please rerun without --enable-tfo-client])], + [AC_INCLUDES_DEFAULT #include ]) - AC_DEFINE_UNQUOTED([USE_MSG_FASTOPEN], [1], [Define this to enable client TCP Fast Open.]) - ;; - Darwin) AC_CHECK_DECL([CONNECT_RESUME_ON_READ_WRITE], [AC_MSG_WARN([Check the platform specific TFO kernel parameters are correctly configured to support client mode TFO])], - [AC_MSG_ERROR([TCP Fast Open is not available for client mode: please rerun without --enable-tfo-client])], - [AC_INCLUDES_DEFAULT + AC_DEFINE_UNQUOTED([USE_MSG_FASTOPEN], [1], [Define this to enable client TCP Fast Open.]) + ;; + darwin*) AC_CHECK_DECL([CONNECT_RESUME_ON_READ_WRITE], [AC_MSG_WARN([Check the platform specific TFO kernel parameters are correctly configured to support client mode TFO])], + [AC_MSG_ERROR([TCP Fast Open is not available for client mode: please rerun without --enable-tfo-client])], + [AC_INCLUDES_DEFAULT #include ]) - AC_DEFINE_UNQUOTED([USE_OSX_MSG_FASTOPEN], [1], [Define this to enable client TCP Fast Open.]) - ;; + AC_DEFINE_UNQUOTED([USE_OSX_MSG_FASTOPEN], [1], [Define this to enable client TCP Fast Open.]) + ;; esac - ;; + ;; no|*) ;; esac @@ -1508,6 +1520,7 @@ AC_CHECK_FUNCS([daemon]) if test $ac_cv_func_daemon = yes; then ACX_FUNC_DEPRECATED([daemon], [(void)daemon(0, 0);], [ #include +#include ]) fi @@ -1586,7 +1599,7 @@ AC_CHECK_FUNCS([setresuid],,[AC_CHECK_FUNCS([setreuid])]) AC_CHECK_FUNCS([setresgid],,[AC_CHECK_FUNCS([setregid])]) # check if setreuid en setregid fail, on MacOSX10.4(darwin8). -if echo $target_os | grep darwin8 > /dev/null; then +if echo $host_os | grep darwin8 > /dev/null; then AC_DEFINE(DARWIN_BROKEN_SETREUID, 1, [Define this if on macOSX10.4-darwin8 and setreuid and setregid do not work]) fi AC_CHECK_DECLS([inet_pton,inet_ntop], [], [], [ @@ -1711,7 +1724,7 @@ case "$enable_allsymbols" in yes) COMMON_OBJ_ALL_SYMBOLS="" UBSYMS="" - EXTRALINK="-L. -L.libs -lunbound" + EXTRALINK="libunbound.la" AC_DEFINE(EXPORT_ALL_SYMBOLS, 1, [Define this if you enabled-allsymbols from libunbound to link binaries to it for smaller install size, but the libunbound export table is polluted by internal symbols]) ;; no|*) @@ -1778,6 +1791,8 @@ if test "$found_libhiredis" = "yes"; then enable_cachedb="yes"; fi case "$enable_cachedb" in yes) AC_DEFINE([USE_CACHEDB], [1], [Define to 1 to use cachedb support]) + AC_SUBST([CACHEDB_SRC], ["cachedb/cachedb.c cachedb/redis.c"]) + AC_SUBST([CACHEDB_OBJ], ["cachedb.lo redis.lo"]) ;; no|*) # nothing @@ -1847,6 +1862,17 @@ case "$enable_explicit_port_randomisation" in ;; esac +if echo "$host" | $GREP -i -e linux >/dev/null; then + AC_ARG_ENABLE(linux-ip-local-port-range, AC_HELP_STRING([--enable-linux-ip-local-port-range], [Define this to enable use of /proc/sys/net/ipv4/ip_local_port_range as a default outgoing port range. This is only for the libunbound on Linux and does not affect unbound resolving daemon itself. This may severely limit the number of available outgoing ports and thus decrease randomness. Define this only when the target system restricts (e.g. some of SELinux enabled distributions) the use of non-ephemeral ports.])) + case "$enable_linux_ip_local_port_range" in + yes) + AC_DEFINE([USE_LINUX_IP_LOCAL_PORT_RANGE], [1], [Define this to enable use of /proc/sys/net/ipv4/ip_local_port_range as a default outgoing port range. This is only for the libunbound on Linux and does not affect unbound resolving daemon itself. This may severely limit the number of available outgoing ports and thus decrease randomness. Define this only when the target system restricts (e.g. some of SELinux enabled distributions) the use of non-ephemeral ports.]) + ;; + no|*) + ;; + esac +fi + AC_MSG_CHECKING([if ${MAKE:-make} supports $< with implicit rule in scope]) # on openBSD, the implicit rule make $< work. diff --git a/contrib/ios/install_tools.sh b/contrib/ios/install_tools.sh index 55fef454e852..e2f381425bed 100755 --- a/contrib/ios/install_tools.sh +++ b/contrib/ios/install_tools.sh @@ -1,8 +1,10 @@ #!/usr/bin/env bash # This step should install tools needed for all packages - OpenSSL, Expat and Unbound -echo "Updating tools" -brew update 1>/dev/null +# brew update hangs, so we try to skip that step. +#echo "Updating tools" +#brew update 1>/dev/null echo "Installing tools" # already installed are: autoconf automake libtool pkg-config -brew install curl perl 1>/dev/null +#brew install curl perl 1>/dev/null +HOMEBREW_NO_AUTO_UPDATE=1 brew install curl perl 1>/dev/null diff --git a/contrib/unbound.service.in b/contrib/unbound.service.in index a4596978dbe2..90ee708ce2c5 100644 --- a/contrib/unbound.service.in +++ b/contrib/unbound.service.in @@ -60,8 +60,12 @@ NoNewPrivileges=true PrivateDevices=true PrivateTmp=true ProtectHome=true +ProtectClock=true ProtectControlGroups=true +ProtectKernelLogs=true ProtectKernelModules=true +ProtectKernelTunables=true +ProtectProc=invisible ProtectSystem=strict RuntimeDirectory=unbound ConfigurationDirectory=unbound diff --git a/contrib/unbound.spec b/contrib/unbound.spec index 6ddc5f18d91f..17be4ccd0ad6 100644 --- a/contrib/unbound.spec +++ b/contrib/unbound.spec @@ -1,15 +1,14 @@ Summary: Validating, recursive, and caching DNS resolver Name: unbound -Version: 1.4.18 +Version: 1.13.1 Release: 1%{?dist} License: BSD Url: http://www.nlnetlabs.nl/unbound/ -Source: http://www.unbound.net/downloads/%{name}-%{version}.tar.gz +Source: http://www.nlnetlabs.nl/downloads/unbound/%{name}-%{version}.tar.gz #Source1: unbound.init Group: System Environment/Daemons -Requires: ldns BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) -BuildRequires: flex, openssl-devel, expat-devel, ldns-devel +BuildRequires: flex, openssl-devel, expat-devel %description Unbound is a validating, recursive, and caching DNS resolver. @@ -42,7 +41,7 @@ install -d 0700 %{buildroot}%{_localstatedir}/%{name} install -d 0755 %{buildroot}%{_initrddir} install -m 0755 contrib/unbound.init %{buildroot}%{_initrddir}/unbound # add symbolic link from /etc/unbound.conf -> /var/unbound/unbound.conf -ln -s %{_localstatedir}/unbound/unbound.conf %{buildroot}%{_sysconfdir}/unbound.conf +ln -s ../%{_localstatedir}/unbound/unbound.conf %{buildroot}%{_sysconfdir}/unbound.conf # remove static library from install (fedora packaging guidelines) rm -f %{buildroot}%{_libdir}/libunbound.a %{buildroot}%{_libdir}/libunbound.la @@ -55,11 +54,12 @@ rm -rf ${RPM_BUILD_ROOT} %attr(0755,root,root) %{_initrddir}/%{name} %attr(0700,%{name},%{name}) %dir %{_localstatedir}/%{name} %attr(0644,%{name},%{name}) %config(noreplace) %{_localstatedir}/%{name}/unbound.conf -%attr(0644,%{name},%{name}) %config(noreplace) %{_sysconfdir}/unbound.conf +%config(noreplace) %{_sysconfdir}/unbound.conf %{_sbindir}/* %{_mandir}/*/* %{_includedir}/* %{_libdir}/libunbound* +%{_libdir}/pkgconfig/libunbound* %pre getent group unbound >/dev/null || groupadd -r unbound @@ -89,7 +89,13 @@ if [ "$1" -ge "1" ]; then fi %changelog -* Thu Jul 13 2011 Wouter Wijngaards - 1.4.8 +* Thu Jun 10 2021 Wouter Wijngaards - 1.13.1 +- ldns and ldns-devel no longer required. Fixed date. Version to 1.13.1. +- Removed symlink attr mode, made unbound.conf symlink relative. +- Added pkgconfig/libunbound.pc to the packaged files. +- fixed download url to nlnetlabs.nl download. + +* Wed Jul 13 2011 Wouter Wijngaards - 1.4.8 - ldns required and ldns-devel required for build, no more ldns-builtin. * Thu Mar 17 2011 Wouter Wijngaards - 1.4.8 diff --git a/contrib/unbound_munin_ b/contrib/unbound_munin_ index defca291c649..5037527580e2 100755 --- a/contrib/unbound_munin_ +++ b/contrib/unbound_munin_ @@ -14,7 +14,6 @@ # Run the command unbound-control-setup to generate the key files. # # Environment variables for this script -# statefile - where to put temporary statefile. # unbound_conf - where the unbound.conf file is located. # unbound_control - where to find unbound-control executable. # spoof_warn - what level to warn about spoofing @@ -24,7 +23,6 @@ # with: # [unbound*] # user root -# env.statefile /usr/local/var/munin/plugin-state/unbound-state # env.unbound_conf /usr/local/etc/unbound/unbound.conf # env.unbound_control /usr/local/sbin/unbound-control # env.spoof_warn 1000 @@ -66,7 +64,6 @@ System with unbound daemon. [unbound*] user root - env.statefile /usr/local/var/munin/plugin-state/unbound-state env.unbound_conf /usr/local/etc/unbound/unbound.conf env.unbound_control /usr/local/sbin/unbound-control env.spoof_warn 1000 @@ -98,7 +95,8 @@ BSD =cut -state=${statefile:-/usr/local/var/munin/plugin-state/unbound-state} +state="${MUNIN_PLUGSTATE}/unbound.state" +seentags="${MUNIN_PLUGSTATE}/unbound-seentags.state" conf=${unbound_conf:-/usr/local/etc/unbound/unbound.conf} ctrl=${unbound_control:-/usr/local/sbin/unbound-control} warn=${spoof_warn:-1000} @@ -121,12 +119,24 @@ get_value ( ) { fi } +# Update list of seen query types etc to seentags file. This is run while +# holding the lock, after the state file is updated. +update_seentags() { + tmplist="$(cat ${seentags} 2> /dev/null) +num.query.type.A +num.query.class.IN +num.query.opcode.QUERY +num.answer.rcode.NOERROR +" + (echo "${tmplist}"; grep ^num ${state} | sed -e 's/=.*//') | sort -u > ${seentags} +} + # download the state from the unbound server. get_state ( ) { # obtain lock for fetching the state # because there is a race condition in fetching and writing to file - # see if the lock is stale, if so, take it + # see if the lock is stale, if so, take it if test -f $lock ; then pid="`cat $lock 2>&1`" kill -0 "$pid" >/dev/null 2>&1 @@ -168,6 +178,7 @@ get_state ( ) { rm -f $lock exit 1 fi + update_seentags rm -f $lock } @@ -232,7 +243,7 @@ if test "$1" = "config" ; then echo "graph_args --base 1000 -l 0" echo "graph_vlabel queries / \${graph_period}" echo "graph_scale no" - echo "graph_category DNS" + echo "graph_category dns" for x in `grep "^thread[0-9][0-9]*\.num\.queries=" $state | sed -e 's/=.*//'`; do exist_config $x "queries handled by `basename $x .num.queries`" @@ -256,7 +267,7 @@ if test "$1" = "config" ; then echo "graph_args --base 1000 -l 0" echo "graph_vlabel number of queries" echo "graph_scale no" - echo "graph_category DNS" + echo "graph_category dns" p_config "total.requestlist.avg" "Average size of queue on insert" "GAUGE" p_config "total.requestlist.max" "Max size of queue (in 5 min)" "GAUGE" p_config "total.requestlist.overwritten" "Number of queries replaced by new ones" "GAUGE" @@ -267,7 +278,7 @@ if test "$1" = "config" ; then echo "graph_title Unbound memory usage" echo "graph_args --base 1024 -l 0" echo "graph_vlabel memory used in bytes" - echo "graph_category DNS" + echo "graph_category dns" p_config "mem.cache.rrset" "RRset cache memory" "GAUGE" p_config "mem.cache.message" "Message cache memory" "GAUGE" p_config "mem.mod.iterator" "Iterator module memory" "GAUGE" @@ -283,9 +294,8 @@ if test "$1" = "config" ; then echo "graph_args --base 1000 -l 0" echo "graph_vlabel queries / \${graph_period}" echo "graph_scale no" - echo "graph_category DNS" - for x in `grep "^num.query.type" $state`; do - nm=`echo $x | sed -e 's/=.*$//'` + echo "graph_category dns" + for nm in `grep "^num.query.type" $seentags`; do tp=`echo $nm | sed -e s/num.query.type.//` p_config "$nm" "$tp" "ABSOLUTE" done @@ -296,9 +306,8 @@ if test "$1" = "config" ; then echo "graph_args --base 1000 -l 0" echo "graph_vlabel queries / \${graph_period}" echo "graph_scale no" - echo "graph_category DNS" - for x in `grep "^num.query.class" $state`; do - nm=`echo $x | sed -e 's/=.*$//'` + echo "graph_category dns" + for nm in `grep "^num.query.class" $seentags`; do tp=`echo $nm | sed -e s/num.query.class.//` p_config "$nm" "$tp" "ABSOLUTE" done @@ -309,9 +318,8 @@ if test "$1" = "config" ; then echo "graph_args --base 1000 -l 0" echo "graph_vlabel queries / \${graph_period}" echo "graph_scale no" - echo "graph_category DNS" - for x in `grep "^num.query.opcode" $state`; do - nm=`echo $x | sed -e 's/=.*$//'` + echo "graph_category dns" + for nm in `grep "^num.query.opcode" $seentags`; do tp=`echo $nm | sed -e s/num.query.opcode.//` p_config "$nm" "$tp" "ABSOLUTE" done @@ -322,9 +330,8 @@ if test "$1" = "config" ; then echo "graph_args --base 1000 -l 0" echo "graph_vlabel answer packets / \${graph_period}" echo "graph_scale no" - echo "graph_category DNS" - for x in `grep "^num.answer.rcode" $state`; do - nm=`echo $x | sed -e 's/=.*$//'` + echo "graph_category dns" + for nm in `grep "^num.answer.rcode" $seentags`; do tp=`echo $nm | sed -e s/num.answer.rcode.//` p_config "$nm" "$tp" "ABSOLUTE" done @@ -338,7 +345,7 @@ if test "$1" = "config" ; then echo "graph_args --base 1000 -l 0" echo "graph_vlabel queries / \${graph_period}" echo "graph_scale no" - echo "graph_category DNS" + echo "graph_category dns" p_config "num.query.flags.QR" "QR (query reply) flag" "ABSOLUTE" p_config "num.query.flags.AA" "AA (auth answer) flag" "ABSOLUTE" p_config "num.query.flags.TC" "TC (truncated) flag" "ABSOLUTE" @@ -356,7 +363,7 @@ if test "$1" = "config" ; then echo "graph_args --base 1000 -l 0" echo "graph_vlabel queries / \${graph_period}" echo "graph_scale no" - echo "graph_category DNS" + echo "graph_category dns" echo hcache.label "cache hits" echo hcache.min 0 echo hcache.type ABSOLUTE @@ -467,27 +474,23 @@ memory) done ;; by_type) - for x in `grep "^num.query.type" $state`; do - nm=`echo $x | sed -e 's/=.*$//'` - print_value_line $nm $x + for nm in `grep "^num.query.type" $seentags`; do + print_value $nm done ;; by_class) - for x in `grep "^num.query.class" $state`; do - nm=`echo $x | sed -e 's/=.*$//'` - print_value_line $nm $x + for nm in `grep "^num.query.class" $seentags`; do + print_value $nm done ;; by_opcode) - for x in `grep "^num.query.opcode" $state`; do - nm=`echo $x | sed -e 's/=.*$//'` - print_value_line $nm $x + for nm in `grep "^num.query.opcode" $seentags`; do + print_value $nm done ;; by_rcode) - for x in `grep "^num.answer.rcode" $state`; do - nm=`echo $x | sed -e 's/=.*$//'` - print_value_line $nm $x + for nm in `grep "^num.answer.rcode" $seentags`; do + print_value $nm done print_value "num.answer.secure" print_value "num.answer.bogus" diff --git a/daemon/daemon.c b/daemon/daemon.c index a11d50a9ba93..6d666788325a 100644 --- a/daemon/daemon.c +++ b/daemon/daemon.c @@ -320,7 +320,8 @@ daemon_open_shared_ports(struct daemon* daemon) free(daemon->ports); daemon->ports = NULL; } - if(!resolve_interface_names(daemon->cfg, &resif, &num_resif)) + if(!resolve_interface_names(daemon->cfg->ifs, + daemon->cfg->num_ifs, NULL, &resif, &num_resif)) return 0; /* see if we want to reuseport */ #ifdef SO_REUSEPORT @@ -632,19 +633,19 @@ daemon_fork(struct daemon* daemon) fatal_exit("Could not set up per-view response IP sets"); daemon->use_response_ip = !respip_set_is_empty(daemon->respip_set) || have_view_respip_cfg; - + + /* setup modules */ + daemon_setup_modules(daemon); + /* read auth zonefiles */ if(!auth_zones_apply_cfg(daemon->env->auth_zones, daemon->cfg, 1, - &daemon->use_rpz)) + &daemon->use_rpz, daemon->env, &daemon->mods)) fatal_exit("auth_zones could not be setup"); /* Set-up EDNS strings */ if(!edns_strings_apply_cfg(daemon->env->edns_strings, daemon->cfg)) fatal_exit("Could not set up EDNS strings"); - /* setup modules */ - daemon_setup_modules(daemon); - /* response-ip-xxx options don't work as expected without the respip * module. To avoid run-time operational surprise we reject such * configuration. */ diff --git a/daemon/remote.c b/daemon/remote.c index 64057a57b326..923ddefa4f29 100644 --- a/daemon/remote.c +++ b/daemon/remote.c @@ -130,7 +130,7 @@ timeval_divide(struct timeval* avg, const struct timeval* sum, long long d) { #ifndef S_SPLINT_S size_t leftover; - if(d == 0) { + if(d <= 0) { avg->tv_sec = 0; avg->tv_usec = 0; return; @@ -139,7 +139,13 @@ timeval_divide(struct timeval* avg, const struct timeval* sum, long long d) avg->tv_usec = sum->tv_usec / d; /* handle fraction from seconds divide */ leftover = sum->tv_sec - avg->tv_sec*d; - avg->tv_usec += (leftover*1000000)/d; + if(leftover <= 0) + leftover = 0; + avg->tv_usec += (((long long)leftover)*((long long)1000000))/d; + if(avg->tv_sec < 0) + avg->tv_sec = 0; + if(avg->tv_usec < 0) + avg->tv_usec = 0; #endif } @@ -364,13 +370,20 @@ struct listen_port* daemon_remote_open_ports(struct config_file* cfg) struct listen_port* l = NULL; log_assert(cfg->remote_control_enable && cfg->control_port); if(cfg->control_ifs.first) { - struct config_strlist* p; - for(p = cfg->control_ifs.first; p; p = p->next) { - if(!add_open(p->str, cfg->control_port, &l, 1, cfg)) { + char** rcif = NULL; + int i, num_rcif = 0; + if(!resolve_interface_names(NULL, 0, cfg->control_ifs.first, + &rcif, &num_rcif)) { + return NULL; + } + for(i=0; icontrol_port, &l, 1, cfg)) { listening_ports_free(l); + config_del_strarray(rcif, num_rcif); return NULL; } } + config_del_strarray(rcif, num_rcif); } else { /* defaults */ if(cfg->do_ip6 && @@ -1291,10 +1304,35 @@ do_zones_remove(RES* ssl, struct local_zones* zones) (void)ssl_printf(ssl, "removed %d zones\n", num); } +/** check syntax of newly added RR */ +static int +check_RR_syntax(RES* ssl, char* str, int line) +{ + uint8_t rr[LDNS_RR_BUF_SIZE]; + size_t len = sizeof(rr), dname_len = 0; + int s = sldns_str2wire_rr_buf(str, rr, &len, &dname_len, 3600, + NULL, 0, NULL, 0); + if(s != 0) { + char linestr[32]; + if(line == 0) + linestr[0]=0; + else snprintf(linestr, sizeof(linestr), "line %d ", line); + if(!ssl_printf(ssl, "error parsing local-data at %sposition %d '%s': %s\n", + linestr, LDNS_WIREPARSE_OFFSET(s), str, + sldns_get_errorstr_parse(s))) + return 0; + return 0; + } + return 1; +} + /** Add new RR data */ static int -perform_data_add(RES* ssl, struct local_zones* zones, char* arg) +perform_data_add(RES* ssl, struct local_zones* zones, char* arg, int line) { + if(!check_RR_syntax(ssl, arg, line)) { + return 0; + } if(!local_zones_add_RR(zones, arg)) { ssl_printf(ssl,"error in syntax or out of memory, %s\n", arg); return 0; @@ -1306,7 +1344,7 @@ perform_data_add(RES* ssl, struct local_zones* zones, char* arg) static void do_data_add(RES* ssl, struct local_zones* zones, char* arg) { - if(!perform_data_add(ssl, zones, arg)) + if(!perform_data_add(ssl, zones, arg, 0)) return; send_ok(ssl); } @@ -1316,15 +1354,12 @@ static void do_datas_add(RES* ssl, struct local_zones* zones) { char buf[2048]; - int num = 0; + int num = 0, line = 0; while(ssl_read_line(ssl, buf, sizeof(buf))) { if(buf[0] == 0x04 && buf[1] == 0) break; /* end of transmission */ - if(!perform_data_add(ssl, zones, buf)) { - if(!ssl_printf(ssl, "error for input line: %s\n", buf)) - return; - } - else + line++; + if(perform_data_add(ssl, zones, buf, line)) num++; } (void)ssl_printf(ssl, "added %d datas\n", num); @@ -2510,6 +2545,8 @@ do_auth_zone_reload(RES* ssl, struct worker* worker, char* arg) uint8_t* nm = NULL; struct auth_zones* az = worker->env.auth_zones; struct auth_zone* z = NULL; + struct auth_xfer* xfr = NULL; + char* reason = NULL; if(!parse_arg_name(ssl, arg, &nm, &nmlen, &nmlabs)) return; if(az) { @@ -2518,19 +2555,63 @@ do_auth_zone_reload(RES* ssl, struct worker* worker, char* arg) if(z) { lock_rw_wrlock(&z->lock); } + xfr = auth_xfer_find(az, nm, nmlen, LDNS_RR_CLASS_IN); + if(xfr) { + lock_basic_lock(&xfr->lock); + } lock_rw_unlock(&az->lock); } free(nm); if(!z) { + if(xfr) { + lock_basic_unlock(&xfr->lock); + } (void)ssl_printf(ssl, "error no auth-zone %s\n", arg); return; } if(!auth_zone_read_zonefile(z, worker->env.cfg)) { lock_rw_unlock(&z->lock); + if(xfr) { + lock_basic_unlock(&xfr->lock); + } (void)ssl_printf(ssl, "error failed to read %s\n", arg); return; } + + z->zone_expired = 0; + if(xfr) { + xfr->zone_expired = 0; + if(!xfr_find_soa(z, xfr)) { + if(z->data.count == 0) { + lock_rw_unlock(&z->lock); + lock_basic_unlock(&xfr->lock); + (void)ssl_printf(ssl, "zone %s has no contents\n", arg); + return; + } + lock_rw_unlock(&z->lock); + lock_basic_unlock(&xfr->lock); + (void)ssl_printf(ssl, "error: no SOA in zone after read %s\n", arg); + return; + } + if(xfr->have_zone) + xfr->lease_time = *worker->env.now; + lock_basic_unlock(&xfr->lock); + } + + auth_zone_verify_zonemd(z, &worker->env, &worker->env.mesh->mods, + &reason, 0, 0); + if(reason && z->zone_expired) { + lock_rw_unlock(&z->lock); + (void)ssl_printf(ssl, "error zonemd for %s failed: %s\n", + arg, reason); + free(reason); + return; + } else if(reason && strcmp(reason, "ZONEMD verification successful") + ==0) { + (void)ssl_printf(ssl, "%s: %s\n", arg, reason); + } lock_rw_unlock(&z->lock); + free(reason); send_ok(ssl); } @@ -3257,7 +3338,11 @@ int remote_control_callback(struct comm_point* c, void* arg, int err, if (!rc->use_cert) { verbose(VERB_ALGO, "unauthenticated remote control connection"); } else if(SSL_get_verify_result(s->ssl) == X509_V_OK) { +#ifdef HAVE_SSL_GET1_PEER_CERTIFICATE + X509* x = SSL_get1_peer_certificate(s->ssl); +#else X509* x = SSL_get_peer_certificate(s->ssl); +#endif if(!x) { verbose(VERB_DETAIL, "remote control connection " "provided no client certificate"); diff --git a/daemon/unbound.c b/daemon/unbound.c index bc6d2bc9efc5..934a96c8068b 100644 --- a/daemon/unbound.c +++ b/daemon/unbound.c @@ -197,6 +197,35 @@ checkrlimits(struct config_file* cfg) size_t total = numthread * perthread + misc; size_t avail; struct rlimit rlim; + size_t memsize_expect = cfg->msg_cache_size + cfg->rrset_cache_size + + (cfg->do_tcp?cfg->stream_wait_size:0) + + (cfg->ip_ratelimit?cfg->ip_ratelimit_size:0) + + (cfg->ratelimit?cfg->ratelimit_size:0) + + (cfg->dnscrypt?cfg->dnscrypt_shared_secret_cache_size + cfg->dnscrypt_nonce_cache_size:0) + + cfg->infra_cache_numhosts * (sizeof(struct infra_key)+sizeof(struct infra_data)); + if(strstr(cfg->module_conf, "validator") && (cfg->trust_anchor_file_list || cfg->trust_anchor_list || cfg->auto_trust_anchor_file_list || cfg->trusted_keys_file_list)) { + memsize_expect += cfg->key_cache_size + cfg->neg_cache_size; + } +#ifdef HAVE_NGHTTP2_NGHTTP2_H + if(cfg_has_https(cfg)) { + memsize_expect += cfg->http_query_buffer_size + cfg->http_response_buffer_size; + } +#endif + +#ifdef RLIMIT_AS + if(getrlimit(RLIMIT_AS, &rlim) == 0) { + if(rlim.rlim_cur != (rlim_t)RLIM_INFINITY && + rlim.rlim_cur < (rlim_t)memsize_expect) { + log_warn("the ulimit(max memory size) is smaller than the expected memory usage (added size of caches). %u < %u bytes", (unsigned)rlim.rlim_cur, (unsigned)memsize_expect); + } + } +#endif + if(getrlimit(RLIMIT_DATA, &rlim) == 0) { + if(rlim.rlim_cur != (rlim_t)RLIM_INFINITY && + rlim.rlim_cur < (rlim_t)memsize_expect) { + log_warn("the ulimit(data seg size) is smaller than the expected memory usage (added size of caches). %u < %u bytes", (unsigned)rlim.rlim_cur, (unsigned)memsize_expect); + } + } if(total > 1024 && strncmp(ub_event_get_version(), "mini-event", 10) == 0) { diff --git a/daemon/worker.c b/daemon/worker.c index 57d58a90d875..e9e163a0448b 100644 --- a/daemon/worker.c +++ b/daemon/worker.c @@ -70,6 +70,7 @@ #include "util/edns.h" #include "iterator/iter_fwd.h" #include "iterator/iter_hints.h" +#include "iterator/iter_utils.h" #include "validator/autotrust.h" #include "validator/val_anchor.h" #include "respip/respip.h" @@ -235,38 +236,6 @@ worker_send_cmd(struct worker* worker, enum worker_commands cmd) } } -int -worker_handle_reply(struct comm_point* c, void* arg, int error, - struct comm_reply* reply_info) -{ - struct module_qstate* q = (struct module_qstate*)arg; - struct worker* worker = q->env->worker; - struct outbound_entry e; - e.qstate = q; - e.qsent = NULL; - - if(error != 0) { - mesh_report_reply(worker->env.mesh, &e, reply_info, error); - worker_mem_report(worker, NULL); - return 0; - } - /* sanity check. */ - if(!LDNS_QR_WIRE(sldns_buffer_begin(c->buffer)) - || LDNS_OPCODE_WIRE(sldns_buffer_begin(c->buffer)) != - LDNS_PACKET_QUERY - || LDNS_QDCOUNT(sldns_buffer_begin(c->buffer)) > 1) { - /* error becomes timeout for the module as if this reply - * never arrived. */ - mesh_report_reply(worker->env.mesh, &e, reply_info, - NETEVENT_TIMEOUT); - worker_mem_report(worker, NULL); - return 0; - } - mesh_report_reply(worker->env.mesh, &e, reply_info, NETEVENT_NOERROR); - worker_mem_report(worker, NULL); - return 0; -} - int worker_handle_service_reply(struct comm_point* c, void* arg, int error, struct comm_reply* reply_info) @@ -1166,9 +1135,14 @@ worker_handle_request(struct comm_point* c, void* arg, int error, } #endif #ifdef USE_DNSTAP - if(worker->dtenv.log_client_query_messages) - dt_msg_send_client_query(&worker->dtenv, &repinfo->addr, c->type, - c->buffer); + /* + * sending src (client)/dst (local service) addresses over DNSTAP from incoming request handler + */ + if(worker->dtenv.log_client_query_messages) { + log_addr(VERB_ALGO, "request from client", &repinfo->addr, repinfo->addrlen); + log_addr(VERB_ALGO, "to local addr", (void*)repinfo->c->socket->addr->ai_addr, repinfo->c->socket->addr->ai_addrlen); + dt_msg_send_client_query(&worker->dtenv, &repinfo->addr, (void*)repinfo->c->socket->addr->ai_addr, c->type, c->buffer); + } #endif acladdr = acl_addr_lookup(worker->daemon->acl, &repinfo->addr, repinfo->addrlen); @@ -1592,9 +1566,14 @@ worker_handle_request(struct comm_point* c, void* arg, int error, if(is_secure_answer) worker->stats.ans_secure++; } #ifdef USE_DNSTAP - if(worker->dtenv.log_client_response_messages) - dt_msg_send_client_response(&worker->dtenv, &repinfo->addr, - c->type, c->buffer); + /* + * sending src (client)/dst (local service) addresses over DNSTAP from send_reply code label (when we serviced local zone for ex.) + */ + if(worker->dtenv.log_client_response_messages) { + log_addr(VERB_ALGO, "from local addr", (void*)repinfo->c->socket->addr->ai_addr, repinfo->c->socket->addr->ai_addrlen); + log_addr(VERB_ALGO, "response to client", &repinfo->addr, repinfo->addrlen); + dt_msg_send_client_response(&worker->dtenv, &repinfo->addr, (void*)repinfo->c->socket->addr->ai_addr, c->type, c->buffer); + } #endif if(worker->env.cfg->log_replies) { @@ -1815,12 +1794,16 @@ worker_init(struct worker* worker, struct config_file *cfg, &worker_alloc_cleanup, worker, cfg->do_udp || cfg->udp_upstream_without_downstream, worker->daemon->connect_sslctx, cfg->delay_close, - cfg->tls_use_sni, dtenv, cfg->udp_connect); + cfg->tls_use_sni, dtenv, cfg->udp_connect, + cfg->max_reuse_tcp_queries, cfg->tcp_reuse_timeout, + cfg->tcp_auth_query_timeout); if(!worker->back) { log_err("could not create outgoing sockets"); worker_delete(worker); return 0; } + iterator_set_ip46_support(&worker->daemon->mods, worker->daemon->env, + worker->back); /* start listening to commands */ if(!tube_setup_bg_listen(worker->cmd, worker->base, &worker_handle_control_cmd, worker)) { @@ -1867,6 +1850,11 @@ worker_init(struct worker* worker, struct config_file *cfg, return 0; } worker->env.mesh = mesh_create(&worker->daemon->mods, &worker->env); + if(!worker->env.mesh) { + log_err("malloc failure"); + worker_delete(worker); + return 0; + } /* Pass on daemon variables that we would need in the mesh area */ worker->env.mesh->use_response_ip = worker->daemon->use_response_ip; worker->env.mesh->use_rpz = worker->daemon->use_rpz; @@ -1877,6 +1865,11 @@ worker_init(struct worker* worker, struct config_file *cfg, worker->env.kill_sub = &mesh_state_delete; worker->env.detect_cycle = &mesh_detect_cycle; worker->env.scratch_buffer = sldns_buffer_new(cfg->msg_buffer_size); + if(!worker->env.scratch_buffer) { + log_err("malloc failure"); + worker_delete(worker); + return 0; + } if(!(worker->env.fwds = forwards_create()) || !forwards_apply_cfg(worker->env.fwds, cfg)) { log_err("Could not set forward zones"); @@ -1914,6 +1907,8 @@ worker_init(struct worker* worker, struct config_file *cfg, #endif ) { auth_xfer_pickup_initial(worker->env.auth_zones, &worker->env); + auth_zones_pickup_zonemd_verify(worker->env.auth_zones, + &worker->env); } #ifdef USE_DNSTAP if(worker->daemon->cfg->dnstap @@ -1929,10 +1924,6 @@ worker_init(struct worker* worker, struct config_file *cfg, } } #endif /* USE_DNSTAP */ - if(!worker->env.mesh || !worker->env.scratch_buffer) { - worker_delete(worker); - return 0; - } worker_mem_report(worker, NULL); /* if statistics enabled start timer */ if(worker->env.cfg->stat_interval > 0) { @@ -2062,14 +2053,6 @@ struct outbound_entry* libworker_send_query( return 0; } -int libworker_handle_reply(struct comm_point* ATTR_UNUSED(c), - void* ATTR_UNUSED(arg), int ATTR_UNUSED(error), - struct comm_reply* ATTR_UNUSED(reply_info)) -{ - log_assert(0); - return 0; -} - int libworker_handle_service_reply(struct comm_point* ATTR_UNUSED(c), void* ATTR_UNUSED(arg), int ATTR_UNUSED(error), struct comm_reply* ATTR_UNUSED(reply_info)) diff --git a/dnscrypt/dnscrypt.c b/dnscrypt/dnscrypt.c index 843735018b23..9b324ae69052 100644 --- a/dnscrypt/dnscrypt.c +++ b/dnscrypt/dnscrypt.c @@ -863,6 +863,7 @@ dnsc_parse_keys(struct dnsc_env *env, struct config_file *cfg) return cert_id; } +#ifdef SODIUM_MISUSE_HANDLER static void sodium_misuse_handler(void) { @@ -872,6 +873,7 @@ sodium_misuse_handler(void) " unbound in a chroot, make sure /dev/urandom is available. See" " https://www.unbound.net/documentation/unbound.conf.html"); } +#endif /** diff --git a/dnstap/dnstap.c b/dnstap/dnstap.c index b8a3216703c1..5c0cde1d5588 100644 --- a/dnstap/dnstap.c +++ b/dnstap/dnstap.c @@ -302,44 +302,75 @@ dt_fill_buffer(sldns_buffer *b, ProtobufCBinaryData *p, protobuf_c_boolean *has) static void dt_msg_fill_net(struct dt_msg *dm, - struct sockaddr_storage *ss, + struct sockaddr_storage *qs, + struct sockaddr_storage *rs, enum comm_point_type cptype, - ProtobufCBinaryData *addr, protobuf_c_boolean *has_addr, - uint32_t *port, protobuf_c_boolean *has_port) + ProtobufCBinaryData *qaddr, protobuf_c_boolean *has_qaddr, + uint32_t *qport, protobuf_c_boolean *has_qport, + ProtobufCBinaryData *raddr, protobuf_c_boolean *has_raddr, + uint32_t *rport, protobuf_c_boolean *has_rport) { - log_assert(ss->ss_family == AF_INET6 || ss->ss_family == AF_INET); - if (ss->ss_family == AF_INET6) { - struct sockaddr_in6 *s = (struct sockaddr_in6 *) ss; + log_assert(qs->ss_family == AF_INET6 || qs->ss_family == AF_INET); + if (qs->ss_family == AF_INET6) { + struct sockaddr_in6 *q = (struct sockaddr_in6 *) qs; /* socket_family */ dm->m.socket_family = DNSTAP__SOCKET_FAMILY__INET6; dm->m.has_socket_family = 1; /* addr: query_address or response_address */ - addr->data = s->sin6_addr.s6_addr; - addr->len = 16; /* IPv6 */ - *has_addr = 1; + qaddr->data = q->sin6_addr.s6_addr; + qaddr->len = 16; /* IPv6 */ + *has_qaddr = 1; /* port: query_port or response_port */ - *port = ntohs(s->sin6_port); - *has_port = 1; - } else if (ss->ss_family == AF_INET) { - struct sockaddr_in *s = (struct sockaddr_in *) ss; + *qport = ntohs(q->sin6_port); + *has_qport = 1; + } else if (qs->ss_family == AF_INET) { + struct sockaddr_in *q = (struct sockaddr_in *) qs; /* socket_family */ dm->m.socket_family = DNSTAP__SOCKET_FAMILY__INET; dm->m.has_socket_family = 1; /* addr: query_address or response_address */ - addr->data = (uint8_t *) &s->sin_addr.s_addr; - addr->len = 4; /* IPv4 */ - *has_addr = 1; + qaddr->data = (uint8_t *) &q->sin_addr.s_addr; + qaddr->len = 4; /* IPv4 */ + *has_qaddr = 1; /* port: query_port or response_port */ - *port = ntohs(s->sin_port); - *has_port = 1; + *qport = ntohs(q->sin_port); + *has_qport = 1; } + /* + * This block is to fill second set of fields in DNSTAP-message defined as request_/response_ names. + * Additional responsive structure is: struct sockaddr_storage *rs + */ + if (rs && rs->ss_family == AF_INET6) { + struct sockaddr_in6 *r = (struct sockaddr_in6 *) rs; + + /* addr: query_address or response_address */ + raddr->data = r->sin6_addr.s6_addr; + raddr->len = 16; /* IPv6 */ + *has_raddr = 1; + + /* port: query_port or response_port */ + *rport = ntohs(r->sin6_port); + *has_rport = 1; + } else if (rs && rs->ss_family == AF_INET) { + struct sockaddr_in *r = (struct sockaddr_in *) rs; + + /* addr: query_address or response_address */ + raddr->data = (uint8_t *) &r->sin_addr.s_addr; + raddr->len = 4; /* IPv4 */ + *has_raddr = 1; + + /* port: query_port or response_port */ + *rport = ntohs(r->sin_port); + *has_rport = 1; + } + log_assert(cptype == comm_udp || cptype == comm_tcp); if (cptype == comm_udp) { /* socket_protocol */ @@ -355,6 +386,7 @@ dt_msg_fill_net(struct dt_msg *dm, void dt_msg_send_client_query(struct dt_env *env, struct sockaddr_storage *qsock, + struct sockaddr_storage *rsock, enum comm_point_type cptype, sldns_buffer *qmsg) { @@ -374,11 +406,14 @@ dt_msg_send_client_query(struct dt_env *env, /* query_message */ dt_fill_buffer(qmsg, &dm.m.query_message, &dm.m.has_query_message); - /* socket_family, socket_protocol, query_address, query_port */ + /* socket_family, socket_protocol, query_address, query_port, response_address, response_port */ log_assert(cptype == comm_udp || cptype == comm_tcp); - dt_msg_fill_net(&dm, qsock, cptype, + dt_msg_fill_net(&dm, qsock, rsock, cptype, &dm.m.query_address, &dm.m.has_query_address, - &dm.m.query_port, &dm.m.has_query_port); + &dm.m.query_port, &dm.m.has_query_port, + &dm.m.response_address, &dm.m.has_response_address, + &dm.m.response_port, &dm.m.has_response_port); + if (dt_pack(&dm.d, &dm.buf, &dm.len_buf)) dt_send(env, dm.buf, dm.len_buf); @@ -387,6 +422,7 @@ dt_msg_send_client_query(struct dt_env *env, void dt_msg_send_client_response(struct dt_env *env, struct sockaddr_storage *qsock, + struct sockaddr_storage *rsock, enum comm_point_type cptype, sldns_buffer *rmsg) { @@ -406,11 +442,13 @@ dt_msg_send_client_response(struct dt_env *env, /* response_message */ dt_fill_buffer(rmsg, &dm.m.response_message, &dm.m.has_response_message); - /* socket_family, socket_protocol, query_address, query_port */ + /* socket_family, socket_protocol, query_address, query_port, response_address, response_port */ log_assert(cptype == comm_udp || cptype == comm_tcp); - dt_msg_fill_net(&dm, qsock, cptype, + dt_msg_fill_net(&dm, qsock, rsock, cptype, &dm.m.query_address, &dm.m.has_query_address, - &dm.m.query_port, &dm.m.has_query_port); + &dm.m.query_port, &dm.m.has_query_port, + &dm.m.response_address, &dm.m.has_response_address, + &dm.m.response_port, &dm.m.has_response_port); if (dt_pack(&dm.d, &dm.buf, &dm.len_buf)) dt_send(env, dm.buf, dm.len_buf); @@ -419,6 +457,7 @@ dt_msg_send_client_response(struct dt_env *env, void dt_msg_send_outside_query(struct dt_env *env, struct sockaddr_storage *rsock, + struct sockaddr_storage *qsock, enum comm_point_type cptype, uint8_t *zone, size_t zone_len, sldns_buffer *qmsg) @@ -454,11 +493,13 @@ dt_msg_send_outside_query(struct dt_env *env, /* query_message */ dt_fill_buffer(qmsg, &dm.m.query_message, &dm.m.has_query_message); - /* socket_family, socket_protocol, response_address, response_port */ + /* socket_family, socket_protocol, response_address, response_port, query_address, query_port */ log_assert(cptype == comm_udp || cptype == comm_tcp); - dt_msg_fill_net(&dm, rsock, cptype, + dt_msg_fill_net(&dm, rsock, qsock, cptype, &dm.m.response_address, &dm.m.has_response_address, - &dm.m.response_port, &dm.m.has_response_port); + &dm.m.response_port, &dm.m.has_response_port, + &dm.m.query_address, &dm.m.has_query_address, + &dm.m.query_port, &dm.m.has_query_port); if (dt_pack(&dm.d, &dm.buf, &dm.len_buf)) dt_send(env, dm.buf, dm.len_buf); @@ -466,18 +507,19 @@ dt_msg_send_outside_query(struct dt_env *env, void dt_msg_send_outside_response(struct dt_env *env, - struct sockaddr_storage *rsock, - enum comm_point_type cptype, - uint8_t *zone, size_t zone_len, - uint8_t *qbuf, size_t qbuf_len, - const struct timeval *qtime, - const struct timeval *rtime, - sldns_buffer *rmsg) + struct sockaddr_storage *rsock, + struct sockaddr_storage *qsock, + enum comm_point_type cptype, + uint8_t *zone, size_t zone_len, + uint8_t *qbuf, size_t qbuf_len, + const struct timeval *qtime, + const struct timeval *rtime, + sldns_buffer *rmsg) { struct dt_msg dm; uint16_t qflags; - log_assert(qbuf_len >= sizeof(qflags)); + (void)qbuf_len; log_assert(qbuf_len >= sizeof(qflags)); memcpy(&qflags, qbuf, sizeof(qflags)); qflags = ntohs(qflags); @@ -510,11 +552,13 @@ dt_msg_send_outside_response(struct dt_env *env, /* response_message */ dt_fill_buffer(rmsg, &dm.m.response_message, &dm.m.has_response_message); - /* socket_family, socket_protocol, response_address, response_port */ + /* socket_family, socket_protocol, response_address, response_port, query_address, query_port */ log_assert(cptype == comm_udp || cptype == comm_tcp); - dt_msg_fill_net(&dm, rsock, cptype, + dt_msg_fill_net(&dm, rsock, qsock, cptype, &dm.m.response_address, &dm.m.has_response_address, - &dm.m.response_port, &dm.m.has_response_port); + &dm.m.response_port, &dm.m.has_response_port, + &dm.m.query_address, &dm.m.has_query_address, + &dm.m.query_port, &dm.m.has_query_port); if (dt_pack(&dm.d, &dm.buf, &dm.len_buf)) dt_send(env, dm.buf, dm.len_buf); diff --git a/dnstap/dnstap.h b/dnstap/dnstap.h index 783b8c51430a..449fae727eac 100644 --- a/dnstap/dnstap.h +++ b/dnstap/dnstap.h @@ -123,12 +123,14 @@ dt_delete(struct dt_env *env); * Create and send a new dnstap "Message" event of type CLIENT_QUERY. * @param env: dnstap environment object. * @param qsock: address/port of client. + * @param rsock: local (service) address/port. * @param cptype: comm_udp or comm_tcp. * @param qmsg: query message. */ void dt_msg_send_client_query(struct dt_env *env, struct sockaddr_storage *qsock, + struct sockaddr_storage *rsock, enum comm_point_type cptype, struct sldns_buffer *qmsg); @@ -136,12 +138,14 @@ dt_msg_send_client_query(struct dt_env *env, * Create and send a new dnstap "Message" event of type CLIENT_RESPONSE. * @param env: dnstap environment object. * @param qsock: address/port of client. + * @param rsock: local (service) address/port. * @param cptype: comm_udp or comm_tcp. * @param rmsg: response message. */ void dt_msg_send_client_response(struct dt_env *env, struct sockaddr_storage *qsock, + struct sockaddr_storage *rsock, enum comm_point_type cptype, struct sldns_buffer *rmsg); @@ -150,7 +154,8 @@ dt_msg_send_client_response(struct dt_env *env, * FORWARDER_QUERY. The type used is dependent on the value of the RD bit * in the query header. * @param env: dnstap environment object. - * @param rsock: address/port of server the query is being sent to. + * @param rsock: address/port of server (upstream) the query is being sent to. + * @param qsock: address/port of server (local) the query is being sent from. * @param cptype: comm_udp or comm_tcp. * @param zone: query zone. * @param zone_len: length of zone. @@ -159,6 +164,7 @@ dt_msg_send_client_response(struct dt_env *env, void dt_msg_send_outside_query(struct dt_env *env, struct sockaddr_storage *rsock, + struct sockaddr_storage *qsock, enum comm_point_type cptype, uint8_t *zone, size_t zone_len, struct sldns_buffer *qmsg); @@ -168,7 +174,8 @@ dt_msg_send_outside_query(struct dt_env *env, * FORWARDER_RESPONSE. The type used is dependent on the value of the RD bit * in the query header. * @param env: dnstap environment object. - * @param rsock: address/port of server the response was received from. + * @param rsock: address/port of server (upstream) the response was received from. + * @param qsock: address/port of server (local) the response was received to. * @param cptype: comm_udp or comm_tcp. * @param zone: query zone. * @param zone_len: length of zone. @@ -181,6 +188,7 @@ dt_msg_send_outside_query(struct dt_env *env, void dt_msg_send_outside_response(struct dt_env *env, struct sockaddr_storage *rsock, + struct sockaddr_storage *qsock, enum comm_point_type cptype, uint8_t *zone, size_t zone_len, uint8_t *qbuf, size_t qbuf_len, diff --git a/dnstap/unbound-dnstap-socket.c b/dnstap/unbound-dnstap-socket.c index 8e28be4e89ec..3de8ab3f0899 100644 --- a/dnstap/unbound-dnstap-socket.c +++ b/dnstap/unbound-dnstap-socket.c @@ -1012,6 +1012,7 @@ void dtio_tap_callback(int fd, short ATTR_UNUSED(bits), void* arg) if(verbosity) log_info("bidirectional stream"); if(!reply_with_accept(data)) { tap_data_free(data); + return; } } else if(data->len >= 4 && sldns_read_uint32(data->frame) == FSTRM_CONTROL_FRAME_STOP && data->is_bidirectional) { @@ -1166,8 +1167,13 @@ int sig_quit = 0; /** signal handler for user quit */ static RETSIGTYPE main_sigh(int sig) { - if(!sig_quit) - fprintf(stderr, "exit on signal %d\n", sig); + if(!sig_quit) { + char str[] = "exit on signal \n"; + str[15] = '0' + (sig/10)%10; + str[16] = '0' + sig%10; + /* simple cast to void will not silence Wunused-result */ + (void)!write(STDERR_FILENO, str, strlen(str)); + } if(sig_base) { ub_event_base_loopexit(sig_base); sig_base = NULL; @@ -1375,14 +1381,6 @@ int worker_handle_request(struct comm_point* ATTR_UNUSED(c), return 0; } -int worker_handle_reply(struct comm_point* ATTR_UNUSED(c), - void* ATTR_UNUSED(arg), int ATTR_UNUSED(error), - struct comm_reply* ATTR_UNUSED(reply_info)) -{ - log_assert(0); - return 0; -} - int worker_handle_service_reply(struct comm_point* ATTR_UNUSED(c), void* ATTR_UNUSED(arg), int ATTR_UNUSED(error), struct comm_reply* ATTR_UNUSED(reply_info)) @@ -1456,14 +1454,6 @@ struct outbound_entry* libworker_send_query( return 0; } -int libworker_handle_reply(struct comm_point* ATTR_UNUSED(c), - void* ATTR_UNUSED(arg), int ATTR_UNUSED(error), - struct comm_reply* ATTR_UNUSED(reply_info)) -{ - log_assert(0); - return 0; -} - int libworker_handle_service_reply(struct comm_point* ATTR_UNUSED(c), void* ATTR_UNUSED(arg), int ATTR_UNUSED(error), struct comm_reply* ATTR_UNUSED(reply_info)) diff --git a/doc/Changelog b/doc/Changelog index eea220c414e6..91abd0da0258 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,3 +1,377 @@ +5 August 2021: Wouter + - Tag for 1.13.2rc1 release. + - Fix #520: Unbound 1.13.2rc1 fails to build python module. + +4 August 2021: George + - Merge PR #415 from sibeream: Use + /proc/sys/net/ipv4/ip_local_port_range to determine available outgoing + ports. (New --enable-linux-ip-local-port-range configuration option) + - Bump MAX_RESTART_COUNT to 11 from 8; in relation to #438. This + allows longer CNAME chains in Unbound. + +4 August 2021: Wouter + - In unit test use openssl set security level to allow keys in test. + - Fix static analysis warnings about localzone locks that are unused. + - Fix missing locks in zonemd unit test. + - Fix readzone compile under debug config. + - Fix out of sourcedir run of zonemd unit tests. + - Fix libnettle zonemd unit test. + - Fix unit test zonemd_reload for use in run_vm. + +3 August 2021: George + - Listen to read or write events after the SSL handshake. + Sticky events on windows would stick on read when write was needed. + +3 August 2021: Wouter + - Merge PR #517 from dyunwei: #420 breaks the mesh reply list + function that need to reuse the dns answer. + - Annotate assertion into error printout; we think it may be an + error, but the situation looks harmless. + - Fix sign comparison warning on FreeBSD. + +2 August 2021: Wouter + - Prepare for OpenSSL 3.0.0 provider API usage, move the sldns + keyraw functions to produce EVP_PKEY results. + - Move RSA and DSA to use OpenSSL 3.0.0 API. + - Move ECDSA functions to use OpenSSL 3.0.0 API. + - iana portlist update. + - Fix verbose printout failure in tcp reuse unit test. + +30 July 2021: Wouter + - Fix #515: Compilation against openssl 3.0.0 beta2 is failing to + build unbound. + - For #515: Fix compilation with openssl 3.0.0 beta2, lib64 dir and + SSL_get_peer_certificate. + - Move acx_nlnetlabs.m4 to version 41, with lib64 openssl dir check. + +26 July 2021: George + - Merge #513: Stream reuse, attempt to fix #411, #439, #469. This + introduces a couple of fixes for the stream reuse functionality + that could result in broken internal structures. + +26 July 2021: Wouter + - Merge #512: unbound.service.in: upgrade hardening to latest + standards. + - Fix readzone unknown type print for memory resize. + +21 July 2021: Wouter + - Fix that ldns_zone_new_frm_fp_l counts the line number for an empty + line after a comment. + +16 July 2021: George + - Introduce 'http-user-agent:' and 'hide-http-user-agent:' options. + +16 July 2021: Wouter + - Merge #510 from ndptech: Don't call a function which hasn't been + defined. + - Fix for #510: in depth, use ifdefs for windows api event calls. + - Fix spelling in doc/unbound.doxygen comment. + - Fix spelling in localzone.h comment. + - Fix unbound-control local_data and local_datas to print detailed + syntax errors. + - review fix to remove duplicate error printout. + - Insert header into testcode/readzone.c, it was missing. + - Fix from lint for ignored return value. + - Fix for older parsers for function call in serve expired get cached. + +6 July 2021: Wouter + - iana portlist update. + +5 July 2021: George + - Fix compiler warnings for #491. + - Fix clang-analysis warnings for testcode/readzone.c. + +4 July 2021: George + - Fix Wunused-result compile warnings. + +2 July 2021: Tom + - Merge PR #491: Add SVCB and HTTPS types and handling according to + draft-ietf-dnsop-svcb-https. + +2 July 2021: Wouter + - Fix #506: Python Module Seems to Leak Memory if it Experiences an + Unhandled Exception. + +25 June 2021: Wouter + - Fix up permissions on rpl data file in tests. + - Fix testbound newline treatment in moment_read and tempfile write. + - Fix configure grep for reuseport default for failure. + - Fix compat ctime_r return value + - Fix configure does not require pkg-config if not needed. + - Fix unit test in the ctime_r calls for autotrust and in testbound. + - Fix auth zone download on windows to unlink before rename. + +24 June 2021: Wouter + - Add analyzer and port compile github workflow. + +23 June 2021: Wouter + - Fix #503: DNS over HTTPS response truncated. + - Fix warnings reported by the gcc analyzer. + +21 June 2021: George + - Fix #495: Documentation or implementation of "verbosity" option. + +18 June 2021: Wouter + - Fix a number of warnings reported by the gcc analyzer. + +15 June 2021: George + - Merge #440 by kimheino: Various fixes to contrib/unbound_munin_ file. + +14 June 2021: Wouter + - Fix configure nonblocking test and onmingw test to use host. + +10 June 2021: Wouter + - Fix #500: SPEC file in version 1.13.1 references version 1.4; + unable to build RPM from source. + - Fix contrib/unbound.spec, fixed url and comment. + +9 June 2021: George + - Merge #486 by fobster: Make VAL_MAX_RESTART_COUNT configurable. + - Generated lexer and parser for #486; updated example.conf. + - Fix #413 (based on patch by k-ronny): unbound: does not compile + on macOS 11.1-x86_64 host. + - Use host_os instead of target_os in configure for Darwin8 build. + +8 June 2021: George + - Fix unused variable warning when compiling with --enable-dnstap. + +7 June 2021: George + - Merge #448 from shoeper: Update unbound-control.8.in, fix + rpz_disable typo. + - Fix #425: Document auth-zone supports communication with DNS + primary on nondefault port. + +1 June 2021: George + - Fix test for zonemd-check option. + +27 May 2021: Wouter + - Merge #496 from banburybill: Use build system endianness if + available, otherwise try to work it out. + - zonemd-check: yesno option, default no, enables the processing + of ZONEMD records for that zone. + +25 May 2021: Wouter + - Move the NSEC3 max iterations count in line with the 150 value + used by BIND, Knot and PowerDNS. This sets the default value + for it in the configuration to 150 for all key sizes. + - Fix #492: module-config respip missing in unbound.conf.5.in man + page. Merges #494 from he32. + - For #492: Fix font highlighting for the man page on emacs. + +21 May 2021: Wouter + - Test code has -q option for quiet output. + +19 May 2021: George + - Fix for #411, #439, #469: Reset the DNS message ID when moving queries + between TCP streams. + - Refactor for uniform way to produce random DNS message IDs. + +17 May 2021: Wouter + - Fix #489: Compile using MSYS2 MinGW 64-bit. + +12 May 2021: Wouter + - Fix that auth-zone zonefiles use last TTL if no TTL is specified. + +10 May 2021: Wouter + - Merge PR #487: ifdef RLIMIT_AS in recently added check. + +7 May 2021: Wouter + - Fix #485: Unbound occasionally reports broken stats. + - Add ./configure --with-deprecate-rsa-1024 that turns off RSA 1024. + - Remove case fallthrough from deprecate-rsa-1024 code. + +4 May 2021: George + - Fix for #367: only attempt to get the interface for queries that are no + longer on the tcp_waiting_list. + - Add more logging for out-of-memory cases. + +4 May 2021: Wouter + - Merge #478: Allow configuration of TCP timeout while waiting for + response. + - Fix to squelch tcp socket bind failures when the interface is gone. + - Rerun flex and bison. + +3 May 2021: Wouter + - Fix #481: Fix comment in configuration file. + +29 April 2021: Wouter + - Add that log-servfail prints an IP address and more information + about one of the last failures for that query. + +28 April 2021: George + - Fix compiler warning for signed/unsigned comparison for + max_reuse_tcp_queries. + +28 April 2021: Wouter + - Fix #474: always_null and others inside view. + +26 April 2021: Wouter + - Merge #470 from edevil: Allow configuration of persistent TCP + connections. + +22 April 2021: Wouter + - Merge #466 from FGasper: Support OpenSSLs that lack + SSL_get0_alpn_selected. + - Fix #468: OpenSSL 1.0.1 can no longer build Unbound. + - Further fix for #468: detect SSL_CTX_set_alpn_protos for build with + OpenSSL 1.0.1. + - Fix that testcode dohclient has OpenSSL initialisation calls. + +13 April 2021: George + - Fix documentation comment for files previously residing in checkconf/. + - Remove unused functions worker_handle_reply and libworker_handle_reply. + +13 April 2021: Wouter + - Fix that nxdomain synthesis does not happen above the stub or + forward definition. + +12 April 2021: George + - Fix (increase) verbosity level for iterator error log in + processQueryTargets(). + +12 April 2021: Wouter + - Fix permission denied sendto log, squelch the log messages + unless high verbosity is set. + +9 April 2021: Wouter + - rebuild configure to set EXTRALINK to libunbound.la for #460. + +7 April 2021: Wouter + - Fix for #411: Depth protect for crash on deleted element timeout. + +1 April 2021: Wouter + - Merge #460 from orbea: build: Link with the libtool archive. + - Fix to stop IPv6 PMTU discovery. + +31 March 2021: George + - Clean makedist.sh. + +31 March 2021: Wouter + - Fix stack-protector change to not override other CFLAGS options. + +30 March 2021: George + - Disable the use of stack-protector for cross compiled 32-bit windows + builds; relates to #444. + +25 March 2021: Wouter + - Fix #429: Also fix end of transfer for http download of auth zones. + +24 March 2021: Wouter + - Fix deprecation test to work for iOS TVOS and WatchOS, it uses + CFLAGS and CPPFLAGS and also checks if the item is unavailable. + - Travis, fix script to fail when tasks fail. + - Travis, fix warning in ubsan compile. + - Fix configure Targetconfiditionals.h header check, to use compile. + - Fix that cachedb does not produce empty object files when disabled. + +23 March 2021: Wouter + - Travis enable all tests again. Clang analyzer only a couple times, + when there is a difference. homebrew updates disabled, so it does + not hang. removed trailing slashes from configure paths. Moved iOS + tests to allow-failure. + - travis, analyzer disabled on test without debug, that does not + run anway. Turn off failing tests except one. Update iOS test + to xcode image 12.2. + +22 March 2021: George + - Fix unused-function warning when compiling with --enable-dnscrypt. + - Fix for #367: fix memory leak when cannot bind to listening port. + - Reformat pythonmod/pythonmod_utils.{c,h}. + +22 March 2021: Wouter + - Merge #449 from orbea: build: Add missing linker flags. + - iana portlist update. + - Comment out nonworking OSX and IOS travis tests, vm fails to start. + - Fix compile error in listen_dnsport on Android. + - Fix memory leak reported by asan in rpz SOA record query name. + +19 March 2021: Wouter + - Fix for #447: squelch connection refused tcp connection failures + from the log, unless verbosity is high. + +17 March 2021: Wouter + - Fix #441: Minimal NSEC range not accepted for top level domains. + +11 March 2021: Wouter + - Fix parse of LOC RR type for decimetres. + +5 March 2021: Wouter + - Workaround for #439: prevent loops in the reuse rbtree. + - Debug output for #411 and #439: printout internal error and details. + +4 March 2021: Wouter + - iana portlist update. + - Fix spurious errors about "Could not generate request: out of + memory". The mesh detect cycle routine no longer wrongly stops + the check when the calling mesh state is unique. + +26 February 2021: George + - Fix for #367: rc_ports don't have ub_sock; skip cleaning up. + +26 February 2021: Wouter + - Fix: Resolve interface names on control-interface too. + +25 February 2021: Wouter + - Merge PR #367 : DNSTAP log local address. With code from PR #365 + and fixes #368 : dnstap does not log the DNS message ID for + FORWARDER_QUERY. + - Fix to allow rpz with wildcard that applies to all TLDs at once. + +24 February 2021: George + - Fix #384: (1) A minor request to improve the log (2) A minor bug in one + log message. + - ipsecmod: Better logging for detecting a cycle when attaching the + A/AAAA subquery. + +24 February 2021: Wouter + - On startup of unbound it checks if rlimits on memory size look + sufficient for the configured cache size, and logs warning if not. + - Fix function documentation. + - Fix unit test for added ulimit checks. + - spelling fix in header. + +23 February 2021: Wouter + - Fix for zonemd, that domain-insecure zones work without dnssec. + - Fix for zonemd, do not reject insecure result from trust anchor + validation step in dnssec chain of trust. + +22 February 2021: Wouter + - Fix #431: Squelch permission denied errors for tcp connect + and udp connect from the logs, unless at high verbosity. + - Fix for zonemd, that nxdomain for the chain of trust is allowed + for island zones, it is treated as an insecure zone for verification. + +18 February 2021: Wouter + - Merge PR #317: ZONEMD Zone Verification, with RFC 8976 support. + ZONEMD records are checked for zones loaded as auth-zone, + with DNSSEC if available. There is an added option + zonemd-permissive-mode that makes it log but not fail wrong zones. + With zonemd-reject-absence for an auth-zone the presence of a + zonemd can be mandated for specific zones. + - Fix doxygen and pydoc warnings. + - Fix #429: rpz: url: with https: broken (regression in 1.13.1). + - rpz skip nsec3param records, and nicer log for unsupported actions. + +15 February 2021: Wouter + - Fix #422: IPv6 fallback issues when IPv6 is not properly + enabled/configured. + - Fix to make tests work with support indicators set for iterator. + - Fix build on Python 3.10. + +10 February 2021: Wouter + - Merge PR #420 from dyunwei: DOH not responsing with + "http2_query_read_done failure" logged. + +9 February 2021: Wouter + - Fix for Python 3.9, no longer use deprecated functions of + PyEval_CallObject (now PyObject_Call), PyEval_InitThreads (now + none), PyParser_SimpleParseFile (now Py_CompileString). + +4 February 2021: Wouter + - release 1.13.1rc2 tag on branch-1.13.1 with added changes of 2 feb. + This became 1.13.1 release tag on 9 feb. The main branch is set + to version 1.13.2. + 2 February 2021: Wouter - branch-1.13.1 is created, with release-1.13.1rc1 tag. - Fix dynlibmod link on rhel8 for -ldl inclusion. diff --git a/doc/README b/doc/README index b7a31b8b1eb9..a051380e1d7b 100644 --- a/doc/README +++ b/doc/README @@ -1,4 +1,4 @@ -README for Unbound 1.13.1 +README for Unbound 1.13.2 Copyright 2007 NLnet Labs http://unbound.net diff --git a/doc/example.conf.in b/doc/example.conf.in index af33ee4a6a9f..a0c002d2c386 100644 --- a/doc/example.conf.in +++ b/doc/example.conf.in @@ -1,7 +1,7 @@ # # Example configuration file. # -# See unbound.conf(5) man page, version 1.13.1. +# See unbound.conf(5) man page, version 1.13.2. # # this is a comment. @@ -371,6 +371,9 @@ server: # enable to not answer trustanchor.unbound queries. # hide-trustanchor: no + # enable to not set the User-Agent HTTP header. + # hide-http-user-agent: no + # the identity to report. Leave "" or default to return hostname. # identity: "" @@ -380,6 +383,10 @@ server: # NSID identity (hex string, or "ascii_somestring"). default disabled. # nsid: "aabbccdd" + # User-Agent HTTP header to use. Leave "" or default to use package name + # and version. + # http-user-agent: "" + # the target fetch policy. # series of integers describing the policy per dependency depth. # The number of values in the list determines the maximum dependency @@ -507,7 +514,8 @@ server: # Use several entries, one per domain name, to track multiple zones. # # If you want to perform DNSSEC validation, run unbound-anchor before - # you start unbound (i.e. in the system boot scripts). And enable: + # you start unbound (i.e. in the system boot scripts). + # And then enable the auto-trust-anchor-file config item. # Please note usage of unbound-anchor root anchor is at your own risk # and under the terms of our LICENSE (see that file in the source). # auto-trust-anchor-file: "@UNBOUND_ROOTKEY_FILE@" @@ -556,6 +564,10 @@ server: # val-sig-skew-min: 3600 # val-sig-skew-max: 86400 + # The maximum number the validator should restart validation with + # another authority in case of failed validation. + # val-max-restart: 5 + # Should additional section of secure message also be kept clean of # unsecure data. Useful to shield the users of this validator from # potential bogus data in the additional section. All unsigned data @@ -613,7 +625,10 @@ server: # keysize. Keep this table very short, as linear search is done. # A message with an NSEC3 with larger count is marked insecure. # List in ascending order the keysize and count values. - # val-nsec3-keysize-iterations: "1024 150 2048 500 4096 2500" + # val-nsec3-keysize-iterations: "1024 150 2048 150 4096 150" + + # if enabled, ZONEMD verification failures do not block the zone. + # zonemd-permissive-mode: no # instruct the auto-trust-anchor-file probing to add anchors after ttl. # add-holddown: 2592000 # 30 days @@ -898,6 +913,13 @@ server: # ipsecmod-allow: "example.com" # ipsecmod-allow: "nlnetlabs.nl" + # Timeout for REUSE entries in milliseconds. + # tcp-reuse-timeout: 60000 + # Max number of queries on a reuse connection. + # max-reuse-tcp-queries: 200 + # Timeout in milliseconds for TCP queries to auth servers. + # tcp-auth-query-timeout: 3000 + # Python config section. To enable: # o use --with-pythonmodule to configure before compiling. @@ -1022,6 +1044,8 @@ remote-control: # name: "example.org" # for-downstream: yes # for-upstream: yes +# zonemd-check: no +# zonemd-reject-absence: no # zonefile: "example.org.zone" # Views diff --git a/doc/libunbound.3.in b/doc/libunbound.3.in index 519e5eced1d7..73562cd6b41f 100644 --- a/doc/libunbound.3.in +++ b/doc/libunbound.3.in @@ -1,4 +1,4 @@ -.TH "libunbound" "3" "Feb 9, 2021" "NLnet Labs" "unbound 1.13.1" +.TH "libunbound" "3" "Aug 12, 2021" "NLnet Labs" "unbound 1.13.2" .\" .\" libunbound.3 -- unbound library functions manual .\" @@ -44,7 +44,7 @@ .B ub_ctx_zone_remove, .B ub_ctx_data_add, .B ub_ctx_data_remove -\- Unbound DNS validating resolver 1.13.1 functions. +\- Unbound DNS validating resolver 1.13.2 functions. .SH "SYNOPSIS" .B #include .LP diff --git a/doc/unbound-anchor.8.in b/doc/unbound-anchor.8.in index 5ac5ae7e0326..25f7f1baf147 100644 --- a/doc/unbound-anchor.8.in +++ b/doc/unbound-anchor.8.in @@ -1,4 +1,4 @@ -.TH "unbound-anchor" "8" "Feb 9, 2021" "NLnet Labs" "unbound 1.13.1" +.TH "unbound-anchor" "8" "Aug 12, 2021" "NLnet Labs" "unbound 1.13.2" .\" .\" unbound-anchor.8 -- unbound anchor maintenance utility manual .\" diff --git a/doc/unbound-checkconf.8.in b/doc/unbound-checkconf.8.in index 8c5e4048e085..3756201f830e 100644 --- a/doc/unbound-checkconf.8.in +++ b/doc/unbound-checkconf.8.in @@ -1,4 +1,4 @@ -.TH "unbound-checkconf" "8" "Feb 9, 2021" "NLnet Labs" "unbound 1.13.1" +.TH "unbound-checkconf" "8" "Aug 12, 2021" "NLnet Labs" "unbound 1.13.2" .\" .\" unbound-checkconf.8 -- unbound configuration checker manual .\" diff --git a/doc/unbound-control.8.in b/doc/unbound-control.8.in index b32022dcba13..fb3510fa3cb5 100644 --- a/doc/unbound-control.8.in +++ b/doc/unbound-control.8.in @@ -1,4 +1,4 @@ -.TH "unbound-control" "8" "Feb 9, 2021" "NLnet Labs" "unbound 1.13.1" +.TH "unbound-control" "8" "Aug 12, 2021" "NLnet Labs" "unbound 1.13.2" .\" .\" unbound-control.8 -- unbound remote control manual .\" @@ -89,8 +89,7 @@ it. If the zone does not exist, the command succeeds. Add new local data, the given resource record. Like \fBlocal\-data\fR config statement, except for when no covering zone exists. In that case this remote control command creates a transparent zone with the same -name as this record. This command is not good at returning detailed syntax -errors. +name as this record. .TP .B local_data_remove \fIname Remove all RR data from local name. If the name already has no items, @@ -308,7 +307,7 @@ serial check). And then the zone is transferred for a newer zone version. .B rpz_enable \fIzone\fR Enable the RPZ zone if it had previously been disabled. .TP -.B rpz_enable \fIzone\fR +.B rpz_disable \fIzone\fR Disable the RPZ zone. .TP .B view_list_local_zones \fIview\fR diff --git a/doc/unbound-host.1.in b/doc/unbound-host.1.in index 173c72bfe103..4823b9afcaf5 100644 --- a/doc/unbound-host.1.in +++ b/doc/unbound-host.1.in @@ -1,4 +1,4 @@ -.TH "unbound\-host" "1" "Feb 9, 2021" "NLnet Labs" "unbound 1.13.1" +.TH "unbound\-host" "1" "Aug 12, 2021" "NLnet Labs" "unbound 1.13.2" .\" .\" unbound-host.1 -- unbound DNS lookup utility .\" diff --git a/doc/unbound.8.in b/doc/unbound.8.in index a62433e70cab..82c4e98eb191 100644 --- a/doc/unbound.8.in +++ b/doc/unbound.8.in @@ -1,4 +1,4 @@ -.TH "unbound" "8" "Feb 9, 2021" "NLnet Labs" "unbound 1.13.1" +.TH "unbound" "8" "Aug 12, 2021" "NLnet Labs" "unbound 1.13.2" .\" .\" unbound.8 -- unbound manual .\" @@ -9,7 +9,7 @@ .\" .SH "NAME" .B unbound -\- Unbound DNS validating resolver 1.13.1. +\- Unbound DNS validating resolver 1.13.2. .SH "SYNOPSIS" .B unbound .RB [ \-h ] diff --git a/doc/unbound.conf.5.in b/doc/unbound.conf.5.in index 1556374f71a5..e44560ec9eb6 100644 --- a/doc/unbound.conf.5.in +++ b/doc/unbound.conf.5.in @@ -1,4 +1,4 @@ -.TH "unbound.conf" "5" "Feb 9, 2021" "NLnet Labs" "unbound 1.13.1" +.TH "unbound.conf" "5" "Aug 12, 2021" "NLnet Labs" "unbound 1.13.2" .\" .\" unbound.conf.5 -- unbound.conf manual .\" @@ -89,11 +89,11 @@ These options are part of the clause. .TP .B verbosity: \fI -The verbosity number, level 0 means no verbosity, only errors. Level 1 -gives operational information. Level 2 gives detailed operational -information. Level 3 gives query level information, output per query. -Level 4 gives algorithm level information. Level 5 logs client -identification for cache misses. Default is level 1. +The verbosity number, level 0 means no verbosity, only errors. Level 1 +gives operational information. Level 2 gives detailed operational +information including short information per query. Level 3 gives query level +information, output per query. Level 4 gives algorithm level information. +Level 5 logs client identification for cache misses. Default is level 1. The verbosity can also be increased from the commandline, see \fIunbound\fR(8). .TP .B statistics\-interval: \fI @@ -451,6 +451,19 @@ total number configured, and finally to 0 if the number of free buffers falls below 20% of the total number configured. A minimum timeout of 200 milliseconds is observed regardless of the option value used. .TP +.B tcp-reuse-timeout: \fI\fR +The period Unbound will keep TCP persistent connections open to +authority servers. This option defaults to 60000 milliseconds. +.TP +.B max-reuse-tcp-queries: \fI\fR +The maximum number of queries that can be sent on a persistent TCP +connection. +This option defaults to 200 queries. +.TP +.B tcp-auth-query-timeout: \fI\fR +Timeout in milliseconds for TCP queries to auth servers. +This option defaults to 3000 milliseconds. +.TP .B edns-tcp-keepalive: \fI\fR Enable or disable EDNS TCP Keepalive. Default is no. .TP @@ -583,6 +596,7 @@ Default is yes. .B pad\-queries\-block\-size: \fI The block size with which to pad queries sent over TLS upstreams. Default is 128. +.TP .B tls\-use\-sni: \fI Enable or disable sending the SNI extension on TLS connections. Default is yes. @@ -838,6 +852,17 @@ If enabled version.server and version.bind queries are refused. Set the version to report. If set to "", the default, then the package version is returned. .TP +.B hide\-http\-user\-agent: \fI +If enabled the HTTP header User-Agent is not set. Use with caution as some +webserver configurations may reject HTTP requests lacking this header. +If needed, it is better to explicitly set the +.B http\-user\-agent +below. +.TP +.B http\-user\-agent: \fI +Set the HTTP User-Agent header for outgoing HTTP requests. If set to "", +the default, then the package name and version are used. +.TP .B nsid:\fR Add the specified nsid to the EDNS section of the answer when queried with an NSID EDNS enabled packet. As a sequence of hex characters or @@ -1012,7 +1037,7 @@ If yes, Unbound rotates RRSet order in response (the random number is taken from the query ID, for speed and thread safety). Default is yes. .TP .B minimal-responses: \fI -If yes, Unbound doesn't insert authority/additional sections into response +If yes, Unbound does not insert authority/additional sections into response messages when those sections are not required. This reduces response size significantly, and may avoid TCP fallback for some responses. This may cause a slight speedup. The default is yes, even though the DNS @@ -1030,15 +1055,24 @@ of this setting, if a trust anchor is loaded. .TP .B module\-config: \fI<"module names"> Module configuration, a list of module names separated by spaces, surround -the string with quotes (""). The modules can be validator, iterator. -Setting this to "iterator" will result in a non\-validating server. -Setting this to "validator iterator" will turn on DNSSEC validation. -The ordering of the modules is important. -You must also set trust\-anchors for validation to be useful. -The default is "validator iterator". When the server is built with -EDNS client subnet support the default is "subnetcache validator iterator". +the string with quotes (""). The modules can be \fIrespip\fR, +\fIvalidator\fR, or \fIiterator\fR (and possibly more, see below). +Setting this to just "\fIiterator\fR" will result in a non\-validating +server. +Setting this to "\fIvalidator iterator\fR" will turn on DNSSEC validation. +The ordering of the modules is significant, the order decides the +order of processing. +You must also set \fItrust\-anchors\fR for validation to be useful. +Adding \fIrespip\fR to the front will cause RPZ processing to be done on +all queries. +The default is "\fIvalidator iterator\fR". +.IP +When the server is built with +EDNS client subnet support the default is "\fIsubnetcache validator +iterator\fR". Most modules that need to be listed here have to be listed at the beginning -of the line. The cachedb module has to be listed just before the iterator. +of the line. The subnetcachedb module has to be listed just before +the iterator. The python module can be listed in different places, it then processes the output of the module it is just before. The dynlib module can be listed pretty much anywhere, it is only a very thin wrapper that allows dynamic libraries to @@ -1117,6 +1151,10 @@ min and max very low disables the clock skew allowances. Setting both min and max very high makes the validator check the signature timestamps less strictly. .TP +.B val\-max\-restart: \fI +The maximum number the validator should restart validation with +another authority in case of failed validation. Default is 5. +.TP .B val\-bogus\-ttl: \fI The time to live for bogus data. This is data that has failed validation; due to invalid signatures or other checks. The TTL from that data cannot be @@ -1201,13 +1239,19 @@ Default is "no". .TP .B val\-nsec3\-keysize\-iterations: \fI<"list of values"> List of keysize and iteration count values, separated by spaces, surrounded -by quotes. Default is "1024 150 2048 500 4096 2500". This determines the +by quotes. Default is "1024 150 2048 150 4096 150". This determines the maximum allowed NSEC3 iteration count before a message is simply marked insecure instead of performing the many hashing iterations. The list must be in ascending order and have at least one entry. If you set it to "1024 65535" there is no restriction to NSEC3 iteration values. This table must be kept short; a very long list could cause slower operation. .TP +.B zonemd\-permissive\-mode: \fI +If enabled the ZONEMD verification failures are only logged and do not cause +the zone to be blocked and only return servfail. Useful for testing out +if it works, or if the operator only wants to be notified of a problem without +disrupting service. Default is no. +.TP .B add\-holddown: \fI Instruct the \fBauto\-trust\-anchor\-file\fR probe mechanism for RFC5011 autotrust updates to add new trust anchors only after they have been @@ -1507,6 +1551,82 @@ Use this localzone type, regardless the type configured for the local-zone (both tagged and untagged) and regardless the type configured using access\-control\-tag\-action. .TP 5 +.B response\-ip: \fI +This requires use of the "respip" module. +.IP +If the IP address in an AAAA or A RR in the answer section of a +response matches the specified IP netblock, the specified action will +apply. +\fI\fR has generally the same semantics as that for +\fIaccess-control-tag-action\fR, but there are some exceptions. +.IP +Actions for \fIresponse-ip\fR are different from those for +\fIlocal-zone\fR in that in case of the former there is no point of +such conditions as "the query matches it but there is no local data". +Because of this difference, the semantics of \fIresponse-ip\fR actions +are modified or simplified as follows: The \fIstatic, refuse, +transparent, typetransparent,\fR and \fInodefault\fR actions are +invalid for \fIresponse-ip\fR. +Using any of these will cause the configuration to be rejected as +faulty. The \fIdeny\fR action is non-conditional, i.e. it always +results in dropping the corresponding query. +The resolution result before applying the deny action is still cached +and can be used for other queries. +.TP 5 +.B response-ip-data: \fI <"resource record string"> +This requires use of the "respip" module. +.IP +This specifies the action data for \fIresponse-ip\fR with action being +to redirect as specified by "\fIresource record string\fR". "Resource +record string" is similar to that of \fIaccess-control-tag-action\fR, +but it must be of either AAAA, A or CNAME types. +If the IP-netblock is an IPv6/IPV4 prefix, the record +must be AAAA/A respectively, unless it is a CNAME (which can be used +for both versions of IP netblocks). If it is CNAME there must not be +more than one \fIresponse-ip-data\fR for the same IP-netblock. +Also, CNAME and other types of records must not coexist for the same +IP-netblock, following the normal rules for CNAME records. +The textual domain name for the CNAME does not have to be explicitly +terminated with a dot ("."); the root name is assumed to be the origin +for the name. +.TP 5 +.B response-ip-tag: \fI <"list of tags"> +This requires use of the "respip" module. +.IP +Assign tags to response IP-netblocks. If the IP address in an AAAA or +A RR in the answer section of a response matches the specified +IP-netblock, the specified tags are assigned to the IP address. +Then, if an \fIaccess-control-tag\fR is defined for the client and it +includes one of the tags for the response IP, the corresponding +\fIaccess-control-tag-action\fR will apply. +Tag matching rule is the same as that for \fIaccess-control-tag\fR and +\fIlocal-zones\fR. +Unlike \fIlocal-zone-tag\fR, \fIresponse-ip-tag\fR can be defined for +an IP-netblock even if no \fIresponse-ip\fR is defined for that +netblock. +If multiple \fIresponse-ip-tag\fR options are specified for the same +IP-netblock in different statements, all but the first will be +ignored. +However, this will not be flagged as a configuration error, but the +result is probably not what was intended. +.IP +Actions specified in an +\fIaccess-control-tag-action\fR that has a matching tag with +\fIresponse-ip-tag\fR can be those that are "invalid" for +\fIresponse-ip\fR listed above, since \fIaccess-control-tag-action\fRs +can be shared with local zones. +For these actions, if they behave differently depending on whether +local data exists or not in case of local zones, the behavior for +\fIresponse-ip-data\fR will generally result in NOERROR/NODATA instead +of NXDOMAIN, since the \fIresponse-ip\fR data are inherently type +specific, and non-existence of data does not indicate anything about +the existence or non-existence of the qname itself. +For example, if the matching tag action is \fIstatic\fR but there is +no data for the corresponding \fIresponse-ip\fR configuration, then +the result will be NOERROR/NODATA. +The only case where NXDOMAIN is returned is when an +\fIalways_nxdomain\fR action applies. +.TP 5 .B ratelimit: \fI Enable ratelimiting of queries sent to nameserver for performing recursion. If 0, the default, it is disabled. This option is experimental at this time. @@ -1818,7 +1938,9 @@ Name of the authority zone. .B primary: \fI Where to download a copy of the zone from, with AXFR and IXFR. Multiple primaries can be specified. They are all tried if one fails. -With the "ip#name" notation a AXFR over TLS can be used. +To use a nondefault port for DNS communication append '@' with the port number. +You can append a '#' and a name, then AXFR over TLS can be used and the tls authentication certificates will be checked with that name. If you combine +the '@' and '#', the '@' comes first. If you point it at another Unbound instance, it would not work because that does not support AXFR/IXFR for the zone, but if you used \fBurl:\fR to download the zonefile as a text file from a webserver that would work. @@ -1875,6 +1997,25 @@ to the authority servers for this zone, it'll fetch the data directly from the zone data. Turn it on when you want unbound to provide recursion for downstream clients, and use the zone data as a local copy to speed up lookups. .TP +.B zonemd\-check: \fI +Enable this option to check ZONEMD records in the zone. Default is disabled. +The ZONEMD record is a checksum over the zone data. This includes glue in +the zone and data from the zone file, and excludes comments from the zone file. +When there is a DNSSEC chain of trust, DNSSEC signatures are checked too. +.TP +.B zonemd\-reject\-absence: \fI +Enable this option to reject the absence of the ZONEMD record. Without it, +when zonemd is not there it is not checked. It is useful to enable for a +nonDNSSEC signed zone where the operator wants to require the verification +of a ZONEMD, hence a missing ZONEMD is a failure. The action upon +failure is controlled by the \fBzonemd\-permissive\-mode\fR option, for +log only or also block the zone. The default is no. +.IP +Without the option absence of a ZONEMD is only a failure when the zone is +DNSSEC signed, and we have a trust anchor, and the DNSSEC verification of +the absence of the ZONEMD fails. With the option enabled, the absence of +a ZONEMD is always a failure, also for nonDNSSEC signed zones. +.TP .B zonefile: \fI The filename where the zone is stored. If not given then no zonefile is used. If the file does not exist or is empty, unbound will attempt to fetch zone @@ -2376,6 +2517,15 @@ Name of the authority zone. .B primary: \fI Where to download a copy of the zone from, with AXFR and IXFR. Multiple primaries can be specified. They are all tried if one fails. +To use a nondefault port for DNS communication append '@' with the port number. +You can append a '#' and a name, then AXFR over TLS can be used and the tls authentication certificates will be checked with that name. If you combine +the '@' and '#', the '@' comes first. +If you point it at another Unbound instance, it would not work because +that does not support AXFR/IXFR for the zone, but if you used \fBurl:\fR to download +the zonefile as a text file from a webserver that would work. +If you specify the hostname, you cannot use the domain from the zonefile, +because it may not have that when retrieving that data, instead use a plain +IP address to avoid a circular dependency on retrieving that IP address. .TP .B master: \fI Alternate syntax for \fBprimary\fR. diff --git a/doc/unbound.doxygen b/doc/unbound.doxygen index 4c32d89435ca..823e092536e4 100644 --- a/doc/unbound.doxygen +++ b/doc/unbound.doxygen @@ -1076,7 +1076,7 @@ TREEVIEW_WIDTH = 250 FORMULA_FONTSIZE = 10 -# Use the FORMULA_TRANPARENT tag to determine whether or not the images +# Use the FORMULA_TRANSPARENT tag to determine whether or not the images # generated for formulas are transparent PNGs. Transparent PNGs are # not supported properly for IE 6.0, but are supported on all modern browsers. # Note that when changing this option you need to delete any form_*.png files diff --git a/edns-subnet/subnetmod.c b/edns-subnet/subnetmod.c index f1b401b9080c..ade40c66e85f 100644 --- a/edns-subnet/subnetmod.c +++ b/edns-subnet/subnetmod.c @@ -150,7 +150,7 @@ int ecs_whitelist_check(struct query_info* qinfo, /* Cache by default, might be disabled after parsing EDNS option * received from nameserver. */ - if(!iter_stub_fwd_no_cache(qstate, &qstate->qinfo)) { + if(!iter_stub_fwd_no_cache(qstate, &qstate->qinfo, NULL, NULL)) { qstate->no_cache_store = 0; } @@ -205,7 +205,7 @@ subnetmod_init(struct module_env *env, int id) subnet_data_delete, NULL); slabhash_setmarkdel(sn_env->subnet_msg_cache, &subnet_markdel); if(!sn_env->subnet_msg_cache) { - log_err("subnet: could not create cache"); + log_err("subnetcache: could not create cache"); free(sn_env); env->modinfo[id] = NULL; return 0; @@ -214,21 +214,21 @@ subnetmod_init(struct module_env *env, int id) sn_env->whitelist = ecs_whitelist_create(); if(!sn_env->whitelist || !ecs_whitelist_apply_cfg(sn_env->whitelist, env->cfg)) { - log_err("subnet: could not create ECS whitelist"); + log_err("subnetcache: could not create ECS whitelist"); slabhash_delete(sn_env->subnet_msg_cache); free(sn_env); env->modinfo[id] = NULL; return 0; } - verbose(VERB_QUERY, "subnet: option registered (%d)", + verbose(VERB_QUERY, "subnetcache: option registered (%d)", env->cfg->client_subnet_opcode); /* Create new mesh state for all queries. */ env->unique_mesh = 1; if(!edns_register_option(env->cfg->client_subnet_opcode, env->cfg->client_subnet_always_forward /* bypass cache */, 0 /* no aggregation */, env)) { - log_err("subnet: could not register opcode"); + log_err("subnetcache: could not register opcode"); ecs_whitelist_delete(sn_env->whitelist); slabhash_delete(sn_env->subnet_msg_cache); free(sn_env); @@ -365,7 +365,7 @@ update_cache(struct module_qstate *qstate, int id) /* Step 2, find the correct tree */ if (!(tree = get_tree(lru_entry->data, edns, sne, qstate->env->cfg))) { lock_rw_unlock(&lru_entry->lock); - log_err("Subnet cache insertion failed"); + log_err("subnetcache: cache insertion failed"); return; } lock_quick_lock(&sne->alloc.lock); @@ -373,7 +373,7 @@ update_cache(struct module_qstate *qstate, int id) lock_quick_unlock(&sne->alloc.lock); if (!rep) { lock_rw_unlock(&lru_entry->lock); - log_err("Subnet cache insertion failed"); + log_err("subnetcache: cache insertion failed"); return; } @@ -487,7 +487,7 @@ eval_response(struct module_qstate *qstate, int id, struct subnet_qstate *sq) /* We have not asked for subnet data */ if (!sq->subnet_sent) { if (s_in->subnet_validdata) - verbose(VERB_QUERY, "subnet: received spurious data"); + verbose(VERB_QUERY, "subnetcache: received spurious data"); if (sq->subnet_downstream) /* Copy back to client */ cp_edns_bad_response(c_out, c_in); return module_finished; @@ -499,7 +499,7 @@ eval_response(struct module_qstate *qstate, int id, struct subnet_qstate *sq) * consequence the answer ended up in the regular cache. It * is still usefull to put it in the edns subnet cache for * when a client explicitly asks for subnet specific answer. */ - verbose(VERB_QUERY, "subnet: Authority indicates no support"); + verbose(VERB_QUERY, "subnetcache: Authority indicates no support"); if(!sq->started_no_cache_store) { lock_rw_wrlock(&sne->biglock); update_cache(qstate, id); @@ -521,7 +521,7 @@ eval_response(struct module_qstate *qstate, int id, struct subnet_qstate *sq) s_out->subnet_source_mask)) { /* we can not accept, restart query without option */ - verbose(VERB_QUERY, "subnet: forged data"); + verbose(VERB_QUERY, "subnetcache: forged data"); s_out->subnet_validdata = 0; (void)edns_opt_list_remove(&qstate->edns_opts_back_out, qstate->env->cfg->client_subnet_opcode); @@ -700,10 +700,10 @@ subnetmod_operate(struct module_qstate *qstate, enum module_ev event, struct subnet_env *sne = qstate->env->modinfo[id]; struct subnet_qstate *sq = (struct subnet_qstate*)qstate->minfo[id]; - verbose(VERB_QUERY, "subnet[module %d] operate: extstate:%s " + verbose(VERB_QUERY, "subnetcache[module %d] operate: extstate:%s " "event:%s", id, strextstate(qstate->ext_state[id]), strmodulevent(event)); - log_query_info(VERB_QUERY, "subnet operate: query", &qstate->qinfo); + log_query_info(VERB_QUERY, "subnetcache operate: query", &qstate->qinfo); if((event == module_event_new || event == module_event_pass) && sq == NULL) { @@ -738,7 +738,7 @@ subnetmod_operate(struct module_qstate *qstate, enum module_ev event, /* No clients are interested in result or we could not * parse it, we don't do client subnet */ sq->ecs_server_out.subnet_validdata = 0; - verbose(VERB_ALGO, "subnet: pass to next module"); + verbose(VERB_ALGO, "subnetcache: pass to next module"); qstate->ext_state[id] = module_wait_module; return; } @@ -758,7 +758,7 @@ subnetmod_operate(struct module_qstate *qstate, enum module_ev event, if (lookup_and_reply(qstate, id, sq)) { sne->num_msg_cache++; lock_rw_unlock(&sne->biglock); - verbose(VERB_QUERY, "subnet: answered from cache"); + verbose(VERB_QUERY, "subnetcache: answered from cache"); qstate->ext_state[id] = module_finished; ecs_opt_list_append(&sq->ecs_client_out, @@ -798,7 +798,7 @@ subnetmod_operate(struct module_qstate *qstate, enum module_ev event, /* pass request to next module */ verbose(VERB_ALGO, - "subnet: not found in cache. pass to next module"); + "subnetcache: not found in cache. pass to next module"); qstate->ext_state[id] = module_wait_module; return; } @@ -819,7 +819,7 @@ subnetmod_operate(struct module_qstate *qstate, enum module_ev event, /* We are being revisited */ if(event == module_event_pass || event == module_event_new) { /* Just pass it on, we already did the work */ - verbose(VERB_ALGO, "subnet: pass to next module"); + verbose(VERB_ALGO, "subnetcache: pass to next module"); qstate->ext_state[id] = module_wait_module; return; } @@ -828,7 +828,7 @@ subnetmod_operate(struct module_qstate *qstate, enum module_ev event, qstate->ext_state[id] = module_finished; return; } - log_err("subnet: bad event %s", strmodulevent(event)); + log_err("subnetcache: bad event %s", strmodulevent(event)); qstate->ext_state[id] = module_error; return; } @@ -861,7 +861,7 @@ subnetmod_get_mem(struct module_env *env, int id) * The module function block */ static struct module_func_block subnetmod_block = { - "subnet", &subnetmod_init, &subnetmod_deinit, &subnetmod_operate, + "subnetcache", &subnetmod_init, &subnetmod_deinit, &subnetmod_operate, &subnetmod_inform_super, &subnetmod_clear, &subnetmod_get_mem }; diff --git a/ipsecmod/ipsecmod.c b/ipsecmod/ipsecmod.c index a1f40a512b8a..e42af6f497ea 100644 --- a/ipsecmod/ipsecmod.c +++ b/ipsecmod/ipsecmod.c @@ -151,6 +151,17 @@ generate_request(struct module_qstate* qstate, int id, uint8_t* name, ask.qclass = qclass; ask.local_alias = NULL; log_query_info(VERB_ALGO, "ipsecmod: generate request", &ask); + + /* Explicitly check for cycle before trying to attach. Will result in + * cleaner error message. The attach_sub code also checks for cycle but the + * message will be out of memory in both cases then. */ + fptr_ok(fptr_whitelist_modenv_detect_cycle(qstate->env->detect_cycle)); + if((*qstate->env->detect_cycle)(qstate, &ask, + (uint16_t)(BIT_RD|flags), 0, 0)) { + verbose(VERB_ALGO, "Could not generate request: cycle detected"); + return 0; + } + fptr_ok(fptr_whitelist_modenv_attach_sub(qstate->env->attach_sub)); if(!(*qstate->env->attach_sub)(qstate, &ask, (uint16_t)(BIT_RD|flags), 0, 0, &newq)){ @@ -408,6 +419,7 @@ ipsecmod_handle_query(struct module_qstate* qstate, if(!qstate->env->cfg->ipsecmod_ignore_bogus && rrset_data->security == sec_status_bogus) { log_err("ipsecmod: bogus IPSECKEY"); + errinf(qstate, "ipsecmod: bogus IPSECKEY"); ipsecmod_error(qstate, id); return; } @@ -415,6 +427,7 @@ ipsecmod_handle_query(struct module_qstate* qstate, if(!call_hook(qstate, iq, ie) && qstate->env->cfg->ipsecmod_strict) { log_err("ipsecmod: ipsecmod-hook failed"); + errinf(qstate, "ipsecmod: ipsecmod-hook failed"); ipsecmod_error(qstate, id); return; } @@ -486,6 +499,7 @@ ipsecmod_handle_response(struct module_qstate* qstate, qstate->qinfo.qname_len, LDNS_RR_TYPE_IPSECKEY, qstate->qinfo.qclass, 0)) { log_err("ipsecmod: could not generate subquery."); + errinf(qstate, "ipsecmod: could not generate subquery."); ipsecmod_error(qstate, id); } return; @@ -509,6 +523,7 @@ ipsecmod_operate(struct module_qstate* qstate, enum module_ev event, int id, if((event == module_event_new || event == module_event_pass) && iq == NULL) { if(!ipsecmod_new(qstate, id)) { + errinf(qstate, "ipsecmod: could not ipsecmod_new"); ipsecmod_error(qstate, id); return; } @@ -531,6 +546,7 @@ ipsecmod_operate(struct module_qstate* qstate, enum module_ev event, int id, } if(event == module_event_error) { verbose(VERB_ALGO, "got called with event error, giving up"); + errinf(qstate, "ipsecmod: got called with event error"); ipsecmod_error(qstate, id); return; } @@ -541,6 +557,7 @@ ipsecmod_operate(struct module_qstate* qstate, enum module_ev event, int id, } log_err("ipsecmod: bad event %s", strmodulevent(event)); + errinf(qstate, "ipsecmod: operate got bad event"); ipsecmod_error(qstate, id); return; } diff --git a/iterator/iter_scrub.c b/iterator/iter_scrub.c index aae934dd44fe..f093c1bf999a 100644 --- a/iterator/iter_scrub.c +++ b/iterator/iter_scrub.c @@ -640,25 +640,37 @@ store_rrset(sldns_buffer* pkt, struct msg_parse* msg, struct module_env* env, /** * Check if right hand name in NSEC is within zone + * @param pkt: the packet buffer for decompression. * @param rrset: the NSEC rrset * @param zonename: the zone name. * @return true if BAD. */ -static int sanitize_nsec_is_overreach(struct rrset_parse* rrset, - uint8_t* zonename) +static int sanitize_nsec_is_overreach(sldns_buffer* pkt, + struct rrset_parse* rrset, uint8_t* zonename) { struct rr_parse* rr; uint8_t* rhs; size_t len; log_assert(rrset->type == LDNS_RR_TYPE_NSEC); for(rr = rrset->rr_first; rr; rr = rr->next) { + size_t pos = sldns_buffer_position(pkt); + size_t rhspos; rhs = rr->ttl_data+4+2; len = sldns_read_uint16(rr->ttl_data+4); - if(!dname_valid(rhs, len)) { - /* malformed domain name in rdata */ + rhspos = rhs-sldns_buffer_begin(pkt); + sldns_buffer_set_position(pkt, rhspos); + if(pkt_dname_len(pkt) == 0) { + /* malformed */ + sldns_buffer_set_position(pkt, pos); return 1; } - if(!dname_subdomain_c(rhs, zonename)) { + if(sldns_buffer_position(pkt)-rhspos > len) { + /* outside of rdata boundaries */ + sldns_buffer_set_position(pkt, pos); + return 1; + } + sldns_buffer_set_position(pkt, pos); + if(!pkt_sub(pkt, rhs, zonename)) { /* overreaching */ return 1; } @@ -791,7 +803,7 @@ scrub_sanitize(sldns_buffer* pkt, struct msg_parse* msg, } /* check if right hand side of NSEC is within zone */ if(rrset->type == LDNS_RR_TYPE_NSEC && - sanitize_nsec_is_overreach(rrset, zonename)) { + sanitize_nsec_is_overreach(pkt, rrset, zonename)) { remove_rrset("sanitize: removing overreaching NSEC " "RRset:", pkt, msg, prev, &rrset); continue; diff --git a/iterator/iter_utils.c b/iterator/iter_utils.c index 7bc67da69b2e..668f898eb0ff 100644 --- a/iterator/iter_utils.c +++ b/iterator/iter_utils.c @@ -50,6 +50,7 @@ #include "services/cache/infra.h" #include "services/cache/dns.h" #include "services/cache/rrset.h" +#include "services/outside_network.h" #include "util/net_help.h" #include "util/module.h" #include "util/log.h" @@ -439,6 +440,7 @@ iter_filter_order(struct iter_env* iter_env, struct module_env* env, prev = NULL; a = dp->result_list; for(i = 0; i < got_num; i++) { + if(!a) break; /* robustness */ swap_to_front = 0; if(a->addr.ss_family != AF_INET6 && attempt == -1) { /* if we only have ip4 at low attempt count, @@ -496,6 +498,7 @@ iter_filter_order(struct iter_env* iter_env, struct module_env* env, prev = NULL; a = dp->result_list; for(i = 0; i < got_num; i++) { + if(!a) break; /* robustness */ swap_to_front = 0; if(a->addr.ss_family != AF_INET && attempt == -1) { /* if we only have ip6 at low attempt count, @@ -1390,7 +1393,8 @@ int iter_dp_cangodown(struct query_info* qinfo, struct delegpt* dp) } int -iter_stub_fwd_no_cache(struct module_qstate *qstate, struct query_info *qinf) +iter_stub_fwd_no_cache(struct module_qstate *qstate, struct query_info *qinf, + uint8_t** retdpname, size_t* retdpnamelen) { struct iter_hints_stub *stub; struct delegpt *dp; @@ -1419,6 +1423,10 @@ iter_stub_fwd_no_cache(struct module_qstate *qstate, struct query_info *qinf) dname_str(stub->dp->name, dpname); verbose(VERB_ALGO, "stub for %s %s has no_cache", qname, dpname); } + if(retdpname) { + *retdpname = stub->dp->name; + *retdpnamelen = stub->dp->namelen; + } return (stub->dp->no_cache); } @@ -1431,7 +1439,31 @@ iter_stub_fwd_no_cache(struct module_qstate *qstate, struct query_info *qinf) dname_str(dp->name, dpname); verbose(VERB_ALGO, "forward for %s %s has no_cache", qname, dpname); } + if(retdpname) { + *retdpname = dp->name; + *retdpnamelen = dp->namelen; + } return (dp->no_cache); } + if(retdpname) { + *retdpname = NULL; + *retdpnamelen = 0; + } return 0; } + +void iterator_set_ip46_support(struct module_stack* mods, + struct module_env* env, struct outside_network* outnet) +{ + int m = modstack_find(mods, "iterator"); + struct iter_env* ie = NULL; + if(m == -1) + return; + ie = (struct iter_env*)env->modinfo[m]; + if(outnet->pending == NULL) + return; /* we are in testbound, no rbtree for UDP */ + if(outnet->num_ip4 == 0) + ie->supports_ipv4 = 0; + if(outnet->num_ip6 == 0) + ie->supports_ipv6 = 0; +} diff --git a/iterator/iter_utils.h b/iterator/iter_utils.h index f771930bba2b..509d2921e306 100644 --- a/iterator/iter_utils.h +++ b/iterator/iter_utils.h @@ -59,6 +59,8 @@ struct reply_info; struct module_qstate; struct sock_list; struct ub_packed_rrset_key; +struct module_stack; +struct outside_network; /** * Process config options and set iterator module state. @@ -130,7 +132,7 @@ struct dns_msg* dns_copy_msg(struct dns_msg* from, struct regional* regional); * can be prefetch-updates. * @param region: to copy modified (cache is better) rrs back to. * @param flags: with BIT_CD for dns64 AAAA translated queries. - * @return void, because we are not interested in alloc errors, + * return void, because we are not interested in alloc errors, * the iterator and validator can operate on the results in their * scratch space (the qstate.region) and are not dependent on the cache. * It is useful to log the alloc failure (for the server operator), @@ -380,9 +382,26 @@ int iter_dp_cangodown(struct query_info* qinfo, struct delegpt* dp); * Lookup if no_cache is set in stub or fwd. * @param qstate: query state with env with hints and fwds. * @param qinf: query name to lookup for. + * @param retdpname: returns NULL or the deepest enclosing name of fwd or stub. + * This is the name under which the closest lookup is going to happen. + * Used for NXDOMAIN checks, above that it is an nxdomain from a + * different server and zone. You can pass NULL to not get it. + * @param retdpnamelen: returns the length of the dpname. * @return true if no_cache is set in stub or fwd. */ int iter_stub_fwd_no_cache(struct module_qstate *qstate, - struct query_info *qinf); + struct query_info *qinf, uint8_t** retdpname, size_t* retdpnamelen); + +/** + * Set support for IP4 and IP6 depending on outgoing interfaces + * in the outside network. If none, no support, so no use to lookup + * the AAAA and then attempt to use it if there is no outgoing-interface + * for it. + * @param mods: modstack to find iterator module in. + * @param env: module env, find iterator module (if one) in there. + * @param outnet: outside network structure. + */ +void iterator_set_ip46_support(struct module_stack* mods, + struct module_env* env, struct outside_network* outnet); #endif /* ITERATOR_ITER_UTILS_H */ diff --git a/iterator/iterator.c b/iterator/iterator.c index 99d020117842..f0105ad4b085 100644 --- a/iterator/iterator.c +++ b/iterator/iterator.c @@ -585,6 +585,60 @@ handle_cname_response(struct module_qstate* qstate, struct iter_qstate* iq, return 1; } +/** add response specific error information for log servfail */ +static void +errinf_reply(struct module_qstate* qstate, struct iter_qstate* iq) +{ + if(qstate->env->cfg->val_log_level < 2 && !qstate->env->cfg->log_servfail) + return; + if((qstate->reply && qstate->reply->addrlen != 0) || + (iq->fail_reply && iq->fail_reply->addrlen != 0)) { + char from[256], frm[512]; + if(qstate->reply && qstate->reply->addrlen != 0) + addr_to_str(&qstate->reply->addr, qstate->reply->addrlen, + from, sizeof(from)); + else + addr_to_str(&iq->fail_reply->addr, iq->fail_reply->addrlen, + from, sizeof(from)); + snprintf(frm, sizeof(frm), "from %s", from); + errinf(qstate, frm); + } + if(iq->scrub_failures || iq->parse_failures) { + if(iq->scrub_failures) + errinf(qstate, "upstream response failed scrub"); + if(iq->parse_failures) + errinf(qstate, "could not parse upstream response"); + } else if(iq->response == NULL && iq->timeout_count != 0) { + errinf(qstate, "upstream server timeout"); + } else if(iq->response == NULL) { + errinf(qstate, "no server to query"); + if(iq->dp) { + if(iq->dp->target_list == NULL) + errinf(qstate, "no addresses for nameservers"); + else errinf(qstate, "nameserver addresses not usable"); + if(iq->dp->nslist == NULL) + errinf(qstate, "have no nameserver names"); + if(iq->dp->bogus) + errinf(qstate, "NS record was dnssec bogus"); + } + } + if(iq->response && iq->response->rep) { + if(FLAGS_GET_RCODE(iq->response->rep->flags) != 0) { + char rcode[256], rc[32]; + (void)sldns_wire2str_rcode_buf( + FLAGS_GET_RCODE(iq->response->rep->flags), + rc, sizeof(rc)); + snprintf(rcode, sizeof(rcode), "got %s", rc); + errinf(qstate, rcode); + } else { + /* rcode NOERROR */ + if(iq->response->rep->an_numrrsets == 0) { + errinf(qstate, "nodata answer"); + } + } + } +} + /** see if last resort is possible - does config allow queries to parent */ static int can_have_last_resort(struct module_env* env, uint8_t* nm, size_t nmlen, @@ -1228,8 +1282,8 @@ static int processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq, struct iter_env* ie, int id) { - uint8_t* delname; - size_t delnamelen; + uint8_t* delname, *dpname=NULL; + size_t delnamelen, dpnamelen=0; struct dns_msg* msg = NULL; log_query_info(VERB_DETAIL, "resolving", &qstate->qinfo); @@ -1283,7 +1337,7 @@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq, /* This either results in a query restart (CNAME cache response), a * terminating response (ANSWER), or a cache miss (null). */ - if (iter_stub_fwd_no_cache(qstate, &iq->qchase)) { + if (iter_stub_fwd_no_cache(qstate, &iq->qchase, &dpname, &dpnamelen)) { /* Asked to not query cache. */ verbose(VERB_ALGO, "no-cache set, going to the network"); qstate->no_cache_lookup = 1; @@ -1298,7 +1352,8 @@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq, msg = dns_cache_lookup(qstate->env, iq->qchase.qname, iq->qchase.qname_len, iq->qchase.qtype, iq->qchase.qclass, qstate->query_flags, - qstate->region, qstate->env->scratch, 0); + qstate->region, qstate->env->scratch, 0, dpname, + dpnamelen); if(!msg && qstate->env->neg_cache && iter_qname_indicates_dnssec(qstate->env, &iq->qchase)) { /* lookup in negative cache; may result in @@ -1921,6 +1976,7 @@ processLastResort(struct module_qstate* qstate, struct iter_qstate* iq, * of a response. */ errinf(qstate, "all the configured stub or forward servers failed,"); errinf_dname(qstate, "at zone", iq->dp->name); + errinf_reply(qstate, iq); verbose(VERB_QUERY, "configured stub or forward servers failed -- returning SERVFAIL"); return error_response_cache(qstate, id, LDNS_RCODE_SERVFAIL); } @@ -2067,6 +2123,7 @@ processLastResort(struct module_qstate* qstate, struct iter_qstate* iq, errinf(qstate, "all servers for this domain failed,"); errinf_dname(qstate, "at zone", iq->dp->name); + errinf_reply(qstate, iq); verbose(VERB_QUERY, "out of query targets -- returning SERVFAIL"); /* fail -- no more targets, no more hope of targets, no hope * of a response. */ @@ -2288,7 +2345,8 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq, iq->qinfo_out.qname, iq->qinfo_out.qname_len, iq->qinfo_out.qtype, iq->qinfo_out.qclass, qstate->query_flags, qstate->region, - qstate->env->scratch, 0); + qstate->env->scratch, 0, iq->dp->name, + iq->dp->namelen); if(msg && FLAGS_GET_RCODE(msg->rep->flags) == LDNS_RCODE_NOERROR) /* no need to send query if it is already @@ -2611,7 +2669,7 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq, (iq->dp->ssl_upstream || qstate->env->cfg->ssl_upstream), target->tls_auth_name, qstate); if(!outq) { - log_addr(VERB_DETAIL, "error sending query to auth server", + log_addr(VERB_QUERY, "error sending query to auth server", &target->addr, target->addrlen); if(!(iq->chase_flags & BIT_RD) && !iq->ratelimit_ok) infra_ratelimit_dec(qstate->env->infra_cache, iq->dp->name, @@ -2957,6 +3015,8 @@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq, qstate->env->detach_subs)); (*qstate->env->detach_subs)(qstate); iq->num_target_queries = 0; + iq->response = NULL; + iq->fail_reply = NULL; verbose(VERB_ALGO, "cleared outbound list for next round"); return next_state(iq, QUERYTARGETS_STATE); } else if(type == RESPONSE_TYPE_CNAME) { @@ -3720,6 +3780,7 @@ process_response(struct module_qstate* qstate, struct iter_qstate* iq, } /* parse message */ + iq->fail_reply = qstate->reply; prs = (struct msg_parse*)regional_alloc(qstate->env->scratch, sizeof(struct msg_parse)); if(!prs) { @@ -3733,12 +3794,15 @@ process_response(struct module_qstate* qstate, struct iter_qstate* iq, sldns_buffer_set_position(pkt, 0); if(parse_packet(pkt, prs, qstate->env->scratch) != LDNS_RCODE_NOERROR) { verbose(VERB_ALGO, "parse error on reply packet"); + iq->parse_failures++; goto handle_it; } /* edns is not examined, but removed from message to help cache */ if(parse_extract_edns(prs, &edns, qstate->env->scratch) != - LDNS_RCODE_NOERROR) + LDNS_RCODE_NOERROR) { + iq->parse_failures++; goto handle_it; + } /* Copy the edns options we may got from the back end */ if(edns.opt_list) { @@ -3772,6 +3836,7 @@ process_response(struct module_qstate* qstate, struct iter_qstate* iq, iq->num_current_queries--; verbose(VERB_DETAIL, "Capsforid: scrub failed, starting fallback with no response"); } + iq->scrub_failures++; goto handle_it; } diff --git a/iterator/iterator.h b/iterator/iterator.h index 342ac207e826..dc5e57527d87 100644 --- a/iterator/iterator.h +++ b/iterator/iterator.h @@ -61,7 +61,7 @@ struct rbtree_type; * its subqueries */ #define MAX_TARGET_NX 5 /** max number of query restarts. Determines max number of CNAME chain. */ -#define MAX_RESTART_COUNT 8 +#define MAX_RESTART_COUNT 11 /** max number of referrals. Makes sure resolver does not run away */ #define MAX_REFERRAL_COUNT 130 /** max number of queries-sent-out. Make sure large NS set does not loop */ @@ -406,6 +406,12 @@ struct iter_qstate { int auth_zone_response; /** True if the auth_zones should not be consulted for the query */ int auth_zone_avoid; + /** true if there have been scrubbing failures of reply packets */ + int scrub_failures; + /** true if there have been parse failures of reply packets */ + int parse_failures; + /** a failure printout address for last received answer */ + struct comm_reply* fail_reply; }; /** diff --git a/libunbound/context.c b/libunbound/context.c index cff2831a77cd..e589c6ae28d7 100644 --- a/libunbound/context.c +++ b/libunbound/context.c @@ -69,6 +69,7 @@ context_finalize(struct ub_ctx* ctx) } else { log_init(cfg->logfile, cfg->use_syslog, NULL); } + cfg_apply_local_port_policy(cfg, 65536); config_apply(cfg); if(!modstack_setup(&ctx->mods, cfg->module_conf, ctx->env)) return UB_INITFAIL; @@ -78,7 +79,8 @@ context_finalize(struct ub_ctx* ctx) return UB_NOMEM; if(!local_zones_apply_cfg(ctx->local_zones, cfg)) return UB_INITFAIL; - if(!auth_zones_apply_cfg(ctx->env->auth_zones, cfg, 1, &is_rpz)) + if(!auth_zones_apply_cfg(ctx->env->auth_zones, cfg, 1, &is_rpz, + ctx->env, &ctx->mods)) return UB_INITFAIL; if(!edns_strings_apply_cfg(ctx->env->edns_strings, cfg)) return UB_INITFAIL; diff --git a/libunbound/libworker.c b/libunbound/libworker.c index 7f46df386ab9..8a9ca9419480 100644 --- a/libunbound/libworker.c +++ b/libunbound/libworker.c @@ -241,7 +241,9 @@ libworker_setup(struct ub_ctx* ctx, int is_bg, struct ub_event_base* eb) ports, numports, cfg->unwanted_threshold, cfg->outgoing_tcp_mss, &libworker_alloc_cleanup, w, cfg->do_udp || cfg->udp_upstream_without_downstream, w->sslctx, - cfg->delay_close, cfg->tls_use_sni, NULL, cfg->udp_connect); + cfg->delay_close, cfg->tls_use_sni, NULL, cfg->udp_connect, + cfg->max_reuse_tcp_queries, cfg->tcp_reuse_timeout, + cfg->tcp_auth_query_timeout); w->env->outnet = w->back; if(!w->is_bg || w->is_bg_thread) { lock_basic_unlock(&ctx->cfglock); @@ -454,8 +456,15 @@ fill_res(struct ub_result* res, struct ub_packed_rrset_key* answer, if(rep->rrset_count != 0) res->ttl = (int)rep->ttl; res->data = (char**)calloc(1, sizeof(char*)); + if(!res->data) + return 0; /* out of memory */ res->len = (int*)calloc(1, sizeof(int)); - return (res->data && res->len); + if(!res->len) { + free(res->data); + res->data = NULL; + return 0; /* out of memory */ + } + return 1; } data = (struct packed_rrset_data*)answer->entry.data; if(query_dname_compare(rq->qname, answer->rk.dname) != 0) { @@ -463,15 +472,30 @@ fill_res(struct ub_result* res, struct ub_packed_rrset_key* answer, return 0; /* out of memory */ } else res->canonname = NULL; res->data = (char**)calloc(data->count+1, sizeof(char*)); - res->len = (int*)calloc(data->count+1, sizeof(int)); - if(!res->data || !res->len) + if(!res->data) return 0; /* out of memory */ + res->len = (int*)calloc(data->count+1, sizeof(int)); + if(!res->len) { + free(res->data); + res->data = NULL; + return 0; /* out of memory */ + } for(i=0; icount; i++) { /* remove rdlength from rdata */ res->len[i] = (int)(data->rr_len[i] - 2); res->data[i] = memdup(data->rr_data[i]+2, (size_t)res->len[i]); - if(!res->data[i]) + if(!res->data[i]) { + size_t j; + for(j=0; jdata[j]); + res->data[j] = NULL; + } + free(res->data); + res->data = NULL; + free(res->len); + res->len = NULL; return 0; /* out of memory */ + } } /* ttl for positive answers, from CNAME and answer RRs */ if(data->count != 0) { @@ -876,35 +900,6 @@ struct outbound_entry* libworker_send_query(struct query_info* qinfo, return e; } -int -libworker_handle_reply(struct comm_point* c, void* arg, int error, - struct comm_reply* reply_info) -{ - struct module_qstate* q = (struct module_qstate*)arg; - struct libworker* lw = (struct libworker*)q->env->worker; - struct outbound_entry e; - e.qstate = q; - e.qsent = NULL; - - if(error != 0) { - mesh_report_reply(lw->env->mesh, &e, reply_info, error); - return 0; - } - /* sanity check. */ - if(!LDNS_QR_WIRE(sldns_buffer_begin(c->buffer)) - || LDNS_OPCODE_WIRE(sldns_buffer_begin(c->buffer)) != - LDNS_PACKET_QUERY - || LDNS_QDCOUNT(sldns_buffer_begin(c->buffer)) > 1) { - /* error becomes timeout for the module as if this reply - * never arrived. */ - mesh_report_reply(lw->env->mesh, &e, reply_info, - NETEVENT_TIMEOUT); - return 0; - } - mesh_report_reply(lw->env->mesh, &e, reply_info, NETEVENT_NOERROR); - return 0; -} - int libworker_handle_service_reply(struct comm_point* c, void* arg, int error, struct comm_reply* reply_info) @@ -947,14 +942,6 @@ int worker_handle_request(struct comm_point* ATTR_UNUSED(c), return 0; } -int worker_handle_reply(struct comm_point* ATTR_UNUSED(c), - void* ATTR_UNUSED(arg), int ATTR_UNUSED(error), - struct comm_reply* ATTR_UNUSED(reply_info)) -{ - log_assert(0); - return 0; -} - int worker_handle_service_reply(struct comm_point* ATTR_UNUSED(c), void* ATTR_UNUSED(arg), int ATTR_UNUSED(error), struct comm_reply* ATTR_UNUSED(reply_info)) diff --git a/libunbound/python/libunbound.i b/libunbound/python/libunbound.i index a23c45b9c708..763879e80869 100644 --- a/libunbound/python/libunbound.i +++ b/libunbound/python/libunbound.i @@ -916,7 +916,13 @@ int _ub_resolve_async(struct ub_ctx* ctx, char* name, int rrtype, int rrclass, v struct cb_data* id; id = (struct cb_data*) iddata; arglist = Py_BuildValue("(OiO)",id->data,status, SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_ub_result, 0 | 0 )); // Build argument list +#if PY_MAJOR_VERSION <= 2 || (PY_MAJOR_VERSION == 3 && PY_MINOR_VERSION < 9) + /* for python before 3.9 */ fresult = PyEval_CallObject(id->func,arglist); // Call Python +#else + /* for python 3.9 and newer */ + fresult = PyObject_Call(id->func,arglist,NULL); +#endif Py_DECREF(id->func); Py_DECREF(id->data); free(id); @@ -930,6 +936,8 @@ int _ub_resolve_async(struct ub_ctx* ctx, char* name, int rrtype, int rrclass, v int r; struct cb_data* id; id = (struct cb_data*) malloc(sizeof(struct cb_data)); + if(!id) + return -2; /* UB_NOMEM */ id->data = mydata; id->func = pyfunc; diff --git a/libunbound/worker.h b/libunbound/worker.h index fe1d51878a89..bf7473861af8 100644 --- a/libunbound/worker.h +++ b/libunbound/worker.h @@ -75,10 +75,6 @@ struct outbound_entry* libworker_send_query(struct query_info* qinfo, size_t zonelen, int ssl_upstream, char* tls_auth_name, struct module_qstate* q); -/** process incoming replies from the network */ -int libworker_handle_reply(struct comm_point* c, void* arg, int error, - struct comm_reply* reply_info); - /** process incoming serviced query replies from the network */ int libworker_handle_service_reply(struct comm_point* c, void* arg, int error, struct comm_reply* reply_info); @@ -146,10 +142,6 @@ void worker_handle_control_cmd(struct tube* tube, uint8_t* msg, size_t len, int worker_handle_request(struct comm_point* c, void* arg, int error, struct comm_reply* repinfo); -/** process incoming replies from the network */ -int worker_handle_reply(struct comm_point* c, void* arg, int error, - struct comm_reply* reply_info); - /** process incoming serviced query replies from the network */ int worker_handle_service_reply(struct comm_point* c, void* arg, int error, struct comm_reply* reply_info); diff --git a/pythonmod/doc/modules/functions.rst b/pythonmod/doc/modules/functions.rst index 333f696b814f..951a17f948c7 100644 --- a/pythonmod/doc/modules/functions.rst +++ b/pythonmod/doc/modules/functions.rst @@ -92,7 +92,7 @@ Inplace callbacks .. function:: inplace_cb_reply(qinfo, qstate, rep, rcode, edns, opt_list_out, region, \*\*kwargs) Function prototype for callback functions used in - `register_inplace_cb_reply`_, `register_inplace_cb_reply_cache`_, + `register_inplace_cb_reply`, `register_inplace_cb_reply_cache`, `register_inplace_cb_reply_local` and `register_inplace_cb_reply_servfail`. :param qinfo: :class:`query_info` @@ -109,7 +109,7 @@ Inplace callbacks .. function:: inplace_cb_query(qinfo, flags, qstate, addr, zone, region) Function prototype for callback functions used in - `register_inplace_cb_query`_. + `register_inplace_cb_query`. :param qinfo: :class:`query_info` :param flags: query flags (integer) @@ -122,7 +122,7 @@ Inplace callbacks Register py_cb as an inplace reply callback function. - :param py_cb: Python function that follows `inplace_cb_reply`_'s prototype. **Must** be callable. + :param py_cb: Python function that follows `inplace_cb_reply`'s prototype. **Must** be callable. :param env: :class:`module_env` :param id: Module ID. :return: True on success, False otherwise @@ -132,7 +132,7 @@ Inplace callbacks Register py_cb as an inplace reply_cache callback function. - :param py_cb: Python function that follows `inplace_cb_reply`_'s prototype. **Must** be callable. + :param py_cb: Python function that follows `inplace_cb_reply`'s prototype. **Must** be callable. :param env: :class:`module_env` :param id: Module ID. :return: True on success, False otherwise @@ -142,7 +142,7 @@ Inplace callbacks Register py_cb as an inplace reply_local callback function. - :param py_cb: Python function that follows `inplace_cb_reply`_'s prototype. **Must** be callable. + :param py_cb: Python function that follows `inplace_cb_reply`'s prototype. **Must** be callable. :param env: :class:`module_env` :param id: Module ID. :return: True on success, False otherwise @@ -152,7 +152,7 @@ Inplace callbacks Register py_cb as an inplace reply_servfail callback function. - :param py_cb: Python function that follows `inplace_cb_reply`_'s prototype. **Must** be callable. + :param py_cb: Python function that follows `inplace_cb_reply`'s prototype. **Must** be callable. :param env: :class:`module_env` :param id: Module ID. :return: True on success, False otherwise @@ -162,7 +162,7 @@ Inplace callbacks Register py_cb as an inplace query callback function. - :param py_cb: Python function that follows `inplace_cb_query`_'s prototype. **Must** be callable. + :param py_cb: Python function that follows `inplace_cb_query`'s prototype. **Must** be callable. :param env: :class:`module_env` :param id: Module ID. :return: True on success, False otherwise diff --git a/pythonmod/interface.i b/pythonmod/interface.i index 5dae04aa404b..ce7dcde7173c 100644 --- a/pythonmod/interface.i +++ b/pythonmod/interface.i @@ -1546,7 +1546,7 @@ int edns_opt_list_append(struct edns_option** list, uint16_t code, size_t len, { PyObject *func, *py_edns, *py_qstate, *py_opt_list_out, *py_qinfo; PyObject *py_rep, *py_repinfo, *py_region; - PyObject *py_args, *py_kwargs, *result; + PyObject *py_args = NULL, *py_kwargs = NULL, *result = NULL; int res = 0; double py_start_time = ((double)start_time->tv_sec) + ((double)start_time->tv_usec) / 1.0e6; @@ -1561,11 +1561,20 @@ int edns_opt_list_append(struct edns_option** list, uint16_t code, size_t len, py_rep = SWIG_NewPointerObj((void*) rep, SWIGTYPE_p_reply_info, 0); py_repinfo = SWIG_NewPointerObj((void*) repinfo, SWIGTYPE_p_comm_reply, 0); py_region = SWIG_NewPointerObj((void*) region, SWIGTYPE_p_regional, 0); - py_args = Py_BuildValue("(OOOiOOO)", py_qinfo, py_qstate, py_rep, - rcode, py_edns, py_opt_list_out, py_region); - py_kwargs = Py_BuildValue("{s:O,s:d}", "repinfo", py_repinfo, "start_time", - py_start_time); - result = PyObject_Call(func, py_args, py_kwargs); + if(py_qinfo && py_qstate && py_rep && py_edns && py_opt_list_out + && py_region && py_repinfo) { + py_args = Py_BuildValue("(OOOiOOO)", py_qinfo, py_qstate, py_rep, + rcode, py_edns, py_opt_list_out, py_region); + py_kwargs = Py_BuildValue("{s:O,s:d}", "repinfo", py_repinfo, "start_time", + py_start_time); + if(py_args && py_kwargs) { + result = PyObject_Call(func, py_args, py_kwargs); + } else { + log_err("pythonmod: malloc failure in python_inplace_cb_reply_generic"); + } + } else { + log_err("pythonmod: malloc failure in python_inplace_cb_reply_generic"); + } Py_XDECREF(py_edns); Py_XDECREF(py_qstate); Py_XDECREF(py_opt_list_out); @@ -1624,6 +1633,7 @@ int edns_opt_list_append(struct edns_option** list, uint16_t code, size_t len, { int res = 0; PyObject *func = python_callback; + PyObject *py_args = NULL, *py_kwargs = NULL, *result = NULL; PyGILState_STATE gstate = PyGILState_Ensure(); @@ -1632,12 +1642,19 @@ int edns_opt_list_append(struct edns_option** list, uint16_t code, size_t len, PyObject *py_addr = SWIG_NewPointerObj((void *) addr, SWIGTYPE_p_sockaddr_storage, 0); PyObject *py_zone = PyBytes_FromStringAndSize((const char *)zone, zonelen); PyObject *py_region = SWIG_NewPointerObj((void*) region, SWIGTYPE_p_regional, 0); - - PyObject *py_args = Py_BuildValue("(OiOOOO)", py_qinfo, flags, py_qstate, py_addr, py_zone, py_region); - PyObject *py_kwargs = Py_BuildValue("{}"); - PyObject *result = PyObject_Call(func, py_args, py_kwargs); - if (result) { - res = PyInt_AsLong(result); + if(py_qinfo && py_qstate && py_addr && py_zone && py_region) { + py_args = Py_BuildValue("(OiOOOO)", py_qinfo, flags, py_qstate, py_addr, py_zone, py_region); + py_kwargs = Py_BuildValue("{}"); + if(py_args && py_kwargs) { + result = PyObject_Call(func, py_args, py_kwargs); + if (result) { + res = PyInt_AsLong(result); + } + } else { + log_err("pythonmod: malloc failure in python_inplace_cb_query_generic"); + } + } else { + log_err("pythonmod: malloc failure in python_inplace_cb_query_generic"); } Py_XDECREF(py_qinfo); diff --git a/pythonmod/pythonmod.c b/pythonmod/pythonmod.c index 9006429efff5..4bea54e6aceb 100644 --- a/pythonmod/pythonmod.c +++ b/pythonmod/pythonmod.c @@ -245,6 +245,11 @@ log_py_err(void) /* clear the exception, by not restoring it */ /* Restore the exception state */ /* PyErr_Restore(exc_typ, exc_val, exc_tb); */ + /* when using PyErr_Restore there is no need to Py_XDECREF for + * these 3 pointers. */ + Py_XDECREF(exc_typ); + Py_XDECREF(exc_val); + Py_XDECREF(exc_tb); } int pythonmod_init(struct module_env* env, int id) @@ -299,7 +304,10 @@ int pythonmod_init(struct module_env* env, int id) PyImport_AppendInittab(SWIG_name, (void*)SWIG_init); #endif Py_Initialize(); +#if PY_MAJOR_VERSION <= 2 || (PY_MAJOR_VERSION == 3 && PY_MINOR_VERSION <= 6) + /* initthreads only for python 3.6 and older */ PyEval_InitThreads(); +#endif SWIG_init(); mainthr = PyEval_SaveThread(); } @@ -335,7 +343,7 @@ int pythonmod_init(struct module_env* env, int id) PyFileObject = PyFile_FromString((char*)pe->fname, "r"); script_py = PyFile_AsFile(PyFileObject); #else - script_py = _Py_fopen(pe->fname, "r"); + script_py = fopen(pe->fname, "r"); #endif if (script_py == NULL) { @@ -354,6 +362,8 @@ int pythonmod_init(struct module_env* env, int id) /* TODO: deallocation of pe->... if an error occurs */ if (PyRun_SimpleFile(script_py, pe->fname) < 0) { +#if PY_MAJOR_VERSION <= 2 || (PY_MAJOR_VERSION == 3 && PY_MINOR_VERSION < 9) + /* for python before 3.9 */ log_err("pythonmod: can't parse Python script %s", pe->fname); /* print the error to logs too, run it again */ fseek(script_py, 0, SEEK_SET); @@ -369,9 +379,45 @@ int pythonmod_init(struct module_env* env, int id) /* ignore the NULL return of _node, it is NULL due to the parse failure * that we are expecting */ (void)PyParser_SimpleParseFile(script_py, pe->fname, Py_file_input); +#else + /* for python 3.9 and newer */ + char* fstr = NULL; + size_t flen = 0; + log_err("pythonmod: can't parse Python script %s", pe->fname); + /* print the error to logs too, run it again */ + fseek(script_py, 0, SEEK_END); + flen = (size_t)ftell(script_py); + fstr = malloc(flen+1); + if(!fstr) { + log_err("malloc failure to print parse error"); + PyGILState_Release(gil); + fclose(script_py); + return 0; + } + fseek(script_py, 0, SEEK_SET); + if(fread(fstr, flen, 1, script_py) < 1) { + log_err("file read failed to print parse error: %s: %s", + pe->fname, strerror(errno)); + PyGILState_Release(gil); + fclose(script_py); + free(fstr); + return 0; + } + fstr[flen] = 0; + /* we compile the string, but do not run it, to stop side-effects */ + /* ignore the NULL return of _node, it is NULL due to the parse failure + * that we are expecting */ + (void)Py_CompileString(fstr, pe->fname, Py_file_input); +#endif log_py_err(); PyGILState_Release(gil); fclose(script_py); +#if PY_MAJOR_VERSION <= 2 || (PY_MAJOR_VERSION == 3 && PY_MINOR_VERSION < 9) + /* no cleanup needed for python before 3.9 */ +#else + /* cleanup for python 3.9 and newer */ + free(fstr); +#endif return 0; } #if PY_MAJOR_VERSION < 3 @@ -520,9 +566,19 @@ void pythonmod_operate(struct module_qstate* qstate, enum module_ev event, { /* create qstate */ pq = qstate->minfo[id] = malloc(sizeof(struct pythonmod_qstate)); + if(!pq) { + log_err("pythonmod_operate: malloc failure for qstate"); + PyGILState_Release(gil); + return; + } /* Initialize per query data */ pq->data = PyDict_New(); + if(!pq->data) { + log_err("pythonmod_operate: malloc failure for query data dict"); + PyGILState_Release(gil); + return; + } } /* Call operate */ diff --git a/pythonmod/pythonmod_utils.c b/pythonmod/pythonmod_utils.c index 9f7282540e77..21a16bbe85bf 100644 --- a/pythonmod/pythonmod_utils.c +++ b/pythonmod/pythonmod_utils.c @@ -5,18 +5,18 @@ * Marek Vavrusa (xvavru00 AT stud.fit.vutbr.cz) * * This software is open source. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * * Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. - * + * * * Redistributions in binary form must reproduce the above copyright notice, * this list of conditions and the following disclaimer in the documentation * and/or other materials provided with the distribution. - * + * * * Neither the name of the organization nor the names of its * contributors may be used to endorse or promote products derived from this * software without specific prior written permission. @@ -56,113 +56,118 @@ #undef _XOPEN_SOURCE #include -/* Store the reply_info and query_info pair in message cache (qstate->msg_cache) */ -int storeQueryInCache(struct module_qstate* qstate, struct query_info* qinfo, struct reply_info* msgrep, int is_referral) +/* Store the reply_info and query_info pair in message cache + * (qstate->msg_cache) */ +int storeQueryInCache(struct module_qstate* qstate, struct query_info* qinfo, + struct reply_info* msgrep, int is_referral) { - if (!msgrep) - return 0; + if (!msgrep) + return 0; - if (msgrep->authoritative) /*authoritative answer can't be stored in cache*/ - { - PyErr_SetString(PyExc_ValueError, "Authoritative answer can't be stored"); - return 0; - } + /* authoritative answer can't be stored in cache */ + if (msgrep->authoritative) { + PyErr_SetString(PyExc_ValueError, + "Authoritative answer can't be stored"); + return 0; + } - return dns_cache_store(qstate->env, qinfo, msgrep, is_referral, - qstate->prefetch_leeway, 0, NULL, qstate->query_flags); + return dns_cache_store(qstate->env, qinfo, msgrep, is_referral, + qstate->prefetch_leeway, 0, NULL, qstate->query_flags); } -/* Invalidate the message associated with query_info stored in message cache */ -void invalidateQueryInCache(struct module_qstate* qstate, struct query_info* qinfo) -{ - hashvalue_type h; - struct lruhash_entry* e; - struct reply_info *r; - size_t i, j; +/* Invalidate the message associated with query_info stored in message cache */ +void invalidateQueryInCache(struct module_qstate* qstate, + struct query_info* qinfo) +{ + hashvalue_type h; + struct lruhash_entry* e; + struct reply_info *r; + size_t i, j; - h = query_info_hash(qinfo, qstate->query_flags); - if ((e=slabhash_lookup(qstate->env->msg_cache, h, qinfo, 0))) - { - r = (struct reply_info*)(e->data); - if (r) - { - r->ttl = 0; - if(rrset_array_lock(r->ref, r->rrset_count, *qstate->env->now)) { - for(i=0; i< r->rrset_count; i++) - { - struct packed_rrset_data* data = - (struct packed_rrset_data*) r->ref[i].key->entry.data; - if(i>0 && r->ref[i].key == r->ref[i-1].key) - continue; - - data->ttl = r->ttl; - for(j=0; jcount + data->rrsig_count; j++) - data->rr_ttl[j] = r->ttl; - } - rrset_array_unlock(r->ref, r->rrset_count); - } + h = query_info_hash(qinfo, qstate->query_flags); + if ((e=slabhash_lookup(qstate->env->msg_cache, h, qinfo, 0))) { + r = (struct reply_info*)(e->data); + if (r) { + r->ttl = 0; + if(rrset_array_lock(r->ref, r->rrset_count, *qstate->env->now)) { + for(i=0; i< r->rrset_count; i++) { + struct packed_rrset_data* data = + (struct packed_rrset_data*) r->ref[i].key->entry.data; + if(i>0 && r->ref[i].key == r->ref[i-1].key) + continue; + + data->ttl = r->ttl; + for(j=0; jcount + data->rrsig_count; j++) + data->rr_ttl[j] = r->ttl; + } + rrset_array_unlock(r->ref, r->rrset_count); + } + } + lock_rw_unlock(&e->lock); + } else { + log_info("invalidateQueryInCache: qinfo is not in cache"); } - lock_rw_unlock(&e->lock); - } else { - log_info("invalidateQueryInCache: qinfo is not in cache"); - } } /* Create response according to the ldns packet content */ int createResponse(struct module_qstate* qstate, sldns_buffer* pkt) { - struct msg_parse* prs; - struct edns_data edns; - - /* parse message */ - prs = (struct msg_parse*) regional_alloc(qstate->env->scratch, sizeof(struct msg_parse)); - if (!prs) { - log_err("storeResponse: out of memory on incoming message"); - return 0; - } + struct msg_parse* prs; + struct edns_data edns; - memset(prs, 0, sizeof(*prs)); - memset(&edns, 0, sizeof(edns)); + /* parse message */ + prs = (struct msg_parse*) regional_alloc(qstate->env->scratch, + sizeof(struct msg_parse)); + if(!prs) { + log_err("createResponse: out of memory on incoming message"); + return 0; + } - sldns_buffer_set_position(pkt, 0); - if (parse_packet(pkt, prs, qstate->env->scratch) != LDNS_RCODE_NOERROR) { - verbose(VERB_ALGO, "storeResponse: parse error on reply packet"); - return 0; - } - /* edns is not examined, but removed from message to help cache */ - if(parse_extract_edns(prs, &edns, qstate->env->scratch) != - LDNS_RCODE_NOERROR) - return 0; + memset(prs, 0, sizeof(*prs)); + memset(&edns, 0, sizeof(edns)); - /* remove CD-bit, we asked for in case we handle validation ourself */ - prs->flags &= ~BIT_CD; + sldns_buffer_set_position(pkt, 0); + if(parse_packet(pkt, prs, qstate->env->scratch) != LDNS_RCODE_NOERROR) { + verbose(VERB_ALGO, "createResponse: parse error on reply packet"); + return 0; + } + /* edns is not examined, but removed from message to help cache */ + if(parse_extract_edns(prs, &edns, qstate->env->scratch) != + LDNS_RCODE_NOERROR) + return 0; - /* allocate response dns_msg in region */ - qstate->return_msg = (struct dns_msg*)regional_alloc(qstate->region, sizeof(struct dns_msg)); - if (!qstate->return_msg) - return 0; + /* remove CD-bit, we asked for in case we handle validation ourself */ + prs->flags &= ~BIT_CD; - memset(qstate->return_msg, 0, sizeof(*qstate->return_msg)); - if(!parse_create_msg(pkt, prs, NULL, &(qstate->return_msg)->qinfo, &(qstate->return_msg)->rep, qstate->region)) { - log_err("storeResponse: malloc failure: allocating incoming dns_msg"); - return 0; - } - - /* Make sure that the RA flag is set (since the presence of - * this module means that recursion is available) */ - /* qstate->return_msg->rep->flags |= BIT_RA; */ + /* allocate response dns_msg in region */ + qstate->return_msg = (struct dns_msg*) regional_alloc(qstate->region, + sizeof(struct dns_msg)); + if(!qstate->return_msg) + return 0; - /* Clear the AA flag */ - /* FIXME: does this action go here or in some other module? */ - /*qstate->return_msg->rep->flags &= ~BIT_AA; */ + memset(qstate->return_msg, 0, sizeof(*qstate->return_msg)); + if(!parse_create_msg(pkt, prs, NULL, &(qstate->return_msg)->qinfo, + &(qstate->return_msg)->rep, qstate->region)) { + log_err("createResponse: malloc failure: allocating incoming dns_msg"); + return 0; + } - /* make sure QR flag is on */ - /*qstate->return_msg->rep->flags |= BIT_QR; */ + /* Make sure that the RA flag is set (since the presence of + * this module means that recursion is available) */ + /* qstate->return_msg->rep->flags |= BIT_RA; */ - if(verbosity >= VERB_ALGO) - log_dns_msg("storeResponse: packet:", &qstate->return_msg->qinfo, qstate->return_msg->rep); + /* Clear the AA flag */ + /* FIXME: does this action go here or in some other module? */ + /*qstate->return_msg->rep->flags &= ~BIT_AA; */ - return 1; + /* make sure QR flag is on */ + /*qstate->return_msg->rep->flags |= BIT_QR; */ + + if(verbosity >= VERB_ALGO) + log_dns_msg("createResponse: packet:", &qstate->return_msg->qinfo, + qstate->return_msg->rep); + + return 1; } @@ -176,7 +181,7 @@ void reply_addr2str(struct comm_reply* reply, char* dest, int maxlen) sinaddr = &((struct sockaddr_in6*)&(reply->addr))->sin6_addr; dest[0] = 0; if (inet_ntop(af, sinaddr, dest, (socklen_t)maxlen) == 0) - return; + return; dest[maxlen-1] = 0; } @@ -190,6 +195,6 @@ void delegpt_addr_addr2str(struct delegpt_addr* target, char *dest, int maxlen) sinaddr = &((struct sockaddr_in6*)&(target->addr))->sin6_addr; dest[0] = 0; if (inet_ntop(af, sinaddr, dest, (socklen_t)maxlen) == 0) - return; + return; dest[maxlen-1] = 0; } diff --git a/pythonmod/pythonmod_utils.h b/pythonmod/pythonmod_utils.h index 4ea86f9bee4c..3fb0c0d7fd51 100644 --- a/pythonmod/pythonmod_utils.h +++ b/pythonmod/pythonmod_utils.h @@ -1,22 +1,22 @@ /* * pythonmod_utils.h: utils header file - * + * * Copyright (c) 2009, Zdenek Vasicek (vasicek AT fit.vutbr.cz) * Marek Vavrusa (xvavru00 AT stud.fit.vutbr.cz) * * This software is open source. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * * Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. - * + * * * Redistributions in binary form must reproduce the above copyright notice, * this list of conditions and the following disclaimer in the documentation * and/or other materials provided with the distribution. - * + * * * Neither the name of the organization nor the names of its * contributors may be used to endorse or promote products derived from this * software without specific prior written permission. @@ -46,34 +46,38 @@ struct delegpt_addr; struct sldns_buffer; /** - * Store the reply_info and query_info pair in message cache (qstate->msg_cache) + * Store the reply_info and query_info pair in message cache + * (qstate->msg_cache). * * @param qstate: module environment * @param qinfo: query info, the query for which answer is stored. * @param msgrep: reply in dns_msg * @param is_referral: If true, then the given message to be stored is a - * referral. The cache implementation may use this as a hint. - * It will store only the RRsets, not the message. + * referral. The cache implementation may use this as a hint. + * It will store only the RRsets, not the message. * @return 0 on alloc error (out of memory). */ -int storeQueryInCache(struct module_qstate* qstate, struct query_info* qinfo, struct reply_info* msgrep, int is_referral); +int storeQueryInCache(struct module_qstate* qstate, struct query_info* qinfo, + struct reply_info* msgrep, int is_referral); /** - * Invalidate the message associated with query_info stored in message cache. + * Invalidate the message associated with query_info stored in message cache. * - * This function invalidates the record in message cache associated with the given query only if such a record exists. + * This function invalidates the record in message cache associated with the + * given query only if such a record exists. * * @param qstate: module environment * @param qinfo: query info, the query for which answer is stored. */ -void invalidateQueryInCache(struct module_qstate* qstate, struct query_info* qinfo); +void invalidateQueryInCache(struct module_qstate* qstate, + struct query_info* qinfo); /** - * Create response according to the ldns packet content + * Create response according to the ldns packet content. + * + * This function fills qstate.return_msg up with data of a given packet * - * This function fills qstate.return_msg up with data of a given packet - * * @param qstate: module environment * @param pkt: a sldns_buffer which contains sldns_packet data * @return 0 on failure, out of memory or parse error. @@ -81,14 +85,20 @@ void invalidateQueryInCache(struct module_qstate* qstate, struct query_info* qin int createResponse(struct module_qstate* qstate, struct sldns_buffer* pkt); /** - * Convert reply->addr to string - * @param reply: comm reply with address in it. - * @param dest: destination string. - * @param maxlen: length of string buffer. + * Convert reply->addr to string. + * @param reply: comm reply with address in it. + * @param dest: destination string. + * @param maxlen: length of string buffer. */ void reply_addr2str(struct comm_reply* reply, char* dest, int maxlen); -/* Convert target->addr to string */ -void delegpt_addr_addr2str(struct delegpt_addr* target, char *dest, int maxlen); +/** + * Convert target->addr to string. + * @param target: delegpt_addr with address in it. + * @param dest: destination string. + * @param maxlen: length of string buffer. + */ +void delegpt_addr_addr2str(struct delegpt_addr* target, char *dest, + int maxlen); #endif /* PYTHONMOD_UTILS_H */ diff --git a/respip/respip.c b/respip/respip.c index 8fe82cdeec21..aae41f5d6368 100644 --- a/respip/respip.c +++ b/respip/respip.c @@ -129,7 +129,7 @@ respip_sockaddr_delete(struct respip_set* set, struct resp_addr* node) struct resp_addr* prev; prev = (struct resp_addr*)rbtree_previous((struct rbnode_type*)node); lock_rw_destroy(&node->lock); - rbtree_delete(&set->ip_tree, node); + (void)rbtree_delete(&set->ip_tree, node); /* no free'ing, all allocated in region */ if(!prev) addr_tree_init_parents((rbtree_type*)set); diff --git a/services/authzone.c b/services/authzone.c index 2ef782c1f45c..e6e3a8cff9b4 100644 --- a/services/authzone.c +++ b/services/authzone.c @@ -67,7 +67,11 @@ #include "sldns/parseutil.h" #include "sldns/keyraw.h" #include "validator/val_nsec3.h" +#include "validator/val_nsec.h" #include "validator/val_secalgo.h" +#include "validator/val_sigcrypt.h" +#include "validator/val_anchor.h" +#include "validator/val_utils.h" #include /** bytes to use for NSEC3 hash buffer. 20 for sha1 */ @@ -1741,9 +1745,45 @@ int auth_zone_write_file(struct auth_zone* z, const char* fname) return 1; } +/** offline verify for zonemd, while reading a zone file to immediately + * spot bad hashes in zonefile as they are read. + * Creates temp buffers, but uses anchors and validation environment + * from the module_env. */ +static void +zonemd_offline_verify(struct auth_zone* z, struct module_env* env_for_val, + struct module_stack* mods) +{ + struct module_env env; + time_t now = 0; + if(!z->zonemd_check) + return; + env = *env_for_val; + env.scratch_buffer = sldns_buffer_new(env.cfg->msg_buffer_size); + if(!env.scratch_buffer) { + log_err("out of memory"); + goto clean_exit; + } + env.scratch = regional_create(); + if(!env.now) { + env.now = &now; + now = time(NULL); + } + if(!env.scratch) { + log_err("out of memory"); + goto clean_exit; + } + auth_zone_verify_zonemd(z, &env, mods, NULL, 1, 0); + +clean_exit: + /* clean up and exit */ + sldns_buffer_free(env.scratch_buffer); + regional_destroy(env.scratch); +} + /** read all auth zones from file (if they have) */ static int -auth_zones_read_zones(struct auth_zones* az, struct config_file* cfg) +auth_zones_read_zones(struct auth_zones* az, struct config_file* cfg, + struct module_env* env, struct module_stack* mods) { struct auth_zone* z; lock_rw_wrlock(&az->lock); @@ -1754,12 +1794,162 @@ auth_zones_read_zones(struct auth_zones* az, struct config_file* cfg) lock_rw_unlock(&az->lock); return 0; } + if(z->zonefile && z->zonefile[0]!=0 && env) + zonemd_offline_verify(z, env, mods); lock_rw_unlock(&z->lock); } lock_rw_unlock(&az->lock); return 1; } +/** fetch the content of a ZONEMD RR from the rdata */ +static int zonemd_fetch_parameters(struct auth_rrset* zonemd_rrset, size_t i, + uint32_t* serial, int* scheme, int* hashalgo, uint8_t** hash, + size_t* hashlen) +{ + size_t rr_len; + uint8_t* rdata; + if(i >= zonemd_rrset->data->count) + return 0; + rr_len = zonemd_rrset->data->rr_len[i]; + if(rr_len < 2+4+1+1) + return 0; /* too short, for rdlen+serial+scheme+algo */ + rdata = zonemd_rrset->data->rr_data[i]; + *serial = sldns_read_uint32(rdata+2); + *scheme = rdata[6]; + *hashalgo = rdata[7]; + *hashlen = rr_len - 8; + if(*hashlen == 0) + *hash = NULL; + else *hash = rdata+8; + return 1; +} + +/** + * See if the ZONEMD scheme, hash occurs more than once. + * @param zonemd_rrset: the zonemd rrset to check with the RRs in it. + * @param index: index of the original, this is allowed to have that + * scheme and hashalgo, but other RRs should not have it. + * @param scheme: the scheme to check for. + * @param hashalgo: the hash algorithm to check for. + * @return true if it occurs more than once. + */ +static int zonemd_is_duplicate_scheme_hash(struct auth_rrset* zonemd_rrset, + size_t index, int scheme, int hashalgo) +{ + size_t j; + for(j=0; jdata->count; j++) { + uint32_t serial2 = 0; + int scheme2 = 0, hashalgo2 = 0; + uint8_t* hash2 = NULL; + size_t hashlen2 = 0; + if(index == j) { + /* this is the original */ + continue; + } + if(!zonemd_fetch_parameters(zonemd_rrset, j, &serial2, + &scheme2, &hashalgo2, &hash2, &hashlen2)) { + /* malformed, skip it */ + continue; + } + if(scheme == scheme2 && hashalgo == hashalgo2) { + /* duplicate scheme, hash */ + verbose(VERB_ALGO, "zonemd duplicate for scheme %d " + "and hash %d", scheme, hashalgo); + return 1; + } + } + return 0; +} + +/** + * Check ZONEMDs if present for the auth zone. Depending on config + * it can warn or fail on that. Checks the hash of the ZONEMD. + * @param z: auth zone to check for. + * caller must hold lock on zone. + * @param env: module env for temp buffers. + * @param reason: returned on failure. + * @return false on failure, true if hash checks out. + */ +static int auth_zone_zonemd_check_hash(struct auth_zone* z, + struct module_env* env, char** reason) +{ + /* loop over ZONEMDs and see which one is valid. if not print + * failure (depending on config) */ + struct auth_data* apex; + struct auth_rrset* zonemd_rrset; + size_t i; + struct regional* region = NULL; + struct sldns_buffer* buf = NULL; + uint32_t soa_serial = 0; + region = env->scratch; + regional_free_all(region); + buf = env->scratch_buffer; + if(!auth_zone_get_serial(z, &soa_serial)) { + *reason = "zone has no SOA serial"; + return 0; + } + + apex = az_find_name(z, z->name, z->namelen); + if(!apex) { + *reason = "zone has no apex"; + return 0; + } + zonemd_rrset = az_domain_rrset(apex, LDNS_RR_TYPE_ZONEMD); + if(!zonemd_rrset || zonemd_rrset->data->count==0) { + *reason = "zone has no ZONEMD"; + return 0; /* no RRset or no RRs in rrset */ + } + + /* we have a ZONEMD, check if it is correct */ + for(i=0; idata->count; i++) { + uint32_t serial = 0; + int scheme = 0, hashalgo = 0; + uint8_t* hash = NULL; + size_t hashlen = 0; + if(!zonemd_fetch_parameters(zonemd_rrset, i, &serial, &scheme, + &hashalgo, &hash, &hashlen)) { + /* malformed RR */ + *reason = "ZONEMD rdata malformed"; + continue; + } + /* check for duplicates */ + if(zonemd_is_duplicate_scheme_hash(zonemd_rrset, i, scheme, + hashalgo)) { + /* duplicate hash of the same scheme,hash + * is not allowed. */ + *reason = "ZONEMD RRSet contains more than one RR " + "with the same scheme and hash algorithm"; + continue; + } + regional_free_all(region); + if(serial != soa_serial) { + *reason = "ZONEMD serial is wrong"; + continue; + } + if(auth_zone_generate_zonemd_check(z, scheme, hashalgo, + hash, hashlen, region, buf, reason)) { + /* success */ + if(verbosity >= VERB_ALGO) { + char zstr[255+1]; + dname_str(z->name, zstr); + verbose(VERB_ALGO, "auth-zone %s ZONEMD hash is correct", zstr); + } + return 1; + } + /* try next one */ + } + /* fail, we may have reason */ + if(!*reason) + *reason = "no ZONEMD records found"; + if(verbosity >= VERB_ALGO) { + char zstr[255+1]; + dname_str(z->name, zstr); + verbose(VERB_ALGO, "auth-zone %s ZONEMD failed: %s", zstr, *reason); + } + return 0; +} + /** find serial number of zone or false if none */ int auth_zone_get_serial(struct auth_zone* z, uint32_t* serial) @@ -1779,7 +1969,7 @@ auth_zone_get_serial(struct auth_zone* z, uint32_t* serial) } /** Find auth_zone SOA and populate the values in xfr(soa values). */ -static int +int xfr_find_soa(struct auth_zone* z, struct auth_xfer* xfr) { struct auth_data* apex; @@ -1908,6 +2098,8 @@ auth_zones_cfg(struct auth_zones* az, struct config_auth* c) z->for_downstream = c->for_downstream; z->for_upstream = c->for_upstream; z->fallback_enabled = c->fallback_enabled; + z->zonemd_check = c->zonemd_check; + z->zonemd_reject_absence = c->zonemd_reject_absence; if(c->isrpz && !z->rpz){ if(!(z->rpz = rpz_create(c))){ fatal_exit("Could not setup RPZ zones"); @@ -2000,7 +2192,8 @@ az_delete_deleted_zones(struct auth_zones* az) } int auth_zones_apply_cfg(struct auth_zones* az, struct config_file* cfg, - int setup, int* is_rpz) + int setup, int* is_rpz, struct module_env* env, + struct module_stack* mods) { struct config_auth* p; az_setall_deleted(az); @@ -2016,7 +2209,7 @@ int auth_zones_apply_cfg(struct auth_zones* az, struct config_file* cfg, } } az_delete_deleted_zones(az); - if(!auth_zones_read_zones(az, cfg)) + if(!auth_zones_read_zones(az, cfg, env, mods)) return 0; if(setup) { if(!auth_zones_setup_zones(az)) @@ -4959,6 +5152,9 @@ xfr_write_after_update(struct auth_xfer* xfr, struct module_env* env) lock_rw_unlock(&z->lock); return; } +#ifdef UB_ON_WINDOWS + (void)unlink(zfilename); /* windows does not replace file with rename() */ +#endif if(rename(tmpfile, zfilename) < 0) { log_err("could not rename(%s, %s): %s", tmpfile, zfilename, strerror(errno)); @@ -4969,6 +5165,28 @@ xfr_write_after_update(struct auth_xfer* xfr, struct module_env* env) lock_rw_unlock(&z->lock); } +/** reacquire locks and structures. Starts with no locks, ends + * with xfr and z locks, if fail, no z lock */ +static int xfr_process_reacquire_locks(struct auth_xfer* xfr, + struct module_env* env, struct auth_zone** z) +{ + /* release xfr lock, then, while holding az->lock grab both + * z->lock and xfr->lock */ + lock_rw_rdlock(&env->auth_zones->lock); + *z = auth_zone_find(env->auth_zones, xfr->name, xfr->namelen, + xfr->dclass); + if(!*z) { + lock_rw_unlock(&env->auth_zones->lock); + lock_basic_lock(&xfr->lock); + *z = NULL; + return 0; + } + lock_rw_wrlock(&(*z)->lock); + lock_basic_lock(&xfr->lock); + lock_rw_unlock(&env->auth_zones->lock); + return 1; +} + /** process chunk list and update zone in memory, * return false if it did not work */ static int @@ -4978,21 +5196,12 @@ xfr_process_chunk_list(struct auth_xfer* xfr, struct module_env* env, struct auth_zone* z; /* obtain locks and structures */ - /* release xfr lock, then, while holding az->lock grab both - * z->lock and xfr->lock */ lock_basic_unlock(&xfr->lock); - lock_rw_rdlock(&env->auth_zones->lock); - z = auth_zone_find(env->auth_zones, xfr->name, xfr->namelen, - xfr->dclass); - if(!z) { - lock_rw_unlock(&env->auth_zones->lock); + if(!xfr_process_reacquire_locks(xfr, env, &z)) { /* the zone is gone, ignore xfr results */ - lock_basic_lock(&xfr->lock); return 0; } - lock_rw_wrlock(&z->lock); - lock_basic_lock(&xfr->lock); - lock_rw_unlock(&env->auth_zones->lock); + /* holding xfr and z locks */ /* apply data */ if(xfr->task_transfer->master->http) { @@ -5027,6 +5236,35 @@ xfr_process_chunk_list(struct auth_xfer* xfr, struct module_env* env, " (or malformed RR)", xfr->task_transfer->master->host); return 0; } + + /* release xfr lock while verifying zonemd because it may have + * to spawn lookups in the state machines */ + lock_basic_unlock(&xfr->lock); + /* holding z lock */ + auth_zone_verify_zonemd(z, env, &env->mesh->mods, NULL, 0, 0); + if(z->zone_expired) { + char zname[256]; + /* ZONEMD must have failed */ + /* reacquire locks, so we hold xfr lock on exit of routine, + * and both xfr and z again after releasing xfr for potential + * state machine mesh callbacks */ + lock_rw_unlock(&z->lock); + if(!xfr_process_reacquire_locks(xfr, env, &z)) + return 0; + dname_str(xfr->name, zname); + verbose(VERB_ALGO, "xfr from %s: ZONEMD failed for %s, transfer is failed", xfr->task_transfer->master->host, zname); + xfr->zone_expired = 1; + lock_rw_unlock(&z->lock); + return 0; + } + /* reacquire locks, so we hold xfr lock on exit of routine, + * and both xfr and z again after releasing xfr for potential + * state machine mesh callbacks */ + lock_rw_unlock(&z->lock); + if(!xfr_process_reacquire_locks(xfr, env, &z)) + return 0; + /* holding xfr and z locks */ + if(xfr->have_zone) xfr->lease_time = *env->now; @@ -5188,7 +5426,7 @@ xfr_transfer_init_fetch(struct auth_xfer* xfr, struct module_env* env) xfr->task_transfer->cp = outnet_comm_point_for_http( env->outnet, auth_xfer_transfer_http_callback, xfr, &addr, addrlen, -1, master->ssl, master->host, - master->file); + master->file, env->cfg); if(!xfr->task_transfer->cp) { char zname[255+1], as[256]; dname_str(xfr->name, zname); @@ -5210,7 +5448,7 @@ xfr_transfer_init_fetch(struct auth_xfer* xfr, struct module_env* env) /* perform AXFR/IXFR */ /* set the packet to be written */ /* create new ID */ - xfr->task_transfer->id = (uint16_t)(ub_random(env->rnd)&0xffff); + xfr->task_transfer->id = GET_RANDOM_ID(env->rnd); xfr_create_ixfr_packet(xfr, env->scratch_buffer, xfr->task_transfer->id, master); @@ -6060,7 +6298,7 @@ xfr_probe_send_probe(struct auth_xfer* xfr, struct module_env* env, /* create new ID for new probes, but not on timeout retries, * this means we'll accept replies to previous retries to same ip */ if(timeout == AUTH_PROBE_TIMEOUT) - xfr->task_probe->id = (uint16_t)(ub_random(env->rnd)&0xffff); + xfr->task_probe->id = GET_RANDOM_ID(env->rnd); xfr_create_soa_probe_packet(xfr, env->scratch_buffer, xfr->task_probe->id); /* we need to remove the cp if we have a different ip4/ip6 type now */ @@ -6933,12 +7171,14 @@ xfer_set_masters(struct auth_master** list, struct config_auth* c, if(with_http) for(p = c->urls; p; p = p->next) { m = auth_master_new(&list); + if(!m) return 0; m->http = 1; if(!parse_url(p->str, &m->host, &m->file, &m->port, &m->ssl)) return 0; } for(p = c->masters; p; p = p->next) { m = auth_master_new(&list); + if(!m) return 0; m->ixfr = 1; /* this flag is not configurable */ m->host = strdup(p->str); if(!m->host) { @@ -6948,6 +7188,7 @@ xfer_set_masters(struct auth_master** list, struct config_auth* c, } for(p = c->allow_notify; p; p = p->next) { m = auth_master_new(&list); + if(!m) return 0; m->allow_notify = 1; m->host = strdup(p->str); if(!m->host) { @@ -6972,3 +7213,1131 @@ compare_serial(uint32_t a, uint32_t b) return 1; } } + +int zonemd_hashalgo_supported(int hashalgo) +{ + if(hashalgo == ZONEMD_ALGO_SHA384) return 1; + if(hashalgo == ZONEMD_ALGO_SHA512) return 1; + return 0; +} + +int zonemd_scheme_supported(int scheme) +{ + if(scheme == ZONEMD_SCHEME_SIMPLE) return 1; + return 0; +} + +/** initialize hash for hashing with zonemd hash algo */ +static struct secalgo_hash* zonemd_digest_init(int hashalgo, char** reason) +{ + struct secalgo_hash *h; + if(hashalgo == ZONEMD_ALGO_SHA384) { + /* sha384 */ + h = secalgo_hash_create_sha384(); + if(!h) + *reason = "digest sha384 could not be created"; + return h; + } else if(hashalgo == ZONEMD_ALGO_SHA512) { + /* sha512 */ + h = secalgo_hash_create_sha512(); + if(!h) + *reason = "digest sha512 could not be created"; + return h; + } + /* unknown hash algo */ + *reason = "unsupported algorithm"; + return NULL; +} + +/** update the hash for zonemd */ +static int zonemd_digest_update(int hashalgo, struct secalgo_hash* h, + uint8_t* data, size_t len, char** reason) +{ + if(hashalgo == ZONEMD_ALGO_SHA384) { + if(!secalgo_hash_update(h, data, len)) { + *reason = "digest sha384 failed"; + return 0; + } + return 1; + } else if(hashalgo == ZONEMD_ALGO_SHA512) { + if(!secalgo_hash_update(h, data, len)) { + *reason = "digest sha512 failed"; + return 0; + } + return 1; + } + /* unknown hash algo */ + *reason = "unsupported algorithm"; + return 0; +} + +/** finish the hash for zonemd */ +static int zonemd_digest_finish(int hashalgo, struct secalgo_hash* h, + uint8_t* result, size_t hashlen, size_t* resultlen, char** reason) +{ + if(hashalgo == ZONEMD_ALGO_SHA384) { + if(hashlen < 384/8) { + *reason = "digest buffer too small for sha384"; + return 0; + } + if(!secalgo_hash_final(h, result, hashlen, resultlen)) { + *reason = "digest sha384 finish failed"; + return 0; + } + return 1; + } else if(hashalgo == ZONEMD_ALGO_SHA512) { + if(hashlen < 512/8) { + *reason = "digest buffer too small for sha512"; + return 0; + } + if(!secalgo_hash_final(h, result, hashlen, resultlen)) { + *reason = "digest sha512 finish failed"; + return 0; + } + return 1; + } + /* unknown algo */ + *reason = "unsupported algorithm"; + return 0; +} + +/** add rrsets from node to the list */ +static size_t authdata_rrsets_to_list(struct auth_rrset** array, + size_t arraysize, struct auth_rrset* first) +{ + struct auth_rrset* rrset = first; + size_t num = 0; + while(rrset) { + if(num >= arraysize) + return num; + array[num] = rrset; + num++; + rrset = rrset->next; + } + return num; +} + +/** compare rr list entries */ +static int rrlist_compare(const void* arg1, const void* arg2) +{ + struct auth_rrset* r1 = *(struct auth_rrset**)arg1; + struct auth_rrset* r2 = *(struct auth_rrset**)arg2; + uint16_t t1, t2; + if(r1 == NULL) t1 = LDNS_RR_TYPE_RRSIG; + else t1 = r1->type; + if(r2 == NULL) t2 = LDNS_RR_TYPE_RRSIG; + else t2 = r2->type; + if(t1 < t2) + return -1; + if(t1 > t2) + return 1; + return 0; +} + +/** add type RRSIG to rr list if not one there already, + * this is to perform RRSIG collate processing at that point. */ +static void addrrsigtype_if_needed(struct auth_rrset** array, + size_t arraysize, size_t* rrnum, struct auth_data* node) +{ + if(az_domain_rrset(node, LDNS_RR_TYPE_RRSIG)) + return; /* already one there */ + if((*rrnum) >= arraysize) + return; /* array too small? */ + array[*rrnum] = NULL; /* nothing there, but need entry in list */ + (*rrnum)++; +} + +/** collate the RRs in an RRset using the simple scheme */ +static int zonemd_simple_rrset(struct auth_zone* z, int hashalgo, + struct secalgo_hash* h, struct auth_data* node, + struct auth_rrset* rrset, struct regional* region, + struct sldns_buffer* buf, char** reason) +{ + /* canonicalize */ + struct ub_packed_rrset_key key; + memset(&key, 0, sizeof(key)); + key.entry.key = &key; + key.entry.data = rrset->data; + key.rk.dname = node->name; + key.rk.dname_len = node->namelen; + key.rk.type = htons(rrset->type); + key.rk.rrset_class = htons(z->dclass); + if(!rrset_canonicalize_to_buffer(region, buf, &key)) { + *reason = "out of memory"; + return 0; + } + regional_free_all(region); + + /* hash */ + if(!zonemd_digest_update(hashalgo, h, sldns_buffer_begin(buf), + sldns_buffer_limit(buf), reason)) { + return 0; + } + return 1; +} + +/** count number of RRSIGs in a domain name rrset list */ +static size_t zonemd_simple_count_rrsig(struct auth_rrset* rrset, + struct auth_rrset** rrlist, size_t rrnum, + struct auth_zone* z, struct auth_data* node) +{ + size_t i, count = 0; + if(rrset) { + size_t j; + for(j = 0; jdata->count; j++) { + if(rrsig_rdata_get_type_covered(rrset->data-> + rr_data[j], rrset->data->rr_len[j]) == + LDNS_RR_TYPE_ZONEMD && + query_dname_compare(z->name, node->name)==0) { + /* omit RRSIGs over type ZONEMD at apex */ + continue; + } + count++; + } + } + for(i=0; itype == LDNS_RR_TYPE_ZONEMD && + query_dname_compare(z->name, node->name)==0) { + /* omit RRSIGs over type ZONEMD at apex */ + continue; + } + count += (rrlist[i]?rrlist[i]->data->rrsig_count:0); + } + return count; +} + +/** allocate sparse rrset data for the number of entries in tepm region */ +static int zonemd_simple_rrsig_allocs(struct regional* region, + struct packed_rrset_data* data, size_t count) +{ + data->rr_len = regional_alloc(region, sizeof(*data->rr_len) * count); + if(!data->rr_len) { + return 0; + } + data->rr_ttl = regional_alloc(region, sizeof(*data->rr_ttl) * count); + if(!data->rr_ttl) { + return 0; + } + data->rr_data = regional_alloc(region, sizeof(*data->rr_data) * count); + if(!data->rr_data) { + return 0; + } + return 1; +} + +/** add the RRSIGs from the rrs in the domain into the data */ +static void add_rrlist_rrsigs_into_data(struct packed_rrset_data* data, + size_t* done, struct auth_rrset** rrlist, size_t rrnum, + struct auth_zone* z, struct auth_data* node) +{ + size_t i; + for(i=0; itype == LDNS_RR_TYPE_ZONEMD && + query_dname_compare(z->name, node->name)==0) { + /* omit RRSIGs over type ZONEMD at apex */ + continue; + } + for(j = 0; jdata->rrsig_count; j++) { + data->rr_len[*done] = rrlist[i]->data->rr_len[rrlist[i]->data->count + j]; + data->rr_ttl[*done] = rrlist[i]->data->rr_ttl[rrlist[i]->data->count + j]; + /* reference the rdata in the rrset, no need to + * copy it, it is no longer needed at the end of + * the routine */ + data->rr_data[*done] = rrlist[i]->data->rr_data[rrlist[i]->data->count + j]; + (*done)++; + } + } +} + +static void add_rrset_into_data(struct packed_rrset_data* data, + size_t* done, struct auth_rrset* rrset, + struct auth_zone* z, struct auth_data* node) +{ + if(rrset) { + size_t j; + for(j = 0; jdata->count; j++) { + if(rrsig_rdata_get_type_covered(rrset->data-> + rr_data[j], rrset->data->rr_len[j]) == + LDNS_RR_TYPE_ZONEMD && + query_dname_compare(z->name, node->name)==0) { + /* omit RRSIGs over type ZONEMD at apex */ + continue; + } + data->rr_len[*done] = rrset->data->rr_len[j]; + data->rr_ttl[*done] = rrset->data->rr_ttl[j]; + /* reference the rdata in the rrset, no need to + * copy it, it is no longer need at the end of + * the routine */ + data->rr_data[*done] = rrset->data->rr_data[j]; + (*done)++; + } + } +} + +/** collate the RRSIGs using the simple scheme */ +static int zonemd_simple_rrsig(struct auth_zone* z, int hashalgo, + struct secalgo_hash* h, struct auth_data* node, + struct auth_rrset* rrset, struct auth_rrset** rrlist, size_t rrnum, + struct regional* region, struct sldns_buffer* buf, char** reason) +{ + /* the rrset pointer can be NULL, this means it is type RRSIG and + * there is no ordinary type RRSIG there. The RRSIGs are stored + * with the RRsets in their data. + * + * The RRset pointer can be nonNULL. This happens if there is + * no RR that is covered by the RRSIG for the domain. Then this + * RRSIG RR is stored in an rrset of type RRSIG. The other RRSIGs + * are stored in the rrset entries for the RRs in the rr list for + * the domain node. We need to collate the rrset's data, if any, and + * the rrlist's rrsigs */ + /* if this is the apex, omit RRSIGs that cover type ZONEMD */ + /* build rrsig rrset */ + size_t done = 0; + struct ub_packed_rrset_key key; + struct packed_rrset_data data; + memset(&key, 0, sizeof(key)); + memset(&data, 0, sizeof(data)); + key.entry.key = &key; + key.entry.data = &data; + key.rk.dname = node->name; + key.rk.dname_len = node->namelen; + key.rk.type = htons(LDNS_RR_TYPE_RRSIG); + key.rk.rrset_class = htons(z->dclass); + data.count = zonemd_simple_count_rrsig(rrset, rrlist, rrnum, z, node); + if(!zonemd_simple_rrsig_allocs(region, &data, data.count)) { + *reason = "out of memory"; + regional_free_all(region); + return 0; + } + /* all the RRSIGs stored in the other rrsets for this domain node */ + add_rrlist_rrsigs_into_data(&data, &done, rrlist, rrnum, z, node); + /* plus the RRSIGs stored in an rrset of type RRSIG for this node */ + add_rrset_into_data(&data, &done, rrset, z, node); + + /* canonicalize */ + if(!rrset_canonicalize_to_buffer(region, buf, &key)) { + *reason = "out of memory"; + regional_free_all(region); + return 0; + } + regional_free_all(region); + + /* hash */ + if(!zonemd_digest_update(hashalgo, h, sldns_buffer_begin(buf), + sldns_buffer_limit(buf), reason)) { + return 0; + } + return 1; +} + +/** collate a domain's rrsets using the simple scheme */ +static int zonemd_simple_domain(struct auth_zone* z, int hashalgo, + struct secalgo_hash* h, struct auth_data* node, + struct regional* region, struct sldns_buffer* buf, char** reason) +{ + const size_t rrlistsize = 65536; + struct auth_rrset* rrlist[rrlistsize]; + size_t i, rrnum = 0; + /* see if the domain is out of scope, the zone origin, + * that would be omitted */ + if(!dname_subdomain_c(node->name, z->name)) + return 1; /* continue */ + /* loop over the rrsets in ascending order. */ + rrnum = authdata_rrsets_to_list(rrlist, rrlistsize, node->rrsets); + addrrsigtype_if_needed(rrlist, rrlistsize, &rrnum, node); + qsort(rrlist, rrnum, sizeof(*rrlist), rrlist_compare); + for(i=0; itype == LDNS_RR_TYPE_ZONEMD && + query_dname_compare(z->name, node->name) == 0) { + /* omit type ZONEMD at apex */ + continue; + } + if(rrlist[i] == NULL || rrlist[i]->type == + LDNS_RR_TYPE_RRSIG) { + if(!zonemd_simple_rrsig(z, hashalgo, h, node, + rrlist[i], rrlist, rrnum, region, buf, reason)) + return 0; + } else if(!zonemd_simple_rrset(z, hashalgo, h, node, + rrlist[i], region, buf, reason)) { + return 0; + } + } + return 1; +} + +/** collate the zone using the simple scheme */ +static int zonemd_simple_collate(struct auth_zone* z, int hashalgo, + struct secalgo_hash* h, struct regional* region, + struct sldns_buffer* buf, char** reason) +{ + /* our tree is sorted in canonical order, so we can just loop over + * the tree */ + struct auth_data* n; + RBTREE_FOR(n, struct auth_data*, &z->data) { + if(!zonemd_simple_domain(z, hashalgo, h, n, region, buf, + reason)) + return 0; + } + return 1; +} + +int auth_zone_generate_zonemd_hash(struct auth_zone* z, int scheme, + int hashalgo, uint8_t* hash, size_t hashlen, size_t* resultlen, + struct regional* region, struct sldns_buffer* buf, char** reason) +{ + struct secalgo_hash* h = zonemd_digest_init(hashalgo, reason); + if(!h) { + if(!*reason) + *reason = "digest init fail"; + return 0; + } + if(scheme == ZONEMD_SCHEME_SIMPLE) { + if(!zonemd_simple_collate(z, hashalgo, h, region, buf, reason)) { + if(!*reason) *reason = "scheme simple collate fail"; + secalgo_hash_delete(h); + return 0; + } + } + if(!zonemd_digest_finish(hashalgo, h, hash, hashlen, resultlen, + reason)) { + secalgo_hash_delete(h); + *reason = "digest finish fail"; + return 0; + } + secalgo_hash_delete(h); + return 1; +} + +int auth_zone_generate_zonemd_check(struct auth_zone* z, int scheme, + int hashalgo, uint8_t* hash, size_t hashlen, struct regional* region, + struct sldns_buffer* buf, char** reason) +{ + uint8_t gen[512]; + size_t genlen = 0; + if(!zonemd_hashalgo_supported(hashalgo)) { + *reason = "unsupported algorithm"; + return 0; + } + if(!zonemd_scheme_supported(scheme)) { + *reason = "unsupported scheme"; + return 0; + } + if(hashlen < 12) { + /* the ZONEMD draft requires digests to fail if too small */ + *reason = "digest length too small, less than 12"; + return 0; + } + /* generate digest */ + if(!auth_zone_generate_zonemd_hash(z, scheme, hashalgo, gen, + sizeof(gen), &genlen, region, buf, reason)) { + /* reason filled in by zonemd hash routine */ + return 0; + } + /* check digest length */ + if(hashlen != genlen) { + *reason = "incorrect digest length"; + if(verbosity >= VERB_ALGO) { + verbose(VERB_ALGO, "zonemd scheme=%d hashalgo=%d", + scheme, hashalgo); + log_hex("ZONEMD should be ", gen, genlen); + log_hex("ZONEMD to check is", hash, hashlen); + } + return 0; + } + /* check digest */ + if(memcmp(hash, gen, genlen) != 0) { + *reason = "incorrect digest"; + if(verbosity >= VERB_ALGO) { + verbose(VERB_ALGO, "zonemd scheme=%d hashalgo=%d", + scheme, hashalgo); + log_hex("ZONEMD should be ", gen, genlen); + log_hex("ZONEMD to check is", hash, hashlen); + } + return 0; + } + return 1; +} + +/** log auth zone message with zone name in front. */ +static void auth_zone_log(uint8_t* name, enum verbosity_value level, + const char* format, ...) ATTR_FORMAT(printf, 3, 4); +static void auth_zone_log(uint8_t* name, enum verbosity_value level, + const char* format, ...) +{ + va_list args; + va_start(args, format); + if(verbosity >= level) { + char str[255+1]; + char msg[MAXSYSLOGMSGLEN]; + dname_str(name, str); + vsnprintf(msg, sizeof(msg), format, args); + verbose(level, "auth zone %s %s", str, msg); + } + va_end(args); +} + +/** ZONEMD, dnssec verify the rrset with the dnskey */ +static int zonemd_dnssec_verify_rrset(struct auth_zone* z, + struct module_env* env, struct module_stack* mods, + struct ub_packed_rrset_key* dnskey, struct auth_data* node, + struct auth_rrset* rrset, char** why_bogus) +{ + struct ub_packed_rrset_key pk; + enum sec_status sec; + struct val_env* ve; + int m; + m = modstack_find(mods, "validator"); + if(m == -1) { + auth_zone_log(z->name, VERB_ALGO, "zonemd dnssec verify: have " + "DNSKEY chain of trust, but no validator module"); + return 0; + } + ve = (struct val_env*)env->modinfo[m]; + + memset(&pk, 0, sizeof(pk)); + pk.entry.key = &pk; + pk.entry.data = rrset->data; + pk.rk.dname = node->name; + pk.rk.dname_len = node->namelen; + pk.rk.type = htons(rrset->type); + pk.rk.rrset_class = htons(z->dclass); + if(verbosity >= VERB_ALGO) { + char typestr[32]; + typestr[0]=0; + sldns_wire2str_type_buf(rrset->type, typestr, sizeof(typestr)); + auth_zone_log(z->name, VERB_ALGO, + "zonemd: verify %s RRset with DNSKEY", typestr); + } + sec = dnskeyset_verify_rrset(env, ve, &pk, dnskey, NULL, why_bogus, + LDNS_SECTION_ANSWER, NULL); + if(sec == sec_status_secure) { + return 1; + } + if(why_bogus) + auth_zone_log(z->name, VERB_ALGO, "DNSSEC verify was bogus: %s", *why_bogus); + return 0; +} + +/** check for nsec3, the RR with params equal, if bitmap has the type */ +static int nsec3_of_param_has_type(struct auth_rrset* nsec3, int algo, + size_t iter, uint8_t* salt, size_t saltlen, uint16_t rrtype) +{ + int i, count = (int)nsec3->data->count; + struct ub_packed_rrset_key pk; + memset(&pk, 0, sizeof(pk)); + pk.entry.data = nsec3->data; + for(i=0; idata; + if(nsec_has_type(&pk, LDNS_RR_TYPE_ZONEMD)) { + *reason = "DNSSEC NSEC bitmap says type ZONEMD exists"; + return 0; + } + auth_zone_log(z->name, VERB_ALGO, "zonemd DNSSEC NSEC verification of absence of ZONEMD secure"); + } else { + /* NSEC3 perhaps ? */ + int algo; + size_t iter, saltlen; + uint8_t* salt; + struct auth_rrset* nsec3param = az_domain_rrset(apex, + LDNS_RR_TYPE_NSEC3PARAM); + struct auth_data* match; + struct auth_rrset* nsec3; + if(!nsec3param) { + *reason = "zone has no NSEC information but ZONEMD missing"; + return 0; + } + if(!az_nsec3_param(z, &algo, &iter, &salt, &saltlen)) { + *reason = "zone has no NSEC information but ZONEMD missing"; + return 0; + } + /* find the NSEC3 record */ + match = az_nsec3_find_exact(z, z->name, z->namelen, algo, + iter, salt, saltlen); + if(!match) { + *reason = "zone has no NSEC3 domain for the apex but ZONEMD missing"; + return 0; + } + nsec3 = az_domain_rrset(match, LDNS_RR_TYPE_NSEC3); + if(!nsec3) { + *reason = "zone has no NSEC3 RRset for the apex but ZONEMD missing"; + return 0; + } + /* dnssec verify the NSEC3 */ + if(!zonemd_dnssec_verify_rrset(z, env, mods, dnskey, match, + nsec3, why_bogus)) { + *reason = "DNSSEC verify failed for NSEC3 RRset"; + return 0; + } + /* check type bitmap */ + if(nsec3_of_param_has_type(nsec3, algo, iter, salt, saltlen, + LDNS_RR_TYPE_ZONEMD)) { + *reason = "DNSSEC NSEC3 bitmap says type ZONEMD exists"; + return 0; + } + auth_zone_log(z->name, VERB_ALGO, "zonemd DNSSEC NSEC3 verification of absence of ZONEMD secure"); + } + + return 1; +} + +/** Verify the SOA and ZONEMD DNSSEC signatures. + * return false on failure, reason contains description of failure. */ +static int zonemd_check_dnssec_soazonemd(struct auth_zone* z, + struct module_env* env, struct module_stack* mods, + struct ub_packed_rrset_key* dnskey, struct auth_data* apex, + struct auth_rrset* zonemd_rrset, char** reason, char** why_bogus) +{ + struct auth_rrset* soa; + if(!apex) { + *reason = "zone has no apex domain"; + return 0; + } + soa = az_domain_rrset(apex, LDNS_RR_TYPE_SOA); + if(!soa) { + *reason = "zone has no SOA RRset"; + return 0; + } + if(!zonemd_dnssec_verify_rrset(z, env, mods, dnskey, apex, soa, + why_bogus)) { + *reason = "DNSSEC verify failed for SOA RRset"; + return 0; + } + if(!zonemd_dnssec_verify_rrset(z, env, mods, dnskey, apex, + zonemd_rrset, why_bogus)) { + *reason = "DNSSEC verify failed for ZONEMD RRset"; + return 0; + } + auth_zone_log(z->name, VERB_ALGO, "zonemd DNSSEC verification of SOA and ZONEMD RRsets secure"); + return 1; +} + +/** + * Fail the ZONEMD verification. + * @param z: auth zone that fails. + * @param env: environment with config, to ignore failure or not. + * @param reason: failure string description. + * @param why_bogus: failure string for DNSSEC verification failure. + * @param result: strdup result in here if not NULL. + */ +static void auth_zone_zonemd_fail(struct auth_zone* z, struct module_env* env, + char* reason, char* why_bogus, char** result) +{ + char zstr[255+1]; + /* if fail: log reason, and depending on config also take action + * and drop the zone, eg. it is gone from memory, set zone_expired */ + dname_str(z->name, zstr); + if(!reason) reason = "verification failed"; + if(result) { + if(why_bogus) { + char res[1024]; + snprintf(res, sizeof(res), "%s: %s", reason, + why_bogus); + *result = strdup(res); + } else { + *result = strdup(reason); + } + if(!*result) log_err("out of memory"); + } else { + log_warn("auth zone %s: ZONEMD verification failed: %s", zstr, reason); + } + + if(env->cfg->zonemd_permissive_mode) { + verbose(VERB_ALGO, "zonemd-permissive-mode enabled, " + "not blocking zone %s", zstr); + return; + } + + /* expired means the zone gives servfail and is not used by + * lookup if fallback_enabled*/ + z->zone_expired = 1; +} + +/** + * Verify the zonemd with DNSSEC and hash check, with given key. + * @param z: auth zone. + * @param env: environment with config and temp buffers. + * @param mods: module stack with validator env for verification. + * @param dnskey: dnskey that we can use, or NULL. If nonnull, the key + * has been verified and is the start of the chain of trust. + * @param is_insecure: if true, the dnskey is not used, the zone is insecure. + * And dnssec is not used. It is DNSSEC secure insecure or not under + * a trust anchor. + * @param result: if not NULL result reason copied here. + */ +static void +auth_zone_verify_zonemd_with_key(struct auth_zone* z, struct module_env* env, + struct module_stack* mods, struct ub_packed_rrset_key* dnskey, + int is_insecure, char** result) +{ + char* reason = NULL, *why_bogus = NULL; + struct auth_data* apex = NULL; + struct auth_rrset* zonemd_rrset = NULL; + int zonemd_absent = 0, zonemd_absence_dnssecok = 0; + + /* see if ZONEMD is present or absent. */ + apex = az_find_name(z, z->name, z->namelen); + if(!apex) { + zonemd_absent = 1; + } else { + zonemd_rrset = az_domain_rrset(apex, LDNS_RR_TYPE_ZONEMD); + if(!zonemd_rrset || zonemd_rrset->data->count==0) { + zonemd_absent = 1; + zonemd_rrset = NULL; + } + } + + /* if no DNSSEC, done. */ + /* if no ZONEMD, and DNSSEC, use DNSKEY to verify NSEC or NSEC3 for + * zone apex. Check ZONEMD bit is turned off or else fail */ + /* if ZONEMD, and DNSSEC, check DNSSEC signature on SOA and ZONEMD, + * or else fail */ + if(!dnskey && !is_insecure) { + auth_zone_zonemd_fail(z, env, "DNSKEY missing", NULL, result); + return; + } else if(!zonemd_rrset && dnskey && !is_insecure) { + /* fetch, DNSSEC verify, and check NSEC/NSEC3 */ + if(!zonemd_check_dnssec_absence(z, env, mods, dnskey, apex, + &reason, &why_bogus)) { + auth_zone_zonemd_fail(z, env, reason, why_bogus, result); + return; + } + zonemd_absence_dnssecok = 1; + } else if(zonemd_rrset && dnskey && !is_insecure) { + /* check DNSSEC verify of SOA and ZONEMD */ + if(!zonemd_check_dnssec_soazonemd(z, env, mods, dnskey, apex, + zonemd_rrset, &reason, &why_bogus)) { + auth_zone_zonemd_fail(z, env, reason, why_bogus, result); + return; + } + } + + if(zonemd_absent && z->zonemd_reject_absence) { + auth_zone_zonemd_fail(z, env, "ZONEMD absent and that is not allowed by config", NULL, result); + return; + } + if(zonemd_absent && zonemd_absence_dnssecok) { + auth_zone_log(z->name, VERB_ALGO, "DNSSEC verified nonexistence of ZONEMD"); + if(result) { + *result = strdup("DNSSEC verified nonexistence of ZONEMD"); + if(!*result) log_err("out of memory"); + } + return; + } + if(zonemd_absent) { + auth_zone_log(z->name, VERB_ALGO, "no ZONEMD present"); + if(result) { + *result = strdup("no ZONEMD present"); + if(!*result) log_err("out of memory"); + } + return; + } + + /* check ZONEMD checksum and report or else fail. */ + if(!auth_zone_zonemd_check_hash(z, env, &reason)) { + auth_zone_zonemd_fail(z, env, reason, NULL, result); + return; + } + + /* success! log the success */ + auth_zone_log(z->name, VERB_ALGO, "ZONEMD verification successful"); + if(result) { + *result = strdup("ZONEMD verification successful"); + if(!*result) log_err("out of memory"); + } +} + +/** + * verify the zone DNSKEY rrset from the trust anchor + * This is possible because the anchor is for the zone itself, and can + * thus apply straight to the zone DNSKEY set. + * @param z: the auth zone. + * @param env: environment with time and temp buffers. + * @param mods: module stack for validator environment for dnssec validation. + * @param anchor: trust anchor to use + * @param is_insecure: returned, true if the zone is securely insecure. + * @param why_bogus: if the routine fails, returns the failure reason. + * @param keystorage: where to store the ub_packed_rrset_key that is created + * on success. A pointer to it is returned on success. + * @return the dnskey RRset, reference to zone data and keystorage, or + * NULL on failure. + */ +static struct ub_packed_rrset_key* +zonemd_get_dnskey_from_anchor(struct auth_zone* z, struct module_env* env, + struct module_stack* mods, struct trust_anchor* anchor, + int* is_insecure, char** why_bogus, + struct ub_packed_rrset_key* keystorage) +{ + struct auth_data* apex; + struct auth_rrset* dnskey_rrset; + enum sec_status sec; + struct val_env* ve; + int m; + + apex = az_find_name(z, z->name, z->namelen); + if(!apex) { + *why_bogus = "have trust anchor, but zone has no apex domain for DNSKEY"; + return 0; + } + dnskey_rrset = az_domain_rrset(apex, LDNS_RR_TYPE_DNSKEY); + if(!dnskey_rrset || dnskey_rrset->data->count==0) { + *why_bogus = "have trust anchor, but zone has no DNSKEY"; + return 0; + } + + m = modstack_find(mods, "validator"); + if(m == -1) { + *why_bogus = "have trust anchor, but no validator module"; + return 0; + } + ve = (struct val_env*)env->modinfo[m]; + + memset(keystorage, 0, sizeof(*keystorage)); + keystorage->entry.key = keystorage; + keystorage->entry.data = dnskey_rrset->data; + keystorage->rk.dname = apex->name; + keystorage->rk.dname_len = apex->namelen; + keystorage->rk.type = htons(LDNS_RR_TYPE_DNSKEY); + keystorage->rk.rrset_class = htons(z->dclass); + auth_zone_log(z->name, VERB_QUERY, + "zonemd: verify DNSKEY RRset with trust anchor"); + sec = val_verify_DNSKEY_with_TA(env, ve, keystorage, anchor->ds_rrset, + anchor->dnskey_rrset, NULL, why_bogus, NULL); + regional_free_all(env->scratch); + if(sec == sec_status_secure) { + /* success */ + *is_insecure = 0; + return keystorage; + } else if(sec == sec_status_insecure) { + /* insecure */ + *is_insecure = 1; + } else { + /* bogus */ + *is_insecure = 0; + auth_zone_log(z->name, VERB_ALGO, + "zonemd: verify DNSKEY RRset with trust anchor failed: %s", *why_bogus); + } + return NULL; +} + +/** callback for ZONEMD lookup of DNSKEY */ +void auth_zonemd_dnskey_lookup_callback(void* arg, int rcode, sldns_buffer* buf, + enum sec_status sec, char* why_bogus, int ATTR_UNUSED(was_ratelimited)) +{ + struct auth_zone* z = (struct auth_zone*)arg; + struct module_env* env; + char* reason = NULL; + struct ub_packed_rrset_key* dnskey = NULL; + int is_insecure = 0; + + lock_rw_wrlock(&z->lock); + env = z->zonemd_callback_env; + /* release the env variable so another worker can pick up the + * ZONEMD verification task if it wants to */ + z->zonemd_callback_env = NULL; + if(!env || env->outnet->want_to_quit || z->zone_deleted) { + lock_rw_unlock(&z->lock); + return; /* stop on quit */ + } + + /* process result */ + if(sec == sec_status_bogus) { + reason = why_bogus; + if(!reason) + reason = "lookup of DNSKEY was bogus"; + auth_zone_log(z->name, VERB_ALGO, + "zonemd lookup of DNSKEY was bogus: %s", reason); + } else if(rcode == LDNS_RCODE_NOERROR) { + uint16_t wanted_qtype = LDNS_RR_TYPE_DNSKEY; + struct regional* temp = env->scratch; + struct query_info rq; + struct reply_info* rep; + memset(&rq, 0, sizeof(rq)); + rep = parse_reply_in_temp_region(buf, temp, &rq); + if(rep && rq.qtype == wanted_qtype && + query_dname_compare(z->name, rq.qname) == 0 && + FLAGS_GET_RCODE(rep->flags) == LDNS_RCODE_NOERROR) { + /* parsed successfully */ + struct ub_packed_rrset_key* answer = + reply_find_answer_rrset(&rq, rep); + if(answer && sec == sec_status_secure) { + dnskey = answer; + auth_zone_log(z->name, VERB_ALGO, + "zonemd lookup of DNSKEY was secure"); + } else if(sec == sec_status_secure && !answer) { + is_insecure = 1; + auth_zone_log(z->name, VERB_ALGO, + "zonemd lookup of DNSKEY has no content, but is secure, treat as insecure"); + } else if(sec == sec_status_insecure) { + is_insecure = 1; + auth_zone_log(z->name, VERB_ALGO, + "zonemd lookup of DNSKEY was insecure"); + } else if(sec == sec_status_indeterminate) { + is_insecure = 1; + auth_zone_log(z->name, VERB_ALGO, + "zonemd lookup of DNSKEY was indeterminate, treat as insecure"); + } else { + auth_zone_log(z->name, VERB_ALGO, + "zonemd lookup of DNSKEY has nodata"); + reason = "lookup of DNSKEY has nodata"; + } + } else if(rep && rq.qtype == wanted_qtype && + query_dname_compare(z->name, rq.qname) == 0 && + FLAGS_GET_RCODE(rep->flags) == LDNS_RCODE_NXDOMAIN && + sec == sec_status_secure) { + /* secure nxdomain, so the zone is like some RPZ zone + * that does not exist in the wider internet, with + * a secure nxdomain answer outside of it. So we + * treat the zonemd zone without a dnssec chain of + * trust, as insecure. */ + is_insecure = 1; + auth_zone_log(z->name, VERB_ALGO, + "zonemd lookup of DNSKEY was secure NXDOMAIN, treat as insecure"); + } else if(rep && rq.qtype == wanted_qtype && + query_dname_compare(z->name, rq.qname) == 0 && + FLAGS_GET_RCODE(rep->flags) == LDNS_RCODE_NXDOMAIN && + sec == sec_status_insecure) { + is_insecure = 1; + auth_zone_log(z->name, VERB_ALGO, + "zonemd lookup of DNSKEY was insecure NXDOMAIN, treat as insecure"); + } else if(rep && rq.qtype == wanted_qtype && + query_dname_compare(z->name, rq.qname) == 0 && + FLAGS_GET_RCODE(rep->flags) == LDNS_RCODE_NXDOMAIN && + sec == sec_status_indeterminate) { + is_insecure = 1; + auth_zone_log(z->name, VERB_ALGO, + "zonemd lookup of DNSKEY was indeterminate NXDOMAIN, treat as insecure"); + } else { + auth_zone_log(z->name, VERB_ALGO, + "zonemd lookup of DNSKEY has no answer"); + reason = "lookup of DNSKEY has no answer"; + } + } else { + auth_zone_log(z->name, VERB_ALGO, + "zonemd lookup of DNSKEY failed"); + reason = "lookup of DNSKEY failed"; + } + + if(reason) { + auth_zone_zonemd_fail(z, env, reason, NULL, NULL); + lock_rw_unlock(&z->lock); + return; + } + + auth_zone_verify_zonemd_with_key(z, env, &env->mesh->mods, dnskey, + is_insecure, NULL); + regional_free_all(env->scratch); + lock_rw_unlock(&z->lock); +} + +/** lookup DNSKEY for ZONEMD verification */ +static int +zonemd_lookup_dnskey(struct auth_zone* z, struct module_env* env) +{ + struct query_info qinfo; + uint16_t qflags = BIT_RD; + struct edns_data edns; + sldns_buffer* buf = env->scratch_buffer; + + if(z->zonemd_callback_env) { + /* another worker is already working on the callback + * for the DNSKEY lookup for ZONEMD verification. + * We do not also have to do ZONEMD verification, let that + * worker do it */ + auth_zone_log(z->name, VERB_ALGO, + "zonemd needs lookup of DNSKEY and that already worked on by another worker"); + return 1; + } + + /* use mesh_new_callback to lookup the DNSKEY, + * and then wait for them to be looked up (in cache, or query) */ + qinfo.qname_len = z->namelen; + qinfo.qname = z->name; + qinfo.qclass = z->dclass; + qinfo.qtype = LDNS_RR_TYPE_DNSKEY; + qinfo.local_alias = NULL; + if(verbosity >= VERB_ALGO) { + char buf1[512]; + char buf2[LDNS_MAX_DOMAINLEN+1]; + dname_str(z->name, buf2); + snprintf(buf1, sizeof(buf1), "auth zone %s: lookup DNSKEY " + "for zonemd verification", buf2); + log_query_info(VERB_ALGO, buf1, &qinfo); + } + edns.edns_present = 1; + edns.ext_rcode = 0; + edns.edns_version = 0; + edns.bits = EDNS_DO; + edns.opt_list = NULL; + if(sldns_buffer_capacity(buf) < 65535) + edns.udp_size = (uint16_t)sldns_buffer_capacity(buf); + else edns.udp_size = 65535; + + /* store the worker-specific module env for the callback. + * We can then reference this when the callback executes */ + z->zonemd_callback_env = env; + /* the callback can be called straight away */ + lock_rw_unlock(&z->lock); + if(!mesh_new_callback(env->mesh, &qinfo, qflags, &edns, buf, 0, + &auth_zonemd_dnskey_lookup_callback, z)) { + lock_rw_wrlock(&z->lock); + log_err("out of memory lookup up dnskey for zonemd"); + return 0; + } + lock_rw_wrlock(&z->lock); + return 1; +} + +void auth_zone_verify_zonemd(struct auth_zone* z, struct module_env* env, + struct module_stack* mods, char** result, int offline, int only_online) +{ + char* reason = NULL, *why_bogus = NULL; + struct trust_anchor* anchor = NULL; + struct ub_packed_rrset_key* dnskey = NULL; + struct ub_packed_rrset_key keystorage; + int is_insecure = 0; + /* verify the ZONEMD if present. + * If not present check if absence is allowed by DNSSEC */ + if(!z->zonemd_check) + return; + + /* if zone is under a trustanchor */ + /* is it equal to trustanchor - get dnskey's verified */ + /* else, find chain of trust by fetching DNSKEYs lookup for zone */ + /* result if that, if insecure, means no DNSSEC for the ZONEMD, + * otherwise we have the zone DNSKEY for the DNSSEC verification. */ + if(env->anchors) + anchor = anchors_lookup(env->anchors, z->name, z->namelen, + z->dclass); + if(anchor && anchor->numDS == 0 && anchor->numDNSKEY == 0) { + /* domain-insecure trust anchor for unsigned zones */ + lock_basic_unlock(&anchor->lock); + if(only_online) + return; + dnskey = NULL; + is_insecure = 1; + } else if(anchor && query_dname_compare(z->name, anchor->name) == 0) { + if(only_online) { + lock_basic_unlock(&anchor->lock); + return; + } + /* equal to trustanchor, no need for online lookups */ + dnskey = zonemd_get_dnskey_from_anchor(z, env, mods, anchor, + &is_insecure, &why_bogus, &keystorage); + lock_basic_unlock(&anchor->lock); + if(!dnskey && !reason && !is_insecure) { + reason = "verify DNSKEY RRset with trust anchor failed"; + } + } else if(anchor) { + lock_basic_unlock(&anchor->lock); + /* perform online lookups */ + if(offline) + return; + /* setup online lookups, and wait for them */ + if(zonemd_lookup_dnskey(z, env)) { + /* wait for the lookup */ + return; + } + reason = "could not lookup DNSKEY for chain of trust"; + } else { + /* the zone is not under a trust anchor */ + if(only_online) + return; + dnskey = NULL; + is_insecure = 1; + } + + if(reason) { + auth_zone_zonemd_fail(z, env, reason, why_bogus, result); + return; + } + + auth_zone_verify_zonemd_with_key(z, env, mods, dnskey, is_insecure, + result); + regional_free_all(env->scratch); +} + +void auth_zones_pickup_zonemd_verify(struct auth_zones* az, + struct module_env* env) +{ + struct auth_zone key; + uint8_t savezname[255+1]; + size_t savezname_len; + struct auth_zone* z; + key.node.key = &key; + lock_rw_rdlock(&az->lock); + RBTREE_FOR(z, struct auth_zone*, &az->ztree) { + lock_rw_wrlock(&z->lock); + if(!z->zonemd_check) { + lock_rw_unlock(&z->lock); + continue; + } + key.dclass = z->dclass; + key.namelabs = z->namelabs; + if(z->namelen > sizeof(savezname)) { + lock_rw_unlock(&z->lock); + log_err("auth_zones_pickup_zonemd_verify: zone name too long"); + continue; + } + savezname_len = z->namelen; + memmove(savezname, z->name, z->namelen); + lock_rw_unlock(&az->lock); + auth_zone_verify_zonemd(z, env, &env->mesh->mods, NULL, 0, 1); + lock_rw_unlock(&z->lock); + lock_rw_rdlock(&az->lock); + /* find the zone we had before, it is not deleted, + * because we have a flag for that that is processed at + * apply_cfg time */ + key.namelen = savezname_len; + key.name = savezname; + z = (struct auth_zone*)rbtree_search(&az->ztree, &key); + if(!z) + break; + } + lock_rw_unlock(&az->lock); +} diff --git a/services/authzone.h b/services/authzone.h index 3d94f30d6202..ffe234d59b53 100644 --- a/services/authzone.h +++ b/services/authzone.h @@ -132,8 +132,17 @@ struct auth_zone { /** for upstream: this zone answers queries that unbound intends to * send upstream. */ int for_upstream; + /** check ZONEMD records */ + int zonemd_check; + /** reject absence of ZONEMD records */ + int zonemd_reject_absence; /** RPZ zones */ struct rpz* rpz; + /** store the env (worker thread specific) for the zonemd callbacks + * from the mesh with the results of the lookup, if nonNULL, some + * worker has already picked up the zonemd verification task and + * this worker does not have to do it as well. */ + struct module_env* zonemd_callback_env; /** zone has been deleted */ int zone_deleted; /** deletelist pointer, unused normally except during delete */ @@ -474,10 +483,13 @@ struct auth_zones* auth_zones_create(void); * @param cfg: config to apply. * @param setup: if true, also sets up values in the auth zones structure * @param is_rpz: set to 1 if at least one RPZ zone is configured. + * @param env: environment for offline verification. + * @param mods: modules in environment. * @return false on failure. */ int auth_zones_apply_cfg(struct auth_zones* az, struct config_file* cfg, - int setup, int* is_rpz); + int setup, int* is_rpz, struct module_env* env, + struct module_stack* mods); /** initial pick up of worker timeouts, ties events to worker event loop * @param az: auth zones structure @@ -625,6 +637,9 @@ int auth_zone_read_zonefile(struct auth_zone* z, struct config_file* cfg); /** find serial number of zone or false if none (no SOA record) */ int auth_zone_get_serial(struct auth_zone* z, uint32_t* serial); +/** Find auth_zone SOA and populate the values in xfr(soa values). */ +int xfr_find_soa(struct auth_zone* z, struct auth_xfer* xfr); + /** compare auth_zones for sorted rbtree */ int auth_zone_cmp(const void* z1, const void* z2); @@ -685,4 +700,83 @@ void auth_xfer_transfer_lookup_callback(void* arg, int rcode, */ int compare_serial(uint32_t a, uint32_t b); +/** + * Generate ZONEMD digest for the auth zone. + * @param z: the auth zone to digest. + * omits zonemd at apex and its RRSIG from the digest. + * @param scheme: the collation scheme to use. Numbers as defined for ZONEMD. + * @param hashalgo: the hash algo, from the registry defined for ZONEMD type. + * @param hash: the result buffer. + * @param buflen: size of the result buffer, must be large enough. or the + * routine fails. + * @param resultlen: size of the hash in the result buffer of the result. + * @param region: temp region for allocs during canonicalisation. + * @param buf: temp buffer during canonicalisation. + * @param reason: failure reason, returns a string, NULL on success. + * @return false on failure. + */ +int auth_zone_generate_zonemd_hash(struct auth_zone* z, int scheme, + int hashalgo, uint8_t* hash, size_t buflen, size_t* resultlen, + struct regional* region, struct sldns_buffer* buf, char** reason); + +/** ZONEMD scheme definitions */ +#define ZONEMD_SCHEME_SIMPLE 1 + +/** ZONEMD hash algorithm definition for SHA384 */ +#define ZONEMD_ALGO_SHA384 1 +/** ZONEMD hash algorithm definition for SHA512 */ +#define ZONEMD_ALGO_SHA512 2 + +/** returns true if a zonemd hash algo is supported */ +int zonemd_hashalgo_supported(int hashalgo); +/** returns true if a zonemd scheme is supported */ +int zonemd_scheme_supported(int scheme); + +/** + * Check ZONEMD digest for the auth zone. + * @param z: auth zone to digest. + * @param scheme: zonemd scheme. + * @param hashalgo: zonemd hash algorithm. + * @param hash: the hash to check. + * @param hashlen: length of hash buffer. + * @param region: temp region for allocs during canonicalisation. + * @param buf: temp buffer during canonicalisation. + * @param reason: string returned with failure reason. + * @return false on failure. + */ +int auth_zone_generate_zonemd_check(struct auth_zone* z, int scheme, + int hashalgo, uint8_t* hash, size_t hashlen, struct regional* region, + struct sldns_buffer* buf, char** reason); + +/** + * Perform ZONEMD checks and verification for the auth zone. + * This includes DNSSEC verification if applicable. + * @param z: auth zone to check. Caller holds lock. wrlock. + * @param env: with temp region, buffer and config. + * @param mods: module stack for validator env. + * @param result: if not NULL, result string strdupped in here. + * @param offline: if true, there is no spawned lookup when online is needed. + * Those zones are skipped for ZONEMD checking. + * @param only_online: if true, only for ZONEMD that need online lookup + * of DNSKEY chain of trust are processed. + */ +void auth_zone_verify_zonemd(struct auth_zone* z, struct module_env* env, + struct module_stack* mods, char** result, int offline, + int only_online); + +/** mesh callback for zonemd on lookup of dnskey */ +void auth_zonemd_dnskey_lookup_callback(void* arg, int rcode, + struct sldns_buffer* buf, enum sec_status sec, char* why_bogus, + int was_ratelimited); + +/** + * Check the ZONEMD records that need online DNSSEC chain lookups, + * for them spawn the lookup process to get it checked out. + * Attaches the lookup process to the worker event base and mesh state. + * @param az: auth zones, every zones is checked. + * @param env: env of the worker where the task is attached. + */ +void auth_zones_pickup_zonemd_verify(struct auth_zones* az, + struct module_env* env); + #endif /* SERVICES_AUTHZONE_H */ diff --git a/services/cache/dns.c b/services/cache/dns.c index f3149b614b54..5b64fe47520c 100644 --- a/services/cache/dns.c +++ b/services/cache/dns.c @@ -801,7 +801,7 @@ struct dns_msg* dns_cache_lookup(struct module_env* env, uint8_t* qname, size_t qnamelen, uint16_t qtype, uint16_t qclass, uint16_t flags, struct regional* region, struct regional* scratch, - int no_partial) + int no_partial, uint8_t* dpname, size_t dpnamelen) { struct lruhash_entry* e; struct query_info k; @@ -923,6 +923,9 @@ dns_cache_lookup(struct module_env* env, * the same. We search upwards for NXDOMAINs. */ if(env->cfg->harden_below_nxdomain) { while(!dname_is_root(k.qname)) { + if(dpname && dpnamelen + && !dname_subdomain_c(k.qname, dpname)) + break; /* no synth nxdomain above the stub */ dname_remove_label(&k.qname, &k.qname_len); h = query_info_hash(&k, flags); e = slabhash_lookup(env->msg_cache, h, &k, 0); diff --git a/services/cache/dns.h b/services/cache/dns.h index f1b77fb36c00..bece83702960 100644 --- a/services/cache/dns.h +++ b/services/cache/dns.h @@ -164,6 +164,8 @@ struct dns_msg* tomsg(struct module_env* env, struct query_info* q, * @param scratch: where to allocate temporary data. * @param no_partial: if true, only complete messages and not a partial * one (with only the start of the CNAME chain and not the rest). + * @param dpname: if not NULL, do not return NXDOMAIN above this name. + * @param dpnamelen: length of dpname. * @return new response message (alloced in region, rrsets do not have IDs). * or NULL on error or if not found in cache. * TTLs are made relative to the current time. @@ -171,7 +173,7 @@ struct dns_msg* tomsg(struct module_env* env, struct query_info* q, struct dns_msg* dns_cache_lookup(struct module_env* env, uint8_t* qname, size_t qnamelen, uint16_t qtype, uint16_t qclass, uint16_t flags, struct regional* region, struct regional* scratch, - int no_partial); + int no_partial, uint8_t* dpname, size_t dpnamelen); /** * find and add A and AAAA records for missing nameservers in delegpt diff --git a/services/cache/infra.c b/services/cache/infra.c index 2d16bcd6e405..518e69622f83 100644 --- a/services/cache/infra.c +++ b/services/cache/infra.c @@ -236,6 +236,9 @@ infra_create(struct config_file* cfg) sizeof(struct infra_cache)); size_t maxmem = cfg->infra_cache_numhosts * (sizeof(struct infra_key)+ sizeof(struct infra_data)+INFRA_BYTES_NAME); + if(!infra) { + return NULL; + } infra->hosts = slabhash_create(cfg->infra_cache_slabs, INFRA_HOST_STARTSIZE, maxmem, &infra_sizefunc, &infra_compfunc, &infra_delkeyfunc, &infra_deldatafunc, NULL); diff --git a/services/listen_dnsport.c b/services/listen_dnsport.c index b790660f2396..b43def567501 100644 --- a/services/listen_dnsport.c +++ b/services/listen_dnsport.c @@ -133,6 +133,16 @@ verbose_print_addr(struct addrinfo *addr) } } +void +verbose_print_unbound_socket(struct unbound_socket* ub_sock) +{ + if(verbosity >= VERB_ALGO) { + log_info("listing of unbound_socket structure:"); + verbose_print_addr(ub_sock->addr); + log_info("s is: %d, fam is: %s", ub_sock->s, ub_sock->fam == AF_INET?"AF_INET":"AF_INET6"); + } +} + #ifdef HAVE_SYSTEMD static int systemd_get_activated(int family, int socktype, int listen, @@ -442,6 +452,10 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr, if(err != NULL) log_warn("error setting IP DiffServ codepoint %d on UDP socket: %s", dscp, err); if(family == AF_INET6) { +# if defined(IPV6_MTU_DISCOVER) && defined(IP_PMTUDISC_DONT) + int omit6_set = 0; + int action; +# endif # if defined(IPV6_V6ONLY) if(v6only) { int val=(v6only==2)?0:1; @@ -490,6 +504,39 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr, return -1; } # endif /* IPv6 MTU */ +# if defined(IPV6_MTU_DISCOVER) && defined(IP_PMTUDISC_DONT) +# if defined(IP_PMTUDISC_OMIT) + action = IP_PMTUDISC_OMIT; + if (setsockopt(s, IPPROTO_IPV6, IPV6_MTU_DISCOVER, + &action, (socklen_t)sizeof(action)) < 0) { + + if (errno != EINVAL) { + log_err("setsockopt(..., IPV6_MTU_DISCOVER, IP_PMTUDISC_OMIT...) failed: %s", + strerror(errno)); + sock_close(s); + *noproto = 0; + *inuse = 0; + return -1; + } + } + else + { + omit6_set = 1; + } +# endif + if (omit6_set == 0) { + action = IP_PMTUDISC_DONT; + if (setsockopt(s, IPPROTO_IPV6, IPV6_MTU_DISCOVER, + &action, (socklen_t)sizeof(action)) < 0) { + log_err("setsockopt(..., IPV6_MTU_DISCOVER, IP_PMTUDISC_DONT...) failed: %s", + strerror(errno)); + sock_close(s); + *noproto = 0; + *inuse = 0; + return -1; + } + } +# endif /* IPV6_MTU_DISCOVER */ } else if(family == AF_INET) { # if defined(IP_MTU_DISCOVER) && defined(IP_PMTUDISC_DONT) /* linux 3.15 has IP_PMTUDISC_OMIT, Hannes Frederic Sowa made it so that @@ -916,7 +963,7 @@ static int make_sock(int stype, const char* ifname, const char* port, struct addrinfo *hints, int v6only, int* noip6, size_t rcv, size_t snd, int* reuseport, int transparent, int tcp_mss, int nodelay, int freebind, - int use_systemd, int dscp) + int use_systemd, int dscp, struct unbound_socket* ub_sock) { struct addrinfo *res = NULL; int r, s, inuse, noproto; @@ -958,7 +1005,11 @@ make_sock(int stype, const char* ifname, const char* port, *noip6 = 1; } } - freeaddrinfo(res); + + ub_sock->addr = res; + ub_sock->s = s; + ub_sock->fam = hints->ai_family; + return s; } @@ -967,7 +1018,7 @@ static int make_sock_port(int stype, const char* ifname, const char* port, struct addrinfo *hints, int v6only, int* noip6, size_t rcv, size_t snd, int* reuseport, int transparent, int tcp_mss, int nodelay, int freebind, - int use_systemd, int dscp) + int use_systemd, int dscp, struct unbound_socket* ub_sock) { char* s = strchr(ifname, '@'); if(s) { @@ -990,11 +1041,11 @@ make_sock_port(int stype, const char* ifname, const char* port, p[strlen(s+1)]=0; return make_sock(stype, newif, p, hints, v6only, noip6, rcv, snd, reuseport, transparent, tcp_mss, nodelay, freebind, - use_systemd, dscp); + use_systemd, dscp, ub_sock); } return make_sock(stype, ifname, port, hints, v6only, noip6, rcv, snd, reuseport, transparent, tcp_mss, nodelay, freebind, use_systemd, - dscp); + dscp, ub_sock); } /** @@ -1002,10 +1053,11 @@ make_sock_port(int stype, const char* ifname, const char* port, * @param list: list head. changed. * @param s: fd. * @param ftype: if fd is UDP. + * @param ub_sock: socket with address. * @return false on failure. list in unchanged then. */ static int -port_insert(struct listen_port** list, int s, enum listen_type ftype) +port_insert(struct listen_port** list, int s, enum listen_type ftype, struct unbound_socket* ub_sock) { struct listen_port* item = (struct listen_port*)malloc( sizeof(struct listen_port)); @@ -1014,6 +1066,7 @@ port_insert(struct listen_port** list, int s, enum listen_type ftype) item->next = *list; item->fd = s; item->ftype = ftype; + item->socket = ub_sock; *list = item; return 1; } @@ -1043,7 +1096,7 @@ set_recvpktinfo(int s, int family) return 0; } # else - log_err("no IPV6_RECVPKTINFO and no IPV6_PKTINFO option, please " + log_err("no IPV6_RECVPKTINFO and IPV6_PKTINFO options, please " "disable interface-automatic or do-ip6 in config"); return 0; # endif /* defined IPV6_RECVPKTINFO */ @@ -1093,18 +1146,6 @@ if_is_ssl(const char* ifname, const char* port, int ssl_port, return 0; } -/** see if interface is https, its port number == the https port number */ -static int -if_is_https(const char* ifname, const char* port, int https_port) -{ - char* p = strchr(ifname, '@'); - if(!p && atoi(port) == https_port) - return 1; - if(p && atoi(p+1) == https_port) - return 1; - return 0; -} - /** * Helper for ports_open. Creates one interface (or NULL for default). * @param ifname: The interface ip address. @@ -1142,6 +1183,7 @@ ports_create_if(const char* ifname, int do_auto, int do_udp, int do_tcp, int s, noip6=0; int is_https = if_is_https(ifname, port, https_port); int nodelay = is_https && http2_nodelay; + struct unbound_socket* ub_sock; #ifdef USE_DNSCRYPT int is_dnscrypt = ((strchr(ifname, '@') && atoi(strchr(ifname, '@')+1) == dnscrypt_port) || @@ -1153,10 +1195,16 @@ ports_create_if(const char* ifname, int do_auto, int do_udp, int do_tcp, if(!do_udp && !do_tcp) return 0; + if(do_auto) { + ub_sock = calloc(1, sizeof(struct unbound_socket)); + if(!ub_sock) + return 0; if((s = make_sock_port(SOCK_DGRAM, ifname, port, hints, 1, &noip6, rcv, snd, reuseport, transparent, - tcp_mss, nodelay, freebind, use_systemd, dscp)) == -1) { + tcp_mss, nodelay, freebind, use_systemd, dscp, ub_sock)) == -1) { + freeaddrinfo(ub_sock->addr); + free(ub_sock); if(noip6) { log_warn("IPv6 protocol not available"); return 1; @@ -1166,18 +1214,27 @@ ports_create_if(const char* ifname, int do_auto, int do_udp, int do_tcp, /* getting source addr packet info is highly non-portable */ if(!set_recvpktinfo(s, hints->ai_family)) { sock_close(s); + freeaddrinfo(ub_sock->addr); + free(ub_sock); return 0; } if(!port_insert(list, s, - is_dnscrypt?listen_type_udpancil_dnscrypt:listen_type_udpancil)) { + is_dnscrypt?listen_type_udpancil_dnscrypt:listen_type_udpancil, ub_sock)) { sock_close(s); + freeaddrinfo(ub_sock->addr); + free(ub_sock); return 0; } } else if(do_udp) { + ub_sock = calloc(1, sizeof(struct unbound_socket)); + if(!ub_sock) + return 0; /* regular udp socket */ if((s = make_sock_port(SOCK_DGRAM, ifname, port, hints, 1, &noip6, rcv, snd, reuseport, transparent, - tcp_mss, nodelay, freebind, use_systemd, dscp)) == -1) { + tcp_mss, nodelay, freebind, use_systemd, dscp, ub_sock)) == -1) { + freeaddrinfo(ub_sock->addr); + free(ub_sock); if(noip6) { log_warn("IPv6 protocol not available"); return 1; @@ -1185,8 +1242,10 @@ ports_create_if(const char* ifname, int do_auto, int do_udp, int do_tcp, return 0; } if(!port_insert(list, s, - is_dnscrypt?listen_type_udp_dnscrypt:listen_type_udp)) { + is_dnscrypt?listen_type_udp_dnscrypt:listen_type_udp, ub_sock)) { sock_close(s); + freeaddrinfo(ub_sock->addr); + free(ub_sock); return 0; } } @@ -1194,6 +1253,9 @@ ports_create_if(const char* ifname, int do_auto, int do_udp, int do_tcp, int is_ssl = if_is_ssl(ifname, port, ssl_port, tls_additional_port); enum listen_type port_type; + ub_sock = calloc(1, sizeof(struct unbound_socket)); + if(!ub_sock) + return 0; if(is_ssl) port_type = listen_type_ssl; else if(is_https) @@ -1204,7 +1266,9 @@ ports_create_if(const char* ifname, int do_auto, int do_udp, int do_tcp, port_type = listen_type_tcp; if((s = make_sock_port(SOCK_STREAM, ifname, port, hints, 1, &noip6, 0, 0, reuseport, transparent, tcp_mss, nodelay, - freebind, use_systemd, dscp)) == -1) { + freebind, use_systemd, dscp, ub_sock)) == -1) { + freeaddrinfo(ub_sock->addr); + free(ub_sock); if(noip6) { /*log_warn("IPv6 protocol not available");*/ return 1; @@ -1213,8 +1277,10 @@ ports_create_if(const char* ifname, int do_auto, int do_udp, int do_tcp, } if(is_ssl) verbose(VERB_ALGO, "setup TCP for SSL service"); - if(!port_insert(list, s, port_type)) { + if(!port_insert(list, s, port_type, ub_sock)) { sock_close(s); + freeaddrinfo(ub_sock->addr); + free(ub_sock); return 0; } } @@ -1280,14 +1346,14 @@ listen_create(struct comm_base* base, struct listen_port* ports, if(ports->ftype == listen_type_udp || ports->ftype == listen_type_udp_dnscrypt) cp = comm_point_create_udp(base, ports->fd, - front->udp_buff, cb, cb_arg); + front->udp_buff, cb, cb_arg, ports->socket); else if(ports->ftype == listen_type_tcp || ports->ftype == listen_type_tcp_dnscrypt) cp = comm_point_create_tcp(base, ports->fd, tcp_accept_count, tcp_idle_timeout, harden_large_queries, 0, NULL, tcp_conn_limit, bufsize, front->udp_buff, - ports->ftype, cb, cb_arg); + ports->ftype, cb, cb_arg, ports->socket); else if(ports->ftype == listen_type_ssl || ports->ftype == listen_type_http) { cp = comm_point_create_tcp(base, ports->fd, @@ -1295,7 +1361,7 @@ listen_create(struct comm_base* base, struct listen_port* ports, harden_large_queries, http_max_streams, http_endpoint, tcp_conn_limit, bufsize, front->udp_buff, - ports->ftype, cb, cb_arg); + ports->ftype, cb, cb_arg, ports->socket); if(http_notls && ports->ftype == listen_type_http) cp->ssl = NULL; else @@ -1322,7 +1388,7 @@ listen_create(struct comm_base* base, struct listen_port* ports, } else if(ports->ftype == listen_type_udpancil || ports->ftype == listen_type_udpancil_dnscrypt) cp = comm_point_create_udp_ancil(base, ports->fd, - front->udp_buff, cb, cb_arg); + front->udp_buff, cb, cb_arg, ports->socket); if(!cp) { log_err("can't create commpoint"); listen_delete(front); @@ -1506,13 +1572,12 @@ resolve_ifa_name(struct ifaddrs *ifas, const char *search_ifa, char ***ip_addres } #endif /* HAVE_GETIFADDRS */ -int resolve_interface_names(struct config_file* cfg, char*** resif, - int* num_resif) +int resolve_interface_names(char** ifs, int num_ifs, + struct config_strlist* list, char*** resif, int* num_resif) { #ifdef HAVE_GETIFADDRS - int i; struct ifaddrs *addrs = NULL; - if(cfg->num_ifs == 0) { + if(num_ifs == 0 && list == NULL) { *resif = NULL; *num_resif = 0; return 1; @@ -1523,38 +1588,73 @@ int resolve_interface_names(struct config_file* cfg, char*** resif, freeifaddrs(addrs); return 0; } - for(i=0; inum_ifs; i++) { - if(!resolve_ifa_name(addrs, cfg->ifs[i], resif, num_resif)) { - freeifaddrs(addrs); - config_del_strarray(*resif, *num_resif); - *resif = NULL; - *num_resif = 0; - return 0; + if(ifs) { + int i; + for(i=0; inext) { + if(!resolve_ifa_name(addrs, p->str, resif, num_resif)) { + freeifaddrs(addrs); + config_del_strarray(*resif, *num_resif); + *resif = NULL; + *num_resif = 0; + return 0; + } +} + } freeifaddrs(addrs); return 1; #else - int i; - if(cfg->num_ifs == 0) { + struct config_strlist* p; + if(num_ifs == 0 && list == NULL) { *resif = NULL; *num_resif = 0; return 1; } - *num_resif = cfg->num_ifs; + *num_resif = num_ifs; + for(p = list; p; p = p->next) { + (*num_resif)++; + } *resif = calloc(*num_resif, sizeof(**resif)); if(!*resif) { log_err("out of memory"); return 0; } - for(i=0; i<*num_resif; i++) { - (*resif)[i] = strdup(cfg->ifs[i]); - if(!((*resif)[i])) { - log_err("out of memory"); - config_del_strarray(*resif, *num_resif); - *resif = NULL; - *num_resif = 0; - return 0; + if(ifs) { + int i; + for(i=0; inext) { + (*resif)[idx] = strdup(p->str); + if(!((*resif)[idx])) { + log_err("out of memory"); + config_del_strarray(*resif, *num_resif); + *resif = NULL; + *num_resif = 0; + return 0; + } + idx++; } } return 1; @@ -1656,6 +1756,7 @@ listening_ports_open(struct config_file* cfg, char** ifs, int num_ifs, } } } + return list; } @@ -1667,6 +1768,11 @@ void listening_ports_free(struct listen_port* list) if(list->fd != -1) { sock_close(list->fd); } + /* rc_ports don't have ub_socket */ + if(list->socket) { + freeaddrinfo(list->socket->addr); + free(list->socket); + } free(list); list = nx; } @@ -2371,6 +2477,10 @@ static int http2_query_read_done(struct http2_session* h2_session, "buffer already assigned to stream"); return -1; } + + /* the c->buffer might be used by mesh_send_reply and no be cleard + * need to be cleared before use */ + sldns_buffer_clear(h2_session->c->buffer); if(sldns_buffer_remaining(h2_session->c->buffer) < sldns_buffer_remaining(h2_stream->qbuffer)) { /* qbuffer will be free'd in frame close cb */ @@ -2572,18 +2682,45 @@ static int http2_buffer_uri_query(struct http2_session* h2_session, return 0; } - if(!(b64len = sldns_b64url_pton( - (char const *)start, length, - sldns_buffer_current(h2_stream->qbuffer), - expectb64len)) || b64len < 0) { - lock_basic_lock(&http2_query_buffer_count_lock); - http2_query_buffer_count -= expectb64len; - lock_basic_unlock(&http2_query_buffer_count_lock); - sldns_buffer_free(h2_stream->qbuffer); - h2_stream->qbuffer = NULL; - /* return without error, method can be an - * unknown POST */ - return 1; + if(sldns_b64_contains_nonurl((char const*)start, length)) { + char buf[65536+4]; + verbose(VERB_ALGO, "HTTP2 stream contains wrong b64 encoding"); + /* copy to the scratch buffer temporarily to terminate the + * string with a zero */ + if(length+1 > sizeof(buf)) { + /* too long */ + lock_basic_lock(&http2_query_buffer_count_lock); + http2_query_buffer_count -= expectb64len; + lock_basic_unlock(&http2_query_buffer_count_lock); + sldns_buffer_free(h2_stream->qbuffer); + h2_stream->qbuffer = NULL; + return 1; + } + memmove(buf, start, length); + buf[length] = 0; + if(!(b64len = sldns_b64_pton(buf, sldns_buffer_current( + h2_stream->qbuffer), expectb64len)) || b64len < 0) { + lock_basic_lock(&http2_query_buffer_count_lock); + http2_query_buffer_count -= expectb64len; + lock_basic_unlock(&http2_query_buffer_count_lock); + sldns_buffer_free(h2_stream->qbuffer); + h2_stream->qbuffer = NULL; + return 1; + } + } else { + if(!(b64len = sldns_b64url_pton( + (char const *)start, length, + sldns_buffer_current(h2_stream->qbuffer), + expectb64len)) || b64len < 0) { + lock_basic_lock(&http2_query_buffer_count_lock); + http2_query_buffer_count -= expectb64len; + lock_basic_unlock(&http2_query_buffer_count_lock); + sldns_buffer_free(h2_stream->qbuffer); + h2_stream->qbuffer = NULL; + /* return without error, method can be an + * unknown POST */ + return 1; + } } sldns_buffer_skip(h2_stream->qbuffer, (size_t)b64len); return 1; diff --git a/services/listen_dnsport.h b/services/listen_dnsport.h index f438ff4580f7..1e51be9bfcab 100644 --- a/services/listen_dnsport.h +++ b/services/listen_dnsport.h @@ -102,6 +102,18 @@ enum listen_type { listen_type_http }; +/* + * socket properties (just like NSD nsd_socket structure definition) + */ +struct unbound_socket { + /** socket-address structure */ + struct addrinfo * addr; + /** socket descriptor returned by socket() syscall */ + int s; + /** address family (AF_INET/IF_INET6) */ + int fam; +}; + /** * Single linked list to store shared ports that have been * opened for use by all threads. @@ -113,6 +125,8 @@ struct listen_port { int fd; /** type of file descriptor, udp or tcp */ enum listen_type ftype; + /** fill in unbpound_socket structure for every opened socket at Unbound startup */ + struct unbound_socket* socket; }; /** @@ -136,16 +150,19 @@ struct listen_port* listening_ports_open(struct config_file* cfg, */ void listening_ports_free(struct listen_port* list); +struct config_strlist; /** * Resolve interface names in config and store result IP addresses - * @param cfg: config + * @param ifs: array of interfaces. The list of interface names, if not NULL. + * @param num_ifs: length of ifs array. + * @param list: if not NULL, this is used as the list of interface names. * @param resif: string array (malloced array of malloced strings) with * result. NULL if cfg has none. * @param num_resif: length of resif. Zero if cfg has zero num_ifs. * @return 0 on failure. */ -int resolve_interface_names(struct config_file* cfg, char*** resif, - int* num_resif); +int resolve_interface_names(char** ifs, int num_ifs, + struct config_strlist* list, char*** resif, int* num_resif); /** * Create commpoints with for this thread for the shared ports. @@ -424,4 +441,9 @@ int http2_submit_dns_response(void* v); char* set_ip_dscp(int socket, int addrfamily, int ds); +/** for debug and profiling purposes only + * @param ub_sock: the structure containing created socket info we want to print or log for + */ +void verbose_print_unbound_socket(struct unbound_socket* ub_sock); + #endif /* LISTEN_DNSPORT_H */ diff --git a/services/localzone.c b/services/localzone.c index fd2ff2bb67f7..54f55ab810e4 100644 --- a/services/localzone.c +++ b/services/localzone.c @@ -745,9 +745,15 @@ static int lz_enter_zones(struct local_zones* zones, struct config_file* cfg) { struct config_str2list* p; +#ifndef THREADS_DISABLED struct local_zone* z; +#endif for(p = cfg->local_zones; p; p = p->next) { - if(!(z=lz_enter_zone(zones, p->str, p->str2, + if(!( +#ifndef THREADS_DISABLED + z= +#endif + lz_enter_zone(zones, p->str, p->str2, LDNS_RR_CLASS_IN))) return 0; lock_rw_unlock(&z->lock); @@ -1027,7 +1033,9 @@ lz_setup_implicit(struct local_zones* zones, struct config_file* cfg) } if(have_name) { uint8_t* n2; +#ifndef THREADS_DISABLED struct local_zone* z; +#endif /* allocate zone of smallest shared topdomain to contain em */ n2 = nm; dname_remove_labels(&n2, &nmlen, nmlabs - match); @@ -1039,7 +1047,11 @@ lz_setup_implicit(struct local_zones* zones, struct config_file* cfg) } log_nametypeclass(VERB_ALGO, "implicit transparent local-zone", n2, 0, dclass); - if(!(z=lz_enter_zone_dname(zones, n2, nmlen, match, + if(!( +#ifndef THREADS_DISABLED + z= +#endif + lz_enter_zone_dname(zones, n2, nmlen, match, local_zone_transparent, dclass))) { return 0; } diff --git a/services/localzone.h b/services/localzone.h index 3da5c8754bf3..b52d81dc72cb 100644 --- a/services/localzone.h +++ b/services/localzone.h @@ -158,7 +158,7 @@ struct local_zone { rbtree_type data; /** if data contains zone apex SOA data, this is a ptr to it. */ struct ub_packed_rrset_key* soa; - /** if data contains zone apex SOA data, this is a prt to an + /** if data contains zone apex SOA data, this is a ptr to an * artificial negative SOA rrset (TTL is the minimum of the TTL and the * SOA.MINIMUM). */ struct ub_packed_rrset_key* soa_negative; diff --git a/services/mesh.c b/services/mesh.c index 91d23debf351..5679a8b64e58 100644 --- a/services/mesh.c +++ b/services/mesh.c @@ -99,7 +99,7 @@ timeval_divide(struct timeval* avg, const struct timeval* sum, size_t d) { #ifndef S_SPLINT_S size_t leftover; - if(d == 0) { + if(d <= 0) { avg->tv_sec = 0; avg->tv_usec = 0; return; @@ -108,7 +108,13 @@ timeval_divide(struct timeval* avg, const struct timeval* sum, size_t d) avg->tv_usec = sum->tv_usec / d; /* handle fraction from seconds divide */ leftover = sum->tv_sec - avg->tv_sec*d; - avg->tv_usec += (leftover*1000000)/d; + if(leftover <= 0) + leftover = 0; + avg->tv_usec += (((long long)leftover)*((long long)1000000))/d; + if(avg->tv_sec < 0) + avg->tv_sec = 0; + if(avg->tv_usec < 0) + avg->tv_usec = 0; #endif } @@ -433,7 +439,7 @@ mesh_serve_expired_init(struct mesh_state* mstate, int timeout) mstate->s.serve_expired_data->get_cached_answer = mstate->s.serve_expired_data->get_cached_answer? mstate->s.serve_expired_data->get_cached_answer: - mesh_serve_expired_lookup; + &mesh_serve_expired_lookup; /* In case this timer already popped, start it again */ if(!mstate->s.serve_expired_data->timer) { @@ -1813,8 +1819,7 @@ mesh_detect_cycle(struct module_qstate* qstate, struct query_info* qinfo, { struct mesh_area* mesh = qstate->env->mesh; struct mesh_state* dep_m = NULL; - if(!mesh_state_is_unique(qstate->mesh_info)) - dep_m = mesh_area_find(mesh, NULL, qinfo, flags, prime, valrec); + dep_m = mesh_area_find(mesh, NULL, qinfo, flags, prime, valrec); return mesh_detect_cycle_found(qstate, dep_m); } @@ -1941,7 +1946,7 @@ mesh_serve_expired_callback(void* arg) while(1) { fptr_ok(fptr_whitelist_serve_expired_lookup( qstate->serve_expired_data->get_cached_answer)); - msg = qstate->serve_expired_data->get_cached_answer(qstate, + msg = (*qstate->serve_expired_data->get_cached_answer)(qstate, lookup_qinfo); if(!msg) return; diff --git a/services/modstack.c b/services/modstack.c index a600549b16c3..da8e623c16da 100644 --- a/services/modstack.c +++ b/services/modstack.c @@ -88,57 +88,56 @@ count_modules(const char* s) return num; } -void +void modstack_init(struct module_stack* stack) { stack->num = 0; stack->mod = NULL; } -int +int modstack_config(struct module_stack* stack, const char* module_conf) { - int i; - verbose(VERB_QUERY, "module config: \"%s\"", module_conf); - stack->num = count_modules(module_conf); - if(stack->num == 0) { - log_err("error: no modules specified"); - return 0; - } - if(stack->num > MAX_MODULE) { - log_err("error: too many modules (%d max %d)", - stack->num, MAX_MODULE); - return 0; - } - stack->mod = (struct module_func_block**)calloc((size_t) - stack->num, sizeof(struct module_func_block*)); - if(!stack->mod) { - log_err("out of memory"); - return 0; - } - for(i=0; inum; i++) { - stack->mod[i] = module_factory(&module_conf); - if(!stack->mod[i]) { + int i; + verbose(VERB_QUERY, "module config: \"%s\"", module_conf); + stack->num = count_modules(module_conf); + if(stack->num == 0) { + log_err("error: no modules specified"); + return 0; + } + if(stack->num > MAX_MODULE) { + log_err("error: too many modules (%d max %d)", + stack->num, MAX_MODULE); + return 0; + } + stack->mod = (struct module_func_block**)calloc((size_t) + stack->num, sizeof(struct module_func_block*)); + if(!stack->mod) { + log_err("out of memory"); + return 0; + } + for(i=0; inum; i++) { + stack->mod[i] = module_factory(&module_conf); + if(!stack->mod[i]) { char md[256]; snprintf(md, sizeof(md), "%s", module_conf); if(strchr(md, ' ')) *(strchr(md, ' ')) = 0; if(strchr(md, '\t')) *(strchr(md, '\t')) = 0; - log_err("Unknown value in module-config, module: '%s'." + log_err("Unknown value in module-config, module: '%s'." " This module is not present (not compiled in)," - " See the list of linked modules with unbound -h", - md); - return 0; - } - } - return 1; + " See the list of linked modules with unbound -V", md); + return 0; + } + } + return 1; } /** The list of module names */ const char** module_list_avail(void) { - /* these are the modules available */ - static const char* names[] = { + /* these are the modules available */ + static const char* names[] = { "dns64", #ifdef WITH_PYTHONMODULE "python", @@ -156,7 +155,7 @@ module_list_avail(void) "subnetcache", #endif #ifdef USE_IPSET - "ipset", + "ipset", #endif "respip", "validator", diff --git a/services/outside_network.c b/services/outside_network.c index 6c6b42ccbdb8..a3f982e72185 100644 --- a/services/outside_network.c +++ b/services/outside_network.c @@ -90,8 +90,8 @@ static int randomize_and_send_udp(struct pending* pend, sldns_buffer* packet, static void waiting_list_remove(struct outside_network* outnet, struct waiting_tcp* w); -/** remove reused element from tree and lru list */ -static void reuse_tcp_remove_tree_list(struct outside_network* outnet, +/** select a DNS ID for a TCP stream */ +static uint16_t tcp_select_id(struct outside_network* outnet, struct reuse_tcp* reuse); int @@ -198,15 +198,17 @@ waiting_tcp_delete(struct waiting_tcp* w) * Pick random outgoing-interface of that family, and bind it. * port set to 0 so OS picks a port number for us. * if it is the ANY address, do not bind. + * @param pend: pending tcp structure, for storing the local address choice. * @param w: tcp structure with destination address. * @param s: socket fd. * @return false on error, socket closed. */ static int -pick_outgoing_tcp(struct waiting_tcp* w, int s) +pick_outgoing_tcp(struct pending_tcp* pend, struct waiting_tcp* w, int s) { struct port_if* pi = NULL; int num; + pend->pi = NULL; #ifdef INET6 if(addr_is_ip6(&w->addr, w->addrlen)) num = w->outnet->num_ip6; @@ -226,6 +228,7 @@ pick_outgoing_tcp(struct waiting_tcp* w, int s) #endif pi = &w->outnet->ip4_ifs[ub_random_max(w->outnet->rnd, num)]; log_assert(pi); + pend->pi = pi; if(addr_is_any(&pi->addr, pi->addrlen)) { /* binding to the ANY interface is for listening sockets */ return 1; @@ -235,7 +238,14 @@ pick_outgoing_tcp(struct waiting_tcp* w, int s) ((struct sockaddr_in6*)&pi->addr)->sin6_port = 0; else ((struct sockaddr_in*)&pi->addr)->sin_port = 0; if(bind(s, (struct sockaddr*)&pi->addr, pi->addrlen) != 0) { - log_err("outgoing tcp: bind: %s", sock_strerror(errno)); +#ifndef USE_WINSOCK +#ifdef EADDRNOTAVAIL + if(!(verbosity < 4 && errno == EADDRNOTAVAIL)) +#endif +#else /* USE_WINSOCK */ + if(!(verbosity < 4 && WSAGetLastError() == WSAEADDRNOTAVAIL)) +#endif + log_err("outgoing tcp: bind: %s", sock_strerror(errno)); sock_close(s); return 0; } @@ -337,6 +347,8 @@ log_reuse_tcp(enum verbosity_value v, const char* msg, struct reuse_tcp* reuse) uint16_t port; char addrbuf[128]; if(verbosity < v) return; + if(!reuse || !reuse->pending || !reuse->pending->c) + return; addr_to_str(&reuse->addr, reuse->addrlen, addrbuf, sizeof(addrbuf)); port = ntohs(((struct sockaddr_in*)&reuse->addr)->sin_port); verbose(v, "%s %s#%u fd %d", msg, addrbuf, (unsigned)port, @@ -356,6 +368,8 @@ static struct waiting_tcp* reuse_write_wait_pop(struct reuse_tcp* reuse) w->write_wait_next->write_wait_prev = NULL; else reuse->write_wait_last = NULL; w->write_wait_queued = 0; + w->write_wait_next = NULL; + w->write_wait_prev = NULL; return w; } @@ -363,6 +377,8 @@ static struct waiting_tcp* reuse_write_wait_pop(struct reuse_tcp* reuse) static void reuse_write_wait_remove(struct reuse_tcp* reuse, struct waiting_tcp* w) { + log_assert(w); + log_assert(w->write_wait_queued); if(!w) return; if(!w->write_wait_queued) @@ -370,10 +386,16 @@ static void reuse_write_wait_remove(struct reuse_tcp* reuse, if(w->write_wait_prev) w->write_wait_prev->write_wait_next = w->write_wait_next; else reuse->write_wait_first = w->write_wait_next; + log_assert(!w->write_wait_prev || + w->write_wait_prev->write_wait_next != w->write_wait_prev); if(w->write_wait_next) w->write_wait_next->write_wait_prev = w->write_wait_prev; else reuse->write_wait_last = w->write_wait_prev; + log_assert(!w->write_wait_next + || w->write_wait_next->write_wait_prev != w->write_wait_next); w->write_wait_queued = 0; + w->write_wait_next = NULL; + w->write_wait_prev = NULL; } /** push the element after the last on the writewait list */ @@ -384,6 +406,8 @@ static void reuse_write_wait_push_back(struct reuse_tcp* reuse, log_assert(!w->write_wait_queued); if(reuse->write_wait_last) { reuse->write_wait_last->write_wait_next = w; + log_assert(reuse->write_wait_last->write_wait_next != + reuse->write_wait_last); w->write_wait_prev = reuse->write_wait_last; } else { reuse->write_wait_first = w; @@ -396,9 +420,18 @@ static void reuse_write_wait_push_back(struct reuse_tcp* reuse, void reuse_tree_by_id_insert(struct reuse_tcp* reuse, struct waiting_tcp* w) { +#ifdef UNBOUND_DEBUG + rbnode_type* added; +#endif log_assert(w->id_node.key == NULL); w->id_node.key = w; +#ifdef UNBOUND_DEBUG + added = +#else + (void) +#endif rbtree_insert(&reuse->tree_by_id, &w->id_node); + log_assert(added); /* should have been added */ } /** find element in tree by id */ @@ -424,34 +457,45 @@ tree_by_id_get_id(rbnode_type* node) } /** insert into reuse tcp tree and LRU, false on failure (duplicate) */ -static int +int reuse_tcp_insert(struct outside_network* outnet, struct pending_tcp* pend_tcp) { log_reuse_tcp(VERB_CLIENT, "reuse_tcp_insert", &pend_tcp->reuse); if(pend_tcp->reuse.item_on_lru_list) { if(!pend_tcp->reuse.node.key) - log_err("internal error: reuse_tcp_insert: on lru list without key"); + log_err("internal error: reuse_tcp_insert: " + "in lru list without key"); return 1; } pend_tcp->reuse.node.key = &pend_tcp->reuse; pend_tcp->reuse.pending = pend_tcp; if(!rbtree_insert(&outnet->tcp_reuse, &pend_tcp->reuse.node)) { - /* this is a duplicate connection, close this one */ - verbose(VERB_CLIENT, "reuse_tcp_insert: duplicate connection"); - pend_tcp->reuse.node.key = NULL; - return 0; + /* We are not in the LRU list but we are already in the + * tcp_reuse tree, strange. + * Continue to add ourselves to the LRU list. */ + log_err("internal error: reuse_tcp_insert: in lru list but " + "not in the tree"); } /* insert into LRU, first is newest */ pend_tcp->reuse.lru_prev = NULL; if(outnet->tcp_reuse_first) { pend_tcp->reuse.lru_next = outnet->tcp_reuse_first; + log_assert(pend_tcp->reuse.lru_next != &pend_tcp->reuse); outnet->tcp_reuse_first->lru_prev = &pend_tcp->reuse; + log_assert(outnet->tcp_reuse_first->lru_prev != + outnet->tcp_reuse_first); } else { pend_tcp->reuse.lru_next = NULL; outnet->tcp_reuse_last = &pend_tcp->reuse; } outnet->tcp_reuse_first = &pend_tcp->reuse; pend_tcp->reuse.item_on_lru_list = 1; + log_assert((!outnet->tcp_reuse_first && !outnet->tcp_reuse_last) || + (outnet->tcp_reuse_first && outnet->tcp_reuse_last)); + log_assert(outnet->tcp_reuse_first != outnet->tcp_reuse_first->lru_next && + outnet->tcp_reuse_first != outnet->tcp_reuse_first->lru_prev); + log_assert(outnet->tcp_reuse_last != outnet->tcp_reuse_last->lru_next && + outnet->tcp_reuse_last != outnet->tcp_reuse_last->lru_prev); return 1; } @@ -511,7 +555,7 @@ reuse_tcp_find(struct outside_network* outnet, struct sockaddr_storage* addr, while(result && result != RBTREE_NULL && reuse_cmp_addrportssl(result->key, &key_p.reuse) == 0) { if(((struct reuse_tcp*)result)->tree_by_id.count < - MAX_REUSE_TCP_QUERIES) { + outnet->max_reuse_tcp_queries) { /* same address, port, ssl-yes-or-no, and has * space for another query */ return (struct reuse_tcp*)result; @@ -567,7 +611,7 @@ outnet_tcp_take_into_use(struct waiting_tcp* w) if(s == -1) return 0; - if(!pick_outgoing_tcp(w, s)) + if(!pick_outgoing_tcp(pend, w, s)) return 0; fd_set_nonblock(s); @@ -689,28 +733,65 @@ outnet_tcp_take_into_use(struct waiting_tcp* w) /** Touch the lru of a reuse_tcp element, it is in use. * This moves it to the front of the list, where it is not likely to * be closed. Items at the back of the list are closed to make space. */ -static void +void reuse_tcp_lru_touch(struct outside_network* outnet, struct reuse_tcp* reuse) { if(!reuse->item_on_lru_list) { log_err("internal error: we need to touch the lru_list but item not in list"); return; /* not on the list, no lru to modify */ } + log_assert(reuse->lru_prev || + (!reuse->lru_prev && outnet->tcp_reuse_first == reuse)); if(!reuse->lru_prev) return; /* already first in the list */ /* remove at current position */ /* since it is not first, there is a previous element */ reuse->lru_prev->lru_next = reuse->lru_next; + log_assert(reuse->lru_prev->lru_next != reuse->lru_prev); if(reuse->lru_next) reuse->lru_next->lru_prev = reuse->lru_prev; else outnet->tcp_reuse_last = reuse->lru_prev; + log_assert(!reuse->lru_next || reuse->lru_next->lru_prev != reuse->lru_next); + log_assert(outnet->tcp_reuse_last != outnet->tcp_reuse_last->lru_next && + outnet->tcp_reuse_last != outnet->tcp_reuse_last->lru_prev); /* insert at the front */ reuse->lru_prev = NULL; reuse->lru_next = outnet->tcp_reuse_first; + if(outnet->tcp_reuse_first) { + outnet->tcp_reuse_first->lru_prev = reuse; + } + log_assert(reuse->lru_next != reuse); /* since it is not first, it is not the only element and * lru_next is thus not NULL and thus reuse is now not the last in * the list, so outnet->tcp_reuse_last does not need to be modified */ outnet->tcp_reuse_first = reuse; + log_assert(outnet->tcp_reuse_first != outnet->tcp_reuse_first->lru_next && + outnet->tcp_reuse_first != outnet->tcp_reuse_first->lru_prev); + log_assert((!outnet->tcp_reuse_first && !outnet->tcp_reuse_last) || + (outnet->tcp_reuse_first && outnet->tcp_reuse_last)); +} + +/** Snip the last reuse_tcp element off of the LRU list */ +struct reuse_tcp* +reuse_tcp_lru_snip(struct outside_network* outnet) +{ + struct reuse_tcp* reuse = outnet->tcp_reuse_last; + if(!reuse) return NULL; + /* snip off of LRU */ + log_assert(reuse->lru_next == NULL); + if(reuse->lru_prev) { + outnet->tcp_reuse_last = reuse->lru_prev; + reuse->lru_prev->lru_next = NULL; + } else { + outnet->tcp_reuse_last = NULL; + outnet->tcp_reuse_first = NULL; + } + log_assert((!outnet->tcp_reuse_first && !outnet->tcp_reuse_last) || + (outnet->tcp_reuse_first && outnet->tcp_reuse_last)); + reuse->item_on_lru_list = 0; + reuse->lru_next = NULL; + reuse->lru_prev = NULL; + return reuse; } /** call callback on waiting_tcp, if not NULL */ @@ -718,30 +799,89 @@ static void waiting_tcp_callback(struct waiting_tcp* w, struct comm_point* c, int error, struct comm_reply* reply_info) { - if(w->cb) { + if(w && w->cb) { fptr_ok(fptr_whitelist_pending_tcp(w->cb)); (void)(*w->cb)(c, w->cb_arg, error, reply_info); } } +/** add waiting_tcp element to the outnet tcp waiting list */ +static void +outnet_add_tcp_waiting(struct outside_network* outnet, struct waiting_tcp* w) +{ + struct timeval tv; + log_assert(!w->on_tcp_waiting_list); + if(w->on_tcp_waiting_list) + return; + w->next_waiting = NULL; + if(outnet->tcp_wait_last) + outnet->tcp_wait_last->next_waiting = w; + else outnet->tcp_wait_first = w; + outnet->tcp_wait_last = w; + w->on_tcp_waiting_list = 1; +#ifndef S_SPLINT_S + tv.tv_sec = w->timeout/1000; + tv.tv_usec = (w->timeout%1000)*1000; +#endif + comm_timer_set(w->timer, &tv); +} + +/** add waiting_tcp element as first to the outnet tcp waiting list */ +static void +outnet_add_tcp_waiting_first(struct outside_network* outnet, + struct waiting_tcp* w, int reset_timer) +{ + struct timeval tv; + log_assert(!w->on_tcp_waiting_list); + if(w->on_tcp_waiting_list) + return; + w->next_waiting = outnet->tcp_wait_first; + if(!outnet->tcp_wait_last) + outnet->tcp_wait_last = w; + outnet->tcp_wait_first = w; + w->on_tcp_waiting_list = 1; + if(reset_timer) { +#ifndef S_SPLINT_S + tv.tv_sec = w->timeout/1000; + tv.tv_usec = (w->timeout%1000)*1000; +#endif + comm_timer_set(w->timer, &tv); + } + log_assert( + (!outnet->tcp_reuse_first && !outnet->tcp_reuse_last) || + (outnet->tcp_reuse_first && outnet->tcp_reuse_last)); +} + /** see if buffers can be used to service TCP queries */ static void use_free_buffer(struct outside_network* outnet) { struct waiting_tcp* w; - while(outnet->tcp_free && outnet->tcp_wait_first - && !outnet->want_to_quit) { + while(outnet->tcp_wait_first && !outnet->want_to_quit) { +#ifdef USE_DNSTAP + struct pending_tcp* pend_tcp = NULL; +#endif struct reuse_tcp* reuse = NULL; w = outnet->tcp_wait_first; + log_assert(w->on_tcp_waiting_list); outnet->tcp_wait_first = w->next_waiting; if(outnet->tcp_wait_last == w) outnet->tcp_wait_last = NULL; + log_assert( + (!outnet->tcp_reuse_first && !outnet->tcp_reuse_last) || + (outnet->tcp_reuse_first && outnet->tcp_reuse_last)); w->on_tcp_waiting_list = 0; reuse = reuse_tcp_find(outnet, &w->addr, w->addrlen, w->ssl_upstream); + /* re-select an ID when moving to a new TCP buffer */ + w->id = tcp_select_id(outnet, reuse); + LDNS_ID_SET(w->pkt, w->id); if(reuse) { log_reuse_tcp(VERB_CLIENT, "use free buffer for waiting tcp: " "found reuse", reuse); +#ifdef USE_DNSTAP + pend_tcp = reuse->pending; +#endif reuse_tcp_lru_touch(outnet, reuse); comm_timer_disable(w->timer); w->next_waiting = (void*)reuse->pending; @@ -758,7 +898,7 @@ use_free_buffer(struct outside_network* outnet) reuse->pending->c->fd, reuse->pending, w); } - } else { + } else if(outnet->tcp_free) { struct pending_tcp* pend = w->outnet->tcp_free; rbtree_init(&pend->reuse.tree_by_id, reuse_id_cmp); pend->reuse.pending = pend; @@ -768,37 +908,47 @@ use_free_buffer(struct outside_network* outnet) waiting_tcp_callback(w, NULL, NETEVENT_CLOSED, NULL); waiting_tcp_delete(w); - } - } - } -} - -/** add waiting_tcp element to the outnet tcp waiting list */ -static void -outnet_add_tcp_waiting(struct outside_network* outnet, struct waiting_tcp* w) -{ - struct timeval tv; - if(w->on_tcp_waiting_list) - return; - w->next_waiting = NULL; - if(outnet->tcp_wait_last) - outnet->tcp_wait_last->next_waiting = w; - else outnet->tcp_wait_first = w; - outnet->tcp_wait_last = w; - w->on_tcp_waiting_list = 1; -#ifndef S_SPLINT_S - tv.tv_sec = w->timeout/1000; - tv.tv_usec = (w->timeout%1000)*1000; +#ifdef USE_DNSTAP + w = NULL; #endif - comm_timer_set(w->timer, &tv); + } +#ifdef USE_DNSTAP + pend_tcp = pend; +#endif + } else { + /* no reuse and no free buffer, put back at the start */ + outnet_add_tcp_waiting_first(outnet, w, 0); + break; + } +#ifdef USE_DNSTAP + if(outnet->dtenv && pend_tcp && w && w->sq && + (outnet->dtenv->log_resolver_query_messages || + outnet->dtenv->log_forwarder_query_messages)) { + sldns_buffer tmp; + sldns_buffer_init_frm_data(&tmp, w->pkt, w->pkt_len); + dt_msg_send_outside_query(outnet->dtenv, &w->sq->addr, + &pend_tcp->pi->addr, comm_tcp, w->sq->zone, + w->sq->zonelen, &tmp); + } +#endif + } } /** delete element from tree by id */ static void reuse_tree_by_id_delete(struct reuse_tcp* reuse, struct waiting_tcp* w) { +#ifdef UNBOUND_DEBUG + rbnode_type* rem; +#endif log_assert(w->id_node.key != NULL); +#ifdef UNBOUND_DEBUG + rem = +#else + (void) +#endif rbtree_delete(&reuse->tree_by_id, w); + log_assert(rem); /* should have been there */ w->id_node.key = NULL; } @@ -857,15 +1007,24 @@ reuse_move_writewait_away(struct outside_network* outnet, } /** remove reused element from tree and lru list */ -static void +void reuse_tcp_remove_tree_list(struct outside_network* outnet, struct reuse_tcp* reuse) { verbose(VERB_CLIENT, "reuse_tcp_remove_tree_list"); if(reuse->node.key) { /* delete it from reuse tree */ - (void)rbtree_delete(&outnet->tcp_reuse, reuse); + if(!rbtree_delete(&outnet->tcp_reuse, reuse)) { + /* should not be possible, it should be there */ + char buf[256]; + addr_to_str(&reuse->addr, reuse->addrlen, buf, + sizeof(buf)); + log_err("reuse tcp delete: node not present, internal error, %s ssl %d lru %d", buf, reuse->is_ssl, reuse->item_on_lru_list); + } reuse->node.key = NULL; + /* defend against loops on broken tree by zeroing the + * rbnode structure */ + memset(&reuse->node, 0, sizeof(reuse->node)); } /* delete from reuse list */ if(reuse->item_on_lru_list) { @@ -874,21 +1033,38 @@ reuse_tcp_remove_tree_list(struct outside_network* outnet, * and thus have a pending pointer to the struct */ log_assert(reuse->lru_prev->pending); reuse->lru_prev->lru_next = reuse->lru_next; + log_assert(reuse->lru_prev->lru_next != reuse->lru_prev); } else { log_assert(!reuse->lru_next || reuse->lru_next->pending); outnet->tcp_reuse_first = reuse->lru_next; + log_assert(!outnet->tcp_reuse_first || + (outnet->tcp_reuse_first != + outnet->tcp_reuse_first->lru_next && + outnet->tcp_reuse_first != + outnet->tcp_reuse_first->lru_prev)); } if(reuse->lru_next) { /* assert that members of the lru list are waiting * and thus have a pending pointer to the struct */ log_assert(reuse->lru_next->pending); reuse->lru_next->lru_prev = reuse->lru_prev; + log_assert(reuse->lru_next->lru_prev != reuse->lru_next); } else { log_assert(!reuse->lru_prev || reuse->lru_prev->pending); outnet->tcp_reuse_last = reuse->lru_prev; + log_assert(!outnet->tcp_reuse_last || + (outnet->tcp_reuse_last != + outnet->tcp_reuse_last->lru_next && + outnet->tcp_reuse_last != + outnet->tcp_reuse_last->lru_prev)); } + log_assert((!outnet->tcp_reuse_first && !outnet->tcp_reuse_last) || + (outnet->tcp_reuse_first && outnet->tcp_reuse_last)); reuse->item_on_lru_list = 0; + reuse->lru_next = NULL; + reuse->lru_prev = NULL; } + reuse->pending = NULL; } /** helper function that deletes an element from the tree of readwait @@ -915,8 +1091,12 @@ decommission_pending_tcp(struct outside_network* outnet, struct pending_tcp* pend) { verbose(VERB_CLIENT, "decommission_pending_tcp"); - pend->next_free = outnet->tcp_free; - outnet->tcp_free = pend; + /* A certain code path can lead here twice for the same pending_tcp + * creating a loop in the free pending_tcp list. */ + if(outnet->tcp_free != pend) { + pend->next_free = outnet->tcp_free; + outnet->tcp_free = pend; + } if(pend->reuse.node.key) { /* needs unlink from the reuse tree to get deleted */ reuse_tcp_remove_tree_list(outnet, &pend->reuse); @@ -977,22 +1157,22 @@ static void reuse_cb_and_decommission(struct outside_network* outnet, /** set timeout on tcp fd and setup read event to catch incoming dns msgs */ static void -reuse_tcp_setup_timeout(struct pending_tcp* pend_tcp) +reuse_tcp_setup_timeout(struct pending_tcp* pend_tcp, int tcp_reuse_timeout) { log_reuse_tcp(VERB_CLIENT, "reuse_tcp_setup_timeout", &pend_tcp->reuse); - comm_point_start_listening(pend_tcp->c, -1, REUSE_TIMEOUT); + comm_point_start_listening(pend_tcp->c, -1, tcp_reuse_timeout); } /** set timeout on tcp fd and setup read event to catch incoming dns msgs */ static void -reuse_tcp_setup_read_and_timeout(struct pending_tcp* pend_tcp) +reuse_tcp_setup_read_and_timeout(struct pending_tcp* pend_tcp, int tcp_reuse_timeout) { log_reuse_tcp(VERB_CLIENT, "reuse_tcp_setup_readtimeout", &pend_tcp->reuse); sldns_buffer_clear(pend_tcp->c->buffer); pend_tcp->c->tcp_is_reading = 1; pend_tcp->c->tcp_byte_count = 0; comm_point_stop_listening(pend_tcp->c); - comm_point_start_listening(pend_tcp->c, -1, REUSE_TIMEOUT); + comm_point_start_listening(pend_tcp->c, -1, tcp_reuse_timeout); } int @@ -1002,6 +1182,7 @@ outnet_tcp_cb(struct comm_point* c, void* arg, int error, struct pending_tcp* pend = (struct pending_tcp*)arg; struct outside_network* outnet = pend->reuse.outnet; struct waiting_tcp* w = NULL; + log_assert(pend->reuse.item_on_lru_list && pend->reuse.node.key); verbose(VERB_ALGO, "outnettcp cb"); if(error == NETEVENT_TIMEOUT) { if(pend->c->tcp_write_and_read) { @@ -1048,7 +1229,7 @@ outnet_tcp_cb(struct comm_point* c, void* arg, int error, pend->reuse.cp_more_write_again = 0; pend->c->tcp_is_reading = 1; comm_point_stop_listening(pend->c); - reuse_tcp_setup_timeout(pend); + reuse_tcp_setup_timeout(pend, outnet->tcp_reuse_timeout); } return 0; } else if(error != NETEVENT_NOERROR) { @@ -1101,7 +1282,7 @@ outnet_tcp_cb(struct comm_point* c, void* arg, int error, * and there could be more bytes to read on the input */ if(pend->reuse.tree_by_id.count != 0) pend->reuse.cp_more_read_again = 1; - reuse_tcp_setup_read_and_timeout(pend); + reuse_tcp_setup_read_and_timeout(pend, outnet->tcp_reuse_timeout); return 0; } verbose(VERB_CLIENT, "outnet_tcp_cb reuse after cb: decommission it"); @@ -1369,7 +1550,8 @@ outside_network_create(struct comm_base *base, size_t bufsize, int numavailports, size_t unwanted_threshold, int tcp_mss, void (*unwanted_action)(void*), void* unwanted_param, int do_udp, void* sslctx, int delayclose, int tls_use_sni, struct dt_env* dtenv, - int udp_connect) + int udp_connect, int max_reuse_tcp_queries, int tcp_reuse_timeout, + int tcp_auth_query_timeout) { struct outside_network* outnet = (struct outside_network*) calloc(1, sizeof(struct outside_network)); @@ -1381,6 +1563,9 @@ outside_network_create(struct comm_base *base, size_t bufsize, comm_base_timept(base, &outnet->now_secs, &outnet->now_tv); outnet->base = base; outnet->num_tcp = num_tcp; + outnet->max_reuse_tcp_queries = max_reuse_tcp_queries; + outnet->tcp_reuse_timeout= tcp_reuse_timeout; + outnet->tcp_auth_query_timeout = tcp_auth_query_timeout; outnet->num_tcp_outgoing = 0; outnet->infra = infra; outnet->rnd = rnd; @@ -1457,7 +1642,7 @@ outside_network_create(struct comm_base *base, size_t bufsize, return NULL; } pc->cp = comm_point_create_udp(outnet->base, -1, - outnet->udp_buff, outnet_udp_cb, outnet); + outnet->udp_buff, outnet_udp_cb, outnet, NULL); if(!pc->cp) { log_err("malloc failed"); free(pc); @@ -1609,22 +1794,19 @@ outside_network_delete(struct outside_network* outnet) size_t i; for(i=0; inum_tcp; i++) if(outnet->tcp_conns[i]) { - if(outnet->tcp_conns[i]->query && - !outnet->tcp_conns[i]->query-> - on_tcp_waiting_list) { + struct pending_tcp* pend; + pend = outnet->tcp_conns[i]; + if(pend->reuse.item_on_lru_list) { /* delete waiting_tcp elements that * the tcp conn is working on */ - struct pending_tcp* pend = - (struct pending_tcp*)outnet-> - tcp_conns[i]->query-> - next_waiting; decommission_pending_tcp(outnet, pend); } comm_point_delete(outnet->tcp_conns[i]->c); - waiting_tcp_delete(outnet->tcp_conns[i]->query); free(outnet->tcp_conns[i]); + outnet->tcp_conns[i] = NULL; } free(outnet->tcp_conns); + outnet->tcp_conns = NULL; } if(outnet->tcp_wait_first) { struct waiting_tcp* p = outnet->tcp_wait_first, *np; @@ -1742,14 +1924,14 @@ select_id(struct outside_network* outnet, struct pending* pend, sldns_buffer* packet) { int id_tries = 0; - pend->id = ((unsigned)ub_random(outnet->rnd)>>8) & 0xffff; + pend->id = GET_RANDOM_ID(outnet->rnd); LDNS_ID_SET(sldns_buffer_begin(packet), pend->id); /* insert in tree */ pend->node.key = pend; while(!rbtree_insert(outnet->pending, &pend->node)) { /* change ID to avoid collision */ - pend->id = ((unsigned)ub_random(outnet->rnd)>>8) & 0xffff; + pend->id = GET_RANDOM_ID(outnet->rnd); LDNS_ID_SET(sldns_buffer_begin(packet), pend->id); id_tries++; if(id_tries == MAX_ID_RETRY) { @@ -1779,6 +1961,7 @@ static int udp_connect_needs_log(int err) # ifdef ENETDOWN case ENETDOWN: # endif + case EPERM: if(verbosity >= VERB_ALGO) return 1; return 0; @@ -1931,11 +2114,21 @@ randomize_and_send_udp(struct pending* pend, sldns_buffer* packet, int timeout) comm_timer_set(pend->timer, &tv); #ifdef USE_DNSTAP + /* + * sending src (local service)/dst (upstream) addresses over DNSTAP + * There are no chances to get the src (local service) addr if unbound + * is not configured with specific outgoing IP-addresses. So we will + * pass 0.0.0.0 (::) to argument for + * dt_msg_send_outside_query()/dt_msg_send_outside_response() calls. + */ if(outnet->dtenv && (outnet->dtenv->log_resolver_query_messages || - outnet->dtenv->log_forwarder_query_messages)) - dt_msg_send_outside_query(outnet->dtenv, &pend->addr, comm_udp, - pend->sq->zone, pend->sq->zonelen, packet); + outnet->dtenv->log_forwarder_query_messages)) { + log_addr(VERB_ALGO, "from local addr", &pend->pc->pif->addr, pend->pc->pif->addrlen); + log_addr(VERB_ALGO, "request to upstream", &pend->addr, pend->addrlen); + dt_msg_send_outside_query(outnet->dtenv, &pend->addr, &pend->pc->pif->addr, comm_udp, + pend->sq->zone, pend->sq->zonelen, packet); + } #endif return 1; } @@ -2011,24 +2204,20 @@ outnet_tcptimer(void* arg) static void reuse_tcp_close_oldest(struct outside_network* outnet) { - struct pending_tcp* pend; + struct reuse_tcp* reuse; verbose(VERB_CLIENT, "reuse_tcp_close_oldest"); - if(!outnet->tcp_reuse_last) return; - pend = outnet->tcp_reuse_last->pending; - - /* snip off of LRU */ - log_assert(pend->reuse.lru_next == NULL); - if(pend->reuse.lru_prev) { - outnet->tcp_reuse_last = pend->reuse.lru_prev; - pend->reuse.lru_prev->lru_next = NULL; - } else { - outnet->tcp_reuse_last = NULL; - outnet->tcp_reuse_first = NULL; - } - pend->reuse.item_on_lru_list = 0; - + reuse = reuse_tcp_lru_snip(outnet); + if(!reuse) return; /* free up */ - reuse_cb_and_decommission(outnet, pend, NETEVENT_CLOSED); + reuse_cb_and_decommission(outnet, reuse->pending, NETEVENT_CLOSED); +} + +static uint16_t +tcp_select_id(struct outside_network* outnet, struct reuse_tcp* reuse) +{ + if(reuse) + return reuse_tcp_select_id(reuse, outnet); + return GET_RANDOM_ID(outnet->rnd); } /** find spare ID value for reuse tcp stream. That is random and also does @@ -2044,13 +2233,13 @@ reuse_tcp_select_id(struct reuse_tcp* reuse, struct outside_network* outnet) /* make really sure the tree is not empty */ if(reuse->tree_by_id.count == 0) { - id = ((unsigned)ub_random(outnet->rnd)>>8) & 0xffff; + id = GET_RANDOM_ID(outnet->rnd); return id; } /* try to find random empty spots by picking them */ for(i = 0; irnd)>>8) & 0xffff; + id = GET_RANDOM_ID(outnet->rnd); if(!reuse_tcp_by_id_find(reuse, id)) { return id; } @@ -2126,6 +2315,7 @@ pending_tcp_query(struct serviced_query* sq, sldns_buffer* packet, reuse_tcp_lru_touch(sq->outnet, reuse); } + log_assert(!reuse || (reuse && pend)); /* if !pend but we have reuse streams, close a reuse stream * to be able to open a new one to this target, no use waiting * to reuse a file descriptor while another query needs to use @@ -2133,6 +2323,7 @@ pending_tcp_query(struct serviced_query* sq, sldns_buffer* packet, if(!pend) { reuse_tcp_close_oldest(sq->outnet); pend = sq->outnet->tcp_free; + log_assert(!reuse || (pend == reuse->pending)); } /* allocate space to store query */ @@ -2148,9 +2339,7 @@ pending_tcp_query(struct serviced_query* sq, sldns_buffer* packet, w->pkt = (uint8_t*)w + sizeof(struct waiting_tcp); w->pkt_len = sldns_buffer_limit(packet); memmove(w->pkt, sldns_buffer_begin(packet), w->pkt_len); - if(reuse) - w->id = reuse_tcp_select_id(reuse, sq->outnet); - else w->id = ((unsigned)ub_random(sq->outnet->rnd)>>8) & 0xffff; + w->id = tcp_select_id(sq->outnet, reuse); LDNS_ID_SET(w->pkt, w->id); memcpy(&w->addr, &sq->addr, sq->addrlen); w->addrlen = sq->addrlen; @@ -2167,9 +2356,13 @@ pending_tcp_query(struct serviced_query* sq, sldns_buffer* packet, w->write_wait_next = NULL; w->write_wait_queued = 0; w->error_count = 0; +#ifdef USE_DNSTAP + w->sq = NULL; +#endif if(pend) { /* we have a buffer available right now */ if(reuse) { + log_assert(reuse == &pend->reuse); /* reuse existing fd, write query and continue */ /* store query in tree by id */ verbose(VERB_CLIENT, "pending_tcp_query: reuse, store"); @@ -2201,20 +2394,28 @@ pending_tcp_query(struct serviced_query* sq, sldns_buffer* packet, return NULL; } } +#ifdef USE_DNSTAP + if(sq->outnet->dtenv && + (sq->outnet->dtenv->log_resolver_query_messages || + sq->outnet->dtenv->log_forwarder_query_messages)) { + /* use w->pkt, because it has the ID value */ + sldns_buffer tmp; + sldns_buffer_init_frm_data(&tmp, w->pkt, w->pkt_len); + dt_msg_send_outside_query(sq->outnet->dtenv, &sq->addr, + &pend->pi->addr, comm_tcp, sq->zone, + sq->zonelen, &tmp); + } +#endif } else { /* queue up */ /* waiting for a buffer on the outside network buffer wait * list */ verbose(VERB_CLIENT, "pending_tcp_query: queue to wait"); +#ifdef USE_DNSTAP + w->sq = sq; +#endif outnet_add_tcp_waiting(sq->outnet, w); } -#ifdef USE_DNSTAP - if(sq->outnet->dtenv && - (sq->outnet->dtenv->log_resolver_query_messages || - sq->outnet->dtenv->log_forwarder_query_messages)) - dt_msg_send_outside_query(sq->outnet->dtenv, &sq->addr, - comm_tcp, sq->zone, sq->zonelen, packet); -#endif return w; } @@ -2348,6 +2549,9 @@ waiting_list_remove(struct outside_network* outnet, struct waiting_tcp* w) prev = p; p = p->next_waiting; } + /* waiting_list_remove is currently called only with items that are + * already in the waiting list. */ + log_assert(0); } /** reuse tcp stream, remove serviced query from stream, @@ -2386,7 +2590,7 @@ reuse_tcp_remove_serviced_keep(struct waiting_tcp* w, if(!reuse_tcp_insert(sq->outnet, pend_tcp)) { return 0; } - reuse_tcp_setup_timeout(pend_tcp); + reuse_tcp_setup_timeout(pend_tcp, sq->outnet->tcp_reuse_timeout); return 1; } return 0; @@ -2720,6 +2924,15 @@ serviced_tcp_callback(struct comm_point* c, void* arg, int error, { struct serviced_query* sq = (struct serviced_query*)arg; struct comm_reply r2; +#ifdef USE_DNSTAP + struct waiting_tcp* w = (struct waiting_tcp*)sq->pending; + struct pending_tcp* pend_tcp = NULL; + struct port_if* pi = NULL; + if(!w->on_tcp_waiting_list && w->next_waiting) { + pend_tcp = (struct pending_tcp*)w->next_waiting; + pi = pend_tcp->pi; + } +#endif sq->pending = NULL; /* removed after this callback */ if(error != NETEVENT_NOERROR) log_addr(VERB_QUERY, "tcp error for address", @@ -2728,12 +2941,19 @@ serviced_tcp_callback(struct comm_point* c, void* arg, int error, infra_update_tcp_works(sq->outnet->infra, &sq->addr, sq->addrlen, sq->zone, sq->zonelen); #ifdef USE_DNSTAP - if(error==NETEVENT_NOERROR && sq->outnet->dtenv && + /* + * sending src (local service)/dst (upstream) addresses over DNSTAP + */ + if(error==NETEVENT_NOERROR && pi && sq->outnet->dtenv && (sq->outnet->dtenv->log_resolver_response_messages || - sq->outnet->dtenv->log_forwarder_response_messages)) + sq->outnet->dtenv->log_forwarder_response_messages)) { + log_addr(VERB_ALGO, "response from upstream", &sq->addr, sq->addrlen); + log_addr(VERB_ALGO, "to local addr", &pi->addr, pi->addrlen); dt_msg_send_outside_response(sq->outnet->dtenv, &sq->addr, - c->type, sq->zone, sq->zonelen, sq->qbuf, sq->qbuflen, - &sq->last_sent_time, sq->outnet->now_tv, c->buffer); + &pi->addr, c->type, sq->zone, sq->zonelen, sq->qbuf, + sq->qbuflen, &sq->last_sent_time, sq->outnet->now_tv, + c->buffer); + } #endif if(error==NETEVENT_NOERROR && sq->status == serviced_query_TCP_EDNS && (LDNS_RCODE_WIRE(sldns_buffer_begin(c->buffer)) == @@ -2804,7 +3024,7 @@ serviced_tcp_initiate(struct serviced_query* sq, sldns_buffer* buff) sq->status==serviced_query_TCP_EDNS?"EDNS":""); serviced_encode(sq, buff, sq->status == serviced_query_TCP_EDNS); sq->last_sent_time = *sq->outnet->now_tv; - sq->pending = pending_tcp_query(sq, buff, TCP_AUTH_QUERY_TIMEOUT, + sq->pending = pending_tcp_query(sq, buff, sq->outnet->tcp_auth_query_timeout, serviced_tcp_callback, sq); if(!sq->pending) { /* delete from tree so that a retry by above layer does not @@ -2832,10 +3052,10 @@ serviced_tcp_send(struct serviced_query* sq, sldns_buffer* buff) sq->last_sent_time = *sq->outnet->now_tv; if(sq->tcp_upstream || sq->ssl_upstream) { timeout = rtt; - if(rtt >= UNKNOWN_SERVER_NICENESS && rtt < TCP_AUTH_QUERY_TIMEOUT) - timeout = TCP_AUTH_QUERY_TIMEOUT; + if(rtt >= UNKNOWN_SERVER_NICENESS && rtt < sq->outnet->tcp_auth_query_timeout) + timeout = sq->outnet->tcp_auth_query_timeout; } else { - timeout = TCP_AUTH_QUERY_TIMEOUT; + timeout = sq->outnet->tcp_auth_query_timeout; } sq->pending = pending_tcp_query(sq, buff, timeout, serviced_tcp_callback, sq); @@ -2887,6 +3107,10 @@ serviced_udp_callback(struct comm_point* c, void* arg, int error, struct serviced_query* sq = (struct serviced_query*)arg; struct outside_network* outnet = sq->outnet; struct timeval now = *sq->outnet->now_tv; +#ifdef USE_DNSTAP + struct pending* p = (struct pending*)sq->pending; + struct port_if* pi = p->pc->pif; +#endif sq->pending = NULL; /* removed after callback */ if(error == NETEVENT_TIMEOUT) { @@ -2924,12 +3148,18 @@ serviced_udp_callback(struct comm_point* c, void* arg, int error, return 0; } #ifdef USE_DNSTAP + /* + * sending src (local service)/dst (upstream) addresses over DNSTAP + */ if(error == NETEVENT_NOERROR && outnet->dtenv && (outnet->dtenv->log_resolver_response_messages || - outnet->dtenv->log_forwarder_response_messages)) - dt_msg_send_outside_response(outnet->dtenv, &sq->addr, c->type, - sq->zone, sq->zonelen, sq->qbuf, sq->qbuflen, - &sq->last_sent_time, sq->outnet->now_tv, c->buffer); + outnet->dtenv->log_forwarder_response_messages)) { + log_addr(VERB_ALGO, "response from upstream", &sq->addr, sq->addrlen); + log_addr(VERB_ALGO, "to local addr", &pi->addr, pi->addrlen); + dt_msg_send_outside_response(outnet->dtenv, &sq->addr, &pi->addr, c->type, + sq->zone, sq->zonelen, sq->qbuf, sq->qbuflen, + &sq->last_sent_time, sq->outnet->now_tv, c->buffer); + } #endif if( (sq->status == serviced_query_UDP_EDNS ||sq->status == serviced_query_UDP_EDNS_FRAG) @@ -3203,7 +3433,7 @@ outnet_comm_point_for_udp(struct outside_network* outnet, return NULL; } cp = comm_point_create_udp(outnet->base, fd, outnet->udp_buff, - cb, cb_arg); + cb, cb_arg, NULL); if(!cp) { log_err("malloc failure"); close(fd); @@ -3309,15 +3539,28 @@ outnet_comm_point_for_tcp(struct outside_network* outnet, return cp; } +/** setup the User-Agent HTTP header based on http-user-agent configuration */ +static void +setup_http_user_agent(sldns_buffer* buf, struct config_file* cfg) +{ + if(cfg->hide_http_user_agent) return; + if(cfg->http_user_agent==NULL || cfg->http_user_agent[0] == 0) { + sldns_buffer_printf(buf, "User-Agent: %s/%s\r\n", PACKAGE_NAME, + PACKAGE_VERSION); + } else { + sldns_buffer_printf(buf, "User-Agent: %s\r\n", cfg->http_user_agent); + } +} + /** setup http request headers in buffer for sending query to destination */ static int -setup_http_request(sldns_buffer* buf, char* host, char* path) +setup_http_request(sldns_buffer* buf, char* host, char* path, + struct config_file* cfg) { sldns_buffer_clear(buf); sldns_buffer_printf(buf, "GET /%s HTTP/1.1\r\n", path); sldns_buffer_printf(buf, "Host: %s\r\n", host); - sldns_buffer_printf(buf, "User-Agent: unbound/%s\r\n", - PACKAGE_VERSION); + setup_http_user_agent(buf, cfg); /* We do not really do multiple queries per connection, * but this header setting is also not needed. * sldns_buffer_printf(buf, "Connection: close\r\n") */ @@ -3333,7 +3576,7 @@ struct comm_point* outnet_comm_point_for_http(struct outside_network* outnet, comm_point_callback_type* cb, void* cb_arg, struct sockaddr_storage* to_addr, socklen_t to_addrlen, int timeout, - int ssl, char* host, char* path) + int ssl, char* host, char* path, struct config_file* cfg) { /* cp calls cb with err=NETEVENT_DONE when transfer is done */ struct comm_point* cp; @@ -3369,7 +3612,7 @@ outnet_comm_point_for_http(struct outside_network* outnet, comm_point_start_listening(cp, fd, timeout); /* setup http request in cp->buffer */ - if(!setup_http_request(cp->buffer, host, path)) { + if(!setup_http_request(cp->buffer, host, path, cfg)) { log_err("error setting up http request"); comm_point_delete(cp); return NULL; diff --git a/services/outside_network.h b/services/outside_network.h index fe287af4fcce..d0d532e6425f 100644 --- a/services/outside_network.h +++ b/services/outside_network.h @@ -63,6 +63,7 @@ struct edns_option; struct module_env; struct module_qstate; struct query_info; +struct config_file; /** * Send queries to outside servers and wait for answers from servers. @@ -158,6 +159,12 @@ struct outside_network { size_t num_tcp; /** number of tcp communication points in use. */ size_t num_tcp_outgoing; + /** max number of queries on a reuse connection */ + size_t max_reuse_tcp_queries; + /** timeout for REUSE entries in milliseconds. */ + int tcp_reuse_timeout; + /** timeout in milliseconds for TCP queries to auth servers. */ + int tcp_auth_query_timeout; /** * tree of still-open and waiting tcp connections for reuse. * can be closed and reopened to get a new tcp connection. @@ -295,11 +302,6 @@ struct reuse_tcp { struct outside_network* outnet; }; -/** max number of queries on a reuse connection */ -#define MAX_REUSE_TCP_QUERIES 200 -/** timeout for REUSE entries in milliseconds. */ -#define REUSE_TIMEOUT 60000 - /** * A query that has an answer pending for it. */ @@ -344,6 +346,8 @@ struct pending { struct pending_tcp { /** next in list of free tcp comm points, or NULL. */ struct pending_tcp* next_free; + /** port for of the outgoing interface that is used */ + struct port_if* pi; /** tcp comm point it was sent on (and reply must come back on). */ struct comm_point* c; /** the query being serviced, NULL if the pending_tcp is unused. */ @@ -408,6 +412,10 @@ struct waiting_tcp { char* tls_auth_name; /** the packet was involved in an error, to stop looping errors */ int error_count; +#ifdef USE_DNSTAP + /** serviced query pointer for dnstap to get logging info, if nonNULL*/ + struct serviced_query* sq; +#endif }; /** @@ -534,6 +542,9 @@ struct serviced_query { * @param tls_use_sni: if SNI is used for TLS connections. * @param dtenv: environment to send dnstap events with (if enabled). * @param udp_connect: if the udp_connect option is enabled. + * @param max_reuse_tcp_queries: max number of queries on a reuse connection. + * @param tcp_reuse_timeout: timeout for REUSE entries in milliseconds. + * @param tcp_auth_query_timeout: timeout in milliseconds for TCP queries to auth servers. * @return: the new structure (with no pending answers) or NULL on error. */ struct outside_network* outside_network_create(struct comm_base* base, @@ -543,7 +554,8 @@ struct outside_network* outside_network_create(struct comm_base* base, int numavailports, size_t unwanted_threshold, int tcp_mss, void (*unwanted_action)(void*), void* unwanted_param, int do_udp, void* sslctx, int delayclose, int tls_use_sni, struct dt_env *dtenv, - int udp_connect); + int udp_connect, int max_reuse_tcp_queries, int tcp_reuse_timeout, + int tcp_auth_query_timeout); /** * Delete outside_network structure. @@ -670,12 +682,28 @@ struct waiting_tcp* reuse_tcp_by_id_find(struct reuse_tcp* reuse, uint16_t id); /** insert element in tree by id */ void reuse_tree_by_id_insert(struct reuse_tcp* reuse, struct waiting_tcp* w); +/** insert element in tcp_reuse tree and LRU list */ +int reuse_tcp_insert(struct outside_network* outnet, + struct pending_tcp* pend_tcp); + +/** touch the LRU of the element */ +void reuse_tcp_lru_touch(struct outside_network* outnet, + struct reuse_tcp* reuse); + +/** remove element from tree and LRU list */ +void reuse_tcp_remove_tree_list(struct outside_network* outnet, + struct reuse_tcp* reuse); + +/** snip the last reuse_tcp element off of the LRU list if any */ +struct reuse_tcp* reuse_tcp_lru_snip(struct outside_network* outnet); + /** delete readwait waiting_tcp elements, deletes the elements in the list */ void reuse_del_readwait(rbtree_type* tree_by_id); /** get TCP file descriptor for address, returns -1 on failure, * tcp_mss is 0 or maxseg size to set for TCP packets. */ -int outnet_get_tcp_fd(struct sockaddr_storage* addr, socklen_t addrlen, int tcp_mss, int dscp); +int outnet_get_tcp_fd(struct sockaddr_storage* addr, socklen_t addrlen, + int tcp_mss, int dscp); /** * Create udp commpoint suitable for sending packets to the destination. @@ -729,12 +757,13 @@ struct comm_point* outnet_comm_point_for_tcp(struct outside_network* outnet, * @param ssl: set to true for https. * @param host: hostname to use for the destination. part of http request. * @param path: pathname to lookup, eg. name of the file on the destination. + * @param cfg: running configuration for User-Agent setup. * @return http_out commpoint, or NULL. */ struct comm_point* outnet_comm_point_for_http(struct outside_network* outnet, comm_point_callback_type* cb, void* cb_arg, struct sockaddr_storage* to_addr, socklen_t to_addrlen, int timeout, - int ssl, char* host, char* path); + int ssl, char* host, char* path, struct config_file* cfg); /** connect tcp connection to addr, 0 on failure */ int outnet_tcp_connect(int s, struct sockaddr_storage* addr, socklen_t addrlen); diff --git a/services/rpz.c b/services/rpz.c index 2b6b0ac3fccf..3a1ec00d7d38 100644 --- a/services/rpz.c +++ b/services/rpz.c @@ -162,6 +162,7 @@ rpz_rr_to_action(uint16_t rr_type, uint8_t* rdatawl, size_t rdatalen) case LDNS_RR_TYPE_RRSIG: case LDNS_RR_TYPE_NSEC: case LDNS_RR_TYPE_NSEC3: + case LDNS_RR_TYPE_NSEC3PARAM: return RPZ_INVALID_ACTION; case LDNS_RR_TYPE_CNAME: break; @@ -479,8 +480,21 @@ rpz_insert_qname_trigger(struct rpz* r, uint8_t* dname, size_t dnamelen, int newzone = 0; if(a == RPZ_TCP_ONLY_ACTION || a == RPZ_INVALID_ACTION) { - verbose(VERB_ALGO, "RPZ: skipping unsupported action: %s", - rpz_action_to_string(a)); + char str[255+1]; + if(rrtype == LDNS_RR_TYPE_SOA || rrtype == LDNS_RR_TYPE_NS || + rrtype == LDNS_RR_TYPE_DNAME || + rrtype == LDNS_RR_TYPE_DNSKEY || + rrtype == LDNS_RR_TYPE_RRSIG || + rrtype == LDNS_RR_TYPE_NSEC || + rrtype == LDNS_RR_TYPE_NSEC3PARAM || + rrtype == LDNS_RR_TYPE_NSEC3 || + rrtype == LDNS_RR_TYPE_DS) { + free(dname); + return; /* no need to log these types as unsupported */ + } + dname_str(dname, str); + verbose(VERB_ALGO, "RPZ: qname trigger, %s skipping unsupported action: %s", + str, rpz_action_to_string(a)); free(dname); return; } @@ -552,8 +566,10 @@ rpz_insert_response_ip_trigger(struct rpz* r, uint8_t* dname, size_t dnamelen, if(a == RPZ_TCP_ONLY_ACTION || a == RPZ_INVALID_ACTION || respa == respip_invalid) { - verbose(VERB_ALGO, "RPZ: skipping unsupported action: %s", - rpz_action_to_string(a)); + char str[255+1]; + dname_str(dname, str); + verbose(VERB_ALGO, "RPZ: respip trigger, %s skipping unsupported action: %s", + str, rpz_action_to_string(a)); return 0; } @@ -702,7 +718,7 @@ rpz_find_zone(struct rpz* r, uint8_t* qname, size_t qname_len, uint16_t qclass, * zone match, append '*' to that and do another lookup. */ ce = dname_get_shared_topdomain(z->name, qname); - if(!ce /* should not happen */ || !*ce /* root */) { + if(!ce /* should not happen */) { lock_rw_unlock(&z->lock); if(zones_keep_lock) { lock_rw_unlock(&r->local_zones->lock); diff --git a/sldns/keyraw.c b/sldns/keyraw.c index 2ec225bc5bd8..b1e60d8b52a8 100644 --- a/sldns/keyraw.c +++ b/sldns/keyraw.c @@ -26,11 +26,15 @@ #ifdef HAVE_OPENSSL_BN_H #include #endif -#ifdef HAVE_OPENSSL_RSA_H -#include -#endif -#ifdef HAVE_OPENSSL_DSA_H -#include +#ifdef HAVE_OPENSSL_PARAM_BUILD_H +# include +#else +# ifdef HAVE_OPENSSL_RSA_H +# include +# endif +# ifdef HAVE_OPENSSL_DSA_H +# include +# endif #endif #endif /* HAVE_SSL */ @@ -191,45 +195,59 @@ void sldns_key_EVP_unload_gost(void) } #endif /* USE_GOST */ -DSA * -sldns_key_buf2dsa_raw(unsigned char* key, size_t len) +/* Retrieve params as BIGNUM from raw buffer */ +static int +sldns_key_dsa_buf_bignum(unsigned char* key, size_t len, BIGNUM** p, + BIGNUM** q, BIGNUM** g, BIGNUM** y) { uint8_t T; uint16_t length; uint16_t offset; - DSA *dsa; - BIGNUM *Q; BIGNUM *P; - BIGNUM *G; BIGNUM *Y; if(len == 0) - return NULL; + return 0; T = (uint8_t)key[0]; length = (64 + T * 8); offset = 1; if (T > 8) { - return NULL; + return 0; } if(len < (size_t)1 + SHA_DIGEST_LENGTH + 3*length) - return NULL; + return 0; - Q = BN_bin2bn(key+offset, SHA_DIGEST_LENGTH, NULL); + *q = BN_bin2bn(key+offset, SHA_DIGEST_LENGTH, NULL); offset += SHA_DIGEST_LENGTH; - P = BN_bin2bn(key+offset, (int)length, NULL); + *p = BN_bin2bn(key+offset, (int)length, NULL); offset += length; - G = BN_bin2bn(key+offset, (int)length, NULL); + *g = BN_bin2bn(key+offset, (int)length, NULL); offset += length; - Y = BN_bin2bn(key+offset, (int)length, NULL); + *y = BN_bin2bn(key+offset, (int)length, NULL); + if(!*q || !*p || !*g || !*y) { + BN_free(*q); + BN_free(*p); + BN_free(*g); + BN_free(*y); + return 0; + } + return 1; +} + +#ifndef HAVE_OSSL_PARAM_BLD_NEW +DSA * +sldns_key_buf2dsa_raw(unsigned char* key, size_t len) +{ + DSA *dsa; + BIGNUM *Q=NULL, *P=NULL, *G=NULL, *Y=NULL; + if(!sldns_key_dsa_buf_bignum(key, len, &P, &Q, &G, &Y)) { + return NULL; + } /* create the key and set its properties */ - if(!Q || !P || !G || !Y || !(dsa = DSA_new())) { - BN_free(Q); - BN_free(P); - BN_free(G); - BN_free(Y); + if(!(dsa = DSA_new())) { return NULL; } #if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL) @@ -261,22 +279,111 @@ sldns_key_buf2dsa_raw(unsigned char* key, size_t len) return dsa; } +#endif /* HAVE_OSSL_PARAM_BLD_NEW */ -RSA * -sldns_key_buf2rsa_raw(unsigned char* key, size_t len) +EVP_PKEY *sldns_key_dsa2pkey_raw(unsigned char* key, size_t len) +{ +#ifdef HAVE_OSSL_PARAM_BLD_NEW + EVP_PKEY* evp_key = NULL; + EVP_PKEY_CTX* ctx; + BIGNUM *p=NULL, *q=NULL, *g=NULL, *y=NULL; + OSSL_PARAM_BLD* param_bld; + OSSL_PARAM* params = NULL; + if(!sldns_key_dsa_buf_bignum(key, len, &p, &q, &g, &y)) { + return NULL; + } + + param_bld = OSSL_PARAM_BLD_new(); + if(!param_bld) { + BN_free(p); + BN_free(q); + BN_free(g); + BN_free(y); + return NULL; + } + if(!OSSL_PARAM_BLD_push_BN(param_bld, "p", p) || + !OSSL_PARAM_BLD_push_BN(param_bld, "g", g) || + !OSSL_PARAM_BLD_push_BN(param_bld, "q", q) || + !OSSL_PARAM_BLD_push_BN(param_bld, "pub", y)) { + OSSL_PARAM_BLD_free(param_bld); + BN_free(p); + BN_free(q); + BN_free(g); + BN_free(y); + return NULL; + } + params = OSSL_PARAM_BLD_to_param(param_bld); + OSSL_PARAM_BLD_free(param_bld); + + ctx = EVP_PKEY_CTX_new_from_name(NULL, "DSA", NULL); + if(!ctx) { + OSSL_PARAM_free(params); + BN_free(p); + BN_free(q); + BN_free(g); + BN_free(y); + return NULL; + } + if(EVP_PKEY_fromdata_init(ctx) <= 0) { + EVP_PKEY_CTX_free(ctx); + OSSL_PARAM_free(params); + BN_free(p); + BN_free(q); + BN_free(g); + BN_free(y); + return NULL; + } + if(EVP_PKEY_fromdata(ctx, &evp_key, EVP_PKEY_PUBLIC_KEY, params) <= 0) { + EVP_PKEY_CTX_free(ctx); + OSSL_PARAM_free(params); + BN_free(p); + BN_free(q); + BN_free(g); + BN_free(y); + return NULL; + } + + EVP_PKEY_CTX_free(ctx); + OSSL_PARAM_free(params); + BN_free(p); + BN_free(q); + BN_free(g); + BN_free(y); + return evp_key; +#else + DSA* dsa; + EVP_PKEY* evp_key = EVP_PKEY_new(); + if(!evp_key) { + return NULL; + } + dsa = sldns_key_buf2dsa_raw(key, len); + if(!dsa) { + EVP_PKEY_free(evp_key); + return NULL; + } + if(EVP_PKEY_assign_DSA(evp_key, dsa) == 0) { + DSA_free(dsa); + EVP_PKEY_free(evp_key); + return NULL; + } + return evp_key; +#endif +} + +/* Retrieve params as BIGNUM from raw buffer, n is modulus, e is exponent */ +static int +sldns_key_rsa_buf_bignum(unsigned char* key, size_t len, BIGNUM** n, + BIGNUM** e) { uint16_t offset; uint16_t exp; uint16_t int16; - RSA *rsa; - BIGNUM *modulus; - BIGNUM *exponent; if (len == 0) - return NULL; + return 0; if (key[0] == 0) { if(len < 3) - return NULL; + return 0; memmove(&int16, key+1, 2); exp = ntohs(int16); offset = 3; @@ -287,23 +394,34 @@ sldns_key_buf2rsa_raw(unsigned char* key, size_t len) /* key length at least one */ if(len < (size_t)offset + exp + 1) - return NULL; + return 0; /* Exponent */ - exponent = BN_new(); - if(!exponent) return NULL; - (void) BN_bin2bn(key+offset, (int)exp, exponent); + *e = BN_new(); + if(!*e) return 0; + (void) BN_bin2bn(key+offset, (int)exp, *e); offset += exp; /* Modulus */ - modulus = BN_new(); - if(!modulus) { - BN_free(exponent); - return NULL; + *n = BN_new(); + if(!*n) { + BN_free(*e); + return 0; } /* length of the buffer must match the key length! */ - (void) BN_bin2bn(key+offset, (int)(len - offset), modulus); + (void) BN_bin2bn(key+offset, (int)(len - offset), *n); + return 1; +} +#ifndef HAVE_OSSL_PARAM_BLD_NEW +RSA * +sldns_key_buf2rsa_raw(unsigned char* key, size_t len) +{ + BIGNUM* modulus = NULL; + BIGNUM* exponent = NULL; + RSA *rsa; + if(!sldns_key_rsa_buf_bignum(key, len, &modulus, &exponent)) + return NULL; rsa = RSA_new(); if(!rsa) { BN_free(exponent); @@ -327,6 +445,88 @@ sldns_key_buf2rsa_raw(unsigned char* key, size_t len) return rsa; } +#endif /* HAVE_OSSL_PARAM_BLD_NEW */ + +EVP_PKEY* sldns_key_rsa2pkey_raw(unsigned char* key, size_t len) +{ +#ifdef HAVE_OSSL_PARAM_BLD_NEW + EVP_PKEY* evp_key = NULL; + EVP_PKEY_CTX* ctx; + BIGNUM *n=NULL, *e=NULL; + OSSL_PARAM_BLD* param_bld; + OSSL_PARAM* params = NULL; + + if(!sldns_key_rsa_buf_bignum(key, len, &n, &e)) { + return NULL; + } + + param_bld = OSSL_PARAM_BLD_new(); + if(!param_bld) { + BN_free(n); + BN_free(e); + return NULL; + } + if(!OSSL_PARAM_BLD_push_BN(param_bld, "n", n)) { + OSSL_PARAM_BLD_free(param_bld); + BN_free(n); + BN_free(e); + return NULL; + } + if(!OSSL_PARAM_BLD_push_BN(param_bld, "e", e)) { + OSSL_PARAM_BLD_free(param_bld); + BN_free(n); + BN_free(e); + return NULL; + } + params = OSSL_PARAM_BLD_to_param(param_bld); + OSSL_PARAM_BLD_free(param_bld); + + ctx = EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL); + if(!ctx) { + OSSL_PARAM_free(params); + BN_free(n); + BN_free(e); + return NULL; + } + if(EVP_PKEY_fromdata_init(ctx) <= 0) { + EVP_PKEY_CTX_free(ctx); + OSSL_PARAM_free(params); + BN_free(n); + BN_free(e); + return NULL; + } + if(EVP_PKEY_fromdata(ctx, &evp_key, EVP_PKEY_PUBLIC_KEY, params) <= 0) { + EVP_PKEY_CTX_free(ctx); + OSSL_PARAM_free(params); + BN_free(n); + BN_free(e); + return NULL; + } + + EVP_PKEY_CTX_free(ctx); + OSSL_PARAM_free(params); + BN_free(n); + BN_free(e); + return evp_key; +#else + RSA* rsa; + EVP_PKEY *evp_key = EVP_PKEY_new(); + if(!evp_key) { + return NULL; + } + rsa = sldns_key_buf2rsa_raw(key, len); + if(!rsa) { + EVP_PKEY_free(evp_key); + return NULL; + } + if(EVP_PKEY_assign_RSA(evp_key, rsa) == 0) { + RSA_free(rsa); + EVP_PKEY_free(evp_key); + return NULL; + } + return evp_key; +#endif +} #ifdef USE_GOST EVP_PKEY* @@ -357,6 +557,62 @@ sldns_gost2pkey_raw(unsigned char* key, size_t keylen) EVP_PKEY* sldns_ecdsa2pkey_raw(unsigned char* key, size_t keylen, uint8_t algo) { +#ifdef HAVE_OSSL_PARAM_BLD_NEW + unsigned char buf[256+2]; /* sufficient for 2*384/8+1 */ + EVP_PKEY *evp_key = NULL; + EVP_PKEY_CTX* ctx; + OSSL_PARAM_BLD* param_bld; + OSSL_PARAM* params = NULL; + char* group = NULL; + + /* check length, which uncompressed must be 2 bignums */ + if(algo == LDNS_ECDSAP256SHA256) { + if(keylen != 2*256/8) return NULL; + group = "prime256v1"; + } else if(algo == LDNS_ECDSAP384SHA384) { + if(keylen != 2*384/8) return NULL; + group = "P-384"; + } else { + return NULL; + } + if(keylen+1 > sizeof(buf)) { /* sanity check */ + return NULL; + } + /* prepend the 0x04 for uncompressed format */ + buf[0] = POINT_CONVERSION_UNCOMPRESSED; + memmove(buf+1, key, keylen); + + param_bld = OSSL_PARAM_BLD_new(); + if(!param_bld) { + return NULL; + } + if(!OSSL_PARAM_BLD_push_utf8_string(param_bld, "group", group, 0) || + !OSSL_PARAM_BLD_push_octet_string(param_bld, "pub", buf, keylen+1)) { + OSSL_PARAM_BLD_free(param_bld); + return NULL; + } + params = OSSL_PARAM_BLD_to_param(param_bld); + OSSL_PARAM_BLD_free(param_bld); + + ctx = EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL); + if(!ctx) { + OSSL_PARAM_free(params); + return NULL; + } + if(EVP_PKEY_fromdata_init(ctx) <= 0) { + EVP_PKEY_CTX_free(ctx); + OSSL_PARAM_free(params); + return NULL; + } + if(EVP_PKEY_fromdata(ctx, &evp_key, EVP_PKEY_PUBLIC_KEY, params) <= 0) { + EVP_PKEY_CTX_free(ctx); + OSSL_PARAM_free(params); + return NULL; + } + EVP_PKEY_CTX_free(ctx); + OSSL_PARAM_free(params); + return evp_key; +#else unsigned char buf[256+2]; /* sufficient for 2*384/8+1 */ const unsigned char* pp = buf; EVP_PKEY *evp_key; @@ -393,6 +649,7 @@ sldns_ecdsa2pkey_raw(unsigned char* key, size_t keylen, uint8_t algo) return NULL; } return evp_key; +#endif /* HAVE_OSSL_PARAM_BLD_NEW */ } #endif /* USE_ECDSA */ diff --git a/sldns/keyraw.h b/sldns/keyraw.h index 989b02ce052e..b1f19740cd6c 100644 --- a/sldns/keyraw.h +++ b/sldns/keyraw.h @@ -57,6 +57,7 @@ int sldns_key_EVP_load_gost_id(void); /** Release the engine reference held for the GOST engine. */ void sldns_key_EVP_unload_gost(void); +#ifndef HAVE_OSSL_PARAM_BLD_NEW /** * Like sldns_key_buf2dsa, but uses raw buffer. * \param[in] key the uncompressed wireformat of the key. @@ -64,6 +65,15 @@ void sldns_key_EVP_unload_gost(void); * \return a DSA * structure with the key material */ DSA *sldns_key_buf2dsa_raw(unsigned char* key, size_t len); +#endif + +/** + * Converts a holding buffer with DSA key material to EVP PKEY in openssl. + * \param[in] key the uncompressed wireformat of the key. + * \param[in] len length of key data + * \return the key or NULL on error. + */ +EVP_PKEY *sldns_key_dsa2pkey_raw(unsigned char* key, size_t len); /** * Converts a holding buffer with key material to EVP PKEY in openssl. @@ -84,6 +94,7 @@ EVP_PKEY* sldns_gost2pkey_raw(unsigned char* key, size_t keylen); */ EVP_PKEY* sldns_ecdsa2pkey_raw(unsigned char* key, size_t keylen, uint8_t algo); +#ifndef HAVE_OSSL_PARAM_BLD_NEW /** * Like sldns_key_buf2rsa, but uses raw buffer. * \param[in] key the uncompressed wireformat of the key. @@ -91,6 +102,15 @@ EVP_PKEY* sldns_ecdsa2pkey_raw(unsigned char* key, size_t keylen, uint8_t algo); * \return a RSA * structure with the key material */ RSA *sldns_key_buf2rsa_raw(unsigned char* key, size_t len); +#endif + +/** + * Converts a holding buffer with RSA key material to EVP PKEY in openssl. + * \param[in] key the uncompressed wireformat of the key. + * \param[in] len length of key data + * \return the key or NULL on error. + */ +EVP_PKEY* sldns_key_rsa2pkey_raw(unsigned char* key, size_t len); /** * Converts a holding buffer with key material to EVP PKEY in openssl. diff --git a/sldns/parse.c b/sldns/parse.c index f4de8602fd69..491c8f51bf10 100644 --- a/sldns/parse.c +++ b/sldns/parse.c @@ -149,6 +149,9 @@ sldns_fget_token_l(FILE *f, char *token, const char *delim, size_t limit, int *l if (c != '\0' && c != '\n') { *t++ = c; } + if (c == '\n' && line_nr) { + *line_nr = *line_nr + 1; + } if (c == '\\' && prev_c == '\\') prev_c = 0; else prev_c = c; diff --git a/sldns/parse.h b/sldns/parse.h index 44236bfd4951..fa8f51a924c4 100644 --- a/sldns/parse.h +++ b/sldns/parse.h @@ -153,7 +153,6 @@ int sldns_bgetc(struct sldns_buffer *buffer); * the position to the first character that is not in *s. * \param[in] *buffer buffer to use * \param[in] *s characters to skip - * \return void */ void sldns_bskipcs(struct sldns_buffer *buffer, const char *s); @@ -162,7 +161,6 @@ void sldns_bskipcs(struct sldns_buffer *buffer, const char *s); * the position to the first character that is not in *s. * \param[in] *fp file to use * \param[in] *s characters to skip - * \return void */ void sldns_fskipcs(FILE *fp, const char *s); @@ -173,7 +171,6 @@ void sldns_fskipcs(FILE *fp, const char *s); * \param[in] *fp file to use * \param[in] *s characters to skip * \param[in] line_nr pointer to an integer containing the current line number (for debugging purposes) - * \return void */ void sldns_fskipcs_l(FILE *fp, const char *s, int *line_nr); diff --git a/sldns/parseutil.c b/sldns/parseutil.c index 9f289d3596c3..ba71df55d501 100644 --- a/sldns/parseutil.c +++ b/sldns/parseutil.c @@ -790,3 +790,18 @@ int sldns_b64url_pton(char const *src, size_t srcsize, uint8_t *target, } return sldns_b64_pton_base(src, srcsize, target, targsize, 1); } + +int sldns_b64_contains_nonurl(char const *src, size_t srcsize) +{ + const char* s = src; + while(*s && srcsize) { + char d = *s++; + srcsize--; + /* the '+' and the '/' and padding '=' is not allowed in b64 + * url encoding */ + if(d == '+' || d == '/' || d == '=') { + return 1; + } + } + return 0; +} diff --git a/sldns/parseutil.h b/sldns/parseutil.h index 7eb23317f285..74d7c727571a 100644 --- a/sldns/parseutil.h +++ b/sldns/parseutil.h @@ -102,6 +102,7 @@ size_t sldns_b64_pton_calculate_size(size_t srcsize); int sldns_b64_pton(char const *src, uint8_t *target, size_t targsize); int sldns_b64url_pton(char const *src, size_t srcsize, uint8_t *target, size_t targsize); +int sldns_b64_contains_nonurl(char const *src, size_t srcsize); /** * calculates the size needed to store the result of b32_ntop diff --git a/sldns/rrdef.c b/sldns/rrdef.c index 0af015f4b3b5..fe5c8e104a88 100644 --- a/sldns/rrdef.c +++ b/sldns/rrdef.c @@ -150,6 +150,12 @@ static const sldns_rdf_type type_openpgpkey_wireformat[] = { static const sldns_rdf_type type_csync_wireformat[] = { LDNS_RDF_TYPE_INT32, LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_NSEC }; +static const sldns_rdf_type type_zonemd_wireformat[] = { + LDNS_RDF_TYPE_INT32, LDNS_RDF_TYPE_INT8, LDNS_RDF_TYPE_INT8, LDNS_RDF_TYPE_HEX +}; +static const sldns_rdf_type type_svcb_wireformat[] = { + LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_DNAME +}; /* nsec3 is some vars, followed by same type of data of nsec */ static const sldns_rdf_type type_nsec3_wireformat[] = { /* LDNS_RDF_TYPE_NSEC3_VARS, LDNS_RDF_TYPE_NSEC3_NEXT_OWNER, LDNS_RDF_TYPE_NSEC*/ @@ -372,9 +378,12 @@ static sldns_rr_descriptor rdata_field_descriptors[] = { {LDNS_RR_TYPE_OPENPGPKEY, "OPENPGPKEY", 1, 1, type_openpgpkey_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, /* 62 */ {LDNS_RR_TYPE_CSYNC, "CSYNC", 3, 3, type_csync_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{(enum sldns_enum_rr_type)0, "TYPE63", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{(enum sldns_enum_rr_type)0, "TYPE64", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{(enum sldns_enum_rr_type)0, "TYPE65", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, + /* 63 */ + {LDNS_RR_TYPE_ZONEMD, "ZONEMD", 4, 4, type_zonemd_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, + /* 64 */ + {LDNS_RR_TYPE_SVCB, "SVCB", 2, 2, type_svcb_wireformat, LDNS_RDF_TYPE_SVCPARAM, LDNS_RR_NO_COMPRESS, 0 }, + /* 65 */ + {LDNS_RR_TYPE_HTTPS, "HTTPS", 2, 2, type_svcb_wireformat, LDNS_RDF_TYPE_SVCPARAM, LDNS_RR_NO_COMPRESS, 0 }, {(enum sldns_enum_rr_type)0, "TYPE66", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, {(enum sldns_enum_rr_type)0, "TYPE67", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, {(enum sldns_enum_rr_type)0, "TYPE68", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, diff --git a/sldns/rrdef.h b/sldns/rrdef.h index e084f354a8a1..42d5de064eea 100644 --- a/sldns/rrdef.h +++ b/sldns/rrdef.h @@ -195,6 +195,9 @@ enum sldns_enum_rr_type LDNS_RR_TYPE_CDNSKEY = 60, /** RFC 7344 */ LDNS_RR_TYPE_OPENPGPKEY = 61, /* RFC 7929 */ LDNS_RR_TYPE_CSYNC = 62, /* RFC 7477 */ + LDNS_RR_TYPE_ZONEMD = 63, /* draft-ietf-dnsop-dns-zone-digest-12 */ + LDNS_RR_TYPE_SVCB = 64, /* draft-ietf-dnsop-svcb-https-04 */ + LDNS_RR_TYPE_HTTPS = 65, /* draft-ietf-dnsop-svcb-https-04 */ LDNS_RR_TYPE_SPF = 99, /* RFC 4408 */ @@ -352,8 +355,13 @@ enum sldns_enum_rdf_type /** TSIG extended 16bit error value */ LDNS_RDF_TYPE_TSIGERROR, + /* draft-ietf-dnsop-svcb-https-05: + * each SvcParam consisting of a SvcParamKey=SvcParamValue pair or + * a standalone SvcParamKey */ + LDNS_RDF_TYPE_SVCPARAM, + /* Aliases */ - LDNS_RDF_TYPE_BITMAP = LDNS_RDF_TYPE_NSEC + LDNS_RDF_TYPE_BITMAP = LDNS_RDF_TYPE_NSEC, }; typedef enum sldns_enum_rdf_type sldns_rdf_type; diff --git a/sldns/sbuffer.h b/sldns/sbuffer.h index 5dbe988cd1b8..1b7fe370cc4e 100644 --- a/sldns/sbuffer.h +++ b/sldns/sbuffer.h @@ -202,7 +202,6 @@ INLINE void sldns_buffer_clear(sldns_buffer *buffer) * the position is set to 0. * * \param[in] buffer the buffer to flip - * \return void */ INLINE void sldns_buffer_flip(sldns_buffer *buffer) { @@ -732,7 +731,6 @@ int sldns_buffer_printf(sldns_buffer *buffer, const char *format, ...) /** * frees the buffer. * \param[in] *buffer the buffer to be freed - * \return void */ void sldns_buffer_free(sldns_buffer *buffer); diff --git a/sldns/str2wire.c b/sldns/str2wire.c index 977cda28a2da..fbd615cbfd7d 100644 --- a/sldns/str2wire.c +++ b/sldns/str2wire.c @@ -29,7 +29,6 @@ #define RET_ERR(e, off) ((int)((e)|((off)<= MAX_NUMBER_OF_SVCPARAMS) + return LDNS_WIREPARSE_ERR_SVCB_TOO_MANY_PARAMS; + } + + /* In draft-ietf-dnsop-svcb-https-06 Section 7: + * + * In wire format, the keys are represented by their numeric + * values in network byte order, concatenated in ascending order. + */ + qsort((void *)svcparams + ,nparams + ,sizeof(uint8_t*) + ,sldns_str2wire_svcparam_key_cmp); + + + /* The code below revolves around sematic errors in the SVCParam set. + * So long as we do not distinguish between running Unbound as a primary + * or as a secondary, we default to secondary behavior and we ignore the + * sematic errors. */ + +#ifdef SVCB_SEMANTIC_ERRORS + { + uint8_t* mandatory = NULL; + /* In draft-ietf-dnsop-svcb-https-06 Section 7: + * + * Keys (...) MUST NOT appear more than once. + * + * If they key has already been seen, we have a duplicate + */ + for(i=0; i < nparams; i++) { + uint16_t key = sldns_read_uint16(svcparams[i]); + if(i + 1 < nparams && key == sldns_read_uint16(svcparams[i+1])) + return LDNS_WIREPARSE_ERR_SVCB_DUPLICATE_KEYS; + if(key == SVCB_KEY_MANDATORY) + mandatory = svcparams[i]; + } + + /* 4. verify that all the SvcParamKeys in mandatory are present */ + if(mandatory) { + /* Divide by sizeof(uint16_t)*/ + uint16_t mandatory_nkeys = sldns_read_uint16(mandatory + 2) / sizeof(uint16_t); + + /* Guaranteed by sldns_str2wire_svcparam_key_value */ + assert(mandatory_nkeys > 0); + + for(i=0; i < mandatory_nkeys; i++) { + uint16_t mandatory_key = sldns_read_uint16( + mandatory + + 2 * sizeof(uint16_t) + + i * sizeof(uint16_t)); + uint8_t found = 0; + size_t j; + + for(j=0; j < nparams; j++) { + if(mandatory_key == sldns_read_uint16(svcparams[j])) { + found = 1; + break; + } + } + + if(!found) + return LDNS_WIREPARSE_ERR_SVCB_MANDATORY_MISSING_PARAM; + } + } + } +#endif + /* Write rdata in correct order */ + for (i = 0; i < nparams; i++) { + uint16_t svcparam_len = sldns_read_uint16(svcparams[i] + 2) + + 2 * sizeof(uint16_t); + + if ((unsigned)(new_rdata_ptr - new_rdata) + svcparam_len > sizeof(new_rdata)) + return LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL; + + memcpy(new_rdata_ptr, svcparams[i], svcparam_len); + new_rdata_ptr += svcparam_len; + } + memcpy(rdata, new_rdata, rdata_len); + return LDNS_WIREPARSE_ERR_OK; +} + /** parse rdata from string into rr buffer(-remainder after dname). */ static int rrinternal_parse_rdata(sldns_buffer* strbuf, char* token, size_t token_len, @@ -712,6 +827,42 @@ rrinternal_parse_rdata(sldns_buffer* strbuf, char* token, size_t token_len, /* write rdata length */ sldns_write_uint16(rr+dname_len+8, (uint16_t)(rr_cur_len-dname_len-10)); *rr_len = rr_cur_len; + /* SVCB/HTTPS handling */ + if (rr_type == LDNS_RR_TYPE_SVCB || rr_type == LDNS_RR_TYPE_HTTPS) { + size_t rdata_len = rr_cur_len - dname_len - 10; + uint8_t *rdata = rr+dname_len + 10; + + /* skip 1st rdata field SvcPriority (uint16_t) */ + if (rdata_len < sizeof(uint16_t)) + return LDNS_WIREPARSE_ERR_OK; + + rdata_len -= sizeof(uint16_t); + rdata += sizeof(uint16_t); + + /* skip 2nd rdata field dname */ + while (rdata_len && *rdata != 0) { + uint8_t label_len; + + if (*rdata & 0xC0) + return LDNS_WIREPARSE_ERR_OK; + + label_len = *rdata + 1; + if (rdata_len < label_len) + return LDNS_WIREPARSE_ERR_OK; + + rdata_len -= label_len; + rdata += label_len; + } + /* The root label is one more character, so smaller + * than 1 + 1 means no Svcparam Keys */ + if (rdata_len < 2 || *rdata != 0) + return LDNS_WIREPARSE_ERR_OK; + + rdata_len -= 1; + rdata += 1; + return sldns_str2wire_check_svcbparams(rdata, rdata_len); + + } return LDNS_WIREPARSE_ERR_OK; } @@ -929,11 +1080,533 @@ int sldns_fp2wire_rr_buf(FILE* in, uint8_t* rr, size_t* len, size_t* dname_len, memmove(parse_state->prev_rr, rr, *dname_len); parse_state->prev_rr_len = (*dname_len); } + if(r == LDNS_WIREPARSE_ERR_OK && parse_state) { + parse_state->default_ttl = sldns_wirerr_get_ttl( + rr, *len, *dname_len); + } return r; } return LDNS_WIREPARSE_ERR_OK; } +static int +sldns_str2wire_svcparam_key_lookup(const char *key, size_t key_len) +{ + char buf[64]; + char *endptr; + unsigned long int key_value; + + if (key_len >= 4 && key_len <= 8 && !strncmp(key, "key", 3)) { + memcpy(buf, key + 3, key_len - 3); + buf[key_len - 3] = 0; + key_value = strtoul(buf, &endptr, 10); + + if (endptr > buf /* digits seen */ + && *endptr == 0 /* no non-digit chars after digits */ + && key_value <= 65535) /* no overflow */ + return key_value; + + } else switch (key_len) { + case sizeof("mandatory")-1: + if (!strncmp(key, "mandatory", sizeof("mandatory")-1)) + return SVCB_KEY_MANDATORY; + if (!strncmp(key, "echconfig", sizeof("echconfig")-1)) + return SVCB_KEY_ECH; /* allow "echconfig as well as "ech" */ + break; + + case sizeof("alpn")-1: + if (!strncmp(key, "alpn", sizeof("alpn")-1)) + return SVCB_KEY_ALPN; + if (!strncmp(key, "port", sizeof("port")-1)) + return SVCB_KEY_PORT; + break; + + case sizeof("no-default-alpn")-1: + if (!strncmp( key , "no-default-alpn" + , sizeof("no-default-alpn")-1)) + return SVCB_KEY_NO_DEFAULT_ALPN; + break; + + case sizeof("ipv4hint")-1: + if (!strncmp(key, "ipv4hint", sizeof("ipv4hint")-1)) + return SVCB_KEY_IPV4HINT; + if (!strncmp(key, "ipv6hint", sizeof("ipv6hint")-1)) + return SVCB_KEY_IPV6HINT; + break; + + case sizeof("ech")-1: + if (!strncmp(key, "ech", sizeof("ech")-1)) + return SVCB_KEY_ECH; + break; + + default: + break; + } + + /* Although the returned value might be used by the caller, + * the parser has erred, so the zone will not be loaded. + */ + return -1; +} + +static int +sldns_str2wire_svcparam_port(const char* val, uint8_t* rd, size_t* rd_len) +{ + unsigned long int port; + char *endptr; + + if (*rd_len < 6) + return LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL; + + port = strtoul(val, &endptr, 10); + + if (endptr > val /* digits seen */ + && *endptr == 0 /* no non-digit chars after digits */ + && port <= 65535) { /* no overflow */ + + sldns_write_uint16(rd, SVCB_KEY_PORT); + sldns_write_uint16(rd + 2, sizeof(uint16_t)); + sldns_write_uint16(rd + 4, port); + *rd_len = 6; + + return LDNS_WIREPARSE_ERR_OK; + } + + return LDNS_WIREPARSE_ERR_SVCB_PORT_VALUE_SYNTAX; +} + +static int +sldns_str2wire_svcbparam_ipv4hint(const char* val, uint8_t* rd, size_t* rd_len) +{ + size_t count; + char ip_str[INET_ADDRSTRLEN+1]; + char *next_ip_str; + size_t i; + + for (i = 0, count = 1; val[i]; i++) { + if (val[i] == ',') + count += 1; + if (count > SVCB_MAX_COMMA_SEPARATED_VALUES) { + return LDNS_WIREPARSE_ERR_SVCB_IPV4_TOO_MANY_ADDRESSES; + } + } + + if (*rd_len < (LDNS_IP4ADDRLEN * count) + 4) + return LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL; + + /* count is number of comma's in val + 1; so the actual number of IPv4 + * addresses in val + */ + sldns_write_uint16(rd, SVCB_KEY_IPV4HINT); + sldns_write_uint16(rd + 2, LDNS_IP4ADDRLEN * count); + *rd_len = 4; + + while (count) { + if (!(next_ip_str = strchr(val, ','))) { + if (inet_pton(AF_INET, val, rd + *rd_len) != 1) + break; + *rd_len += LDNS_IP4ADDRLEN; + + assert(count == 1); + + } else if (next_ip_str - val >= (int)sizeof(ip_str)) + break; + + else { + memcpy(ip_str, val, next_ip_str - val); + ip_str[next_ip_str - val] = 0; + if (inet_pton(AF_INET, ip_str, rd + *rd_len) != 1) { + break; + } + *rd_len += LDNS_IP4ADDRLEN; + + val = next_ip_str + 1; + } + count--; + } + if (count) /* verify that we parsed all values */ + return LDNS_WIREPARSE_ERR_SYNTAX_IP4; + + return LDNS_WIREPARSE_ERR_OK; +} + +static int +sldns_str2wire_svcbparam_ipv6hint(const char* val, uint8_t* rd, size_t* rd_len) +{ + size_t count; + char ip_str[INET6_ADDRSTRLEN+1]; + char *next_ip_str; + size_t i; + + for (i = 0, count = 1; val[i]; i++) { + if (val[i] == ',') + count += 1; + if (count > SVCB_MAX_COMMA_SEPARATED_VALUES) { + return LDNS_WIREPARSE_ERR_SVCB_IPV6_TOO_MANY_ADDRESSES; + } + } + + if (*rd_len < (LDNS_IP6ADDRLEN * count) + 4) + return LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL; + + /* count is number of comma's in val + 1; so the actual number of IPv6 + * addresses in val + */ + sldns_write_uint16(rd, SVCB_KEY_IPV6HINT); + sldns_write_uint16(rd + 2, LDNS_IP6ADDRLEN * count); + *rd_len = 4; + + while (count) { + if (!(next_ip_str = strchr(val, ','))) { + if (inet_pton(AF_INET6, val, rd + *rd_len) != 1) + break; + *rd_len += LDNS_IP6ADDRLEN; + + assert(count == 1); + + } else if (next_ip_str - val >= (int)sizeof(ip_str)) + break; + + else { + memcpy(ip_str, val, next_ip_str - val); + ip_str[next_ip_str - val] = 0; + if (inet_pton(AF_INET6, ip_str, rd + *rd_len) != 1) { + break; + } + *rd_len += LDNS_IP6ADDRLEN; + + val = next_ip_str + 1; + } + count--; + } + if (count) /* verify that we parsed all values */ + return LDNS_WIREPARSE_ERR_SYNTAX_IP6; + + return LDNS_WIREPARSE_ERR_OK; +} + +/* compare function used for sorting uint16_t's */ +static int +sldns_network_uint16_cmp(const void *a, const void *b) +{ + return ((int)sldns_read_uint16(a)) - ((int)sldns_read_uint16(b)); +} + +static int +sldns_str2wire_svcbparam_mandatory(const char* val, uint8_t* rd, size_t* rd_len) +{ + size_t i, count, val_len; + char* next_key; + + val_len = strlen(val); + + for (i = 0, count = 1; val[i]; i++) { + if (val[i] == ',') + count += 1; + if (count > SVCB_MAX_COMMA_SEPARATED_VALUES) { + return LDNS_WIREPARSE_ERR_SVCB_MANDATORY_TOO_MANY_KEYS; + } + } + if (sizeof(uint16_t) * (count + 2) > *rd_len) + return LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL; + + sldns_write_uint16(rd, SVCB_KEY_MANDATORY); + sldns_write_uint16(rd + 2, sizeof(uint16_t) * count); + *rd_len = 4; + + while (1) { + int svcparamkey; + + if (!(next_key = strchr(val, ','))) { + svcparamkey = sldns_str2wire_svcparam_key_lookup(val, val_len); + + if (svcparamkey < 0) { + return LDNS_WIREPARSE_ERR_SVCB_UNKNOWN_KEY; + } + + sldns_write_uint16(rd + *rd_len, svcparamkey); + *rd_len += 2; + break; + } else { + svcparamkey = sldns_str2wire_svcparam_key_lookup(val, next_key - val); + + if (svcparamkey < 0) { + return LDNS_WIREPARSE_ERR_SVCB_UNKNOWN_KEY; + } + + sldns_write_uint16(rd + *rd_len, + svcparamkey); + *rd_len += 2; + } + + val_len -= next_key - val + 1; + val = next_key + 1; /* skip the comma */ + } + + /* In draft-ietf-dnsop-svcb-https-06 Section 7: + * + * "In wire format, the keys are represented by their numeric + * values in network byte order, concatenated in ascending order." + */ + qsort((void *)(rd + 4), count, sizeof(uint16_t), sldns_network_uint16_cmp); + + /* The code below revolves around sematic errors in the SVCParam set. + * So long as we do not distinguish between running Unbound as a primary + * or as a secondary, we default to secondary behavior and we ignore the + * semantic errors. */ +#ifdef SVCB_SEMANTIC_ERRORS + /* In draft-ietf-dnsop-svcb-https-06 Section 8 + * automatically mandatory MUST NOT appear in its own value-list + */ + if (sldns_read_uint16(rd + 4) == SVCB_KEY_MANDATORY) + return LDNS_WIREPARSE_ERR_SVCB_MANDATORY_IN_MANDATORY; + + /* Guarantee key uniqueness. After the sort we only need to + * compare neighbouring keys */ + if (count > 1) { + for (i = 0; i < count - 1; i++) { + uint8_t* current_pos = (rd + 4 + (sizeof(uint16_t) * i)); + uint16_t key = sldns_read_uint16(current_pos); + + if (key == sldns_read_uint16(current_pos + 2)) { + return LDNS_WIREPARSE_ERR_SVCB_MANDATORY_DUPLICATE_KEY; + } + } + } +#endif + return LDNS_WIREPARSE_ERR_OK; +} + +static int +sldns_str2wire_svcbparam_ech_value(const char* val, uint8_t* rd, size_t* rd_len) +{ + uint8_t buffer[LDNS_MAX_RDFLEN]; + int wire_len; + + /* single 0 represents empty buffer */ + if(strcmp(val, "0") == 0) { + if (*rd_len < 4) + return LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL; + sldns_write_uint16(rd, SVCB_KEY_ECH); + sldns_write_uint16(rd + 2, 0); + + return LDNS_WIREPARSE_ERR_OK; + } + + wire_len = sldns_b64_pton(val, buffer, LDNS_MAX_RDFLEN); + + if (wire_len <= 0) { + return LDNS_WIREPARSE_ERR_SYNTAX_B64; + } else if ((unsigned)wire_len + 4 > *rd_len) { + return LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL; + } else { + sldns_write_uint16(rd, SVCB_KEY_ECH); + sldns_write_uint16(rd + 2, wire_len); + memcpy(rd + 4, buffer, wire_len); + *rd_len = 4 + wire_len; + + return LDNS_WIREPARSE_ERR_OK; + } +} + +static const char* +sldns_str2wire_svcbparam_parse_next_unescaped_comma(const char *val) +{ + while (*val) { + /* Only return when the comma is not escaped*/ + if (*val == '\\'){ + ++val; + if (!*val) + break; + } else if (*val == ',') + return val; + + val++; + } + return NULL; +} + +/* The source is already properly unescaped, this double unescaping is purely to allow for + * comma's in comma seperated alpn lists. + * + * In draft-ietf-dnsop-svcb-https-06 Section 7: + * To enable simpler parsing, this SvcParamValue MUST NOT contain escape sequences. + */ +static size_t +sldns_str2wire_svcbparam_parse_copy_unescaped(uint8_t *dst, + const char *src, size_t len) +{ + uint8_t *orig_dst = dst; + + while (len) { + if (*src == '\\') { + src++; + len--; + if (!len) + break; + } + *dst++ = *src++; + len--; + } + return (size_t)(dst - orig_dst); +} + +static int +sldns_str2wire_svcbparam_alpn_value(const char* val, + uint8_t* rd, size_t* rd_len) +{ + uint8_t unescaped_dst[LDNS_MAX_RDFLEN]; + uint8_t *dst = unescaped_dst; + const char *next_str; + size_t str_len; + size_t dst_len; + size_t val_len; + + val_len = strlen(val); + + if (val_len > sizeof(unescaped_dst)) { + return LDNS_WIREPARSE_ERR_SVCB_ALPN_KEY_TOO_LARGE; + } + while (val_len) { + size_t key_len; + + str_len = (next_str = sldns_str2wire_svcbparam_parse_next_unescaped_comma(val)) + ? (size_t)(next_str - val) : val_len; + + if (str_len > 255) { + return LDNS_WIREPARSE_ERR_SVCB_ALPN_KEY_TOO_LARGE; + } + + key_len = sldns_str2wire_svcbparam_parse_copy_unescaped(dst + 1, val, str_len); + *dst++ = key_len; + dst += key_len; + + if (!next_str) + break; + + /* skip the comma in the next iteration */ + val_len -= next_str - val + 1; + val = next_str + 1; + } + dst_len = dst - unescaped_dst; + if (*rd_len < 4 + dst_len) + return LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL; + sldns_write_uint16(rd, SVCB_KEY_ALPN); + sldns_write_uint16(rd + 2, dst_len); + memcpy(rd + 4, unescaped_dst, dst_len); + *rd_len = 4 + dst_len; + + return LDNS_WIREPARSE_ERR_OK; +} + +static int +sldns_str2wire_svcparam_value(const char *key, size_t key_len, + const char *val, uint8_t* rd, size_t* rd_len) +{ + size_t str_len; + int svcparamkey = sldns_str2wire_svcparam_key_lookup(key, key_len); + + if (svcparamkey < 0) { + return LDNS_WIREPARSE_ERR_SVCB_UNKNOWN_KEY; + } + + /* key without value */ + if (val == NULL) { + switch (svcparamkey) { +#ifdef SVCB_SEMANTIC_ERRORS + case SVCB_KEY_MANDATORY: + case SVCB_KEY_ALPN: + case SVCB_KEY_PORT: + case SVCB_KEY_IPV4HINT: + case SVCB_KEY_IPV6HINT: + return LDNS_WIREPARSE_ERR_SVCB_MISSING_PARAM; +#endif + default: + if (*rd_len < 4) + return LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL; + sldns_write_uint16(rd, svcparamkey); + sldns_write_uint16(rd + 2, 0); + *rd_len = 4; + + return LDNS_WIREPARSE_ERR_OK; + } + } + + /* value is non-empty */ + switch (svcparamkey) { + case SVCB_KEY_PORT: + return sldns_str2wire_svcparam_port(val, rd, rd_len); + case SVCB_KEY_IPV4HINT: + return sldns_str2wire_svcbparam_ipv4hint(val, rd, rd_len); + case SVCB_KEY_IPV6HINT: + return sldns_str2wire_svcbparam_ipv6hint(val, rd, rd_len); + case SVCB_KEY_MANDATORY: + return sldns_str2wire_svcbparam_mandatory(val, rd, rd_len); +#ifdef SVCB_SEMANTIC_ERRORS + case SVCB_KEY_NO_DEFAULT_ALPN: + return LDNS_WIREPARSE_ERR_SVCB_NO_DEFAULT_ALPN_VALUE; +#endif + case SVCB_KEY_ECH: + return sldns_str2wire_svcbparam_ech_value(val, rd, rd_len); + case SVCB_KEY_ALPN: + return sldns_str2wire_svcbparam_alpn_value(val, rd, rd_len); + default: + str_len = strlen(val); + if (*rd_len < 4 + str_len) + return LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL; + sldns_write_uint16(rd, svcparamkey); + sldns_write_uint16(rd + 2, str_len); + memcpy(rd + 4, val, str_len); + *rd_len = 4 + str_len; + + return LDNS_WIREPARSE_ERR_OK; + } + + return LDNS_WIREPARSE_ERR_GENERAL; +} + +int sldns_str2wire_svcparam_buf(const char* str, uint8_t* rd, size_t* rd_len) +{ + const char* eq_pos; + char unescaped_val[LDNS_MAX_RDFLEN]; + char* val_out = unescaped_val; + const char* val_in; + + eq_pos = strchr(str, '='); + + /* case: key=value */ + if (eq_pos != NULL && eq_pos[1]) { + val_in = eq_pos + 1; + + /* unescape characters and "" blocks */ + if (*val_in == '"') { + val_in++; + while (*val_in != '"' + && (unsigned)(val_out - unescaped_val + 1) < sizeof(unescaped_val) + && sldns_parse_char( (uint8_t*) val_out, &val_in)) { + val_out++; + } + } else { + while ((unsigned)(val_out - unescaped_val + 1) < sizeof(unescaped_val) + && sldns_parse_char( (uint8_t*) val_out, &val_in)) { + val_out++; + } + } + *val_out = 0; + + return sldns_str2wire_svcparam_value(str, eq_pos - str, + unescaped_val[0] ? unescaped_val : NULL, rd, rd_len); + } + /* case: key= */ + else if (eq_pos != NULL && !(eq_pos[1])) { + return sldns_str2wire_svcparam_value(str, eq_pos - str, NULL, rd, rd_len); + } + /* case: key */ + else { + return sldns_str2wire_svcparam_value(str, strlen(str), NULL, rd, rd_len); + } +} + int sldns_str2wire_rdf_buf(const char* str, uint8_t* rd, size_t* len, sldns_rdf_type rdftype) { @@ -1006,6 +1679,8 @@ int sldns_str2wire_rdf_buf(const char* str, uint8_t* rd, size_t* len, return sldns_str2wire_hip_buf(str, rd, len); case LDNS_RDF_TYPE_INT16_DATA: return sldns_str2wire_int16_data_buf(str, rd, len); + case LDNS_RDF_TYPE_SVCPARAM: + return sldns_str2wire_svcparam_buf(str, rd, len); case LDNS_RDF_TYPE_UNKNOWN: case LDNS_RDF_TYPE_SERVICE: return LDNS_WIREPARSE_ERR_NOT_IMPL; @@ -1491,13 +2166,17 @@ static int loc_parse_cm(char* my_str, char** endstr, uint8_t* m, uint8_t* e) { uint32_t meters = 0, cm = 0, val; + char* cm_endstr; while (isblank((unsigned char)*my_str)) { my_str++; } meters = (uint32_t)strtol(my_str, &my_str, 10); if (*my_str == '.') { my_str++; - cm = (uint32_t)strtol(my_str, &my_str, 10); + cm = (uint32_t)strtol(my_str, &cm_endstr, 10); + if(cm_endstr == my_str + 1) + cm *= 10; + my_str = cm_endstr; } if (meters >= 1) { *e = 2; diff --git a/sldns/str2wire.h b/sldns/str2wire.h index 70070e4f5752..0c316498956e 100644 --- a/sldns/str2wire.h +++ b/sldns/str2wire.h @@ -23,10 +23,27 @@ extern "C" { #endif struct sldns_struct_lookup_table; +#define LDNS_IP4ADDRLEN (32/8) +#define LDNS_IP6ADDRLEN (128/8) + /** buffer to read an RR, cannot be larger than 64K because of packet size */ #define LDNS_RR_BUF_SIZE 65535 /* bytes */ #define LDNS_DEFAULT_TTL 3600 +/* SVCB keys currently defined in draft-ietf-dnsop-svcb-https */ +#define SVCB_KEY_MANDATORY 0 +#define SVCB_KEY_ALPN 1 +#define SVCB_KEY_NO_DEFAULT_ALPN 2 +#define SVCB_KEY_PORT 3 +#define SVCB_KEY_IPV4HINT 4 +#define SVCB_KEY_ECH 5 +#define SVCB_KEY_IPV6HINT 6 +#define SVCPARAMKEY_COUNT 7 + +#define MAX_NUMBER_OF_SVCPARAMS 64 + +#define SVCB_MAX_COMMA_SEPARATED_VALUES 1000 + /* * To convert class and type to string see * sldns_get_rr_class_by_name(str) @@ -204,6 +221,20 @@ uint8_t* sldns_wirerr_get_rdatawl(uint8_t* rr, size_t len, size_t dname_len); #define LDNS_WIREPARSE_ERR_SYNTAX_INTEGER_OVERFLOW 370 #define LDNS_WIREPARSE_ERR_INCLUDE 371 #define LDNS_WIREPARSE_ERR_PARENTHESIS 372 +#define LDNS_WIREPARSE_ERR_SVCB_UNKNOWN_KEY 373 +#define LDNS_WIREPARSE_ERR_SVCB_MISSING_PARAM 374 +#define LDNS_WIREPARSE_ERR_SVCB_TOO_MANY_PARAMS 375 +#define LDNS_WIREPARSE_ERR_SVCB_DUPLICATE_KEYS 376 +#define LDNS_WIREPARSE_ERR_SVCB_MANDATORY_TOO_MANY_KEYS 377 +#define LDNS_WIREPARSE_ERR_SVCB_MANDATORY_MISSING_PARAM 378 +#define LDNS_WIREPARSE_ERR_SVCB_MANDATORY_DUPLICATE_KEY 379 +#define LDNS_WIREPARSE_ERR_SVCB_MANDATORY_IN_MANDATORY 380 +#define LDNS_WIREPARSE_ERR_SVCB_PORT_VALUE_SYNTAX 381 +#define LDNS_WIREPARSE_ERR_SVCB_IPV4_TOO_MANY_ADDRESSES 382 +#define LDNS_WIREPARSE_ERR_SVCB_IPV6_TOO_MANY_ADDRESSES 383 +#define LDNS_WIREPARSE_ERR_SVCB_ALPN_KEY_TOO_LARGE 384 +#define LDNS_WIREPARSE_ERR_SVCB_NO_DEFAULT_ALPN_VALUE 385 +#define LDNS_WIREPARSE_ERR_SVCPARAM_BROKEN_RDATA 386 /** * Get reference to a constant string for the (parse) error. diff --git a/sldns/wire2str.c b/sldns/wire2str.c index d0d1632d407d..6a177ec0b06c 100644 --- a/sldns/wire2str.c +++ b/sldns/wire2str.c @@ -149,6 +149,30 @@ static sldns_lookup_table sldns_wireparse_errors_data[] = { { LDNS_WIREPARSE_ERR_SYNTAX_INTEGER_OVERFLOW, "Syntax error, integer overflow" }, { LDNS_WIREPARSE_ERR_INCLUDE, "$INCLUDE directive was seen in the zone" }, { LDNS_WIREPARSE_ERR_PARENTHESIS, "Parse error, parenthesis mismatch" }, + { LDNS_WIREPARSE_ERR_SVCB_UNKNOWN_KEY, "Unknown SvcParamKey"}, + { LDNS_WIREPARSE_ERR_SVCB_MISSING_PARAM, "SvcParam is missing a SvcParamValue"}, + { LDNS_WIREPARSE_ERR_SVCB_DUPLICATE_KEYS, "Duplicate SVCB key found"}, + { LDNS_WIREPARSE_ERR_SVCB_MANDATORY_TOO_MANY_KEYS, "Too many keys in mandatory" }, + { LDNS_WIREPARSE_ERR_SVCB_TOO_MANY_PARAMS, + "Too many SvcParams. Unbound only allows 63 entries" }, + { LDNS_WIREPARSE_ERR_SVCB_MANDATORY_MISSING_PARAM, + "Mandatory SvcParamKey is missing"}, + { LDNS_WIREPARSE_ERR_SVCB_MANDATORY_DUPLICATE_KEY, + "Keys in SvcParam mandatory MUST be unique" }, + { LDNS_WIREPARSE_ERR_SVCB_MANDATORY_IN_MANDATORY, + "mandatory MUST not be included as mandatory parameter" }, + { LDNS_WIREPARSE_ERR_SVCB_PORT_VALUE_SYNTAX, + "Could not parse port SvcParamValue" }, + { LDNS_WIREPARSE_ERR_SVCB_IPV4_TOO_MANY_ADDRESSES, + "Too many IPv4 addresses in ipv4hint" }, + { LDNS_WIREPARSE_ERR_SVCB_IPV6_TOO_MANY_ADDRESSES, + "Too many IPv6 addresses in ipv6hint" }, + { LDNS_WIREPARSE_ERR_SVCB_ALPN_KEY_TOO_LARGE, + "Alpn strings need to be smaller than 255 chars"}, + { LDNS_WIREPARSE_ERR_SVCB_NO_DEFAULT_ALPN_VALUE, + "No-default-alpn should not have a value" }, + { LDNS_WIREPARSE_ERR_SVCPARAM_BROKEN_RDATA, + "General SVCParam error" }, { 0, NULL } }; sldns_lookup_table* sldns_wireparse_errors = sldns_wireparse_errors_data; @@ -196,6 +220,12 @@ static sldns_lookup_table sldns_tsig_errors_data[] = { }; sldns_lookup_table* sldns_tsig_errors = sldns_tsig_errors_data; +/* draft-ietf-dnsop-svcb-https-06: 6. Initial SvcParamKeys */ +const char *svcparamkey_strs[] = { + "mandatory", "alpn", "no-default-alpn", "port", + "ipv4hint", "ech", "ipv6hint" +}; + char* sldns_wire2str_pkt(uint8_t* data, size_t len) { size_t slen = (size_t)sldns_wire2str_pkt_buf(data, len, NULL, 0); @@ -940,6 +970,253 @@ int sldns_wire2str_ttl_scan(uint8_t** d, size_t* dlen, char** s, size_t* slen) return sldns_str_print(s, slen, "%u", (unsigned)ttl); } +static int +sldns_print_svcparamkey(char** s, size_t* slen, uint16_t svcparamkey) +{ + if (svcparamkey < SVCPARAMKEY_COUNT) { + return sldns_str_print(s, slen, "%s", svcparamkey_strs[svcparamkey]); + } + else { + return sldns_str_print(s, slen, "key%d", (int)svcparamkey); + } +} + +static int sldns_wire2str_svcparam_port2str(char** s, + size_t* slen, uint16_t data_len, uint8_t* data) +{ + int w = 0; + + if (data_len != 2) + return -1; /* wireformat error, a short is 2 bytes */ + w = sldns_str_print(s, slen, "=%d", (int)sldns_read_uint16(data)); + + return w; +} + +static int sldns_wire2str_svcparam_ipv4hint2str(char** s, + size_t* slen, uint16_t data_len, uint8_t* data) +{ + char ip_str[INET_ADDRSTRLEN + 1]; + + int w = 0; + + assert(data_len > 0); + + if ((data_len % LDNS_IP4ADDRLEN) == 0) { + if (inet_ntop(AF_INET, data, ip_str, sizeof(ip_str)) == NULL) + return -1; /* wireformat error, incorrect size or inet family */ + + w += sldns_str_print(s, slen, "=%s", ip_str); + data += LDNS_IP4ADDRLEN; + + while ((data_len -= LDNS_IP4ADDRLEN) > 0) { + if (inet_ntop(AF_INET, data, ip_str, sizeof(ip_str)) == NULL) + return -1; /* wireformat error, incorrect size or inet family */ + + w += sldns_str_print(s, slen, ",%s", ip_str); + data += LDNS_IP4ADDRLEN; + } + } else + return -1; + + return w; +} + +static int sldns_wire2str_svcparam_ipv6hint2str(char** s, + size_t* slen, uint16_t data_len, uint8_t* data) +{ + char ip_str[INET6_ADDRSTRLEN + 1]; + + int w = 0; + + assert(data_len > 0); + + if ((data_len % LDNS_IP6ADDRLEN) == 0) { + if (inet_ntop(AF_INET6, data, ip_str, sizeof(ip_str)) == NULL) + return -1; /* wireformat error, incorrect size or inet family */ + + w += sldns_str_print(s, slen, "=%s", ip_str); + data += LDNS_IP6ADDRLEN; + + while ((data_len -= LDNS_IP6ADDRLEN) > 0) { + if (inet_ntop(AF_INET6, data, ip_str, sizeof(ip_str)) == NULL) + return -1; /* wireformat error, incorrect size or inet family */ + + w += sldns_str_print(s, slen, ",%s", ip_str); + data += LDNS_IP6ADDRLEN; + } + } else + return -1; + + return w; +} + +static int sldns_wire2str_svcparam_mandatory2str(char** s, + size_t* slen, uint16_t data_len, uint8_t* data) +{ + int w = 0; + + assert(data_len > 0); + + if (data_len % sizeof(uint16_t)) + return -1; // wireformat error, data_len must be multiple of shorts + w += sldns_str_print(s, slen, "="); + w += sldns_print_svcparamkey(s, slen, sldns_read_uint16(data)); + data += 2; + + while ((data_len -= sizeof(uint16_t))) { + w += sldns_str_print(s, slen, ","); + w += sldns_print_svcparamkey(s, slen, sldns_read_uint16(data)); + data += 2; + } + + return w; +} + +static int sldns_wire2str_svcparam_alpn2str(char** s, + size_t* slen, uint16_t data_len, uint8_t* data) +{ + uint8_t *dp = (void *)data; + int w = 0; + + assert(data_len > 0); /* Guaranteed by sldns_wire2str_svcparam_scan */ + + w += sldns_str_print(s, slen, "=\""); + while (data_len) { + /* alpn is list of length byte (str_len) followed by a string of that size */ + uint8_t i, str_len = *dp++; + + if (str_len > --data_len) + return -1; + + for (i = 0; i < str_len; i++) { + if (dp[i] == '"' || dp[i] == '\\') + w += sldns_str_print(s, slen, "\\\\\\%c", dp[i]); + + else if (dp[i] == ',') + w += sldns_str_print(s, slen, "\\\\%c", dp[i]); + + else if (!isprint(dp[i])) + w += sldns_str_print(s, slen, "\\%03u", (unsigned) dp[i]); + + else + w += sldns_str_print(s, slen, "%c", dp[i]); + } + dp += str_len; + if ((data_len -= str_len)) + w += sldns_str_print(s, slen, "%s", ","); + } + w += sldns_str_print(s, slen, "\""); + + return w; +} + +static int sldns_wire2str_svcparam_ech2str(char** s, + size_t* slen, uint16_t data_len, uint8_t* data) +{ + int size; + int w = 0; + + assert(data_len > 0); /* Guaranteed by sldns_wire2str_svcparam_scan */ + + w += sldns_str_print(s, slen, "=\""); + + if ((size = sldns_b64_ntop(data, data_len, *s, *slen)) < 0) + return -1; + + (*s) += size; + (*slen) -= size; + + w += sldns_str_print(s, slen, "\""); + + return w + size; +} + +int sldns_wire2str_svcparam_scan(uint8_t** d, size_t* dlen, char** s, size_t* slen) +{ + uint8_t ch; + uint16_t svcparamkey, data_len; + int written_chars = 0; + int r, i; + + /* verify that we have enough data to read svcparamkey and data_len */ + if(*dlen < 4) + return -1; + + svcparamkey = sldns_read_uint16(*d); + data_len = sldns_read_uint16(*d+2); + *d += 4; + *dlen -= 4; + + /* verify that we have data_len data */ + if (data_len > *dlen) + return -1; + + written_chars += sldns_print_svcparamkey(s, slen, svcparamkey); + if (!data_len) { + + /* Some SvcParams MUST have values */ + switch (svcparamkey) { + case SVCB_KEY_ALPN: + case SVCB_KEY_PORT: + case SVCB_KEY_IPV4HINT: + case SVCB_KEY_IPV6HINT: + case SVCB_KEY_MANDATORY: + return -1; + default: + return written_chars; + } + } + + switch (svcparamkey) { + case SVCB_KEY_PORT: + r = sldns_wire2str_svcparam_port2str(s, slen, data_len, *d); + break; + case SVCB_KEY_IPV4HINT: + r = sldns_wire2str_svcparam_ipv4hint2str(s, slen, data_len, *d); + break; + case SVCB_KEY_IPV6HINT: + r = sldns_wire2str_svcparam_ipv6hint2str(s, slen, data_len, *d); + break; + case SVCB_KEY_MANDATORY: + r = sldns_wire2str_svcparam_mandatory2str(s, slen, data_len, *d); + break; + case SVCB_KEY_NO_DEFAULT_ALPN: + return -1; /* wireformat error, should not have a value */ + case SVCB_KEY_ALPN: + r = sldns_wire2str_svcparam_alpn2str(s, slen, data_len, *d); + break; + case SVCB_KEY_ECH: + r = sldns_wire2str_svcparam_ech2str(s, slen, data_len, *d); + break; + default: + r = sldns_str_print(s, slen, "=\""); + + for (i = 0; i < data_len; i++) { + ch = (*d)[i]; + + if (ch == '"' || ch == '\\') + r += sldns_str_print(s, slen, "\\%c", ch); + + else if (!isprint(ch)) + r += sldns_str_print(s, slen, "\\%03u", (unsigned) ch); + + else + r += sldns_str_print(s, slen, "%c", ch); + + } + r += sldns_str_print(s, slen, "\""); + break; + } + if (r <= 0) + return -1; /* wireformat error */ + + written_chars += r; + *d += data_len; + *dlen -= data_len; + return written_chars; +} + int sldns_wire2str_rdf_scan(uint8_t** d, size_t* dlen, char** s, size_t* slen, int rdftype, uint8_t* pkt, size_t pktlen, int* comprloop) { @@ -1017,6 +1294,8 @@ int sldns_wire2str_rdf_scan(uint8_t** d, size_t* dlen, char** s, size_t* slen, return sldns_wire2str_tag_scan(d, dlen, s, slen); case LDNS_RDF_TYPE_LONG_STR: return sldns_wire2str_long_str_scan(d, dlen, s, slen); + case LDNS_RDF_TYPE_SVCPARAM: + return sldns_wire2str_svcparam_scan(d, dlen, s, slen); case LDNS_RDF_TYPE_TSIGERROR: return sldns_wire2str_tsigerror_scan(d, dlen, s, slen); } diff --git a/sldns/wire2str.h b/sldns/wire2str.h index 0167fe7c1e2d..b1ad459e3780 100644 --- a/sldns/wire2str.h +++ b/sldns/wire2str.h @@ -494,6 +494,18 @@ int sldns_wire2str_opcode_buf(int opcode, char* str, size_t len); int sldns_wire2str_dname_buf(uint8_t* dname, size_t dname_len, char* str, size_t len); +/** + * Convert wire SVCB to a string with user buffer. + * @param d: the SVCB data in uncompressed wireformat. + * @param dlen: length of the SVCB data. + * @param s: the string to write to. + * @param slen: length of string. + * @return the number of characters for this element, excluding zerobyte. + * Is larger or equal than str_len if output was truncated. + */ +int sldns_wire2str_svcparam_scan(uint8_t** d, size_t* dlen, char** s, + size_t* slen); + /** * Scan wireformat rdf field to string, with user buffers. * It shifts the arguments to move along (see sldns_wire2str_pkt_scan). diff --git a/smallapp/unbound-checkconf.c b/smallapp/unbound-checkconf.c index b1b7ae7ef9d4..5d1d67684556 100644 --- a/smallapp/unbound-checkconf.c +++ b/smallapp/unbound-checkconf.c @@ -1,5 +1,5 @@ /* - * checkconf/unbound-checkconf.c - config file checker for unbound.conf file. + * smallapp/unbound-checkconf.c - config file checker for unbound.conf file. * * Copyright (c) 2007, NLnet Labs. All rights reserved. * @@ -851,7 +851,7 @@ check_auth(struct config_file* cfg) { int is_rpz = 0; struct auth_zones* az = auth_zones_create(); - if(!az || !auth_zones_apply_cfg(az, cfg, 0, &is_rpz)) { + if(!az || !auth_zones_apply_cfg(az, cfg, 0, &is_rpz, NULL, NULL)) { fatal_exit("Could not setup authority zones"); } auth_zones_delete(az); diff --git a/smallapp/unbound-control.c b/smallapp/unbound-control.c index d58f1b2f9493..a3df25795843 100644 --- a/smallapp/unbound-control.c +++ b/smallapp/unbound-control.c @@ -1,5 +1,5 @@ /* - * checkconf/unbound-control.c - remote control utility for unbound. + * smallapp/unbound-control.c - remote control utility for unbound. * * Copyright (c) 2008, NLnet Labs. All rights reserved. * @@ -63,6 +63,7 @@ #include "sldns/wire2str.h" #include "sldns/pkthdr.h" #include "services/rpz.h" +#include "services/listen_dnsport.h" #ifdef HAVE_SYS_IPC_H #include "sys/ipc.h" @@ -187,7 +188,7 @@ timeval_divide(struct timeval* avg, const struct timeval* sum, long long d) { #ifndef S_SPLINT_S size_t leftover; - if(d == 0) { + if(d <= 0) { avg->tv_sec = 0; avg->tv_usec = 0; return; @@ -196,7 +197,13 @@ timeval_divide(struct timeval* avg, const struct timeval* sum, long long d) avg->tv_usec = sum->tv_usec / d; /* handle fraction from seconds divide */ leftover = sum->tv_sec - avg->tv_sec*d; - avg->tv_usec += (leftover*1000000)/d; + if(leftover <= 0) + leftover = 0; + avg->tv_usec += (((long long)leftover)*((long long)1000000))/d; + if(avg->tv_sec < 0) + avg->tv_sec = 0; + if(avg->tv_usec < 0) + avg->tv_usec = 0; #endif } @@ -492,9 +499,7 @@ static void ssl_path_err(const char* s, const char *path) { unsigned long err; err = ERR_peek_error(); - if (ERR_GET_LIB(err) == ERR_LIB_SYS && - (ERR_GET_FUNC(err) == SYS_F_FOPEN || - ERR_GET_FUNC(err) == SYS_F_FREAD) ) { + if (ERR_GET_LIB(err) == ERR_LIB_SYS) { fprintf(stderr, "error: %s\n%s: %s\n", s, path, ERR_reason_error_string(err)); exit(1); @@ -583,10 +588,27 @@ contact_server(const char* svr, struct config_file* cfg, int statuscmd) socklen_t addrlen; int addrfamily = 0, proto = IPPROTO_TCP; int fd, useport = 1; + char** rcif = NULL; + int num_rcif = 0; /* use svr or the first config entry */ if(!svr) { if(cfg->control_ifs.first) { - svr = cfg->control_ifs.first->str; + struct sockaddr_storage addr2; + socklen_t addrlen2; + if(extstrtoaddr(cfg->control_ifs.first->str, &addr2, + &addrlen2)) { + svr = cfg->control_ifs.first->str; + } else { + if(!resolve_interface_names(NULL, 0, + cfg->control_ifs.first, &rcif, + &num_rcif)) { + fatal_exit("could not resolve interface names"); + } + if(rcif == NULL || num_rcif == 0) { + fatal_exit("no control interfaces"); + } + svr = rcif[0]; + } } else if(cfg->do_ip4) { svr = "127.0.0.1"; } else { @@ -697,6 +719,7 @@ contact_server(const char* svr, struct config_file* cfg, int statuscmd) break; } fd_set_block(fd); + config_del_strarray(rcif, num_rcif); return fd; } diff --git a/smallapp/unbound-host.c b/smallapp/unbound-host.c index 1ae2d8521a2d..d612575f3af2 100644 --- a/smallapp/unbound-host.c +++ b/smallapp/unbound-host.c @@ -1,5 +1,5 @@ /* - * checkconf/unbound-host.c - replacement for host that supports validation. + * smallapp/unbound-host.c - replacement for host that supports validation. * * Copyright (c) 2007, NLnet Labs. All rights reserved. * diff --git a/smallapp/worker_cb.c b/smallapp/worker_cb.c index cdf855dc3659..473e32a607f8 100644 --- a/smallapp/worker_cb.c +++ b/smallapp/worker_cb.c @@ -1,5 +1,5 @@ /* - * checkconf/worker_cb.c - fake callback routines to make fptr_wlist work + * smallapp/worker_cb.c - fake callback routines to make fptr_wlist work * * Copyright (c) 2007, NLnet Labs. All rights reserved. * @@ -65,14 +65,6 @@ int worker_handle_request(struct comm_point* ATTR_UNUSED(c), return 0; } -int worker_handle_reply(struct comm_point* ATTR_UNUSED(c), - void* ATTR_UNUSED(arg), int ATTR_UNUSED(error), - struct comm_reply* ATTR_UNUSED(reply_info)) -{ - log_assert(0); - return 0; -} - int worker_handle_service_reply(struct comm_point* ATTR_UNUSED(c), void* ATTR_UNUSED(arg), int ATTR_UNUSED(error), struct comm_reply* ATTR_UNUSED(reply_info)) @@ -146,14 +138,6 @@ struct outbound_entry* libworker_send_query( return 0; } -int libworker_handle_reply(struct comm_point* ATTR_UNUSED(c), - void* ATTR_UNUSED(arg), int ATTR_UNUSED(error), - struct comm_reply* ATTR_UNUSED(reply_info)) -{ - log_assert(0); - return 0; -} - int libworker_handle_service_reply(struct comm_point* ATTR_UNUSED(c), void* ATTR_UNUSED(arg), int ATTR_UNUSED(error), struct comm_reply* ATTR_UNUSED(reply_info)) diff --git a/testcode/delayer.c b/testcode/delayer.c index 54175dbe3ecc..e915961f5ae7 100644 --- a/testcode/delayer.c +++ b/testcode/delayer.c @@ -347,7 +347,11 @@ static volatile int do_quit = 0; /** signal handler for user quit */ static RETSIGTYPE delayer_sigh(int sig) { - printf("exit on signal %d\n", sig); + char str[] = "exit on signal \n"; + str[15] = '0' + (sig/10)%10; + str[16] = '0' + sig%10; + /* simple cast to void will not silence Wunused-result */ + (void)!write(STDOUT_FILENO, str, strlen(str)); do_quit = 1; } diff --git a/testcode/do-tests.sh b/testcode/do-tests.sh index effb7c16a5bb..2a1cfc4c96e8 100755 --- a/testcode/do-tests.sh +++ b/testcode/do-tests.sh @@ -1,5 +1,11 @@ #!/usr/bin/env bash . testdata/common.sh +quiet=0 +if test "$1" = "-q"; then + quiet=1 + tdirarg="-q" + shift +fi NEED_SPLINT='00-lint.tdir' NEED_DOXYGEN='01-doc.tdir' @@ -33,7 +39,7 @@ fi export -n NOTIFY_SOCKET cd testdata; -sh ../testcode/mini_tdir.sh clean +sh ../testcode/mini_tdir.sh $tdirarg clean rm -f .perfstats.txt for test in `ls -d *.tdir`; do SKIP=0 @@ -57,10 +63,10 @@ for test in `ls -d *.tdir`; do fi if test $SKIP -eq 0; then echo $test - sh ../testcode/mini_tdir.sh -a ../.. exe $test + sh ../testcode/mini_tdir.sh -a ../.. $tdirarg exe $test else echo "skip $test" fi done -sh ../testcode/mini_tdir.sh report +sh ../testcode/mini_tdir.sh $tdirarg report cat .perfstats.txt diff --git a/testcode/dohclient.c b/testcode/dohclient.c index 263418049beb..93d84a83550d 100644 --- a/testcode/dohclient.c +++ b/testcode/dohclient.c @@ -423,6 +423,7 @@ http2_session_create() if(nghttp2_session_callbacks_new(&callbacks) == NGHTTP2_ERR_NOMEM) { log_err("failed to initialize nghttp2 callback"); + free(h2_session); return NULL; } nghttp2_session_callbacks_set_recv_callback(callbacks, http2_recv_cb); @@ -501,7 +502,9 @@ run(struct http2_session* h2_session, int port, int no_tls, int count, char** q) if(!no_tls) { ctx = connect_sslctx_create(NULL, NULL, NULL, 0); if(!ctx) fatal_exit("cannot create ssl ctx"); +#ifdef HAVE_SSL_CTX_SET_ALPN_PROTOS SSL_CTX_set_alpn_protos(ctx, (const unsigned char *)"\x02h2", 3); +#endif ssl = outgoing_ssl_fd(ctx, fd); if(!ssl) { printf("cannot create ssl\n"); @@ -620,7 +623,25 @@ int main(int argc, char** argv) return 1; } - + if(!no_tls) { +#if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_SSL) + ERR_load_SSL_strings(); +#endif +#if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_CRYPTO) +# ifndef S_SPLINT_S + OpenSSL_add_all_algorithms(); +# endif +#else + OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS + | OPENSSL_INIT_ADD_ALL_DIGESTS + | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL); +#endif +#if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_SSL) + (void)SSL_library_init(); +#else + (void)OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL); +#endif + } run(h2_session, port, no_tls, argc, argv); checklock_stop(); diff --git a/testcode/fake_event.c b/testcode/fake_event.c index b8166c45ce0a..5f81b9eb808c 100644 --- a/testcode/fake_event.c +++ b/testcode/fake_event.c @@ -451,6 +451,8 @@ fake_front_query(struct replay_runtime* runtime, struct replay_moment *todo) struct comm_reply repinfo; memset(&repinfo, 0, sizeof(repinfo)); repinfo.c = (struct comm_point*)calloc(1, sizeof(struct comm_point)); + if(!repinfo.c) + fatal_exit("out of memory in fake_front_query"); repinfo.addrlen = (socklen_t)sizeof(struct sockaddr_in); if(todo->addrlen != 0) { repinfo.addrlen = todo->addrlen; @@ -597,7 +599,7 @@ autotrust_check(struct replay_runtime* runtime, struct replay_moment* mom) log_err("should be: %s", p->str); fatal_exit("autotrust_check failed"); } - if(line[0]) line[strlen(line)-1] = 0; /* remove newline */ + strip_end_white(line); expanded = macro_process(runtime->vars, runtime, p->str); if(!expanded) fatal_exit("could not expand macro line %d", lineno); @@ -650,7 +652,7 @@ tempfile_check(struct replay_runtime* runtime, struct replay_moment* mom) log_err("should be: %s", p->str); fatal_exit("tempfile_check failed"); } - if(line[0]) line[strlen(line)-1] = 0; /* remove newline */ + strip_end_white(line); expanded = macro_process(runtime->vars, runtime, p->str); if(!expanded) fatal_exit("could not expand macro line %d", lineno); @@ -909,6 +911,8 @@ comm_base_create(int ATTR_UNUSED(sigs)) /* we return the runtime structure instead. */ struct replay_runtime* runtime = (struct replay_runtime*) calloc(1, sizeof(struct replay_runtime)); + if(!runtime) + fatal_exit("out of memory in fake_event.c:comm_base_create"); runtime->scenario = saved_scenario; runtime->vars = macro_store_create(); if(!runtime->vars) fatal_exit("out of memory"); @@ -1046,7 +1050,9 @@ outside_network_create(struct comm_base* base, size_t bufsize, void (*unwanted_action)(void*), void* ATTR_UNUSED(unwanted_param), int ATTR_UNUSED(do_udp), void* ATTR_UNUSED(sslctx), int ATTR_UNUSED(delayclose), int ATTR_UNUSED(tls_use_sni), - struct dt_env* ATTR_UNUSED(dtenv), int ATTR_UNUSED(udp_connect)) + struct dt_env* ATTR_UNUSED(dtenv), int ATTR_UNUSED(udp_connect), + int ATTR_UNUSED(max_reuse_tcp_queries), int ATTR_UNUSED(tcp_reuse_timeout), + int ATTR_UNUSED(tcp_auth_query_timeout)) { struct replay_runtime* runtime = (struct replay_runtime*)base; struct outside_network* outnet = calloc(1, @@ -1306,8 +1312,9 @@ void outnet_serviced_query_stop(struct serviced_query* sq, void* cb_arg) log_info("double delete of pending serviced query"); } -int resolve_interface_names(struct config_file* ATTR_UNUSED(cfg), - char*** ATTR_UNUSED(resif), int* ATTR_UNUSED(num_resif)) +int resolve_interface_names(char** ATTR_UNUSED(ifs), int ATTR_UNUSED(num_ifs), + struct config_strlist* ATTR_UNUSED(list), char*** ATTR_UNUSED(resif), + int* ATTR_UNUSED(num_resif)) { return 1; } @@ -1531,6 +1538,8 @@ struct comm_timer* comm_timer_create(struct comm_base* base, { struct replay_runtime* runtime = (struct replay_runtime*)base; struct fake_timer* t = (struct fake_timer*)calloc(1, sizeof(*t)); + if(!t) + fatal_exit("out of memory in fake_event.c:comm_timer_create"); t->cb = cb; t->cb_arg = cb_arg; fptr_ok(fptr_whitelist_comm_timer(t->cb)); /* check in advance */ @@ -1629,7 +1638,8 @@ int create_udp_sock(int ATTR_UNUSED(family), int ATTR_UNUSED(socktype), struct comm_point* comm_point_create_udp(struct comm_base *ATTR_UNUSED(base), int ATTR_UNUSED(fd), sldns_buffer* ATTR_UNUSED(buffer), comm_point_callback_type* ATTR_UNUSED(callback), - void* ATTR_UNUSED(callback_arg)) + void* ATTR_UNUSED(callback_arg), + struct unbound_socket* ATTR_UNUSED(socket)) { log_assert(0); return NULL; @@ -1707,7 +1717,7 @@ struct comm_point* outnet_comm_point_for_tcp(struct outside_network* outnet, addr_to_str((struct sockaddr_storage*)to_addr, to_addrlen, addrbuf, sizeof(addrbuf)); if(verbosity >= VERB_ALGO) { - if(buf[0] != 0) buf[strlen(buf)-1] = 0; /* del newline*/ + strip_end_white(buf); log_info("tcp to %s: %s", addrbuf, buf); } log_assert(sldns_buffer_limit(query)-LDNS_HEADER_SIZE >= 2); @@ -1739,7 +1749,7 @@ struct comm_point* outnet_comm_point_for_tcp(struct outside_network* outnet, struct comm_point* outnet_comm_point_for_http(struct outside_network* outnet, comm_point_callback_type* cb, void* cb_arg, struct sockaddr_storage* to_addr, socklen_t to_addrlen, int timeout, - int ssl, char* host, char* path) + int ssl, char* host, char* path, struct config_file* cfg) { struct replay_runtime* runtime = (struct replay_runtime*) outnet->base; @@ -1761,6 +1771,7 @@ struct comm_point* outnet_comm_point_for_http(struct outside_network* outnet, (void)ssl; (void)host; (void)path; + (void)cfg; /* handle http comm point and return contents from test script */ return (struct comm_point*)fc; @@ -1797,7 +1808,7 @@ int comm_point_send_udp_msg(struct comm_point *c, sldns_buffer* packet, addr_to_str((struct sockaddr_storage*)addr, addrlen, addrbuf, sizeof(addrbuf)); if(verbosity >= VERB_ALGO) { - if(buf[0] != 0) buf[strlen(buf)-1] = 0; /* del newline*/ + strip_end_white(buf); log_info("udp to %s: %s", addrbuf, buf); } log_assert(sldns_buffer_limit(packet)-LDNS_HEADER_SIZE >= 2); diff --git a/testcode/mini_tdir.sh b/testcode/mini_tdir.sh index 5f02b0862ee2..0457a95e7094 100755 --- a/testcode/mini_tdir.sh +++ b/testcode/mini_tdir.sh @@ -5,14 +5,23 @@ if test "$1" = "-a"; then shift shift fi - +quiet=0 +if test "$1" = "-q"; then + quiet=1 + shift +fi + if test "$1" = "clean"; then - echo "rm -f result.* .done* .tdir.var.master .tdir.var.test" + if test $quiet = 0; then + echo "rm -f result.* .done* .tdir.var.master .tdir.var.test" + fi rm -f result.* .done* .tdir.var.master .tdir.var.test exit 0 fi if test "$1" = "fake"; then - echo "minitdir fake $2" + if test $quiet = 0; then + echo "minitdir fake $2" + fi echo "fake" > .done-`basename $2 .tdir` exit 0 fi @@ -37,7 +46,7 @@ if test "$1" = "-f" && test "$2" = "report"; then desc=`grep ^Description: "result.$name" | sed -e 's/Description: //'` fi if test -f ".done-$name"; then - if test "$1" != "-q"; then + if test $quiet = 0; then echo "** PASSED ** $timelen $name: $desc" pass=`expr $pass + 1` fi @@ -65,7 +74,7 @@ if test "$1" = "report" || test "$2" = "report"; then for result in *.tdir; do name=`basename $result .tdir` if test -f ".done-$name"; then - if test "$1" != "-q"; then + if test $quiet = 0; then echo "** PASSED ** : $name" fi else @@ -82,9 +91,9 @@ fi if test "$1" != 'exe'; then # usage echo "mini tdir. Reduced functionality for old shells." - echo " tdir exe " - echo " tdir fake " - echo " tdir clean" + echo " tdir [-q] exe " + echo " tdir [-q] fake " + echo " tdir [-q] clean" echo " tdir [-q|-f] report" exit 1 fi @@ -117,7 +126,9 @@ if test -f .done-$name; then fi # Copy -echo "minitdir copy $1 to $dir" +if test $quiet = 0; then + echo "minitdir copy $1 to $dir" +fi mkdir $dir if cp --help 2>&1 | grep -- "-a" >/dev/null; then cp -a $name.tdir/* $dir/ @@ -131,7 +142,9 @@ echo "minitdir exe $name" > $result grep "Description:" $name.dsc >> $result 2>&1 echo "DateRunStart: "`date "+%s" 2>/dev/null` >> $result if test -f $name.pre; then - echo "minitdir exe $name.pre" + if test $quiet = 0; then + echo "minitdir exe $name.pre" + fi echo "minitdir exe $name.pre" >> $result $shell $name.pre $args >> $result if test $? -ne 0; then @@ -139,7 +152,9 @@ if test -f $name.pre; then fi fi if test -f $name.test; then - echo "minitdir exe $name.test" + if test $quiet = 0; then + echo "minitdir exe $name.test" + fi echo "minitdir exe $name.test" >> $result $shell $name.test $args >>$result 2>&1 if test $? -ne 0; then @@ -149,12 +164,16 @@ if test -f $name.test; then else echo "$name: PASSED" >> $result echo "$name: PASSED" > ../.done-$name - echo "$name: PASSED" + if test $quiet = 0; then + echo "$name: PASSED" + fi success="yes" fi fi if test -f $name.post; then - echo "minitdir exe $name.post" + if test $quiet = 0; then + echo "minitdir exe $name.post" + fi echo "minitdir exe $name.post" >> $result $shell $name.post $args >> $result if test $? -ne 0; then diff --git a/testcode/petal.c b/testcode/petal.c index 123684aab52d..a1a37615518a 100644 --- a/testcode/petal.c +++ b/testcode/petal.c @@ -238,6 +238,9 @@ setup_ctx(char* key, char* cert) (void)SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2); #endif (void)SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3); +#ifdef HAVE_SSL_CTX_SET_SECURITY_LEVEL + SSL_CTX_set_security_level(ctx, 0); /* for keys in tests */ +#endif if(!SSL_CTX_use_certificate_chain_file(ctx, cert)) print_exit("cannot read cert"); if(!SSL_CTX_use_PrivateKey_file(ctx, key, SSL_FILETYPE_PEM)) diff --git a/testcode/readzone.c b/testcode/readzone.c new file mode 100644 index 000000000000..94511e5771f4 --- /dev/null +++ b/testcode/readzone.c @@ -0,0 +1,158 @@ +/* + * testcode/readzone.c - readzone tool reads zonefiles + * + * Copyright (c) 2021, NLnet Labs. All rights reserved. + * + * This software is open source. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * Neither the name of the NLNET LABS nor the names of its contributors may + * be used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ +/** + * \file + * Command to read and echo a zonefile. + */ + +#include "config.h" +#include +#include +#include +#include +#include + +#include +#include "sldns/str2wire.h" +#include "sldns/wire2str.h" + +int print_usage(FILE *out, const char *progname) +{ + fprintf(out, "usage: %s [ -u ] []\n", progname); + fprintf(out, "\t-u\tprint in unknown type (RFC3597) format\n"); + return out == stdout ? EXIT_SUCCESS : EXIT_FAILURE; +} + +int main(int argc, char *const *argv) +{ + char *progname = argv[0]; + uint8_t rr[LDNS_RR_BUF_SIZE]; + char *str = malloc(1024 * 1024); + size_t str_len = sizeof(str); + struct sldns_file_parse_state state; + FILE *in = NULL; + int s = -1; + int opt; + int print_in_unknown_type_format = 0; + + while ((opt = getopt(argc, argv, "hu")) != -1) { + switch (opt) { + case 'h': + free(str); + return print_usage(stdout, progname); + case 'u': + print_in_unknown_type_format = 1; + break; + default: + free(str); + return print_usage(stderr, progname); + } + } + argc -= optind; + argv += optind; + + memset(&state, 0, sizeof(state)); + state.default_ttl = 3600; + state.lineno = 1; + if (argc == 2) { + state.origin_len = sizeof(state.origin); + s = sldns_str2wire_dname_buf(argv[1], state.origin + , &state.origin_len); + if (s) { + fprintf(stderr, "Error parsing origin: %s\n" + , sldns_get_errorstr_parse(s)); + free(str); + return EXIT_FAILURE; + } + s = -1; + } + if (!str) + fprintf(stderr, "Memory allocation error: %s\n" + , strerror(errno)); + + else if (argc != 1 && argc != 2) { + free(str); + return print_usage(stderr, progname); + } + + else if (!(in = fopen(argv[0], "r"))) + fprintf(stderr, "Error opening \"%s\": %s\n" + , argv[0], strerror(errno)); + else while (!feof(in)) { + size_t rr_len = sizeof(rr), dname_len = 0; + size_t written; + + s = sldns_fp2wire_rr_buf(in, rr, &rr_len, &dname_len, &state); + if (s) { + fprintf( stderr, "parse error %d:%d: %s\n" + , state.lineno, LDNS_WIREPARSE_OFFSET(s) + , sldns_get_errorstr_parse(s)); + break; + } + if (rr_len == 0) + continue; + + if (print_in_unknown_type_format) + written = sldns_wire2str_rr_unknown_buf( + rr, rr_len, str, str_len); + else + written = sldns_wire2str_rr_buf( + rr, rr_len, str, str_len); + + if (written > str_len) { + while (written > str_len) + str_len *= 2; + free(str); + if (!(str = malloc(str_len))) { + fprintf(stderr, "Memory allocation error: %s\n" + , strerror(errno)); + s = -1; + break; + } + if (print_in_unknown_type_format) + (void) sldns_wire2str_rr_unknown_buf( + rr, rr_len, str, str_len); + else + (void) sldns_wire2str_rr_buf( + rr, rr_len, str, str_len); + } + fprintf(stdout, "%s", str); + } + if (in) + fclose(in); + free(str); + return !in || s ? EXIT_FAILURE : EXIT_SUCCESS; +} diff --git a/testcode/replay.c b/testcode/replay.c index 84ce50441b1e..2487c146f7a8 100644 --- a/testcode/replay.c +++ b/testcode/replay.c @@ -124,8 +124,7 @@ replay_range_delete(struct replay_range* rng) free(rng); } -/** strip whitespace from end of string */ -static void +void strip_end_white(char* p) { size_t i; @@ -227,7 +226,7 @@ read_file_content(FILE* in, int* lineno, struct replay_moment* mom) if(strncmp(line, "FILE_END", 8) == 0) { return; } - if(line[0]) line[strlen(line)-1] = 0; /* remove newline */ + strip_end_white(line); if(!cfg_strlist_insert(last, strdup(line))) fatal_exit("malloc failure"); last = &( (*last)->next ); @@ -249,7 +248,7 @@ read_assign_step(char* remain, struct replay_moment* mom) if(eq != '=') fatal_exit("no '=' in assign: %s", remain); remain += skip; - if(remain[0]) remain[strlen(remain)-1]=0; /* remove newline */ + strip_end_white(remain); mom->string = strdup(remain); if(!mom->variable || !mom->string) fatal_exit("out of memory"); @@ -318,8 +317,7 @@ replay_moment_read(char* remain, FILE* in, const char* name, mom->evt_type = repevt_autotrust_check; while(isspace((unsigned char)*remain)) remain++; - if(strlen(remain)>0 && remain[strlen(remain)-1]=='\n') - remain[strlen(remain)-1] = 0; + strip_end_white(remain); mom->autotrust_id = strdup(remain); if(!mom->autotrust_id) fatal_exit("out of memory"); read_file_content(in, &pstate->lineno, mom); @@ -327,8 +325,7 @@ replay_moment_read(char* remain, FILE* in, const char* name, mom->evt_type = repevt_tempfile_check; while(isspace((unsigned char)*remain)) remain++; - if(strlen(remain)>0 && remain[strlen(remain)-1]=='\n') - remain[strlen(remain)-1] = 0; + strip_end_white(remain); mom->autotrust_id = strdup(remain); if(!mom->autotrust_id) fatal_exit("out of memory"); read_file_content(in, &pstate->lineno, mom); @@ -359,8 +356,7 @@ replay_moment_read(char* remain, FILE* in, const char* name, m++; if(!extstrtoaddr(s, &mom->addr, &mom->addrlen)) fatal_exit("bad infra_rtt address %s", s); - if(strlen(m)>0 && m[strlen(m)-1]=='\n') - m[strlen(m)-1] = 0; + strip_end_white(m); mom->variable = strdup(remain); mom->string = strdup(m); if(!mom->string) fatal_exit("out of memory"); @@ -375,8 +371,7 @@ replay_moment_read(char* remain, FILE* in, const char* name, if(parse_keyword(&remain, "ADDRESS")) { while(isspace((unsigned char)*remain)) remain++; - if(strlen(remain) > 0) /* remove \n */ - remain[strlen(remain)-1] = 0; + strip_end_white(remain); if(!extstrtoaddr(remain, &mom->addr, &mom->addrlen)) { log_err("line %d: could not parse ADDRESS: %s", pstate->lineno, remain); @@ -693,7 +688,11 @@ do_macro_ctime(char* arg) return NULL; } ctime_r(&tt, buf); - if(buf[0]) buf[strlen(buf)-1]=0; /* remove trailing newline */ +#ifdef USE_WINSOCK + if(strlen(buf) > 10 && buf[7]==' ' && buf[8]=='0') + buf[8]=' '; /* fix error in windows ctime */ +#endif + strip_end_white(buf); return strdup(buf); } diff --git a/testcode/replay.h b/testcode/replay.h index 5132cdacbd47..0271dff0393b 100644 --- a/testcode/replay.h +++ b/testcode/replay.h @@ -425,6 +425,9 @@ int replay_var_compare(const void* a, const void* b); /** get oldest enabled fake timer */ struct fake_timer* replay_get_oldest_timer(struct replay_runtime* runtime); +/** strip whitespace from end of string */ +void strip_end_white(char* p); + /** * Create variable storage * @return new or NULL on failure. diff --git a/testcode/streamtcp.c b/testcode/streamtcp.c index ffdddbe9db48..2bd076ee5db2 100644 --- a/testcode/streamtcp.c +++ b/testcode/streamtcp.c @@ -397,11 +397,17 @@ send_em(const char* svr, int udp, int usessl, int noanswer, int onarrival, /** SIGPIPE handler */ static RETSIGTYPE sigh(int sig) { + char str[] = "Got unhandled signal \n"; if(sig == SIGPIPE) { - printf("got SIGPIPE, remote connection gone\n"); + char* strpipe = "got SIGPIPE, remote connection gone\n"; + /* simple cast to void will not silence Wunused-result */ + (void)!write(STDOUT_FILENO, strpipe, strlen(strpipe)); exit(1); } - printf("Got unhandled signal %d\n", sig); + str[21] = '0' + (sig/10)%10; + str[22] = '0' + sig%10; + /* simple cast to void will not silence Wunused-result */ + (void)!write(STDOUT_FILENO, str, strlen(str)); exit(1); } #endif /* SIGPIPE */ diff --git a/testcode/testbound.c b/testcode/testbound.c index 5e10779fcdea..c92900142870 100644 --- a/testcode/testbound.c +++ b/testcode/testbound.c @@ -168,7 +168,7 @@ spool_temp_file_name(int* lineno, FILE* cfg, char* id) id++; if(*id == '\0') fatal_exit("TEMPFILE_NAME must have id, line %d", *lineno); - id[strlen(id)-1]=0; /* remove newline */ + strip_end_white(id); fake_temp_file("_temp_", id, line, sizeof(line)); fprintf(cfg, "\"%s\"\n", line); } @@ -185,7 +185,7 @@ spool_temp_file(FILE* in, int* lineno, char* id) id++; if(*id == '\0') fatal_exit("TEMPFILE_CONTENTS must have id, line %d", *lineno); - id[strlen(id)-1]=0; /* remove newline */ + strip_end_white(id); fake_temp_file("_temp_", id, line, sizeof(line)); /* open file and spool to it */ spool = fopen(line, "w"); @@ -205,7 +205,7 @@ spool_temp_file(FILE* in, int* lineno, char* id) char* tid = parse+17; while(isspace((unsigned char)*tid)) tid++; - tid[strlen(tid)-1]=0; /* remove newline */ + strip_end_white(tid); fake_temp_file("_temp_", tid, l2, sizeof(l2)); snprintf(line, sizeof(line), "$INCLUDE %s\n", l2); } @@ -230,7 +230,7 @@ spool_auto_file(FILE* in, int* lineno, FILE* cfg, char* id) id++; if(*id == '\0') fatal_exit("AUTROTRUST_FILE must have id, line %d", *lineno); - id[strlen(id)-1]=0; /* remove newline */ + strip_end_white(id); fake_temp_file("_auto_", id, line, sizeof(line)); /* add option for the file */ fprintf(cfg, "server: auto-trust-anchor-file: \"%s\"\n", line); @@ -279,6 +279,7 @@ setup_config(FILE* in, int* lineno, int* pass_argc, char* pass_argv[]) fprintf(cfg, " username: \"\"\n"); fprintf(cfg, " pidfile: \"\"\n"); fprintf(cfg, " val-log-level: 2\n"); + fprintf(cfg, " log-servfail: yes\n"); fprintf(cfg, "remote-control: control-enable: no\n"); while(fgets(line, MAX_LINE_LEN-1, in)) { parse = line; diff --git a/testcode/unitauth.c b/testcode/unitauth.c index 4b3410c9ef7c..d193526b8c28 100644 --- a/testcode/unitauth.c +++ b/testcode/unitauth.c @@ -468,8 +468,13 @@ tmpfilecleanup(void) int i; char buf[256]; for(i=0; iid = id; - w->outnet = outnet; - w->next_waiting = (void*)reuse->pending; - reuse_tree_by_id_insert(reuse, w); - } -} - -/** fill up the reuse ID tree and test assertions */ -static void tcpid_fillup(struct reuse_tcp* reuse, - struct outside_network* outnet) -{ - int t, numtest=3; - for(t=0; ttree_by_id, reuse_id_cmp); - tcpid_addmore(reuse, outnet, 65535); - reuse_del_readwait(&reuse->tree_by_id); - } -} - -/** test TCP ID selection */ -static void tcpid_test(void) -{ - struct pending_tcp pend; - struct outside_network outnet; - unit_show_func("services/outside_network.c", "reuse_tcp_select_id"); - memset(&pend, 0, sizeof(pend)); - pend.reuse.pending = &pend; - memset(&outnet, 0, sizeof(outnet)); - outnet.rnd = ub_initstate(NULL); - rbtree_init(&pend.reuse.tree_by_id, reuse_id_cmp); - tcpid_fillup(&pend.reuse, &outnet); - ub_randfree(outnet.rnd); -} - void unit_show_func(const char* file, const char* func) { printf("test %s:%s\n", file, func); @@ -952,8 +906,9 @@ main(int argc, char* argv[]) slabhash_test(); infra_test(); ldns_test(); + zonemd_test(); + tcpreuse_test(); msgparse_test(); - tcpid_test(); #ifdef CLIENT_SUBNET ecs_test(); #endif /* CLIENT_SUBNET */ diff --git a/testcode/unitmain.h b/testcode/unitmain.h index e5c6109a2aae..adcd74f77b52 100644 --- a/testcode/unitmain.h +++ b/testcode/unitmain.h @@ -80,5 +80,9 @@ void ecs_test(void); void ldns_test(void); /** unit test for auth zone functions */ void authzone_test(void); +/** unit test for zonemd functions */ +void zonemd_test(void); +/** unit test for tcp_reuse functions */ +void tcpreuse_test(void); #endif /* TESTCODE_UNITMAIN_H */ diff --git a/testcode/unittcpreuse.c b/testcode/unittcpreuse.c new file mode 100644 index 000000000000..087c6c1b9d50 --- /dev/null +++ b/testcode/unittcpreuse.c @@ -0,0 +1,236 @@ +/* + * testcode/unittcpreuse.c - unit test for tcp_reuse. + * + * Copyright (c) 2021, NLnet Labs. All rights reserved. + * + * This software is open source. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * Neither the name of the NLNET LABS nor the names of its contributors may + * be used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ +/** + * \file + * Tests the tcp_reuse functionality. + */ + +#include "config.h" +#include "testcode/unitmain.h" +#include "util/log.h" +#include "util/random.h" +#include "services/outside_network.h" + +/** add number of new IDs to the reuse tree, randomly chosen */ +static void tcpid_addmore(struct reuse_tcp* reuse, + struct outside_network* outnet, unsigned int addnum) +{ + unsigned int i; + struct waiting_tcp* w; + for(i=0; iid = id; + w->outnet = outnet; + w->next_waiting = (void*)reuse->pending; + reuse_tree_by_id_insert(reuse, w); + } +} + +/** fill up the reuse ID tree and test assertions */ +static void tcpid_fillup(struct reuse_tcp* reuse, + struct outside_network* outnet) +{ + int t, numtest=3; + for(t=0; ttree_by_id, reuse_id_cmp); + tcpid_addmore(reuse, outnet, 65535); + reuse_del_readwait(&reuse->tree_by_id); + } +} + +/** test TCP ID selection */ +static void tcpid_test(void) +{ + struct pending_tcp pend; + struct outside_network outnet; + unit_show_func("services/outside_network.c", "reuse_tcp_select_id"); + memset(&pend, 0, sizeof(pend)); + pend.reuse.pending = &pend; + memset(&outnet, 0, sizeof(outnet)); + outnet.rnd = ub_initstate(NULL); + rbtree_init(&pend.reuse.tree_by_id, reuse_id_cmp); + tcpid_fillup(&pend.reuse, &outnet); + ub_randfree(outnet.rnd); +} + +/** check that the tree has present number of nodes and the LRU is linked + * properly. */ +static void check_tree_and_list(struct outside_network* outnet, int present) +{ + int i; + struct reuse_tcp *reuse, *next_reuse; + unit_assert(present == (int)outnet->tcp_reuse.count); + if(present < 1) { + unit_assert(outnet->tcp_reuse_first == NULL); + unit_assert(outnet->tcp_reuse_last == NULL); + return; + } + unit_assert(outnet->tcp_reuse_first->item_on_lru_list); + unit_assert(!outnet->tcp_reuse_first->lru_prev); + reuse = outnet->tcp_reuse_first; + for(i=0; iitem_on_lru_list); + unit_assert(reuse->lru_next); + unit_assert(reuse->lru_next != reuse); + next_reuse = reuse->lru_next; + unit_assert(next_reuse->lru_prev == reuse); + reuse = next_reuse; + } + unit_assert(!reuse->lru_next); + unit_assert(outnet->tcp_reuse_last->item_on_lru_list); + unit_assert(outnet->tcp_reuse_last == reuse); +} + +/** creates pending_tcp. Copy of outside_network.c:create_pending_tcp without + * the comm_point creation */ +static int create_pending_tcp(struct outside_network* outnet) +{ + size_t i; + if(outnet->num_tcp == 0) + return 1; /* no tcp needed, nothing to do */ + if(!(outnet->tcp_conns = (struct pending_tcp **)calloc( + outnet->num_tcp, sizeof(struct pending_tcp*)))) + return 0; + for(i=0; inum_tcp; i++) { + if(!(outnet->tcp_conns[i] = (struct pending_tcp*)calloc(1, + sizeof(struct pending_tcp)))) + return 0; + outnet->tcp_conns[i]->next_free = outnet->tcp_free; + outnet->tcp_free = outnet->tcp_conns[i]; + } + return 1; +} + +/** empty the tcp_reuse tree and LRU list */ +static void empty_tree(struct outside_network* outnet) +{ + size_t i; + struct reuse_tcp* reuse; + reuse = outnet->tcp_reuse_first; + i = outnet->tcp_reuse.count; + while(reuse) { + reuse_tcp_remove_tree_list(outnet, reuse); + check_tree_and_list(outnet, --i); + reuse = outnet->tcp_reuse_first; + } +} + +/** check removal of the LRU element on the given position of total elements */ +static void check_removal(struct outside_network* outnet, int position, int total) +{ + int i; + struct reuse_tcp* reuse; + empty_tree(outnet); + for(i=0; itcp_conns[i]); + } + check_tree_and_list(outnet, total); + reuse = outnet->tcp_reuse_first; + for(i=0; ilru_next; + reuse_tcp_remove_tree_list(outnet, reuse); + check_tree_and_list(outnet, total-1); +} + +/** check snipping off the last element of the LRU with total elements */ +static void check_snip(struct outside_network* outnet, int total) +{ + int i; + struct reuse_tcp* reuse; + empty_tree(outnet); + for(i=0; itcp_conns[i]); + } + check_tree_and_list(outnet, total); + reuse = reuse_tcp_lru_snip(outnet); + while(reuse) { + reuse_tcp_remove_tree_list(outnet, reuse); + check_tree_and_list(outnet, --total); + reuse = reuse_tcp_lru_snip(outnet); + } + unit_assert(outnet->tcp_reuse_first == NULL); + unit_assert(outnet->tcp_reuse_last == NULL); + unit_assert(outnet->tcp_reuse.count == 0); +} + +/** test tcp_reuse tree and LRU list functions */ +static void tcp_reuse_tree_list_test(void) +{ + size_t i; + struct outside_network outnet; + struct reuse_tcp* reuse; + memset(&outnet, 0, sizeof(outnet)); + rbtree_init(&outnet.tcp_reuse, reuse_cmp); + outnet.num_tcp = 5; + outnet.tcp_reuse_max = outnet.num_tcp; + if(!create_pending_tcp(&outnet)) fatal_exit("out of memory"); + /* add all to the tree */ + unit_show_func("services/outside_network.c", "reuse_tcp_insert"); + for(i=0; ilru_next; reuse = reuse->lru_next); + reuse_tcp_lru_touch(&outnet, reuse); + check_tree_and_list(&outnet, outnet.num_tcp); + } + /* check removal */ + unit_show_func("services/outside_network.c", "reuse_tcp_remove_tree_list"); + check_removal(&outnet, 2, 5); + check_removal(&outnet, 1, 3); + check_removal(&outnet, 1, 2); + /* check snip */ + unit_show_func("services/outside_network.c", "reuse_tcp_lru_snip"); + check_snip(&outnet, 4); + + for(i=0; i +#include "util/log.h" +#include "testcode/unitmain.h" +#include "sldns/str2wire.h" +#include "services/authzone.h" +#include "util/data/dname.h" +#include "util/regional.h" +#include "validator/val_anchor.h" + +#define xstr(s) str(s) +#define str(s) #s +#define SRCDIRSTR xstr(SRCDIR) + +/** Add zone from file for testing */ +struct auth_zone* authtest_addzone(struct auth_zones* az, const char* name, + char* fname); + +/** zonemd unit test, generate a zonemd digest and check if correct */ +static void zonemd_generate_test(const char* zname, char* zfile, + int scheme, int hashalgo, const char* digest) +{ + uint8_t zonemd_hash[512]; + size_t hashlen = 0; + char output[1024+1]; + size_t i; + struct auth_zones* az; + struct auth_zone* z; + int result; + struct regional* region = NULL; + struct sldns_buffer* buf = NULL; + char* reason = NULL; + char* digestdup; + + if(!zonemd_hashalgo_supported(hashalgo)) + return; /* cannot test unsupported algo */ + + /* setup environment */ + az = auth_zones_create(); + unit_assert(az); + region = regional_create(); + unit_assert(region); + buf = sldns_buffer_new(65535); + unit_assert(buf); + + /* read file */ + z = authtest_addzone(az, zname, zfile); + unit_assert(z); + lock_rw_wrlock(&z->lock); + z->zonemd_check = 1; + lock_rw_unlock(&z->lock); + + /* create zonemd digest */ + result = auth_zone_generate_zonemd_hash(z, scheme, hashalgo, + zonemd_hash, sizeof(zonemd_hash), &hashlen, region, buf, + &reason); + if(reason) printf("zonemd failure reason: %s\n", reason); + unit_assert(result); + + /* check digest */ + unit_assert(hashlen*2+1 <= sizeof(output)); + for(i=0; i>4]; + output[i*2+1] = hexl[zonemd_hash[i]&0xf]; + } + output[hashlen*2] = 0; + digestdup = strdup(digest); + unit_assert(digestdup); + for(i=0; i= VERB_ALGO) { + char zname[255+1]; + dname_str(z->name, zname); + printf("zonemd generated for %s in %s with " + "scheme=%d hashalgo=%d\n", zname, z->zonefile, + scheme, hashalgo); + printf("digest %s\n", output); + printf("wanted %s\n", digestdup); + } + unit_assert(strcmp(output, digestdup) == 0); + + /* delete environment */ + free(digestdup); + auth_zones_delete(az); + regional_destroy(region); + sldns_buffer_free(buf); + + if(verbosity >= VERB_ALGO) { + printf("\n"); + } +} + +/** loop over files and test generated zonemd digest */ +static void zonemd_generate_tests(void) +{ + unit_show_func("services/authzone.c", "auth_zone_generate_zonemd_hash"); + zonemd_generate_test("example.org", SRCDIRSTR "/testdata/zonemd.example1.zone", + 1, 2, "20564D10F50A0CEBEC856C64032B7DFB53D3C449A421A5BC7A21F7627B4ACEA4DF29F2C6FE82ED9C23ADF6F4D420D5DD63EF6E6349D60FDAB910B65DF8D481B7"); + + /* https://tools.ietf.org/html/draft-ietf-dnsop-dns-zone-digest-12 + * from section A.1 */ + zonemd_generate_test("example", SRCDIRSTR "/testdata/zonemd.example_a1.zone", + 1, 1, "c68090d90a7aed716bc459f9340e3d7c1370d4d24b7e2fc3a1ddc0b9a87153b9a9713b3c9ae5cc27777f98b8e730044c"); + + /* https://tools.ietf.org/html/draft-ietf-dnsop-dns-zone-digest-12 + * from section A.2 */ + zonemd_generate_test("example", SRCDIRSTR "/testdata/zonemd.example_a2.zone", + 1, 1, "31cefb03814f5062ad12fa951ba0ef5f8da6ae354a415767246f7dc932ceb1e742a2108f529db6a33a11c01493de358d"); + + /* https://tools.ietf.org/html/draft-ietf-dnsop-dns-zone-digest-12 + * from section A.3 SHA384 digest */ + zonemd_generate_test("example", SRCDIRSTR "/testdata/zonemd.example_a3.zone", + 1, 1, "62e6cf51b02e54b9b5f967d547ce43136792901f9f88e637493daaf401c92c279dd10f0edb1c56f8080211f8480ee306"); + + /* https://tools.ietf.org/html/draft-ietf-dnsop-dns-zone-digest-12 + * from section A.3 SHA512 digest*/ + zonemd_generate_test("example", SRCDIRSTR "/testdata/zonemd.example_a3.zone", + 1, 2, "08cfa1115c7b948c4163a901270395ea226a930cd2cbcf2fa9a5e6eb85f37c8a4e114d884e66f176eab121cb02db7d652e0cc4827e7a3204f166b47e5613fd27"); + + /* https://tools.ietf.org/html/draft-ietf-dnsop-dns-zone-digest-12 + * from section A.4 */ + zonemd_generate_test("uri.arpa", SRCDIRSTR "/testdata/zonemd.example_a4.zone", + 1, 1, "1291b78ddf7669b1a39d014d87626b709b55774c5d7d58fadc556439889a10eaf6f11d615900a4f996bd46279514e473"); + + /* https://tools.ietf.org/html/draft-ietf-dnsop-dns-zone-digest-12 + * from section A.5 */ + zonemd_generate_test("root-servers.net", SRCDIRSTR "/testdata/zonemd.example_a5.zone", + 1, 1, "f1ca0ccd91bd5573d9f431c00ee0101b2545c97602be0a978a3b11dbfc1c776d5b3e86ae3d973d6b5349ba7f04340f79"); +} + +/** test the zonemd check routine */ +static void zonemd_check_test(void) +{ + const char* zname = "example.org"; + char* zfile = SRCDIRSTR "/testdata/zonemd.example1.zone"; + int scheme = 1; + int hashalgo = 2; + const char* digest = "20564D10F50A0CEBEC856C64032B7DFB53D3C449A421A5BC7A21F7627B4ACEA4DF29F2C6FE82ED9C23ADF6F4D420D5DD63EF6E6349D60FDAB910B65DF8D481B7"; + const char* digestwrong = "20564D10F50A0CEBEC856C64032B7DFB53D3C449A421A5BC7A21F7627B4ACEA4DF29F2C6FE82ED9C23ADF6F4D420D5DD63EF6E6349D60FDAB910B65DF8D48100"; + uint8_t hash[512], hashwrong[512]; + size_t hashlen = 0, hashwronglen = 0; + struct auth_zones* az; + struct auth_zone* z; + int result; + struct regional* region = NULL; + struct sldns_buffer* buf = NULL; + char* reason = NULL; + + if(!zonemd_hashalgo_supported(hashalgo)) + return; /* cannot test unsupported algo */ + unit_show_func("services/authzone.c", "auth_zone_generate_zonemd_check"); + + /* setup environment */ + az = auth_zones_create(); + unit_assert(az); + region = regional_create(); + unit_assert(region); + buf = sldns_buffer_new(65535); + unit_assert(buf); + + /* read file */ + z = authtest_addzone(az, zname, zfile); + unit_assert(z); + lock_rw_wrlock(&z->lock); + z->zonemd_check = 1; + lock_rw_unlock(&z->lock); + hashlen = sizeof(hash); + if(sldns_str2wire_hex_buf(digest, hash, &hashlen) != 0) { + unit_assert(0); /* parse failure */ + } + hashwronglen = sizeof(hashwrong); + if(sldns_str2wire_hex_buf(digestwrong, hashwrong, &hashwronglen) != 0) { + unit_assert(0); /* parse failure */ + } + + /* check return values of the check routine */ + result = auth_zone_generate_zonemd_check(z, scheme, hashalgo, + hash, hashlen, region, buf, &reason); + unit_assert(result && reason == NULL); + result = auth_zone_generate_zonemd_check(z, 241, hashalgo, + hash, hashlen, region, buf, &reason); + unit_assert(!result && strcmp(reason, "unsupported scheme")==0); + result = auth_zone_generate_zonemd_check(z, scheme, 242, + hash, hashlen, region, buf, &reason); + unit_assert(!result && strcmp(reason, "unsupported algorithm")==0); + result = auth_zone_generate_zonemd_check(z, scheme, hashalgo, + hash, 2, region, buf, &reason); + unit_assert(!result && strcmp(reason, "digest length too small, less than 12")==0); + result = auth_zone_generate_zonemd_check(z, scheme, hashalgo, + hashwrong, hashwronglen, region, buf, &reason); + unit_assert(!result && strcmp(reason, "incorrect digest")==0); + result = auth_zone_generate_zonemd_check(z, scheme, hashalgo, + hashwrong, hashwronglen-3, region, buf, &reason); + unit_assert(!result && strcmp(reason, "incorrect digest length")==0); + + /* delete environment */ + auth_zones_delete(az); + regional_destroy(region); + sldns_buffer_free(buf); + + if(verbosity >= VERB_ALGO) { + printf("\n"); + } +} + +/** zonemd test verify */ +static void zonemd_verify_test(char* zname, char* zfile, char* tastr, + char* date_override, char* result_wanted) +{ + time_t now = 0; + struct module_stack mods; + struct module_env env; + char* result = NULL; + struct auth_zone* z; + + /* setup test harness */ + memset(&mods, 0, sizeof(mods)); + memset(&env, 0, sizeof(env)); + env.scratch = regional_create(); + if(!env.scratch) + fatal_exit("out of memory"); + env.scratch_buffer = sldns_buffer_new(65553); + if(!env.scratch_buffer) + fatal_exit("out of memory"); + env.cfg = config_create(); + if(!env.cfg) + fatal_exit("out of memory"); + env.now = &now; + env.cfg->val_date_override = cfg_convert_timeval(date_override); + if(!env.cfg->val_date_override) + fatal_exit("could not parse datetime %s", date_override); + if(env.cfg->module_conf) + free(env.cfg->module_conf); + env.cfg->module_conf = strdup("validator iterator"); + if(!env.cfg->module_conf) + fatal_exit("out of memory"); + if(tastr) { + if(!cfg_strlist_insert(&env.cfg->trust_anchor_list, + strdup(tastr))) + fatal_exit("out of memory"); + } + env.anchors = anchors_create(); + if(!env.anchors) + fatal_exit("out of memory"); + env.auth_zones = auth_zones_create(); + if(!env.auth_zones) + fatal_exit("out of memory"); + modstack_init(&mods); + if(!modstack_setup(&mods, env.cfg->module_conf, &env)) + fatal_exit("could not modstack_setup"); + env.mesh = mesh_create(&mods, &env); + if(!env.mesh) + fatal_exit("out of memory"); + + /* load data */ + z = authtest_addzone(env.auth_zones, zname, zfile); + if(!z) + fatal_exit("could not addzone %s %s", zname, zfile); + + /* test */ + lock_rw_wrlock(&z->lock); + z->zonemd_check = 1; + auth_zone_verify_zonemd(z, &env, &mods, &result, 1, 0); + lock_rw_unlock(&z->lock); + if(verbosity >= VERB_ALGO) { + printf("auth zone %s: ZONEMD verification %s: %s\n", zname, + (strcmp(result, "ZONEMD verification successful")==0?"successful":"failed"), + result); + } + if(!result) + fatal_exit("out of memory"); + unit_assert(strcmp(result, result_wanted) == 0); + if(strcmp(result, "ZONEMD verification successful") == 0 || + strcmp(result, "DNSSEC verified nonexistence of ZONEMD") == 0 || + strcmp(result, "no ZONEMD present") == 0) { + lock_rw_rdlock(&z->lock); + unit_assert(!z->zone_expired); + lock_rw_unlock(&z->lock); + } else { + lock_rw_rdlock(&z->lock); + unit_assert(z->zone_expired); + lock_rw_unlock(&z->lock); + } + free(result); + + /* desetup test harness */ + mesh_delete(env.mesh); + modstack_desetup(&mods, &env); + auth_zones_delete(env.auth_zones); + anchors_delete(env.anchors); + config_delete(env.cfg); + regional_destroy(env.scratch); + sldns_buffer_free(env.scratch_buffer); + + if(verbosity >= VERB_ALGO) { + printf("\n"); + } +} + +/** zonemd test verify suite */ +static void zonemd_verify_tests(void) +{ + unit_show_func("services/authzone.c", "auth_zone_verify_zonemd"); + /* give trustanchor for unsigned zone, should fail */ + zonemd_verify_test("example.org", + SRCDIRSTR "/testdata/zonemd.example1.zone", + "example.org. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af", + "20180302005009", + "verify DNSKEY RRset with trust anchor failed: have trust anchor, but zone has no DNSKEY"); + /* unsigned zone without ZONEMD in it */ + zonemd_verify_test("example.org", + SRCDIRSTR "/testdata/zonemd.example1.zone", + NULL, + "20180302005009", + "no ZONEMD present"); + /* no trust anchor, so it succeeds for zone with a correct ZONEMD */ + zonemd_verify_test("example.com", + SRCDIRSTR "/testdata/zonemd.example2.zone", + NULL, + "20180302005009", + "ZONEMD verification successful"); + /* trust anchor for another zone, so it is indeterminate */ + zonemd_verify_test("example.com", + SRCDIRSTR "/testdata/zonemd.example2.zone", + "example.org. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af", + "20180302005009", + "ZONEMD verification successful"); + + /* load a DNSSEC signed zone, but no trust anchor */ + /* this zonefile has an incorrect ZONEMD digest, with correct + * DNSSEC signature. */ + zonemd_verify_test("example.com", + SRCDIRSTR "/testdata/zonemd.example3.zone", + NULL, + "20180302005009", + "incorrect digest"); + /* load a DNSSEC zone with NSEC3, but no trust anchor */ + /* this zonefile has an incorrect ZONEMD digest, with correct + * DNSSEC signature. */ + zonemd_verify_test("example.com", + SRCDIRSTR "/testdata/zonemd.example4.zone", + NULL, + "20180302005009", + "incorrect digest"); + /* valid zonemd, in dnssec signed zone, no trust anchor*/ + /* this zonefile has a correct ZONEMD digest and + * correct DNSSEC signature */ + zonemd_verify_test("example.com", + SRCDIRSTR "/testdata/zonemd.example5.zone", + NULL, + "20180302005009", + "ZONEMD verification successful"); + /* valid zonemd, in dnssec NSEC3 zone, no trust anchor*/ + zonemd_verify_test("example.com", + SRCDIRSTR "/testdata/zonemd.example6.zone", + NULL, + "20180302005009", + "ZONEMD verification successful"); + + /* load a DNSSEC signed zone with a trust anchor, valid ZONEMD */ + zonemd_verify_test("example.com", + SRCDIRSTR "/testdata/zonemd.example5.zone", + "example.com. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af", + "20201020135527", + "ZONEMD verification successful"); + /* load a DNSSEC NSEC3 signed zone with a trust anchor, valid ZONEMD */ + zonemd_verify_test("example.com", + SRCDIRSTR "/testdata/zonemd.example6.zone", + "example.com. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af", + "20201020135527", + "ZONEMD verification successful"); + + /* load a DNSSEC NSEC zone without ZONEMD */ + zonemd_verify_test("example.com", + SRCDIRSTR "/testdata/zonemd.example7.zone", + "example.com. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af", + "20201020135527", + "DNSSEC verified nonexistence of ZONEMD"); + /* load a DNSSEC NSEC3 zone without ZONEMD */ + zonemd_verify_test("example.com", + SRCDIRSTR "/testdata/zonemd.example8.zone", + "example.com. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af", + "20201020135527", + "DNSSEC verified nonexistence of ZONEMD"); + + /* load DNSSEC zone but RRSIG on ZONEMD is wrong */ + zonemd_verify_test("example.com", + SRCDIRSTR "/testdata/zonemd.example9.zone", + "example.com. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af", + "20201020135527", +#ifdef HAVE_SSL + "DNSSEC verify failed for ZONEMD RRset: signature crypto failed" +#else /* HAVE_NETTLE */ + "DNSSEC verify failed for ZONEMD RRset: RSA signature verification failed" +#endif + ); + /* load DNSSEC zone but RRSIG on SOA is wrong */ + zonemd_verify_test("example.com", + SRCDIRSTR "/testdata/zonemd.example10.zone", + "example.com. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af", + "20201020135527", +#ifdef HAVE_SSL + "DNSSEC verify failed for SOA RRset: signature crypto failed" +#else /* HAVE_NETTLE */ + "DNSSEC verify failed for SOA RRset: RSA signature verification failed" +#endif + ); + + /* load DNSSEC zone without ZONEMD, but NSEC bitmap says it exists */ + zonemd_verify_test("example.com", + SRCDIRSTR "/testdata/zonemd.example11.zone", + "example.com. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af", + "20201020135527", + "DNSSEC NSEC bitmap says type ZONEMD exists"); + /* load DNSSEC zone without ZONEMD, but NSEC3 bitmap says it exists */ + zonemd_verify_test("example.com", + SRCDIRSTR "/testdata/zonemd.example12.zone", + "example.com. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af", + "20201020135527", + "DNSSEC NSEC3 bitmap says type ZONEMD exists"); + + /* load DNSSEC zone without ZONEMD, but RRSIG on NSEC not okay */ + zonemd_verify_test("example.com", + SRCDIRSTR "/testdata/zonemd.example13.zone", + "example.com. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af", + "20201020135527", +#ifdef HAVE_SSL + "DNSSEC verify failed for NSEC RRset: signature crypto failed" +#else /* HAVE_NETTLE */ + "DNSSEC verify failed for NSEC RRset: RSA signature verification failed" +#endif + ); + /* load DNSSEC zone without ZONEMD, but RRSIG on NSEC3 not okay */ + zonemd_verify_test("example.com", + SRCDIRSTR "/testdata/zonemd.example14.zone", + "example.com. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af", + "20201020135527", +#ifdef HAVE_SSL + "DNSSEC verify failed for NSEC3 RRset: signature crypto failed" +#else /* HAVE_NETTLE */ + "DNSSEC verify failed for NSEC3 RRset: RSA signature verification failed" +#endif + ); + + /* load DNSSEC zone, with ZONEMD, but DNSKEY RRSIG is not okay. */ + zonemd_verify_test("example.com", + SRCDIRSTR "/testdata/zonemd.example15.zone", + "example.com. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af", + "20201020135527", +#ifdef HAVE_SSL + "verify DNSKEY RRset with trust anchor failed: signature crypto failed" +#else /* HAVE_NETTLE */ + "verify DNSKEY RRset with trust anchor failed: RSA signature verification failed" +#endif + ); + /* load DNSSEC zone, but trust anchor mismatches DNSKEY */ + zonemd_verify_test("example.com", + SRCDIRSTR "/testdata/zonemd.example5.zone", + /* okay anchor is + "example.com. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af", */ + "example.com. IN DS 55566 8 2 0000000000111111222223333444444dfcf92595148022f2c2fd98e5deee90af", + "20201020135527", + "verify DNSKEY RRset with trust anchor failed: DS hash mismatches key"); + /* load DNSSEC zone, but trust anchor fails because the zone + * has expired signatures. We set the date for it */ + zonemd_verify_test("example.com", + SRCDIRSTR "/testdata/zonemd.example5.zone", + "example.com. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af", + /* okay date: "20201020135527", */ + "20221020135527", + "verify DNSKEY RRset with trust anchor failed: signature expired"); + + /* duplicate zonemd with same scheme and algorithm */ + zonemd_verify_test("example.com", + SRCDIRSTR "/testdata/zonemd.example16.zone", + NULL, + "20180302005009", + "ZONEMD RRSet contains more than one RR with the same scheme and hash algorithm"); + /* different capitalisation of ns name and owner names, should + * be canonicalized. */ + zonemd_verify_test("example.com", + SRCDIRSTR "/testdata/zonemd.example17.zone", + NULL, + "20180302005009", + "ZONEMD verification successful"); +} + +/** zonemd unit tests */ +void zonemd_test(void) +{ + unit_show_feature("zonemd"); + zonemd_generate_tests(); + zonemd_check_test(); + zonemd_verify_tests(); +} diff --git a/testdata/auth_zonefile_dnssec.rpl b/testdata/auth_zonefile_dnssec.rpl index eb264ee8bbb2..f58c5230058b 100644 --- a/testdata/auth_zonefile_dnssec.rpl +++ b/testdata/auth_zonefile_dnssec.rpl @@ -5,6 +5,7 @@ server: target-fetch-policy: "0 0 0 0 0" fake-sha1: yes trust-anchor-signaling: no + zonemd-permissive-mode: yes auth-zone: name: "example.com." diff --git a/testdata/auth_zonefile_down.rpl b/testdata/auth_zonefile_down.rpl index 9c5ecbb1c8ba..870ba940140d 100644 --- a/testdata/auth_zonefile_down.rpl +++ b/testdata/auth_zonefile_down.rpl @@ -7,6 +7,7 @@ server: qname-minimisation: "no" trust-anchor-signaling: no aggressive-nsec: yes + zonemd-permissive-mode: yes auth-zone: name: "example.com." diff --git a/testdata/auth_zonemd_anchor.rpl b/testdata/auth_zonemd_anchor.rpl new file mode 100644 index 000000000000..c443f7d43f10 --- /dev/null +++ b/testdata/auth_zonemd_anchor.rpl @@ -0,0 +1,234 @@ +; config options +server: + target-fetch-policy: "0 0 0 0 0" + trust-anchor: "example.com. DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af" + trust-anchor-signaling: no + val-override-date: 20201020135527 + +auth-zone: + name: "example.com." + ## zonefile (or none). + ## zonefile: "example.com.zone" + ## master by IP address or hostname + ## can list multiple masters, each on one line. + ## master: + ## url for http fetch + ## url: + ## queries from downstream clients get authoritative answers. + ## for-downstream: yes + for-downstream: no + ## queries are used to fetch authoritative answers from this zone, + ## instead of unbound itself sending queries there. + ## for-upstream: yes + for-upstream: yes + ## on failures with for-upstream, fallback to sending queries to + ## the authority servers + ## fallback-enabled: no + zonemd-check: yes + + ## this line generates zonefile: \n"/tmp/xxx.example.com"\n + zonefile: +TEMPFILE_NAME example.com + ## this is the inline file /tmp/xxx.example.com + ## the tempfiles are deleted when the testrun is over. +TEMPFILE_CONTENTS example.com +example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 +example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM= +example.com. 3600 IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg= +example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b} +example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA= +example.com. 3600 IN TYPE63 \# 70 0bee1bc6010258f7620f93204bbb31b44f795b3409cc4abd9ef5601decc15675bd7751213152984eddce0626e6062e744b03b3e47711202fbb79e4a2eb8bc5cf46741b5cae6f +example.com. 3600 IN RRSIG TYPE63 8 2 3600 20201116135527 20201019135527 55566 example.com. orn8ZF/yqj9u4WrhiO6gtEcTaVsnZSWWZLfXhcIOiWSB8kKCxtZl5cG17dD3Du1NllUwMRqkp0KleLhIoUS9xeQ/0x05u+CYLrfQ62oAiD7q54ZQzpXJIH52aQzKV70ZnO03CZowhQBnetmIoKX6xLogKo8pt+BdQbo3oVHxV8Y= +example.com. 3600 IN NSEC bar.example.com. NS SOA RRSIG NSEC DNSKEY TYPE63 +example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ufLrlOQprAqjnH85Rt3T0Mxd3ZB0mBeeNIr84eFJ8Rk6WiWEPm0Y1R7GRufNI24Mj7iqLcL4nJM6KK6B7dJqjqu73jw1acuYNnbsoV2BNDRXRFP2FNWTpctVdi+955f3FzgsmEJXfGiSUG0YXAEcZmdCPCn5ii2jk8mk7r6KKYo= +bar.example.com. 3600 IN A 1.2.3.4 +bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds= +bar.example.com. 3600 IN NSEC ding.example.com. A RRSIG NSEC +bar.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. VhsGuBx20DXQZNU8ITAMnasn6NVyEjN9xtB8msH5xJn80UCuaqvFBURzcPWN3aHnykEvGfdPF/9P3WvlON0cMikWkqSLy6Q9bpvgAq13HWYh+ZcDoqLtICaB7RkBQc+6aHAqZFyQbD8/m8Kxt5eVJtV6rEuf+yPX0+3aXHhsRg0= +ding.example.com. 3600 IN A 1.2.3.4 +ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko= +ding.example.com. 3600 IN NSEC foo.example.com. A RRSIG NSEC +ding.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. nb1W2aaKrU5iAQiY8gMsoMOejID19JMTEwY2rRoe+KsvzMs0rE0ifEkqit4blXaU0tfy0foJ70uqdJFqBoGz1NcSwZ6GNk/iNfGvG3XpxZ/zqEe7kkIucqqei794G7z9psqV94yZ3WaT+IswPpWrSaWv1w41RtcWufPhe4fOAmU= +foo.example.com. 3600 IN A 1.2.3.4 +foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA= +foo.example.com. 3600 IN NSEC ns.example.com. A RRSIG NSEC +foo.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. fUZEpkEULRWDntN5Z7Kr8M83Hjhf08ECMKRpo6IBoBc3ayenj+YMgWAvFXC825wjENPYYWNGag0d32U83zCZxqgv+8uXZd3B7QDpTbL41aWZdc++s5YWTkYjyOWwJ1XHOv4nL3qEnJBXVzo/E1gbSKhTFuG97i+7J1MFd9MsC5s= +ns.example.com. 3600 IN A 127.0.0.1 +ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg= +ns.example.com. 3600 IN NSEC www.example.com. A RRSIG NSEC +ns.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. 0upKNYjiow4NDJm3I1RbUddE9GGuFYEVKswww5BAc/6WHuukupncL30lskvcSKGpByDssP2Hi2CufyEtYeGWh6q1TxtOFRqFBX1p6Q5b3tBlCtvv4h31dQR9uqLvq+GkGS5MR+0LO5kWagIpZmnI8YY5plVdXEtNbp2Ar8zvz/A= +www.example.com. 3600 IN A 127.0.0.1 +www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ= +www.example.com. 3600 IN NSEC example.com. A RRSIG NSEC +www.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. meg/t6nIBqQZ0d5/dT7uu/3CuP4vE+HxqFQaj2fjUNceA/6C7QIQnqQ5Kyblg+XijDkQX0yvyFNHYdgF16UDgFT7tlNUCHk1SpF5BWzV4c4tBEhxASTz7UQo111O3Tyd6CldPzO/Se15Ud0/ZYltHEqWTfY5nJoXC/OJD9V2QOI= +TEMPFILE_END + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test authority zone with ZONEMD from zonefile with trust anchor + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qname qtype +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.com. IN DS +SECTION ANSWER +example.com. 3600 IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af +example.com. 3600 IN RRSIG DS 8 2 3600 20201116135527 20201019135527 1444 com. BpV1M171SSkbdlGawwweJwQ0W+aNaCrgkt2QTsxCvbo1acR5i3AKm4REOUzo4I36lRx26mYkF9Topkeu0aFmov7P2uUhCxk4faFK7k87k97FAqZaDGp/K9b3YCfiwJBc5pJSUW0ndU/Ve5zAh/wL493RMSC7LwJr5JjV0NxydFk= +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af +example.com. 3600 IN RRSIG DS 8 2 3600 20201116135527 20201019135527 1444 com. BpV1M171SSkbdlGawwweJwQ0W+aNaCrgkt2QTsxCvbo1acR5i3AKm4REOUzo4I36lRx26mYkF9Topkeu0aFmov7P2uUhCxk4faFK7k87k97FAqZaDGp/K9b3YCfiwJBc5pJSUW0ndU/Ve5zAh/wL493RMSC7LwJr5JjV0NxydFk= +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +com. IN DNSKEY +SECTION ANSWER +com. 3600 IN DNSKEY 257 3 8 AwEAAbd9WqjzE2Pynz21OG5doSf9hFzMr5dhzz2waZ3vTa+0o5r7AjTAqmA1yH/B3+aAMihUm5ucZSfVqo7+kOaRE8yFj9aivOmA1n1+JLevJq/oyvQyjxQN2Qb89LyaNUT5oKZIiL+uyyhNW3KDR3SSbQ/GBwQNDHVcZi+JDR3RC0r7 ;{id = 1444 (ksk), size = 1024b} +com. 3600 IN RRSIG DNSKEY 8 1 3600 20201116135527 20201019135527 1444 com. BEOMfWvi6RgnHaHsst+Ed265hBuCkgMR7gDpu89J7ZrVL6DzMKnNVFdgjl/9xwLj/pkukc7qeLSHjAfLlN0E4THW7PVshscQnjvXCkktG2Ejx9fTyllAqeGDh9z9QDGlQZIGTMgb9413qZhNqe2Tda9PTJRpiZ8b4bdQp6V1kVo= +SECTION ADDITIONAL +ENTRY_END + +RANGE_END + +; ns.example.net. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.44 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.net. IN NS +SECTION ANSWER +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN A +SECTION ANSWER +ns.example.net. IN A 1.2.3.44 +SECTION AUTHORITY +example.net. IN NS ns.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN AAAA +SECTION AUTHORITY +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +www.example.net. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 20 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 127.0.0.1 +ENTRY_END + +SCENARIO_END diff --git a/testdata/auth_zonemd_anchor_fail.rpl b/testdata/auth_zonemd_anchor_fail.rpl new file mode 100644 index 000000000000..d055174dcbe7 --- /dev/null +++ b/testdata/auth_zonemd_anchor_fail.rpl @@ -0,0 +1,236 @@ +; config options +server: + target-fetch-policy: "0 0 0 0 0" + ; correct anchor + ; trust-anchor: "example.com. DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af" + ; wrong anchor + trust-anchor: "example.com. DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deeaaaaa" + trust-anchor-signaling: no + val-override-date: 20201020135527 + +auth-zone: + name: "example.com." + ## zonefile (or none). + ## zonefile: "example.com.zone" + ## master by IP address or hostname + ## can list multiple masters, each on one line. + ## master: + ## url for http fetch + ## url: + ## queries from downstream clients get authoritative answers. + ## for-downstream: yes + for-downstream: no + ## queries are used to fetch authoritative answers from this zone, + ## instead of unbound itself sending queries there. + ## for-upstream: yes + for-upstream: yes + ## on failures with for-upstream, fallback to sending queries to + ## the authority servers + ## fallback-enabled: no + zonemd-check: yes + + ## this line generates zonefile: \n"/tmp/xxx.example.com"\n + zonefile: +TEMPFILE_NAME example.com + ## this is the inline file /tmp/xxx.example.com + ## the tempfiles are deleted when the testrun is over. +TEMPFILE_CONTENTS example.com +example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 +example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM= +example.com. 3600 IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg= +example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b} +example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA= +example.com. 3600 IN TYPE63 \# 70 0bee1bc6010258f7620f93204bbb31b44f795b3409cc4abd9ef5601decc15675bd7751213152984eddce0626e6062e744b03b3e47711202fbb79e4a2eb8bc5cf46741b5cae6f +example.com. 3600 IN RRSIG TYPE63 8 2 3600 20201116135527 20201019135527 55566 example.com. orn8ZF/yqj9u4WrhiO6gtEcTaVsnZSWWZLfXhcIOiWSB8kKCxtZl5cG17dD3Du1NllUwMRqkp0KleLhIoUS9xeQ/0x05u+CYLrfQ62oAiD7q54ZQzpXJIH52aQzKV70ZnO03CZowhQBnetmIoKX6xLogKo8pt+BdQbo3oVHxV8Y= +example.com. 3600 IN NSEC bar.example.com. NS SOA RRSIG NSEC DNSKEY TYPE63 +example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ufLrlOQprAqjnH85Rt3T0Mxd3ZB0mBeeNIr84eFJ8Rk6WiWEPm0Y1R7GRufNI24Mj7iqLcL4nJM6KK6B7dJqjqu73jw1acuYNnbsoV2BNDRXRFP2FNWTpctVdi+955f3FzgsmEJXfGiSUG0YXAEcZmdCPCn5ii2jk8mk7r6KKYo= +bar.example.com. 3600 IN A 1.2.3.4 +bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds= +bar.example.com. 3600 IN NSEC ding.example.com. A RRSIG NSEC +bar.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. VhsGuBx20DXQZNU8ITAMnasn6NVyEjN9xtB8msH5xJn80UCuaqvFBURzcPWN3aHnykEvGfdPF/9P3WvlON0cMikWkqSLy6Q9bpvgAq13HWYh+ZcDoqLtICaB7RkBQc+6aHAqZFyQbD8/m8Kxt5eVJtV6rEuf+yPX0+3aXHhsRg0= +ding.example.com. 3600 IN A 1.2.3.4 +ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko= +ding.example.com. 3600 IN NSEC foo.example.com. A RRSIG NSEC +ding.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. nb1W2aaKrU5iAQiY8gMsoMOejID19JMTEwY2rRoe+KsvzMs0rE0ifEkqit4blXaU0tfy0foJ70uqdJFqBoGz1NcSwZ6GNk/iNfGvG3XpxZ/zqEe7kkIucqqei794G7z9psqV94yZ3WaT+IswPpWrSaWv1w41RtcWufPhe4fOAmU= +foo.example.com. 3600 IN A 1.2.3.4 +foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA= +foo.example.com. 3600 IN NSEC ns.example.com. A RRSIG NSEC +foo.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. fUZEpkEULRWDntN5Z7Kr8M83Hjhf08ECMKRpo6IBoBc3ayenj+YMgWAvFXC825wjENPYYWNGag0d32U83zCZxqgv+8uXZd3B7QDpTbL41aWZdc++s5YWTkYjyOWwJ1XHOv4nL3qEnJBXVzo/E1gbSKhTFuG97i+7J1MFd9MsC5s= +ns.example.com. 3600 IN A 127.0.0.1 +ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg= +ns.example.com. 3600 IN NSEC www.example.com. A RRSIG NSEC +ns.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. 0upKNYjiow4NDJm3I1RbUddE9GGuFYEVKswww5BAc/6WHuukupncL30lskvcSKGpByDssP2Hi2CufyEtYeGWh6q1TxtOFRqFBX1p6Q5b3tBlCtvv4h31dQR9uqLvq+GkGS5MR+0LO5kWagIpZmnI8YY5plVdXEtNbp2Ar8zvz/A= +www.example.com. 3600 IN A 127.0.0.1 +www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ= +www.example.com. 3600 IN NSEC example.com. A RRSIG NSEC +www.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. meg/t6nIBqQZ0d5/dT7uu/3CuP4vE+HxqFQaj2fjUNceA/6C7QIQnqQ5Kyblg+XijDkQX0yvyFNHYdgF16UDgFT7tlNUCHk1SpF5BWzV4c4tBEhxASTz7UQo111O3Tyd6CldPzO/Se15Ud0/ZYltHEqWTfY5nJoXC/OJD9V2QOI= +TEMPFILE_END + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test authority zone with ZONEMD from zonefile with failed trust anchor + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qname qtype +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.com. IN DS +SECTION ANSWER +example.com. 3600 IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af +example.com. 3600 IN RRSIG DS 8 2 3600 20201116135527 20201019135527 1444 com. BpV1M171SSkbdlGawwweJwQ0W+aNaCrgkt2QTsxCvbo1acR5i3AKm4REOUzo4I36lRx26mYkF9Topkeu0aFmov7P2uUhCxk4faFK7k87k97FAqZaDGp/K9b3YCfiwJBc5pJSUW0ndU/Ve5zAh/wL493RMSC7LwJr5JjV0NxydFk= +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af +example.com. 3600 IN RRSIG DS 8 2 3600 20201116135527 20201019135527 1444 com. BpV1M171SSkbdlGawwweJwQ0W+aNaCrgkt2QTsxCvbo1acR5i3AKm4REOUzo4I36lRx26mYkF9Topkeu0aFmov7P2uUhCxk4faFK7k87k97FAqZaDGp/K9b3YCfiwJBc5pJSUW0ndU/Ve5zAh/wL493RMSC7LwJr5JjV0NxydFk= +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +com. IN DNSKEY +SECTION ANSWER +com. 3600 IN DNSKEY 257 3 8 AwEAAbd9WqjzE2Pynz21OG5doSf9hFzMr5dhzz2waZ3vTa+0o5r7AjTAqmA1yH/B3+aAMihUm5ucZSfVqo7+kOaRE8yFj9aivOmA1n1+JLevJq/oyvQyjxQN2Qb89LyaNUT5oKZIiL+uyyhNW3KDR3SSbQ/GBwQNDHVcZi+JDR3RC0r7 ;{id = 1444 (ksk), size = 1024b} +com. 3600 IN RRSIG DNSKEY 8 1 3600 20201116135527 20201019135527 1444 com. BEOMfWvi6RgnHaHsst+Ed265hBuCkgMR7gDpu89J7ZrVL6DzMKnNVFdgjl/9xwLj/pkukc7qeLSHjAfLlN0E4THW7PVshscQnjvXCkktG2Ejx9fTyllAqeGDh9z9QDGlQZIGTMgb9413qZhNqe2Tda9PTJRpiZ8b4bdQp6V1kVo= +SECTION ADDITIONAL +ENTRY_END + +RANGE_END + +; ns.example.net. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.44 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.net. IN NS +SECTION ANSWER +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN A +SECTION ANSWER +ns.example.net. IN A 1.2.3.44 +SECTION AUTHORITY +example.net. IN NS ns.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN AAAA +SECTION AUTHORITY +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +www.example.net. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 20 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA SERVFAIL +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +ENTRY_END + +SCENARIO_END diff --git a/testdata/auth_zonemd_chain.rpl b/testdata/auth_zonemd_chain.rpl new file mode 100644 index 000000000000..74479274fa97 --- /dev/null +++ b/testdata/auth_zonemd_chain.rpl @@ -0,0 +1,234 @@ +; config options +server: + target-fetch-policy: "0 0 0 0 0" + trust-anchor: "com. DS 1444 8 2 0d72034e3e18a9ef383c164b68302433bbde957616e10cf44575fea2abae469c" + trust-anchor-signaling: no + val-override-date: 20201020135527 + +auth-zone: + name: "example.com." + ## zonefile (or none). + ## zonefile: "example.com.zone" + ## master by IP address or hostname + ## can list multiple masters, each on one line. + ## master: + ## url for http fetch + ## url: + ## queries from downstream clients get authoritative answers. + ## for-downstream: yes + for-downstream: no + ## queries are used to fetch authoritative answers from this zone, + ## instead of unbound itself sending queries there. + ## for-upstream: yes + for-upstream: yes + ## on failures with for-upstream, fallback to sending queries to + ## the authority servers + ## fallback-enabled: no + zonemd-check: yes + + ## this line generates zonefile: \n"/tmp/xxx.example.com"\n + zonefile: +TEMPFILE_NAME example.com + ## this is the inline file /tmp/xxx.example.com + ## the tempfiles are deleted when the testrun is over. +TEMPFILE_CONTENTS example.com +example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 +example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM= +example.com. 3600 IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg= +example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b} +example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA= +example.com. 3600 IN TYPE63 \# 70 0bee1bc6010258f7620f93204bbb31b44f795b3409cc4abd9ef5601decc15675bd7751213152984eddce0626e6062e744b03b3e47711202fbb79e4a2eb8bc5cf46741b5cae6f +example.com. 3600 IN RRSIG TYPE63 8 2 3600 20201116135527 20201019135527 55566 example.com. orn8ZF/yqj9u4WrhiO6gtEcTaVsnZSWWZLfXhcIOiWSB8kKCxtZl5cG17dD3Du1NllUwMRqkp0KleLhIoUS9xeQ/0x05u+CYLrfQ62oAiD7q54ZQzpXJIH52aQzKV70ZnO03CZowhQBnetmIoKX6xLogKo8pt+BdQbo3oVHxV8Y= +example.com. 3600 IN NSEC bar.example.com. NS SOA RRSIG NSEC DNSKEY TYPE63 +example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ufLrlOQprAqjnH85Rt3T0Mxd3ZB0mBeeNIr84eFJ8Rk6WiWEPm0Y1R7GRufNI24Mj7iqLcL4nJM6KK6B7dJqjqu73jw1acuYNnbsoV2BNDRXRFP2FNWTpctVdi+955f3FzgsmEJXfGiSUG0YXAEcZmdCPCn5ii2jk8mk7r6KKYo= +bar.example.com. 3600 IN A 1.2.3.4 +bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds= +bar.example.com. 3600 IN NSEC ding.example.com. A RRSIG NSEC +bar.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. VhsGuBx20DXQZNU8ITAMnasn6NVyEjN9xtB8msH5xJn80UCuaqvFBURzcPWN3aHnykEvGfdPF/9P3WvlON0cMikWkqSLy6Q9bpvgAq13HWYh+ZcDoqLtICaB7RkBQc+6aHAqZFyQbD8/m8Kxt5eVJtV6rEuf+yPX0+3aXHhsRg0= +ding.example.com. 3600 IN A 1.2.3.4 +ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko= +ding.example.com. 3600 IN NSEC foo.example.com. A RRSIG NSEC +ding.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. nb1W2aaKrU5iAQiY8gMsoMOejID19JMTEwY2rRoe+KsvzMs0rE0ifEkqit4blXaU0tfy0foJ70uqdJFqBoGz1NcSwZ6GNk/iNfGvG3XpxZ/zqEe7kkIucqqei794G7z9psqV94yZ3WaT+IswPpWrSaWv1w41RtcWufPhe4fOAmU= +foo.example.com. 3600 IN A 1.2.3.4 +foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA= +foo.example.com. 3600 IN NSEC ns.example.com. A RRSIG NSEC +foo.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. fUZEpkEULRWDntN5Z7Kr8M83Hjhf08ECMKRpo6IBoBc3ayenj+YMgWAvFXC825wjENPYYWNGag0d32U83zCZxqgv+8uXZd3B7QDpTbL41aWZdc++s5YWTkYjyOWwJ1XHOv4nL3qEnJBXVzo/E1gbSKhTFuG97i+7J1MFd9MsC5s= +ns.example.com. 3600 IN A 127.0.0.1 +ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg= +ns.example.com. 3600 IN NSEC www.example.com. A RRSIG NSEC +ns.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. 0upKNYjiow4NDJm3I1RbUddE9GGuFYEVKswww5BAc/6WHuukupncL30lskvcSKGpByDssP2Hi2CufyEtYeGWh6q1TxtOFRqFBX1p6Q5b3tBlCtvv4h31dQR9uqLvq+GkGS5MR+0LO5kWagIpZmnI8YY5plVdXEtNbp2Ar8zvz/A= +www.example.com. 3600 IN A 127.0.0.1 +www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ= +www.example.com. 3600 IN NSEC example.com. A RRSIG NSEC +www.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. meg/t6nIBqQZ0d5/dT7uu/3CuP4vE+HxqFQaj2fjUNceA/6C7QIQnqQ5Kyblg+XijDkQX0yvyFNHYdgF16UDgFT7tlNUCHk1SpF5BWzV4c4tBEhxASTz7UQo111O3Tyd6CldPzO/Se15Ud0/ZYltHEqWTfY5nJoXC/OJD9V2QOI= +TEMPFILE_END + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test authority zone with ZONEMD from zonefile with chain of trust + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qname qtype +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.com. IN DS +SECTION ANSWER +example.com. 3600 IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af +example.com. 3600 IN RRSIG DS 8 2 3600 20201116135527 20201019135527 1444 com. BpV1M171SSkbdlGawwweJwQ0W+aNaCrgkt2QTsxCvbo1acR5i3AKm4REOUzo4I36lRx26mYkF9Topkeu0aFmov7P2uUhCxk4faFK7k87k97FAqZaDGp/K9b3YCfiwJBc5pJSUW0ndU/Ve5zAh/wL493RMSC7LwJr5JjV0NxydFk= +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af +example.com. 3600 IN RRSIG DS 8 2 3600 20201116135527 20201019135527 1444 com. BpV1M171SSkbdlGawwweJwQ0W+aNaCrgkt2QTsxCvbo1acR5i3AKm4REOUzo4I36lRx26mYkF9Topkeu0aFmov7P2uUhCxk4faFK7k87k97FAqZaDGp/K9b3YCfiwJBc5pJSUW0ndU/Ve5zAh/wL493RMSC7LwJr5JjV0NxydFk= +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +com. IN DNSKEY +SECTION ANSWER +com. 3600 IN DNSKEY 257 3 8 AwEAAbd9WqjzE2Pynz21OG5doSf9hFzMr5dhzz2waZ3vTa+0o5r7AjTAqmA1yH/B3+aAMihUm5ucZSfVqo7+kOaRE8yFj9aivOmA1n1+JLevJq/oyvQyjxQN2Qb89LyaNUT5oKZIiL+uyyhNW3KDR3SSbQ/GBwQNDHVcZi+JDR3RC0r7 ;{id = 1444 (ksk), size = 1024b} +com. 3600 IN RRSIG DNSKEY 8 1 3600 20201116135527 20201019135527 1444 com. BEOMfWvi6RgnHaHsst+Ed265hBuCkgMR7gDpu89J7ZrVL6DzMKnNVFdgjl/9xwLj/pkukc7qeLSHjAfLlN0E4THW7PVshscQnjvXCkktG2Ejx9fTyllAqeGDh9z9QDGlQZIGTMgb9413qZhNqe2Tda9PTJRpiZ8b4bdQp6V1kVo= +SECTION ADDITIONAL +ENTRY_END + +RANGE_END + +; ns.example.net. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.44 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.net. IN NS +SECTION ANSWER +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN A +SECTION ANSWER +ns.example.net. IN A 1.2.3.44 +SECTION AUTHORITY +example.net. IN NS ns.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN AAAA +SECTION AUTHORITY +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +www.example.net. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 20 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 127.0.0.1 +ENTRY_END + +SCENARIO_END diff --git a/testdata/auth_zonemd_chain_fail.rpl b/testdata/auth_zonemd_chain_fail.rpl new file mode 100644 index 000000000000..393b1c028fa9 --- /dev/null +++ b/testdata/auth_zonemd_chain_fail.rpl @@ -0,0 +1,236 @@ +; config options +server: + target-fetch-policy: "0 0 0 0 0" + trust-anchor: "com. DS 1444 8 2 0d72034e3e18a9ef383c164b68302433bbde957616e10cf44575fea2abae469c" + trust-anchor-signaling: no + val-override-date: 20201020135527 + +auth-zone: + name: "example.com." + ## zonefile (or none). + ## zonefile: "example.com.zone" + ## master by IP address or hostname + ## can list multiple masters, each on one line. + ## master: + ## url for http fetch + ## url: + ## queries from downstream clients get authoritative answers. + ## for-downstream: yes + for-downstream: no + ## queries are used to fetch authoritative answers from this zone, + ## instead of unbound itself sending queries there. + ## for-upstream: yes + for-upstream: yes + ## on failures with for-upstream, fallback to sending queries to + ## the authority servers + ## fallback-enabled: no + zonemd-check: yes + + ## this line generates zonefile: \n"/tmp/xxx.example.com"\n + zonefile: +TEMPFILE_NAME example.com + ## this is the inline file /tmp/xxx.example.com + ## the tempfiles are deleted when the testrun is over. +TEMPFILE_CONTENTS example.com +example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 +example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM= +example.com. 3600 IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg= +; dnskey is wrong: +example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+AAAAA ;{id = 55566 (zsk), size = 1024b} +; dnskey that was correct: +;example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b} +example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA= +example.com. 3600 IN TYPE63 \# 70 0bee1bc6010258f7620f93204bbb31b44f795b3409cc4abd9ef5601decc15675bd7751213152984eddce0626e6062e744b03b3e47711202fbb79e4a2eb8bc5cf46741b5cae6f +example.com. 3600 IN RRSIG TYPE63 8 2 3600 20201116135527 20201019135527 55566 example.com. orn8ZF/yqj9u4WrhiO6gtEcTaVsnZSWWZLfXhcIOiWSB8kKCxtZl5cG17dD3Du1NllUwMRqkp0KleLhIoUS9xeQ/0x05u+CYLrfQ62oAiD7q54ZQzpXJIH52aQzKV70ZnO03CZowhQBnetmIoKX6xLogKo8pt+BdQbo3oVHxV8Y= +example.com. 3600 IN NSEC bar.example.com. NS SOA RRSIG NSEC DNSKEY TYPE63 +example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ufLrlOQprAqjnH85Rt3T0Mxd3ZB0mBeeNIr84eFJ8Rk6WiWEPm0Y1R7GRufNI24Mj7iqLcL4nJM6KK6B7dJqjqu73jw1acuYNnbsoV2BNDRXRFP2FNWTpctVdi+955f3FzgsmEJXfGiSUG0YXAEcZmdCPCn5ii2jk8mk7r6KKYo= +bar.example.com. 3600 IN A 1.2.3.4 +bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds= +bar.example.com. 3600 IN NSEC ding.example.com. A RRSIG NSEC +bar.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. VhsGuBx20DXQZNU8ITAMnasn6NVyEjN9xtB8msH5xJn80UCuaqvFBURzcPWN3aHnykEvGfdPF/9P3WvlON0cMikWkqSLy6Q9bpvgAq13HWYh+ZcDoqLtICaB7RkBQc+6aHAqZFyQbD8/m8Kxt5eVJtV6rEuf+yPX0+3aXHhsRg0= +ding.example.com. 3600 IN A 1.2.3.4 +ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko= +ding.example.com. 3600 IN NSEC foo.example.com. A RRSIG NSEC +ding.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. nb1W2aaKrU5iAQiY8gMsoMOejID19JMTEwY2rRoe+KsvzMs0rE0ifEkqit4blXaU0tfy0foJ70uqdJFqBoGz1NcSwZ6GNk/iNfGvG3XpxZ/zqEe7kkIucqqei794G7z9psqV94yZ3WaT+IswPpWrSaWv1w41RtcWufPhe4fOAmU= +foo.example.com. 3600 IN A 1.2.3.4 +foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA= +foo.example.com. 3600 IN NSEC ns.example.com. A RRSIG NSEC +foo.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. fUZEpkEULRWDntN5Z7Kr8M83Hjhf08ECMKRpo6IBoBc3ayenj+YMgWAvFXC825wjENPYYWNGag0d32U83zCZxqgv+8uXZd3B7QDpTbL41aWZdc++s5YWTkYjyOWwJ1XHOv4nL3qEnJBXVzo/E1gbSKhTFuG97i+7J1MFd9MsC5s= +ns.example.com. 3600 IN A 127.0.0.1 +ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg= +ns.example.com. 3600 IN NSEC www.example.com. A RRSIG NSEC +ns.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. 0upKNYjiow4NDJm3I1RbUddE9GGuFYEVKswww5BAc/6WHuukupncL30lskvcSKGpByDssP2Hi2CufyEtYeGWh6q1TxtOFRqFBX1p6Q5b3tBlCtvv4h31dQR9uqLvq+GkGS5MR+0LO5kWagIpZmnI8YY5plVdXEtNbp2Ar8zvz/A= +www.example.com. 3600 IN A 127.0.0.1 +www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ= +www.example.com. 3600 IN NSEC example.com. A RRSIG NSEC +www.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. meg/t6nIBqQZ0d5/dT7uu/3CuP4vE+HxqFQaj2fjUNceA/6C7QIQnqQ5Kyblg+XijDkQX0yvyFNHYdgF16UDgFT7tlNUCHk1SpF5BWzV4c4tBEhxASTz7UQo111O3Tyd6CldPzO/Se15Ud0/ZYltHEqWTfY5nJoXC/OJD9V2QOI= +TEMPFILE_END + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test authority zone with ZONEMD from zonefile with failed chain of trust + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qname qtype +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.com. IN DS +SECTION ANSWER +example.com. 3600 IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af +example.com. 3600 IN RRSIG DS 8 2 3600 20201116135527 20201019135527 1444 com. BpV1M171SSkbdlGawwweJwQ0W+aNaCrgkt2QTsxCvbo1acR5i3AKm4REOUzo4I36lRx26mYkF9Topkeu0aFmov7P2uUhCxk4faFK7k87k97FAqZaDGp/K9b3YCfiwJBc5pJSUW0ndU/Ve5zAh/wL493RMSC7LwJr5JjV0NxydFk= +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af +example.com. 3600 IN RRSIG DS 8 2 3600 20201116135527 20201019135527 1444 com. BpV1M171SSkbdlGawwweJwQ0W+aNaCrgkt2QTsxCvbo1acR5i3AKm4REOUzo4I36lRx26mYkF9Topkeu0aFmov7P2uUhCxk4faFK7k87k97FAqZaDGp/K9b3YCfiwJBc5pJSUW0ndU/Ve5zAh/wL493RMSC7LwJr5JjV0NxydFk= +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +com. IN DNSKEY +SECTION ANSWER +com. 3600 IN DNSKEY 257 3 8 AwEAAbd9WqjzE2Pynz21OG5doSf9hFzMr5dhzz2waZ3vTa+0o5r7AjTAqmA1yH/B3+aAMihUm5ucZSfVqo7+kOaRE8yFj9aivOmA1n1+JLevJq/oyvQyjxQN2Qb89LyaNUT5oKZIiL+uyyhNW3KDR3SSbQ/GBwQNDHVcZi+JDR3RC0r7 ;{id = 1444 (ksk), size = 1024b} +com. 3600 IN RRSIG DNSKEY 8 1 3600 20201116135527 20201019135527 1444 com. BEOMfWvi6RgnHaHsst+Ed265hBuCkgMR7gDpu89J7ZrVL6DzMKnNVFdgjl/9xwLj/pkukc7qeLSHjAfLlN0E4THW7PVshscQnjvXCkktG2Ejx9fTyllAqeGDh9z9QDGlQZIGTMgb9413qZhNqe2Tda9PTJRpiZ8b4bdQp6V1kVo= +SECTION ADDITIONAL +ENTRY_END + +RANGE_END + +; ns.example.net. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.44 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.net. IN NS +SECTION ANSWER +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN A +SECTION ANSWER +ns.example.net. IN A 1.2.3.44 +SECTION AUTHORITY +example.net. IN NS ns.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN AAAA +SECTION AUTHORITY +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +www.example.net. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 20 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA SERVFAIL +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +ENTRY_END + +SCENARIO_END diff --git a/testdata/auth_zonemd_file.rpl b/testdata/auth_zonemd_file.rpl new file mode 100644 index 000000000000..bdf0ccbae74f --- /dev/null +++ b/testdata/auth_zonemd_file.rpl @@ -0,0 +1,183 @@ +; config options +server: + target-fetch-policy: "0 0 0 0 0" + +auth-zone: + name: "example.com." + ## zonefile (or none). + ## zonefile: "example.com.zone" + ## master by IP address or hostname + ## can list multiple masters, each on one line. + ## master: + ## url for http fetch + ## url: + ## queries from downstream clients get authoritative answers. + ## for-downstream: yes + for-downstream: no + ## queries are used to fetch authoritative answers from this zone, + ## instead of unbound itself sending queries there. + ## for-upstream: yes + for-upstream: yes + ## on failures with for-upstream, fallback to sending queries to + ## the authority servers + ## fallback-enabled: no + zonemd-check: yes + + ## this line generates zonefile: \n"/tmp/xxx.example.com"\n + zonefile: +TEMPFILE_NAME example.com + ## this is the inline file /tmp/xxx.example.com + ## the tempfiles are deleted when the testrun is over. +TEMPFILE_CONTENTS example.com +example.com. IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 +example.com. IN NS ns.example.com. +example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D728B22 +www.example.com. IN A 127.0.0.1 +ns.example.com. IN A 127.0.0.1 +bar.example.com. IN A 1.2.3.4 +ding.example.com. IN A 1.2.3.4 +foo.example.com. IN A 1.2.3.4 +TEMPFILE_END + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test authority zone with ZONEMD from zonefile + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.44 +ENTRY_END +RANGE_END + +; ns.example.net. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.44 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.net. IN NS +SECTION ANSWER +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN A +SECTION ANSWER +ns.example.net. IN A 1.2.3.44 +SECTION AUTHORITY +example.net. IN NS ns.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN AAAA +SECTION AUTHORITY +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +www.example.net. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 20 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 127.0.0.1 +ENTRY_END + +SCENARIO_END diff --git a/testdata/auth_zonemd_file_fail.rpl b/testdata/auth_zonemd_file_fail.rpl new file mode 100644 index 000000000000..69487cf6512c --- /dev/null +++ b/testdata/auth_zonemd_file_fail.rpl @@ -0,0 +1,185 @@ +; config options +server: + target-fetch-policy: "0 0 0 0 0" + +auth-zone: + name: "example.com." + ## zonefile (or none). + ## zonefile: "example.com.zone" + ## master by IP address or hostname + ## can list multiple masters, each on one line. + ## master: + ## url for http fetch + ## url: + ## queries from downstream clients get authoritative answers. + ## for-downstream: yes + for-downstream: no + ## queries are used to fetch authoritative answers from this zone, + ## instead of unbound itself sending queries there. + ## for-upstream: yes + for-upstream: yes + ## on failures with for-upstream, fallback to sending queries to + ## the authority servers + ## fallback-enabled: no + zonemd-check: yes + + ## this line generates zonefile: \n"/tmp/xxx.example.com"\n + zonefile: +TEMPFILE_NAME example.com + ## this is the inline file /tmp/xxx.example.com + ## the tempfiles are deleted when the testrun is over. +TEMPFILE_CONTENTS example.com +example.com. IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 +example.com. IN NS ns.example.com. +; good zonemd +;example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D728B22 +; wrong zonemd +example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D7AAAAA +www.example.com. IN A 127.0.0.1 +ns.example.com. IN A 127.0.0.1 +bar.example.com. IN A 1.2.3.4 +ding.example.com. IN A 1.2.3.4 +foo.example.com. IN A 1.2.3.4 +TEMPFILE_END + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test authority zone with ZONEMD failure from zonefile + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.44 +ENTRY_END +RANGE_END + +; ns.example.net. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.44 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.net. IN NS +SECTION ANSWER +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN A +SECTION ANSWER +ns.example.net. IN A 1.2.3.44 +SECTION AUTHORITY +example.net. IN NS ns.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN AAAA +SECTION AUTHORITY +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +www.example.net. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 20 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA SERVFAIL +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +ENTRY_END + +SCENARIO_END diff --git a/testdata/auth_zonemd_insecure.rpl b/testdata/auth_zonemd_insecure.rpl new file mode 100644 index 000000000000..18a4117d86ac --- /dev/null +++ b/testdata/auth_zonemd_insecure.rpl @@ -0,0 +1,215 @@ +; config options +server: + target-fetch-policy: "0 0 0 0 0" + trust-anchor: "com. DS 1444 8 2 0d72034e3e18a9ef383c164b68302433bbde957616e10cf44575fea2abae469c" + trust-anchor-signaling: no + val-override-date: 20201020135527 + +auth-zone: + name: "example.com." + ## zonefile (or none). + ## zonefile: "example.com.zone" + ## master by IP address or hostname + ## can list multiple masters, each on one line. + ## master: + ## url for http fetch + ## url: + ## queries from downstream clients get authoritative answers. + ## for-downstream: yes + for-downstream: no + ## queries are used to fetch authoritative answers from this zone, + ## instead of unbound itself sending queries there. + ## for-upstream: yes + for-upstream: yes + ## on failures with for-upstream, fallback to sending queries to + ## the authority servers + ## fallback-enabled: no + zonemd-check: yes + + ## this line generates zonefile: \n"/tmp/xxx.example.com"\n + zonefile: +TEMPFILE_NAME example.com + ## this is the inline file /tmp/xxx.example.com + ## the tempfiles are deleted when the testrun is over. +TEMPFILE_CONTENTS example.com +example.com. IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 +example.com. IN NS ns.example.com. +example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D728B22 +www.example.com. IN A 127.0.0.1 +ns.example.com. IN A 127.0.0.1 +bar.example.com. IN A 1.2.3.4 +ding.example.com. IN A 1.2.3.4 +foo.example.com. IN A 1.2.3.4 +TEMPFILE_END + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test authority zone with ZONEMD that is securely insecure +; the trust anchor finds an online delegation with an insecure DS referral. + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qname qtype +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.com. IN DS +SECTION AUTHORITY +com. SOA a.gtld-servers.net. nstld.verisign-grs.com. 1603979208 1800 900 604800 86400 +com. 3600 IN RRSIG SOA 8 1 3600 20201116135527 20201019135527 1444 com. LTUZ8PlkMLX+dBZLGcJcahrzOgf1PgYbi/s5VKyR9iyYKeP6qdxO5VehUVHdXfmUiXrsszvhAHzo4AZnfRbDkK6uTfMKCSIB1aXOU4A74LpjhJBsXjyo3CN3IK/dMS/FpJfAb6JnuQV1E3ytDd34yNsoBazEjYeoN1kymGAttbM= +example.com. IN NSEC foo.com. NS RRSIG +example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 1444 com. KK6ci3DUnGJ9gaBBqS+71TiFBGcl51YLZAYGADDWuSgFOLLbh1nV//la08zE1i8ITQjjsqyRw7/MA8LWpPR3TnUjJLk6mBd/kB3dJ8BHWRqcyreFo6Pu383oCcXTpwkFcL4ulhp54LUxbA3arWVjWbx8815vvNKsEtWUyrz4LN8= +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. IN NSEC foo.com. NS RRSIG +example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 1444 com. KK6ci3DUnGJ9gaBBqS+71TiFBGcl51YLZAYGADDWuSgFOLLbh1nV//la08zE1i8ITQjjsqyRw7/MA8LWpPR3TnUjJLk6mBd/kB3dJ8BHWRqcyreFo6Pu383oCcXTpwkFcL4ulhp54LUxbA3arWVjWbx8815vvNKsEtWUyrz4LN8= +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +com. IN DNSKEY +SECTION ANSWER +com. 3600 IN DNSKEY 257 3 8 AwEAAbd9WqjzE2Pynz21OG5doSf9hFzMr5dhzz2waZ3vTa+0o5r7AjTAqmA1yH/B3+aAMihUm5ucZSfVqo7+kOaRE8yFj9aivOmA1n1+JLevJq/oyvQyjxQN2Qb89LyaNUT5oKZIiL+uyyhNW3KDR3SSbQ/GBwQNDHVcZi+JDR3RC0r7 ;{id = 1444 (ksk), size = 1024b} +com. 3600 IN RRSIG DNSKEY 8 1 3600 20201116135527 20201019135527 1444 com. BEOMfWvi6RgnHaHsst+Ed265hBuCkgMR7gDpu89J7ZrVL6DzMKnNVFdgjl/9xwLj/pkukc7qeLSHjAfLlN0E4THW7PVshscQnjvXCkktG2Ejx9fTyllAqeGDh9z9QDGlQZIGTMgb9413qZhNqe2Tda9PTJRpiZ8b4bdQp6V1kVo= +SECTION ADDITIONAL +ENTRY_END + +RANGE_END + +; ns.example.net. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.44 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.net. IN NS +SECTION ANSWER +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN A +SECTION ANSWER +ns.example.net. IN A 1.2.3.44 +SECTION AUTHORITY +example.net. IN NS ns.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN AAAA +SECTION AUTHORITY +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +www.example.net. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 20 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 127.0.0.1 +ENTRY_END + +SCENARIO_END diff --git a/testdata/auth_zonemd_insecure_absent.rpl b/testdata/auth_zonemd_insecure_absent.rpl new file mode 100644 index 000000000000..1c3f488080ee --- /dev/null +++ b/testdata/auth_zonemd_insecure_absent.rpl @@ -0,0 +1,217 @@ +; config options +server: + target-fetch-policy: "0 0 0 0 0" + trust-anchor: "com. DS 1444 8 2 0d72034e3e18a9ef383c164b68302433bbde957616e10cf44575fea2abae469c" + trust-anchor-signaling: no + val-override-date: 20201020135527 + +auth-zone: + name: "example.com." + ## zonefile (or none). + ## zonefile: "example.com.zone" + ## master by IP address or hostname + ## can list multiple masters, each on one line. + ## master: + ## url for http fetch + ## url: + ## queries from downstream clients get authoritative answers. + ## for-downstream: yes + for-downstream: no + ## queries are used to fetch authoritative answers from this zone, + ## instead of unbound itself sending queries there. + ## for-upstream: yes + for-upstream: yes + ## on failures with for-upstream, fallback to sending queries to + ## the authority servers + ## fallback-enabled: no + zonemd-check: yes + + ## this line generates zonefile: \n"/tmp/xxx.example.com"\n + zonefile: +TEMPFILE_NAME example.com + ## this is the inline file /tmp/xxx.example.com + ## the tempfiles are deleted when the testrun is over. +TEMPFILE_CONTENTS example.com +example.com. IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 +example.com. IN NS ns.example.com. +; the missing ZONEMD record +;example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D728B22 +www.example.com. IN A 127.0.0.1 +ns.example.com. IN A 127.0.0.1 +bar.example.com. IN A 1.2.3.4 +ding.example.com. IN A 1.2.3.4 +foo.example.com. IN A 1.2.3.4 +TEMPFILE_END + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test authority zone with absent ZONEMD that is securely insecure +; the trust anchor finds an online delegation with an insecure DS referral. +; the ZONEMD is not there. + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qname qtype +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.com. IN DS +SECTION AUTHORITY +com. SOA a.gtld-servers.net. nstld.verisign-grs.com. 1603979208 1800 900 604800 86400 +com. 3600 IN RRSIG SOA 8 1 3600 20201116135527 20201019135527 1444 com. LTUZ8PlkMLX+dBZLGcJcahrzOgf1PgYbi/s5VKyR9iyYKeP6qdxO5VehUVHdXfmUiXrsszvhAHzo4AZnfRbDkK6uTfMKCSIB1aXOU4A74LpjhJBsXjyo3CN3IK/dMS/FpJfAb6JnuQV1E3ytDd34yNsoBazEjYeoN1kymGAttbM= +example.com. IN NSEC foo.com. NS RRSIG +example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 1444 com. KK6ci3DUnGJ9gaBBqS+71TiFBGcl51YLZAYGADDWuSgFOLLbh1nV//la08zE1i8ITQjjsqyRw7/MA8LWpPR3TnUjJLk6mBd/kB3dJ8BHWRqcyreFo6Pu383oCcXTpwkFcL4ulhp54LUxbA3arWVjWbx8815vvNKsEtWUyrz4LN8= +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. IN NSEC foo.com. NS RRSIG +example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 1444 com. KK6ci3DUnGJ9gaBBqS+71TiFBGcl51YLZAYGADDWuSgFOLLbh1nV//la08zE1i8ITQjjsqyRw7/MA8LWpPR3TnUjJLk6mBd/kB3dJ8BHWRqcyreFo6Pu383oCcXTpwkFcL4ulhp54LUxbA3arWVjWbx8815vvNKsEtWUyrz4LN8= +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +com. IN DNSKEY +SECTION ANSWER +com. 3600 IN DNSKEY 257 3 8 AwEAAbd9WqjzE2Pynz21OG5doSf9hFzMr5dhzz2waZ3vTa+0o5r7AjTAqmA1yH/B3+aAMihUm5ucZSfVqo7+kOaRE8yFj9aivOmA1n1+JLevJq/oyvQyjxQN2Qb89LyaNUT5oKZIiL+uyyhNW3KDR3SSbQ/GBwQNDHVcZi+JDR3RC0r7 ;{id = 1444 (ksk), size = 1024b} +com. 3600 IN RRSIG DNSKEY 8 1 3600 20201116135527 20201019135527 1444 com. BEOMfWvi6RgnHaHsst+Ed265hBuCkgMR7gDpu89J7ZrVL6DzMKnNVFdgjl/9xwLj/pkukc7qeLSHjAfLlN0E4THW7PVshscQnjvXCkktG2Ejx9fTyllAqeGDh9z9QDGlQZIGTMgb9413qZhNqe2Tda9PTJRpiZ8b4bdQp6V1kVo= +SECTION ADDITIONAL +ENTRY_END + +RANGE_END + +; ns.example.net. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.44 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.net. IN NS +SECTION ANSWER +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN A +SECTION ANSWER +ns.example.net. IN A 1.2.3.44 +SECTION AUTHORITY +example.net. IN NS ns.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN AAAA +SECTION AUTHORITY +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +www.example.net. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 20 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 127.0.0.1 +ENTRY_END + +SCENARIO_END diff --git a/testdata/auth_zonemd_insecure_absent_reject.rpl b/testdata/auth_zonemd_insecure_absent_reject.rpl new file mode 100644 index 000000000000..beb9f5b9ac89 --- /dev/null +++ b/testdata/auth_zonemd_insecure_absent_reject.rpl @@ -0,0 +1,218 @@ +; config options +server: + target-fetch-policy: "0 0 0 0 0" + trust-anchor: "com. DS 1444 8 2 0d72034e3e18a9ef383c164b68302433bbde957616e10cf44575fea2abae469c" + trust-anchor-signaling: no + val-override-date: 20201020135527 + +auth-zone: + name: "example.com." + zonemd-check: yes + zonemd-reject-absence: yes + ## zonefile (or none). + ## zonefile: "example.com.zone" + ## master by IP address or hostname + ## can list multiple masters, each on one line. + ## master: + ## url for http fetch + ## url: + ## queries from downstream clients get authoritative answers. + ## for-downstream: yes + for-downstream: no + ## queries are used to fetch authoritative answers from this zone, + ## instead of unbound itself sending queries there. + ## for-upstream: yes + for-upstream: yes + ## on failures with for-upstream, fallback to sending queries to + ## the authority servers + ## fallback-enabled: no + + ## this line generates zonefile: \n"/tmp/xxx.example.com"\n + zonefile: +TEMPFILE_NAME example.com + ## this is the inline file /tmp/xxx.example.com + ## the tempfiles are deleted when the testrun is over. +TEMPFILE_CONTENTS example.com +example.com. IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 +example.com. IN NS ns.example.com. +; the missing ZONEMD record +;example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D728B22 +www.example.com. IN A 127.0.0.1 +ns.example.com. IN A 127.0.0.1 +bar.example.com. IN A 1.2.3.4 +ding.example.com. IN A 1.2.3.4 +foo.example.com. IN A 1.2.3.4 +TEMPFILE_END + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test authority zone with reject-absence ZONEMD that is securely insecure +; the trust anchor finds an online delegation with an insecure DS referral. +; the ZONEMD is not there. This is not allowed by the zonemd-reject-absence +; option in config, so it fails the zone. + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qname qtype +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.com. IN DS +SECTION AUTHORITY +com. SOA a.gtld-servers.net. nstld.verisign-grs.com. 1603979208 1800 900 604800 86400 +com. 3600 IN RRSIG SOA 8 1 3600 20201116135527 20201019135527 1444 com. LTUZ8PlkMLX+dBZLGcJcahrzOgf1PgYbi/s5VKyR9iyYKeP6qdxO5VehUVHdXfmUiXrsszvhAHzo4AZnfRbDkK6uTfMKCSIB1aXOU4A74LpjhJBsXjyo3CN3IK/dMS/FpJfAb6JnuQV1E3ytDd34yNsoBazEjYeoN1kymGAttbM= +example.com. IN NSEC foo.com. NS RRSIG +example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 1444 com. KK6ci3DUnGJ9gaBBqS+71TiFBGcl51YLZAYGADDWuSgFOLLbh1nV//la08zE1i8ITQjjsqyRw7/MA8LWpPR3TnUjJLk6mBd/kB3dJ8BHWRqcyreFo6Pu383oCcXTpwkFcL4ulhp54LUxbA3arWVjWbx8815vvNKsEtWUyrz4LN8= +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. IN NSEC foo.com. NS RRSIG +example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 1444 com. KK6ci3DUnGJ9gaBBqS+71TiFBGcl51YLZAYGADDWuSgFOLLbh1nV//la08zE1i8ITQjjsqyRw7/MA8LWpPR3TnUjJLk6mBd/kB3dJ8BHWRqcyreFo6Pu383oCcXTpwkFcL4ulhp54LUxbA3arWVjWbx8815vvNKsEtWUyrz4LN8= +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +com. IN DNSKEY +SECTION ANSWER +com. 3600 IN DNSKEY 257 3 8 AwEAAbd9WqjzE2Pynz21OG5doSf9hFzMr5dhzz2waZ3vTa+0o5r7AjTAqmA1yH/B3+aAMihUm5ucZSfVqo7+kOaRE8yFj9aivOmA1n1+JLevJq/oyvQyjxQN2Qb89LyaNUT5oKZIiL+uyyhNW3KDR3SSbQ/GBwQNDHVcZi+JDR3RC0r7 ;{id = 1444 (ksk), size = 1024b} +com. 3600 IN RRSIG DNSKEY 8 1 3600 20201116135527 20201019135527 1444 com. BEOMfWvi6RgnHaHsst+Ed265hBuCkgMR7gDpu89J7ZrVL6DzMKnNVFdgjl/9xwLj/pkukc7qeLSHjAfLlN0E4THW7PVshscQnjvXCkktG2Ejx9fTyllAqeGDh9z9QDGlQZIGTMgb9413qZhNqe2Tda9PTJRpiZ8b4bdQp6V1kVo= +SECTION ADDITIONAL +ENTRY_END + +RANGE_END + +; ns.example.net. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.44 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.net. IN NS +SECTION ANSWER +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN A +SECTION ANSWER +ns.example.net. IN A 1.2.3.44 +SECTION AUTHORITY +example.net. IN NS ns.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN AAAA +SECTION AUTHORITY +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +www.example.net. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 20 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA SERVFAIL +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +ENTRY_END + +SCENARIO_END diff --git a/testdata/auth_zonemd_insecure_fail.rpl b/testdata/auth_zonemd_insecure_fail.rpl new file mode 100644 index 000000000000..f7aad071e3b9 --- /dev/null +++ b/testdata/auth_zonemd_insecure_fail.rpl @@ -0,0 +1,218 @@ +; config options +server: + target-fetch-policy: "0 0 0 0 0" + trust-anchor: "com. DS 1444 8 2 0d72034e3e18a9ef383c164b68302433bbde957616e10cf44575fea2abae469c" + trust-anchor-signaling: no + val-override-date: 20201020135527 + +auth-zone: + name: "example.com." + ## zonefile (or none). + ## zonefile: "example.com.zone" + ## master by IP address or hostname + ## can list multiple masters, each on one line. + ## master: + ## url for http fetch + ## url: + ## queries from downstream clients get authoritative answers. + ## for-downstream: yes + for-downstream: no + ## queries are used to fetch authoritative answers from this zone, + ## instead of unbound itself sending queries there. + ## for-upstream: yes + for-upstream: yes + ## on failures with for-upstream, fallback to sending queries to + ## the authority servers + ## fallback-enabled: no + zonemd-check: yes + + ## this line generates zonefile: \n"/tmp/xxx.example.com"\n + zonefile: +TEMPFILE_NAME example.com + ## this is the inline file /tmp/xxx.example.com + ## the tempfiles are deleted when the testrun is over. +TEMPFILE_CONTENTS example.com +example.com. IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 +example.com. IN NS ns.example.com. +; correct ZONEMD +;example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D728B22 +; wrong ZONEMD +example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D7AAAAA +www.example.com. IN A 127.0.0.1 +ns.example.com. IN A 127.0.0.1 +bar.example.com. IN A 1.2.3.4 +ding.example.com. IN A 1.2.3.4 +foo.example.com. IN A 1.2.3.4 +TEMPFILE_END + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test authority zone with ZONEMD fail that is securely insecure +; the trust anchor finds an online delegation with an insecure DS referral. +; the ZONEMD is wrong, eg. the hash does not match the zone data. + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qname qtype +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.com. IN DS +SECTION AUTHORITY +com. SOA a.gtld-servers.net. nstld.verisign-grs.com. 1603979208 1800 900 604800 86400 +com. 3600 IN RRSIG SOA 8 1 3600 20201116135527 20201019135527 1444 com. LTUZ8PlkMLX+dBZLGcJcahrzOgf1PgYbi/s5VKyR9iyYKeP6qdxO5VehUVHdXfmUiXrsszvhAHzo4AZnfRbDkK6uTfMKCSIB1aXOU4A74LpjhJBsXjyo3CN3IK/dMS/FpJfAb6JnuQV1E3ytDd34yNsoBazEjYeoN1kymGAttbM= +example.com. IN NSEC foo.com. NS RRSIG +example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 1444 com. KK6ci3DUnGJ9gaBBqS+71TiFBGcl51YLZAYGADDWuSgFOLLbh1nV//la08zE1i8ITQjjsqyRw7/MA8LWpPR3TnUjJLk6mBd/kB3dJ8BHWRqcyreFo6Pu383oCcXTpwkFcL4ulhp54LUxbA3arWVjWbx8815vvNKsEtWUyrz4LN8= +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. IN NSEC foo.com. NS RRSIG +example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 1444 com. KK6ci3DUnGJ9gaBBqS+71TiFBGcl51YLZAYGADDWuSgFOLLbh1nV//la08zE1i8ITQjjsqyRw7/MA8LWpPR3TnUjJLk6mBd/kB3dJ8BHWRqcyreFo6Pu383oCcXTpwkFcL4ulhp54LUxbA3arWVjWbx8815vvNKsEtWUyrz4LN8= +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +com. IN DNSKEY +SECTION ANSWER +com. 3600 IN DNSKEY 257 3 8 AwEAAbd9WqjzE2Pynz21OG5doSf9hFzMr5dhzz2waZ3vTa+0o5r7AjTAqmA1yH/B3+aAMihUm5ucZSfVqo7+kOaRE8yFj9aivOmA1n1+JLevJq/oyvQyjxQN2Qb89LyaNUT5oKZIiL+uyyhNW3KDR3SSbQ/GBwQNDHVcZi+JDR3RC0r7 ;{id = 1444 (ksk), size = 1024b} +com. 3600 IN RRSIG DNSKEY 8 1 3600 20201116135527 20201019135527 1444 com. BEOMfWvi6RgnHaHsst+Ed265hBuCkgMR7gDpu89J7ZrVL6DzMKnNVFdgjl/9xwLj/pkukc7qeLSHjAfLlN0E4THW7PVshscQnjvXCkktG2Ejx9fTyllAqeGDh9z9QDGlQZIGTMgb9413qZhNqe2Tda9PTJRpiZ8b4bdQp6V1kVo= +SECTION ADDITIONAL +ENTRY_END + +RANGE_END + +; ns.example.net. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.44 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.net. IN NS +SECTION ANSWER +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN A +SECTION ANSWER +ns.example.net. IN A 1.2.3.44 +SECTION AUTHORITY +example.net. IN NS ns.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN AAAA +SECTION AUTHORITY +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +www.example.net. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 20 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA SERVFAIL +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +ENTRY_END + +SCENARIO_END diff --git a/testdata/auth_zonemd_nokey.rpl b/testdata/auth_zonemd_nokey.rpl new file mode 100644 index 000000000000..a89414bf631c --- /dev/null +++ b/testdata/auth_zonemd_nokey.rpl @@ -0,0 +1,212 @@ +; config options +server: + target-fetch-policy: "0 0 0 0 0" + trust-anchor: "com. DS 1444 8 2 0d72034e3e18a9ef383c164b68302433bbde957616e10cf44575fea2abae469c" + trust-anchor-signaling: no + val-override-date: 20201020135527 + +auth-zone: + name: "example.com." + ## zonefile (or none). + ## zonefile: "example.com.zone" + ## master by IP address or hostname + ## can list multiple masters, each on one line. + ## master: + ## url for http fetch + ## url: + ## queries from downstream clients get authoritative answers. + ## for-downstream: yes + for-downstream: no + ## queries are used to fetch authoritative answers from this zone, + ## instead of unbound itself sending queries there. + ## for-upstream: yes + for-upstream: yes + ## on failures with for-upstream, fallback to sending queries to + ## the authority servers + ## fallback-enabled: no + zonemd-check: yes + + ## this line generates zonefile: \n"/tmp/xxx.example.com"\n + zonefile: +TEMPFILE_NAME example.com + ## this is the inline file /tmp/xxx.example.com + ## the tempfiles are deleted when the testrun is over. +TEMPFILE_CONTENTS example.com +example.com. IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 +example.com. IN NS ns.example.com. +example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D728B22 +www.example.com. IN A 127.0.0.1 +ns.example.com. IN A 127.0.0.1 +bar.example.com. IN A 1.2.3.4 +ding.example.com. IN A 1.2.3.4 +foo.example.com. IN A 1.2.3.4 +TEMPFILE_END + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test authority zone with ZONEMD that lacks a DNSKEY +; the zone has no DNSSEC, but the trust anchor requires it. + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qname qtype +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.com. IN DS +SECTION ANSWER +example.com. 3600 IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af +example.com. 3600 IN RRSIG DS 8 2 3600 20201116135527 20201019135527 1444 com. BpV1M171SSkbdlGawwweJwQ0W+aNaCrgkt2QTsxCvbo1acR5i3AKm4REOUzo4I36lRx26mYkF9Topkeu0aFmov7P2uUhCxk4faFK7k87k97FAqZaDGp/K9b3YCfiwJBc5pJSUW0ndU/Ve5zAh/wL493RMSC7LwJr5JjV0NxydFk= +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af +example.com. 3600 IN RRSIG DS 8 2 3600 20201116135527 20201019135527 1444 com. BpV1M171SSkbdlGawwweJwQ0W+aNaCrgkt2QTsxCvbo1acR5i3AKm4REOUzo4I36lRx26mYkF9Topkeu0aFmov7P2uUhCxk4faFK7k87k97FAqZaDGp/K9b3YCfiwJBc5pJSUW0ndU/Ve5zAh/wL493RMSC7LwJr5JjV0NxydFk= +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +com. IN DNSKEY +SECTION ANSWER +com. 3600 IN DNSKEY 257 3 8 AwEAAbd9WqjzE2Pynz21OG5doSf9hFzMr5dhzz2waZ3vTa+0o5r7AjTAqmA1yH/B3+aAMihUm5ucZSfVqo7+kOaRE8yFj9aivOmA1n1+JLevJq/oyvQyjxQN2Qb89LyaNUT5oKZIiL+uyyhNW3KDR3SSbQ/GBwQNDHVcZi+JDR3RC0r7 ;{id = 1444 (ksk), size = 1024b} +com. 3600 IN RRSIG DNSKEY 8 1 3600 20201116135527 20201019135527 1444 com. BEOMfWvi6RgnHaHsst+Ed265hBuCkgMR7gDpu89J7ZrVL6DzMKnNVFdgjl/9xwLj/pkukc7qeLSHjAfLlN0E4THW7PVshscQnjvXCkktG2Ejx9fTyllAqeGDh9z9QDGlQZIGTMgb9413qZhNqe2Tda9PTJRpiZ8b4bdQp6V1kVo= +SECTION ADDITIONAL +ENTRY_END + +RANGE_END + +; ns.example.net. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.44 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.net. IN NS +SECTION ANSWER +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN A +SECTION ANSWER +ns.example.net. IN A 1.2.3.44 +SECTION AUTHORITY +example.net. IN NS ns.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN AAAA +SECTION AUTHORITY +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +www.example.net. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 20 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA SERVFAIL +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +ENTRY_END + +SCENARIO_END diff --git a/testdata/auth_zonemd_permissive_mode.rpl b/testdata/auth_zonemd_permissive_mode.rpl new file mode 100644 index 000000000000..4149daa927f4 --- /dev/null +++ b/testdata/auth_zonemd_permissive_mode.rpl @@ -0,0 +1,187 @@ +; config options +server: + target-fetch-policy: "0 0 0 0 0" + zonemd-permissive-mode: yes + +auth-zone: + name: "example.com." + ## zonefile (or none). + ## zonefile: "example.com.zone" + ## master by IP address or hostname + ## can list multiple masters, each on one line. + ## master: + ## url for http fetch + ## url: + ## queries from downstream clients get authoritative answers. + ## for-downstream: yes + for-downstream: no + ## queries are used to fetch authoritative answers from this zone, + ## instead of unbound itself sending queries there. + ## for-upstream: yes + for-upstream: yes + ## on failures with for-upstream, fallback to sending queries to + ## the authority servers + ## fallback-enabled: no + zonemd-check: yes + + ## this line generates zonefile: \n"/tmp/xxx.example.com"\n + zonefile: +TEMPFILE_NAME example.com + ## this is the inline file /tmp/xxx.example.com + ## the tempfiles are deleted when the testrun is over. +TEMPFILE_CONTENTS example.com +example.com. IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 +example.com. IN NS ns.example.com. +; good zonemd +;example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D728B22 +; wrong zonemd +example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D7AAAAA +www.example.com. IN A 127.0.0.1 +ns.example.com. IN A 127.0.0.1 +bar.example.com. IN A 1.2.3.4 +ding.example.com. IN A 1.2.3.4 +foo.example.com. IN A 1.2.3.4 +TEMPFILE_END + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test zonemd permissive mode + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.44 +ENTRY_END +RANGE_END + +; ns.example.net. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.44 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.net. IN NS +SECTION ANSWER +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN A +SECTION ANSWER +ns.example.net. IN A 1.2.3.44 +SECTION AUTHORITY +example.net. IN NS ns.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN AAAA +SECTION AUTHORITY +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +www.example.net. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 20 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 127.0.0.1 +ENTRY_END + +SCENARIO_END diff --git a/testdata/auth_zonemd_xfr.rpl b/testdata/auth_zonemd_xfr.rpl new file mode 100644 index 000000000000..89e22cea1472 --- /dev/null +++ b/testdata/auth_zonemd_xfr.rpl @@ -0,0 +1,238 @@ +; config options +server: + target-fetch-policy: "0 0 0 0 0" + +auth-zone: + name: "example.com." + ## zonefile (or none). + ## zonefile: "example.com.zone" + ## master by IP address or hostname + ## can list multiple masters, each on one line. + ## master: + master: 1.2.3.44 + ## url for http fetch + ## url: + ## queries from downstream clients get authoritative answers. + ## for-downstream: yes + for-downstream: yes + ## queries are used to fetch authoritative answers from this zone, + ## instead of unbound itself sending queries there. + ## for-upstream: yes + for-upstream: yes + ## on failures with for-upstream, fallback to sending queries to + ## the authority servers + ## fallback-enabled: no + zonemd-check: yes + + ## this line generates zonefile: \n"/tmp/xxx.example.com"\n + zonefile: +TEMPFILE_NAME example.com + ## this is the inline file /tmp/xxx.example.com + ## the tempfiles are deleted when the testrun is over. +TEMPFILE_CONTENTS example.com +TEMPFILE_END + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test authority zone with AXFR with ZONEMD + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.44 +ENTRY_END +RANGE_END + +; ns.example.net. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.44 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.net. IN NS +SECTION ANSWER +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN A +SECTION ANSWER +ns.example.net. IN A 1.2.3.44 +SECTION AUTHORITY +example.net. IN NS ns.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN AAAA +SECTION AUTHORITY +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +www.example.net. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN SOA +SECTION ANSWER +; serial, refresh, retry, expire, minimum +example.com. IN SOA ns.example.com. hostmaster.example.com. 1 3600 900 86400 3600 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.com. IN AXFR +SECTION ANSWER +example.com. IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 +example.com. IN NS ns.example.com. +example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D728B22 +www.example.com. IN A 127.0.0.1 +ns.example.com. IN A 127.0.0.1 +bar.example.com. IN A 1.2.3.4 +ding.example.com. IN A 1.2.3.4 +foo.example.com. IN A 1.2.3.4 +example.com. IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 20 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR AA RD RA SERVFAIL +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +ENTRY_END + +STEP 30 TIME_PASSES ELAPSE 10 +STEP 40 TRAFFIC + +STEP 50 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 60 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR AA RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 127.0.0.1 +ENTRY_END + +; the zonefile was updated with new contents +STEP 70 CHECK_TEMPFILE example.com +FILE_BEGIN +example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 +example.com. 3600 IN NS ns.example.com. +example.com. 3600 IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D728B22 +bar.example.com. 3600 IN A 1.2.3.4 +ding.example.com. 3600 IN A 1.2.3.4 +foo.example.com. 3600 IN A 1.2.3.4 +ns.example.com. 3600 IN A 127.0.0.1 +www.example.com. 3600 IN A 127.0.0.1 +FILE_END + +SCENARIO_END diff --git a/testdata/auth_zonemd_xfr_anchor.rpl b/testdata/auth_zonemd_xfr_anchor.rpl new file mode 100644 index 000000000000..667de2eae0da --- /dev/null +++ b/testdata/auth_zonemd_xfr_anchor.rpl @@ -0,0 +1,285 @@ +; config options +server: + target-fetch-policy: "0 0 0 0 0" + trust-anchor: "example.com. DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af" + trust-anchor-signaling: no + val-override-date: 20201020135527 + +auth-zone: + name: "example.com." + ## zonefile (or none). + ## zonefile: "example.com.zone" + ## master by IP address or hostname + ## can list multiple masters, each on one line. + ## master: + master: 1.2.3.44 + ## url for http fetch + ## url: + ## queries from downstream clients get authoritative answers. + ## for-downstream: yes + for-downstream: yes + ## queries are used to fetch authoritative answers from this zone, + ## instead of unbound itself sending queries there. + ## for-upstream: yes + for-upstream: yes + ## on failures with for-upstream, fallback to sending queries to + ## the authority servers + ## fallback-enabled: no + zonemd-check: yes + + ## this line generates zonefile: \n"/tmp/xxx.example.com"\n + zonefile: +TEMPFILE_NAME example.com + ## this is the inline file /tmp/xxx.example.com + ## the tempfiles are deleted when the testrun is over. +TEMPFILE_CONTENTS example.com +TEMPFILE_END + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test authority zone with AXFR with ZONEMD with trust anchor + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.44 +ENTRY_END +RANGE_END + +; ns.example.net. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.44 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.net. IN NS +SECTION ANSWER +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN A +SECTION ANSWER +ns.example.net. IN A 1.2.3.44 +SECTION AUTHORITY +example.net. IN NS ns.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN AAAA +SECTION AUTHORITY +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +www.example.net. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN SOA +SECTION ANSWER +; serial, refresh, retry, expire, minimum +example.com. IN SOA ns.example.com. hostmaster.example.com. 1 3600 900 86400 3600 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.com. IN AXFR +SECTION ANSWER +example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 +example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM= +example.com. 3600 IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg= +example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b} +example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA= +example.com. 3600 IN TYPE63 \# 70 0bee1bc6010258f7620f93204bbb31b44f795b3409cc4abd9ef5601decc15675bd7751213152984eddce0626e6062e744b03b3e47711202fbb79e4a2eb8bc5cf46741b5cae6f +example.com. 3600 IN RRSIG TYPE63 8 2 3600 20201116135527 20201019135527 55566 example.com. orn8ZF/yqj9u4WrhiO6gtEcTaVsnZSWWZLfXhcIOiWSB8kKCxtZl5cG17dD3Du1NllUwMRqkp0KleLhIoUS9xeQ/0x05u+CYLrfQ62oAiD7q54ZQzpXJIH52aQzKV70ZnO03CZowhQBnetmIoKX6xLogKo8pt+BdQbo3oVHxV8Y= +example.com. 3600 IN NSEC bar.example.com. NS SOA RRSIG NSEC DNSKEY TYPE63 +example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ufLrlOQprAqjnH85Rt3T0Mxd3ZB0mBeeNIr84eFJ8Rk6WiWEPm0Y1R7GRufNI24Mj7iqLcL4nJM6KK6B7dJqjqu73jw1acuYNnbsoV2BNDRXRFP2FNWTpctVdi+955f3FzgsmEJXfGiSUG0YXAEcZmdCPCn5ii2jk8mk7r6KKYo= +bar.example.com. 3600 IN A 1.2.3.4 +bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds= +bar.example.com. 3600 IN NSEC ding.example.com. A RRSIG NSEC +bar.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. VhsGuBx20DXQZNU8ITAMnasn6NVyEjN9xtB8msH5xJn80UCuaqvFBURzcPWN3aHnykEvGfdPF/9P3WvlON0cMikWkqSLy6Q9bpvgAq13HWYh+ZcDoqLtICaB7RkBQc+6aHAqZFyQbD8/m8Kxt5eVJtV6rEuf+yPX0+3aXHhsRg0= +ding.example.com. 3600 IN A 1.2.3.4 +ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko= +ding.example.com. 3600 IN NSEC foo.example.com. A RRSIG NSEC +ding.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. nb1W2aaKrU5iAQiY8gMsoMOejID19JMTEwY2rRoe+KsvzMs0rE0ifEkqit4blXaU0tfy0foJ70uqdJFqBoGz1NcSwZ6GNk/iNfGvG3XpxZ/zqEe7kkIucqqei794G7z9psqV94yZ3WaT+IswPpWrSaWv1w41RtcWufPhe4fOAmU= +foo.example.com. 3600 IN A 1.2.3.4 +foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA= +foo.example.com. 3600 IN NSEC ns.example.com. A RRSIG NSEC +foo.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. fUZEpkEULRWDntN5Z7Kr8M83Hjhf08ECMKRpo6IBoBc3ayenj+YMgWAvFXC825wjENPYYWNGag0d32U83zCZxqgv+8uXZd3B7QDpTbL41aWZdc++s5YWTkYjyOWwJ1XHOv4nL3qEnJBXVzo/E1gbSKhTFuG97i+7J1MFd9MsC5s= +ns.example.com. 3600 IN A 127.0.0.1 +ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg= +ns.example.com. 3600 IN NSEC www.example.com. A RRSIG NSEC +ns.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. 0upKNYjiow4NDJm3I1RbUddE9GGuFYEVKswww5BAc/6WHuukupncL30lskvcSKGpByDssP2Hi2CufyEtYeGWh6q1TxtOFRqFBX1p6Q5b3tBlCtvv4h31dQR9uqLvq+GkGS5MR+0LO5kWagIpZmnI8YY5plVdXEtNbp2Ar8zvz/A= +www.example.com. 3600 IN A 127.0.0.1 +www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ= +www.example.com. 3600 IN NSEC example.com. A RRSIG NSEC +www.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. meg/t6nIBqQZ0d5/dT7uu/3CuP4vE+HxqFQaj2fjUNceA/6C7QIQnqQ5Kyblg+XijDkQX0yvyFNHYdgF16UDgFT7tlNUCHk1SpF5BWzV4c4tBEhxASTz7UQo111O3Tyd6CldPzO/Se15Ud0/ZYltHEqWTfY5nJoXC/OJD9V2QOI= +example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 20 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR AA RD RA SERVFAIL +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +ENTRY_END + +STEP 30 TIME_PASSES ELAPSE 10 +STEP 40 TRAFFIC + +STEP 50 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 60 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR AA RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 127.0.0.1 +ENTRY_END + +; the zonefile was updated with new contents +STEP 70 CHECK_TEMPFILE example.com +FILE_BEGIN +example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 +example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM= +example.com. 3600 IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg= +example.com. 3600 IN NSEC bar.example.com. NS SOA RRSIG NSEC DNSKEY ZONEMD +example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ufLrlOQprAqjnH85Rt3T0Mxd3ZB0mBeeNIr84eFJ8Rk6WiWEPm0Y1R7GRufNI24Mj7iqLcL4nJM6KK6B7dJqjqu73jw1acuYNnbsoV2BNDRXRFP2FNWTpctVdi+955f3FzgsmEJXfGiSUG0YXAEcZmdCPCn5ii2jk8mk7r6KKYo= +example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566} +example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA= +example.com. 3600 IN ZONEMD 200154054 1 2 58F7620F93204BBB31B44F795B3409CC4ABD9EF5601DECC15675BD7751213152984EDDCE0626E6062E744B03B3E47711202FBB79E4A2EB8BC5CF46741B5CAE6F +example.com. 3600 IN RRSIG ZONEMD 8 2 3600 20201116135527 20201019135527 55566 example.com. orn8ZF/yqj9u4WrhiO6gtEcTaVsnZSWWZLfXhcIOiWSB8kKCxtZl5cG17dD3Du1NllUwMRqkp0KleLhIoUS9xeQ/0x05u+CYLrfQ62oAiD7q54ZQzpXJIH52aQzKV70ZnO03CZowhQBnetmIoKX6xLogKo8pt+BdQbo3oVHxV8Y= +bar.example.com. 3600 IN A 1.2.3.4 +bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds= +bar.example.com. 3600 IN NSEC ding.example.com. A RRSIG NSEC +bar.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. VhsGuBx20DXQZNU8ITAMnasn6NVyEjN9xtB8msH5xJn80UCuaqvFBURzcPWN3aHnykEvGfdPF/9P3WvlON0cMikWkqSLy6Q9bpvgAq13HWYh+ZcDoqLtICaB7RkBQc+6aHAqZFyQbD8/m8Kxt5eVJtV6rEuf+yPX0+3aXHhsRg0= +ding.example.com. 3600 IN A 1.2.3.4 +ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko= +ding.example.com. 3600 IN NSEC foo.example.com. A RRSIG NSEC +ding.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. nb1W2aaKrU5iAQiY8gMsoMOejID19JMTEwY2rRoe+KsvzMs0rE0ifEkqit4blXaU0tfy0foJ70uqdJFqBoGz1NcSwZ6GNk/iNfGvG3XpxZ/zqEe7kkIucqqei794G7z9psqV94yZ3WaT+IswPpWrSaWv1w41RtcWufPhe4fOAmU= +foo.example.com. 3600 IN A 1.2.3.4 +foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA= +foo.example.com. 3600 IN NSEC ns.example.com. A RRSIG NSEC +foo.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. fUZEpkEULRWDntN5Z7Kr8M83Hjhf08ECMKRpo6IBoBc3ayenj+YMgWAvFXC825wjENPYYWNGag0d32U83zCZxqgv+8uXZd3B7QDpTbL41aWZdc++s5YWTkYjyOWwJ1XHOv4nL3qEnJBXVzo/E1gbSKhTFuG97i+7J1MFd9MsC5s= +ns.example.com. 3600 IN A 127.0.0.1 +ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg= +ns.example.com. 3600 IN NSEC www.example.com. A RRSIG NSEC +ns.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. 0upKNYjiow4NDJm3I1RbUddE9GGuFYEVKswww5BAc/6WHuukupncL30lskvcSKGpByDssP2Hi2CufyEtYeGWh6q1TxtOFRqFBX1p6Q5b3tBlCtvv4h31dQR9uqLvq+GkGS5MR+0LO5kWagIpZmnI8YY5plVdXEtNbp2Ar8zvz/A= +www.example.com. 3600 IN A 127.0.0.1 +www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ= +www.example.com. 3600 IN NSEC example.com. A RRSIG NSEC +www.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. meg/t6nIBqQZ0d5/dT7uu/3CuP4vE+HxqFQaj2fjUNceA/6C7QIQnqQ5Kyblg+XijDkQX0yvyFNHYdgF16UDgFT7tlNUCHk1SpF5BWzV4c4tBEhxASTz7UQo111O3Tyd6CldPzO/Se15Ud0/ZYltHEqWTfY5nJoXC/OJD9V2QOI= +FILE_END + +SCENARIO_END diff --git a/testdata/auth_zonemd_xfr_anchor_fail.rpl b/testdata/auth_zonemd_xfr_anchor_fail.rpl new file mode 100644 index 000000000000..237ed9498e39 --- /dev/null +++ b/testdata/auth_zonemd_xfr_anchor_fail.rpl @@ -0,0 +1,266 @@ +; config options +server: + target-fetch-policy: "0 0 0 0 0" + trust-anchor: "example.com. DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af" + trust-anchor-signaling: no + val-override-date: 20201020135527 + +auth-zone: + name: "example.com." + ## zonefile (or none). + ## zonefile: "example.com.zone" + ## master by IP address or hostname + ## can list multiple masters, each on one line. + ## master: + master: 1.2.3.44 + ## url for http fetch + ## url: + ## queries from downstream clients get authoritative answers. + ## for-downstream: yes + for-downstream: yes + ## queries are used to fetch authoritative answers from this zone, + ## instead of unbound itself sending queries there. + ## for-upstream: yes + for-upstream: yes + ## on failures with for-upstream, fallback to sending queries to + ## the authority servers + ## fallback-enabled: no + zonemd-check: yes + + ## this line generates zonefile: \n"/tmp/xxx.example.com"\n + zonefile: +TEMPFILE_NAME example.com + ## this is the inline file /tmp/xxx.example.com + ## the tempfiles are deleted when the testrun is over. +TEMPFILE_CONTENTS example.com +TEMPFILE_END + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test authority zone with AXFR with ZONEMD fail with trust anchor + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.44 +ENTRY_END +RANGE_END + +; ns.example.net. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.44 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.net. IN NS +SECTION ANSWER +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN A +SECTION ANSWER +ns.example.net. IN A 1.2.3.44 +SECTION AUTHORITY +example.net. IN NS ns.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN AAAA +SECTION AUTHORITY +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +www.example.net. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN SOA +SECTION ANSWER +; serial, refresh, retry, expire, minimum +example.com. IN SOA ns.example.com. hostmaster.example.com. 1 3600 900 86400 3600 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOTIMPL +SECTION QUESTION +example.com. IN IXFR +SECTION ANSWER +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.com. IN AXFR +SECTION ANSWER +example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 +example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM= +example.com. 3600 IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg= +example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b} +example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA= +example.com. 3600 IN TYPE63 \# 70 0bee1bc6010258f7620f93204bbb31b44f795b3409cc4abd9ef5601decc15675bd7751213152984eddce0626e6062e744b03b3e47711202fbb79e4a2eb8bc5cf46741b5cae6f +example.com. 3600 IN RRSIG TYPE63 8 2 3600 20201116135527 20201019135527 55566 example.com. orn8ZF/yqj9u4WrhiO6gtEcTaVsnZSWWZLfXhcIOiWSB8kKCxtZl5cG17dD3Du1NllUwMRqkp0KleLhIoUS9xeQ/0x05u+CYLrfQ62oAiD7q54ZQzpXJIH52aQzKV70ZnO03CZowhQBnetmIoKX6xLogKo8pt+BdQbo3oVHxV8Y= +example.com. 3600 IN NSEC bar.example.com. NS SOA RRSIG NSEC DNSKEY TYPE63 +example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ufLrlOQprAqjnH85Rt3T0Mxd3ZB0mBeeNIr84eFJ8Rk6WiWEPm0Y1R7GRufNI24Mj7iqLcL4nJM6KK6B7dJqjqu73jw1acuYNnbsoV2BNDRXRFP2FNWTpctVdi+955f3FzgsmEJXfGiSUG0YXAEcZmdCPCn5ii2jk8mk7r6KKYo= +; this is the bad RR that causes the wrong zonemd. RRSIG is wrong too. +bar.example.com. 3600 IN A 1.2.3.55 +; orig RR +;bar.example.com. 3600 IN A 1.2.3.4 +bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds= +bar.example.com. 3600 IN NSEC ding.example.com. A RRSIG NSEC +bar.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. VhsGuBx20DXQZNU8ITAMnasn6NVyEjN9xtB8msH5xJn80UCuaqvFBURzcPWN3aHnykEvGfdPF/9P3WvlON0cMikWkqSLy6Q9bpvgAq13HWYh+ZcDoqLtICaB7RkBQc+6aHAqZFyQbD8/m8Kxt5eVJtV6rEuf+yPX0+3aXHhsRg0= +ding.example.com. 3600 IN A 1.2.3.4 +ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko= +ding.example.com. 3600 IN NSEC foo.example.com. A RRSIG NSEC +ding.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. nb1W2aaKrU5iAQiY8gMsoMOejID19JMTEwY2rRoe+KsvzMs0rE0ifEkqit4blXaU0tfy0foJ70uqdJFqBoGz1NcSwZ6GNk/iNfGvG3XpxZ/zqEe7kkIucqqei794G7z9psqV94yZ3WaT+IswPpWrSaWv1w41RtcWufPhe4fOAmU= +foo.example.com. 3600 IN A 1.2.3.4 +foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA= +foo.example.com. 3600 IN NSEC ns.example.com. A RRSIG NSEC +foo.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. fUZEpkEULRWDntN5Z7Kr8M83Hjhf08ECMKRpo6IBoBc3ayenj+YMgWAvFXC825wjENPYYWNGag0d32U83zCZxqgv+8uXZd3B7QDpTbL41aWZdc++s5YWTkYjyOWwJ1XHOv4nL3qEnJBXVzo/E1gbSKhTFuG97i+7J1MFd9MsC5s= +ns.example.com. 3600 IN A 127.0.0.1 +ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg= +ns.example.com. 3600 IN NSEC www.example.com. A RRSIG NSEC +ns.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. 0upKNYjiow4NDJm3I1RbUddE9GGuFYEVKswww5BAc/6WHuukupncL30lskvcSKGpByDssP2Hi2CufyEtYeGWh6q1TxtOFRqFBX1p6Q5b3tBlCtvv4h31dQR9uqLvq+GkGS5MR+0LO5kWagIpZmnI8YY5plVdXEtNbp2Ar8zvz/A= +www.example.com. 3600 IN A 127.0.0.1 +www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ= +www.example.com. 3600 IN NSEC example.com. A RRSIG NSEC +www.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. meg/t6nIBqQZ0d5/dT7uu/3CuP4vE+HxqFQaj2fjUNceA/6C7QIQnqQ5Kyblg+XijDkQX0yvyFNHYdgF16UDgFT7tlNUCHk1SpF5BWzV4c4tBEhxASTz7UQo111O3Tyd6CldPzO/Se15Ud0/ZYltHEqWTfY5nJoXC/OJD9V2QOI= +example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 20 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR AA RD RA SERVFAIL +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +ENTRY_END + +STEP 30 TIME_PASSES ELAPSE 10 +STEP 40 TRAFFIC + +STEP 50 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 60 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR AA RD RA SERVFAIL +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +ENTRY_END + +; the zonefile was updated with new contents +STEP 70 CHECK_TEMPFILE example.com +FILE_BEGIN +FILE_END + +SCENARIO_END diff --git a/testdata/auth_zonemd_xfr_chain.rpl b/testdata/auth_zonemd_xfr_chain.rpl new file mode 100644 index 000000000000..4deb99bcbd8a --- /dev/null +++ b/testdata/auth_zonemd_xfr_chain.rpl @@ -0,0 +1,310 @@ +; config options +server: + target-fetch-policy: "0 0 0 0 0" + trust-anchor: "com. DS 1444 8 2 0d72034e3e18a9ef383c164b68302433bbde957616e10cf44575fea2abae469c" + trust-anchor-signaling: no + val-override-date: 20201020135527 + +auth-zone: + name: "example.com." + ## zonefile (or none). + ## zonefile: "example.com.zone" + ## master by IP address or hostname + ## can list multiple masters, each on one line. + ## master: + master: 1.2.3.44 + ## url for http fetch + ## url: + ## queries from downstream clients get authoritative answers. + ## for-downstream: yes + for-downstream: yes + ## queries are used to fetch authoritative answers from this zone, + ## instead of unbound itself sending queries there. + ## for-upstream: yes + for-upstream: yes + ## on failures with for-upstream, fallback to sending queries to + ## the authority servers + ## fallback-enabled: no + zonemd-check: yes + + ## this line generates zonefile: \n"/tmp/xxx.example.com"\n + zonefile: +TEMPFILE_NAME example.com + ## this is the inline file /tmp/xxx.example.com + ## the tempfiles are deleted when the testrun is over. +TEMPFILE_CONTENTS example.com +TEMPFILE_END + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test authority zone with AXFR with ZONEMD with chain of trust + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qname qtype +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.com. IN DS +SECTION ANSWER +example.com. 3600 IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af +example.com. 3600 IN RRSIG DS 8 2 3600 20201116135527 20201019135527 1444 com. BpV1M171SSkbdlGawwweJwQ0W+aNaCrgkt2QTsxCvbo1acR5i3AKm4REOUzo4I36lRx26mYkF9Topkeu0aFmov7P2uUhCxk4faFK7k87k97FAqZaDGp/K9b3YCfiwJBc5pJSUW0ndU/Ve5zAh/wL493RMSC7LwJr5JjV0NxydFk= +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af +example.com. 3600 IN RRSIG DS 8 2 3600 20201116135527 20201019135527 1444 com. BpV1M171SSkbdlGawwweJwQ0W+aNaCrgkt2QTsxCvbo1acR5i3AKm4REOUzo4I36lRx26mYkF9Topkeu0aFmov7P2uUhCxk4faFK7k87k97FAqZaDGp/K9b3YCfiwJBc5pJSUW0ndU/Ve5zAh/wL493RMSC7LwJr5JjV0NxydFk= +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +com. IN DNSKEY +SECTION ANSWER +com. 3600 IN DNSKEY 257 3 8 AwEAAbd9WqjzE2Pynz21OG5doSf9hFzMr5dhzz2waZ3vTa+0o5r7AjTAqmA1yH/B3+aAMihUm5ucZSfVqo7+kOaRE8yFj9aivOmA1n1+JLevJq/oyvQyjxQN2Qb89LyaNUT5oKZIiL+uyyhNW3KDR3SSbQ/GBwQNDHVcZi+JDR3RC0r7 ;{id = 1444 (ksk), size = 1024b} +com. 3600 IN RRSIG DNSKEY 8 1 3600 20201116135527 20201019135527 1444 com. BEOMfWvi6RgnHaHsst+Ed265hBuCkgMR7gDpu89J7ZrVL6DzMKnNVFdgjl/9xwLj/pkukc7qeLSHjAfLlN0E4THW7PVshscQnjvXCkktG2Ejx9fTyllAqeGDh9z9QDGlQZIGTMgb9413qZhNqe2Tda9PTJRpiZ8b4bdQp6V1kVo= +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +; ns.example.net. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.44 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.net. IN NS +SECTION ANSWER +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN A +SECTION ANSWER +ns.example.net. IN A 1.2.3.44 +SECTION AUTHORITY +example.net. IN NS ns.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN AAAA +SECTION AUTHORITY +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +www.example.net. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN SOA +SECTION ANSWER +; serial, refresh, retry, expire, minimum +example.com. IN SOA ns.example.com. hostmaster.example.com. 1 3600 900 86400 3600 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.com. IN AXFR +SECTION ANSWER +example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 +example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM= +example.com. 3600 IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg= +example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b} +example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA= +example.com. 3600 IN TYPE63 \# 70 0bee1bc6010258f7620f93204bbb31b44f795b3409cc4abd9ef5601decc15675bd7751213152984eddce0626e6062e744b03b3e47711202fbb79e4a2eb8bc5cf46741b5cae6f +example.com. 3600 IN RRSIG TYPE63 8 2 3600 20201116135527 20201019135527 55566 example.com. orn8ZF/yqj9u4WrhiO6gtEcTaVsnZSWWZLfXhcIOiWSB8kKCxtZl5cG17dD3Du1NllUwMRqkp0KleLhIoUS9xeQ/0x05u+CYLrfQ62oAiD7q54ZQzpXJIH52aQzKV70ZnO03CZowhQBnetmIoKX6xLogKo8pt+BdQbo3oVHxV8Y= +example.com. 3600 IN NSEC bar.example.com. NS SOA RRSIG NSEC DNSKEY TYPE63 +example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ufLrlOQprAqjnH85Rt3T0Mxd3ZB0mBeeNIr84eFJ8Rk6WiWEPm0Y1R7GRufNI24Mj7iqLcL4nJM6KK6B7dJqjqu73jw1acuYNnbsoV2BNDRXRFP2FNWTpctVdi+955f3FzgsmEJXfGiSUG0YXAEcZmdCPCn5ii2jk8mk7r6KKYo= +bar.example.com. 3600 IN A 1.2.3.4 +bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds= +bar.example.com. 3600 IN NSEC ding.example.com. A RRSIG NSEC +bar.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. VhsGuBx20DXQZNU8ITAMnasn6NVyEjN9xtB8msH5xJn80UCuaqvFBURzcPWN3aHnykEvGfdPF/9P3WvlON0cMikWkqSLy6Q9bpvgAq13HWYh+ZcDoqLtICaB7RkBQc+6aHAqZFyQbD8/m8Kxt5eVJtV6rEuf+yPX0+3aXHhsRg0= +ding.example.com. 3600 IN A 1.2.3.4 +ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko= +ding.example.com. 3600 IN NSEC foo.example.com. A RRSIG NSEC +ding.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. nb1W2aaKrU5iAQiY8gMsoMOejID19JMTEwY2rRoe+KsvzMs0rE0ifEkqit4blXaU0tfy0foJ70uqdJFqBoGz1NcSwZ6GNk/iNfGvG3XpxZ/zqEe7kkIucqqei794G7z9psqV94yZ3WaT+IswPpWrSaWv1w41RtcWufPhe4fOAmU= +foo.example.com. 3600 IN A 1.2.3.4 +foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA= +foo.example.com. 3600 IN NSEC ns.example.com. A RRSIG NSEC +foo.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. fUZEpkEULRWDntN5Z7Kr8M83Hjhf08ECMKRpo6IBoBc3ayenj+YMgWAvFXC825wjENPYYWNGag0d32U83zCZxqgv+8uXZd3B7QDpTbL41aWZdc++s5YWTkYjyOWwJ1XHOv4nL3qEnJBXVzo/E1gbSKhTFuG97i+7J1MFd9MsC5s= +ns.example.com. 3600 IN A 127.0.0.1 +ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg= +ns.example.com. 3600 IN NSEC www.example.com. A RRSIG NSEC +ns.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. 0upKNYjiow4NDJm3I1RbUddE9GGuFYEVKswww5BAc/6WHuukupncL30lskvcSKGpByDssP2Hi2CufyEtYeGWh6q1TxtOFRqFBX1p6Q5b3tBlCtvv4h31dQR9uqLvq+GkGS5MR+0LO5kWagIpZmnI8YY5plVdXEtNbp2Ar8zvz/A= +www.example.com. 3600 IN A 127.0.0.1 +www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ= +www.example.com. 3600 IN NSEC example.com. A RRSIG NSEC +www.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. meg/t6nIBqQZ0d5/dT7uu/3CuP4vE+HxqFQaj2fjUNceA/6C7QIQnqQ5Kyblg+XijDkQX0yvyFNHYdgF16UDgFT7tlNUCHk1SpF5BWzV4c4tBEhxASTz7UQo111O3Tyd6CldPzO/Se15Ud0/ZYltHEqWTfY5nJoXC/OJD9V2QOI= +example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 20 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR AA RD RA SERVFAIL +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +ENTRY_END + +STEP 30 TIME_PASSES ELAPSE 10 +STEP 40 TRAFFIC + +STEP 50 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 60 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR AA RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 127.0.0.1 +ENTRY_END + +; the zonefile was updated with new contents +STEP 70 CHECK_TEMPFILE example.com +FILE_BEGIN +example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 +example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM= +example.com. 3600 IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg= +example.com. 3600 IN NSEC bar.example.com. NS SOA RRSIG NSEC DNSKEY ZONEMD +example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ufLrlOQprAqjnH85Rt3T0Mxd3ZB0mBeeNIr84eFJ8Rk6WiWEPm0Y1R7GRufNI24Mj7iqLcL4nJM6KK6B7dJqjqu73jw1acuYNnbsoV2BNDRXRFP2FNWTpctVdi+955f3FzgsmEJXfGiSUG0YXAEcZmdCPCn5ii2jk8mk7r6KKYo= +example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566} +example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA= +example.com. 3600 IN ZONEMD 200154054 1 2 58F7620F93204BBB31B44F795B3409CC4ABD9EF5601DECC15675BD7751213152984EDDCE0626E6062E744B03B3E47711202FBB79E4A2EB8BC5CF46741B5CAE6F +example.com. 3600 IN RRSIG ZONEMD 8 2 3600 20201116135527 20201019135527 55566 example.com. orn8ZF/yqj9u4WrhiO6gtEcTaVsnZSWWZLfXhcIOiWSB8kKCxtZl5cG17dD3Du1NllUwMRqkp0KleLhIoUS9xeQ/0x05u+CYLrfQ62oAiD7q54ZQzpXJIH52aQzKV70ZnO03CZowhQBnetmIoKX6xLogKo8pt+BdQbo3oVHxV8Y= +bar.example.com. 3600 IN A 1.2.3.4 +bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds= +bar.example.com. 3600 IN NSEC ding.example.com. A RRSIG NSEC +bar.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. VhsGuBx20DXQZNU8ITAMnasn6NVyEjN9xtB8msH5xJn80UCuaqvFBURzcPWN3aHnykEvGfdPF/9P3WvlON0cMikWkqSLy6Q9bpvgAq13HWYh+ZcDoqLtICaB7RkBQc+6aHAqZFyQbD8/m8Kxt5eVJtV6rEuf+yPX0+3aXHhsRg0= +ding.example.com. 3600 IN A 1.2.3.4 +ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko= +ding.example.com. 3600 IN NSEC foo.example.com. A RRSIG NSEC +ding.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. nb1W2aaKrU5iAQiY8gMsoMOejID19JMTEwY2rRoe+KsvzMs0rE0ifEkqit4blXaU0tfy0foJ70uqdJFqBoGz1NcSwZ6GNk/iNfGvG3XpxZ/zqEe7kkIucqqei794G7z9psqV94yZ3WaT+IswPpWrSaWv1w41RtcWufPhe4fOAmU= +foo.example.com. 3600 IN A 1.2.3.4 +foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA= +foo.example.com. 3600 IN NSEC ns.example.com. A RRSIG NSEC +foo.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. fUZEpkEULRWDntN5Z7Kr8M83Hjhf08ECMKRpo6IBoBc3ayenj+YMgWAvFXC825wjENPYYWNGag0d32U83zCZxqgv+8uXZd3B7QDpTbL41aWZdc++s5YWTkYjyOWwJ1XHOv4nL3qEnJBXVzo/E1gbSKhTFuG97i+7J1MFd9MsC5s= +ns.example.com. 3600 IN A 127.0.0.1 +ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg= +ns.example.com. 3600 IN NSEC www.example.com. A RRSIG NSEC +ns.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. 0upKNYjiow4NDJm3I1RbUddE9GGuFYEVKswww5BAc/6WHuukupncL30lskvcSKGpByDssP2Hi2CufyEtYeGWh6q1TxtOFRqFBX1p6Q5b3tBlCtvv4h31dQR9uqLvq+GkGS5MR+0LO5kWagIpZmnI8YY5plVdXEtNbp2Ar8zvz/A= +www.example.com. 3600 IN A 127.0.0.1 +www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ= +www.example.com. 3600 IN NSEC example.com. A RRSIG NSEC +www.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. meg/t6nIBqQZ0d5/dT7uu/3CuP4vE+HxqFQaj2fjUNceA/6C7QIQnqQ5Kyblg+XijDkQX0yvyFNHYdgF16UDgFT7tlNUCHk1SpF5BWzV4c4tBEhxASTz7UQo111O3Tyd6CldPzO/Se15Ud0/ZYltHEqWTfY5nJoXC/OJD9V2QOI= +FILE_END + +SCENARIO_END diff --git a/testdata/auth_zonemd_xfr_chain_fail.rpl b/testdata/auth_zonemd_xfr_chain_fail.rpl new file mode 100644 index 000000000000..3e09c9e8e40b --- /dev/null +++ b/testdata/auth_zonemd_xfr_chain_fail.rpl @@ -0,0 +1,321 @@ +; config options +server: + target-fetch-policy: "0 0 0 0 0" + trust-anchor: "com. DS 1444 8 2 0d72034e3e18a9ef383c164b68302433bbde957616e10cf44575fea2abae469c" + trust-anchor-signaling: no + val-override-date: 20201020135527 + +auth-zone: + name: "example.com." + ## zonefile (or none). + ## zonefile: "example.com.zone" + ## master by IP address or hostname + ## can list multiple masters, each on one line. + ## master: + master: 1.2.3.44 + ## url for http fetch + ## url: + ## queries from downstream clients get authoritative answers. + ## for-downstream: yes + for-downstream: yes + ## queries are used to fetch authoritative answers from this zone, + ## instead of unbound itself sending queries there. + ## for-upstream: yes + for-upstream: yes + ## on failures with for-upstream, fallback to sending queries to + ## the authority servers + ## fallback-enabled: no + zonemd-check: yes + + ## this line generates zonefile: \n"/tmp/xxx.example.com"\n + zonefile: +TEMPFILE_NAME example.com + ## this is the inline file /tmp/xxx.example.com + ## the tempfiles are deleted when the testrun is over. +TEMPFILE_CONTENTS example.com +TEMPFILE_END + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test authority zone with AXFR with ZONEMD failure with chain of trust + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qname qtype +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.com. IN DS +SECTION ANSWER +example.com. 3600 IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af +example.com. 3600 IN RRSIG DS 8 2 3600 20201116135527 20201019135527 1444 com. BpV1M171SSkbdlGawwweJwQ0W+aNaCrgkt2QTsxCvbo1acR5i3AKm4REOUzo4I36lRx26mYkF9Topkeu0aFmov7P2uUhCxk4faFK7k87k97FAqZaDGp/K9b3YCfiwJBc5pJSUW0ndU/Ve5zAh/wL493RMSC7LwJr5JjV0NxydFk= +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af +example.com. 3600 IN RRSIG DS 8 2 3600 20201116135527 20201019135527 1444 com. BpV1M171SSkbdlGawwweJwQ0W+aNaCrgkt2QTsxCvbo1acR5i3AKm4REOUzo4I36lRx26mYkF9Topkeu0aFmov7P2uUhCxk4faFK7k87k97FAqZaDGp/K9b3YCfiwJBc5pJSUW0ndU/Ve5zAh/wL493RMSC7LwJr5JjV0NxydFk= +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +com. IN DNSKEY +SECTION ANSWER +com. 3600 IN DNSKEY 257 3 8 AwEAAbd9WqjzE2Pynz21OG5doSf9hFzMr5dhzz2waZ3vTa+0o5r7AjTAqmA1yH/B3+aAMihUm5ucZSfVqo7+kOaRE8yFj9aivOmA1n1+JLevJq/oyvQyjxQN2Qb89LyaNUT5oKZIiL+uyyhNW3KDR3SSbQ/GBwQNDHVcZi+JDR3RC0r7 ;{id = 1444 (ksk), size = 1024b} +com. 3600 IN RRSIG DNSKEY 8 1 3600 20201116135527 20201019135527 1444 com. BEOMfWvi6RgnHaHsst+Ed265hBuCkgMR7gDpu89J7ZrVL6DzMKnNVFdgjl/9xwLj/pkukc7qeLSHjAfLlN0E4THW7PVshscQnjvXCkktG2Ejx9fTyllAqeGDh9z9QDGlQZIGTMgb9413qZhNqe2Tda9PTJRpiZ8b4bdQp6V1kVo= +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +; ns.example.net. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.44 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.net. IN NS +SECTION ANSWER +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN A +SECTION ANSWER +ns.example.net. IN A 1.2.3.44 +SECTION AUTHORITY +example.net. IN NS ns.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN AAAA +SECTION AUTHORITY +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +www.example.net. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN SOA +SECTION ANSWER +; serial, refresh, retry, expire, minimum +example.com. IN SOA ns.example.com. hostmaster.example.com. 1 3600 900 86400 3600 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOTIMPL +SECTION QUESTION +example.com. IN IXFR +SECTION ANSWER +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.com. IN AXFR +SECTION ANSWER +example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 +example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM= +example.com. 3600 IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg= +example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b} +example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA= +example.com. 3600 IN TYPE63 \# 70 0bee1bc6010258f7620f93204bbb31b44f795b3409cc4abd9ef5601decc15675bd7751213152984eddce0626e6062e744b03b3e47711202fbb79e4a2eb8bc5cf46741b5cae6f +example.com. 3600 IN RRSIG TYPE63 8 2 3600 20201116135527 20201019135527 55566 example.com. orn8ZF/yqj9u4WrhiO6gtEcTaVsnZSWWZLfXhcIOiWSB8kKCxtZl5cG17dD3Du1NllUwMRqkp0KleLhIoUS9xeQ/0x05u+CYLrfQ62oAiD7q54ZQzpXJIH52aQzKV70ZnO03CZowhQBnetmIoKX6xLogKo8pt+BdQbo3oVHxV8Y= +example.com. 3600 IN NSEC bar.example.com. NS SOA RRSIG NSEC DNSKEY TYPE63 +example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ufLrlOQprAqjnH85Rt3T0Mxd3ZB0mBeeNIr84eFJ8Rk6WiWEPm0Y1R7GRufNI24Mj7iqLcL4nJM6KK6B7dJqjqu73jw1acuYNnbsoV2BNDRXRFP2FNWTpctVdi+955f3FzgsmEJXfGiSUG0YXAEcZmdCPCn5ii2jk8mk7r6KKYo= +; this is the bad RR that causes the wrong zonemd. RRSIG is wrong too. +bar.example.com. 3600 IN A 1.2.3.55 +; orig RR +;bar.example.com. 3600 IN A 1.2.3.4 +bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds= +bar.example.com. 3600 IN NSEC ding.example.com. A RRSIG NSEC +bar.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. VhsGuBx20DXQZNU8ITAMnasn6NVyEjN9xtB8msH5xJn80UCuaqvFBURzcPWN3aHnykEvGfdPF/9P3WvlON0cMikWkqSLy6Q9bpvgAq13HWYh+ZcDoqLtICaB7RkBQc+6aHAqZFyQbD8/m8Kxt5eVJtV6rEuf+yPX0+3aXHhsRg0= +ding.example.com. 3600 IN A 1.2.3.4 +ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko= +ding.example.com. 3600 IN NSEC foo.example.com. A RRSIG NSEC +ding.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. nb1W2aaKrU5iAQiY8gMsoMOejID19JMTEwY2rRoe+KsvzMs0rE0ifEkqit4blXaU0tfy0foJ70uqdJFqBoGz1NcSwZ6GNk/iNfGvG3XpxZ/zqEe7kkIucqqei794G7z9psqV94yZ3WaT+IswPpWrSaWv1w41RtcWufPhe4fOAmU= +foo.example.com. 3600 IN A 1.2.3.4 +foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA= +foo.example.com. 3600 IN NSEC ns.example.com. A RRSIG NSEC +foo.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. fUZEpkEULRWDntN5Z7Kr8M83Hjhf08ECMKRpo6IBoBc3ayenj+YMgWAvFXC825wjENPYYWNGag0d32U83zCZxqgv+8uXZd3B7QDpTbL41aWZdc++s5YWTkYjyOWwJ1XHOv4nL3qEnJBXVzo/E1gbSKhTFuG97i+7J1MFd9MsC5s= +ns.example.com. 3600 IN A 127.0.0.1 +ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg= +ns.example.com. 3600 IN NSEC www.example.com. A RRSIG NSEC +ns.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. 0upKNYjiow4NDJm3I1RbUddE9GGuFYEVKswww5BAc/6WHuukupncL30lskvcSKGpByDssP2Hi2CufyEtYeGWh6q1TxtOFRqFBX1p6Q5b3tBlCtvv4h31dQR9uqLvq+GkGS5MR+0LO5kWagIpZmnI8YY5plVdXEtNbp2Ar8zvz/A= +www.example.com. 3600 IN A 127.0.0.1 +www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ= +www.example.com. 3600 IN NSEC example.com. A RRSIG NSEC +www.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. meg/t6nIBqQZ0d5/dT7uu/3CuP4vE+HxqFQaj2fjUNceA/6C7QIQnqQ5Kyblg+XijDkQX0yvyFNHYdgF16UDgFT7tlNUCHk1SpF5BWzV4c4tBEhxASTz7UQo111O3Tyd6CldPzO/Se15Ud0/ZYltHEqWTfY5nJoXC/OJD9V2QOI= +example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 20 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR AA RD RA SERVFAIL +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +ENTRY_END + +STEP 30 TIME_PASSES ELAPSE 10 +STEP 40 TRAFFIC + +STEP 50 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 60 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR AA RD RA SERVFAIL +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +ENTRY_END + +; the zonefile was updated with new contents +STEP 70 CHECK_TEMPFILE example.com +FILE_BEGIN +example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 +example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM= +example.com. 3600 IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg= +example.com. 3600 IN NSEC bar.example.com. NS SOA RRSIG NSEC DNSKEY ZONEMD +example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ufLrlOQprAqjnH85Rt3T0Mxd3ZB0mBeeNIr84eFJ8Rk6WiWEPm0Y1R7GRufNI24Mj7iqLcL4nJM6KK6B7dJqjqu73jw1acuYNnbsoV2BNDRXRFP2FNWTpctVdi+955f3FzgsmEJXfGiSUG0YXAEcZmdCPCn5ii2jk8mk7r6KKYo= +example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566} +example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA= +example.com. 3600 IN ZONEMD 200154054 1 2 58F7620F93204BBB31B44F795B3409CC4ABD9EF5601DECC15675BD7751213152984EDDCE0626E6062E744B03B3E47711202FBB79E4A2EB8BC5CF46741B5CAE6F +example.com. 3600 IN RRSIG ZONEMD 8 2 3600 20201116135527 20201019135527 55566 example.com. orn8ZF/yqj9u4WrhiO6gtEcTaVsnZSWWZLfXhcIOiWSB8kKCxtZl5cG17dD3Du1NllUwMRqkp0KleLhIoUS9xeQ/0x05u+CYLrfQ62oAiD7q54ZQzpXJIH52aQzKV70ZnO03CZowhQBnetmIoKX6xLogKo8pt+BdQbo3oVHxV8Y= +bar.example.com. 3600 IN A 1.2.3.55 +bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds= +bar.example.com. 3600 IN NSEC ding.example.com. A RRSIG NSEC +bar.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. VhsGuBx20DXQZNU8ITAMnasn6NVyEjN9xtB8msH5xJn80UCuaqvFBURzcPWN3aHnykEvGfdPF/9P3WvlON0cMikWkqSLy6Q9bpvgAq13HWYh+ZcDoqLtICaB7RkBQc+6aHAqZFyQbD8/m8Kxt5eVJtV6rEuf+yPX0+3aXHhsRg0= +ding.example.com. 3600 IN A 1.2.3.4 +ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko= +ding.example.com. 3600 IN NSEC foo.example.com. A RRSIG NSEC +ding.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. nb1W2aaKrU5iAQiY8gMsoMOejID19JMTEwY2rRoe+KsvzMs0rE0ifEkqit4blXaU0tfy0foJ70uqdJFqBoGz1NcSwZ6GNk/iNfGvG3XpxZ/zqEe7kkIucqqei794G7z9psqV94yZ3WaT+IswPpWrSaWv1w41RtcWufPhe4fOAmU= +foo.example.com. 3600 IN A 1.2.3.4 +foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA= +foo.example.com. 3600 IN NSEC ns.example.com. A RRSIG NSEC +foo.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. fUZEpkEULRWDntN5Z7Kr8M83Hjhf08ECMKRpo6IBoBc3ayenj+YMgWAvFXC825wjENPYYWNGag0d32U83zCZxqgv+8uXZd3B7QDpTbL41aWZdc++s5YWTkYjyOWwJ1XHOv4nL3qEnJBXVzo/E1gbSKhTFuG97i+7J1MFd9MsC5s= +ns.example.com. 3600 IN A 127.0.0.1 +ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg= +ns.example.com. 3600 IN NSEC www.example.com. A RRSIG NSEC +ns.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. 0upKNYjiow4NDJm3I1RbUddE9GGuFYEVKswww5BAc/6WHuukupncL30lskvcSKGpByDssP2Hi2CufyEtYeGWh6q1TxtOFRqFBX1p6Q5b3tBlCtvv4h31dQR9uqLvq+GkGS5MR+0LO5kWagIpZmnI8YY5plVdXEtNbp2Ar8zvz/A= +www.example.com. 3600 IN A 127.0.0.1 +www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ= +www.example.com. 3600 IN NSEC example.com. A RRSIG NSEC +www.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. meg/t6nIBqQZ0d5/dT7uu/3CuP4vE+HxqFQaj2fjUNceA/6C7QIQnqQ5Kyblg+XijDkQX0yvyFNHYdgF16UDgFT7tlNUCHk1SpF5BWzV4c4tBEhxASTz7UQo111O3Tyd6CldPzO/Se15Ud0/ZYltHEqWTfY5nJoXC/OJD9V2QOI= +FILE_END + +SCENARIO_END diff --git a/testdata/auth_zonemd_xfr_fail.rpl b/testdata/auth_zonemd_xfr_fail.rpl new file mode 100644 index 000000000000..f54ca7e086f0 --- /dev/null +++ b/testdata/auth_zonemd_xfr_fail.rpl @@ -0,0 +1,241 @@ +; config options +server: + target-fetch-policy: "0 0 0 0 0" + +auth-zone: + name: "example.com." + ## zonefile (or none). + ## zonefile: "example.com.zone" + ## master by IP address or hostname + ## can list multiple masters, each on one line. + ## master: + master: 1.2.3.44 + ## url for http fetch + ## url: + ## queries from downstream clients get authoritative answers. + ## for-downstream: yes + for-downstream: yes + ## queries are used to fetch authoritative answers from this zone, + ## instead of unbound itself sending queries there. + ## for-upstream: yes + for-upstream: yes + ## on failures with for-upstream, fallback to sending queries to + ## the authority servers + ## fallback-enabled: no + zonemd-check: yes + + ## this line generates zonefile: \n"/tmp/xxx.example.com"\n + zonefile: +TEMPFILE_NAME example.com + ## this is the inline file /tmp/xxx.example.com + ## the tempfiles are deleted when the testrun is over. +TEMPFILE_CONTENTS example.com +TEMPFILE_END + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test authority zone with AXFR with failed ZONEMD + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.44 +ENTRY_END +RANGE_END + +; ns.example.net. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.44 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.net. IN NS +SECTION ANSWER +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN A +SECTION ANSWER +ns.example.net. IN A 1.2.3.44 +SECTION AUTHORITY +example.net. IN NS ns.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN AAAA +SECTION AUTHORITY +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +www.example.net. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN SOA +SECTION ANSWER +; serial, refresh, retry, expire, minimum +example.com. IN SOA ns.example.com. hostmaster.example.com. 1 3600 900 86400 3600 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOTIMPL +SECTION QUESTION +example.com. IN IXFR +SECTION ANSWER +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.com. IN AXFR +SECTION ANSWER +example.com. IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 +example.com. IN NS ns.example.com. +; old zonemd +;example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D728B22 +; wrong zonemd +example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D7AAAAA +www.example.com. IN A 127.0.0.1 +ns.example.com. IN A 127.0.0.1 +bar.example.com. IN A 1.2.3.4 +ding.example.com. IN A 1.2.3.4 +foo.example.com. IN A 1.2.3.4 +example.com. IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 20 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR AA RD RA SERVFAIL +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +ENTRY_END + +STEP 30 TIME_PASSES ELAPSE 10 +STEP 40 TRAFFIC + +STEP 50 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 60 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR AA RD RA SERVFAIL +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +ENTRY_END + +; the zonefile was updated with new contents +STEP 70 CHECK_TEMPFILE example.com +FILE_BEGIN +FILE_END + +SCENARIO_END diff --git a/testdata/http_user_agent.tdir/127.0.0.1/example.com.zone b/testdata/http_user_agent.tdir/127.0.0.1/example.com.zone new file mode 100644 index 000000000000..695eb1c32bd4 --- /dev/null +++ b/testdata/http_user_agent.tdir/127.0.0.1/example.com.zone @@ -0,0 +1,3 @@ +example.com. IN SOA ns.example.com. hostmaster.example.com. 1 3600 900 86400 3600 +example.com. IN NS ns.example.net. +www.example.com. IN A 1.2.3.4 diff --git a/testdata/http_user_agent.tdir/http_user_agent.conf b/testdata/http_user_agent.tdir/http_user_agent.conf new file mode 100644 index 000000000000..c563416aefbe --- /dev/null +++ b/testdata/http_user_agent.tdir/http_user_agent.conf @@ -0,0 +1,24 @@ +auth-zone: + name: "example.com" + for-upstream: yes + for-downstream: yes + url: "https://127.0.0.1:@TOPORT@/example.com.zone" +remote-control: + control-enable: yes + control-interface: 127.0.0.1 + control-port: @CONTROL_PORT@ + server-key-file: "unbound_server.key" + server-cert-file: "unbound_server.pem" + control-key-file: "unbound_control.key" + control-cert-file: "unbound_control.pem" +server: + verbosity: 7 + interface: 127.0.0.1 + port: @PORT@ + use-syslog: no + directory: "" + pidfile: "unbound.pid" + chroot: "" + username: "" + do-not-query-localhost: no + use-caps-for-id: yes diff --git a/testdata/http_user_agent.tdir/http_user_agent.dsc b/testdata/http_user_agent.tdir/http_user_agent.dsc new file mode 100644 index 000000000000..6b24c43fc7ab --- /dev/null +++ b/testdata/http_user_agent.tdir/http_user_agent.dsc @@ -0,0 +1,16 @@ +BaseName: http_user_agent +Version: 1.0 +Description: Check the http-user-agent configuration +CreationDate: Wed 2 Jun 13:59:26 CEST 2021 +Maintainer: +Category: +Component: +CmdDepends: +Depends: +Help: +Pre: http_user_agent.pre +Post: http_user_agent.post +Test: http_user_agent.test +AuxFiles: +Passed: +Failure: diff --git a/testdata/http_user_agent.tdir/http_user_agent.post b/testdata/http_user_agent.tdir/http_user_agent.post new file mode 100644 index 000000000000..797ff57c8bbc --- /dev/null +++ b/testdata/http_user_agent.tdir/http_user_agent.post @@ -0,0 +1,11 @@ +# #-- http_user_agent.post --# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# source the test var file when it's there +[ -f .tpkg.var.test ] && source .tpkg.var.test +# +# do your teardown here +PRE="../.." +. ../common.sh +kill_pid $UNBOUND_PID +kill_pid $PETAL_PID diff --git a/testdata/http_user_agent.tdir/http_user_agent.pre b/testdata/http_user_agent.tdir/http_user_agent.pre new file mode 100644 index 000000000000..e94bd536edb4 --- /dev/null +++ b/testdata/http_user_agent.tdir/http_user_agent.pre @@ -0,0 +1,37 @@ +# #-- http_user_agent.pre--# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test + +PRE="../.." +. ../common.sh +get_random_port 3 +UNBOUND_PORT=$RND_PORT +PETAL_PORT=$(($RND_PORT + 1)) +CONTROL_PORT=$(($RND_PORT + 3)) +echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test +echo "PETAL_PORT=$PETAL_PORT" >> .tpkg.var.test +echo "CONTROL_PORT=$CONTROL_PORT" >> .tpkg.var.test + +get_make +(cd $PRE; $MAKE petal) + +# start https daemon +# More verbosity because we need to see the HTTP headers +$PRE/petal -vv -a "127.0.0.1" -p $PETAL_PORT >petal.log 2>&1 & +PETAL_PID=$! +echo "PETAL_PID=$PETAL_PID" >> .tpkg.var.test +cat .tpkg.var.test +wait_petal_up petal.log + +# make config file +sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@TOPORT\@/'$PETAL_PORT'/' -e 's/@CONTROL_PORT\@/'$CONTROL_PORT'/'< http_user_agent.conf > ub.conf +# start unbound in the background +$PRE/unbound -d -c ub.conf >unbound.log 2>&1 & +UNBOUND_PID=$! +echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test + +cat .tpkg.var.test +wait_unbound_up unbound.log + diff --git a/testdata/http_user_agent.tdir/http_user_agent.test b/testdata/http_user_agent.tdir/http_user_agent.test new file mode 100644 index 000000000000..afc0fbbe6f4b --- /dev/null +++ b/testdata/http_user_agent.tdir/http_user_agent.test @@ -0,0 +1,103 @@ +# #-- http_user_agent.test --# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test + +PRE="../.." + +# Query and check check that we get the correct answer from the auth_zone +query () { + echo "> dig www.example.com." + dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile + if grep SERVFAIL outfile; then + echo "> try again" + dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile + fi + if grep SERVFAIL outfile; then + echo "> try again" + sleep 1 + dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile + fi + if grep SERVFAIL outfile; then + echo "> try again" + sleep 1 + dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile + fi + if grep SERVFAIL outfile; then + echo "> try again" + sleep 1 + dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile + fi + if grep SERVFAIL outfile; then + echo "> try again" + sleep 10 + dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile + fi + if grep SERVFAIL outfile; then + echo "> try again" + sleep 10 + dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile + fi + echo "> check answer" + if grep "1.2.3.4" outfile; then + echo "OK" + else + echo "Not OK" + exit 1 + fi +} + +# Reload the configuration and retransfer the zone +reload_and_retransfer () { + echo "> Reloading Unbound" + echo "$PRE/unbound-control -c ub.conf reload" + $PRE/unbound-control -c ub.conf reload + if test $? -ne 0; then + echo "wrong exit value from unbound-control" + exit 1 + fi + echo "> Refetching example.com" + echo "$PRE/unbound-control -c ub.conf auth_zone_transfer example.com" + $PRE/unbound-control -c ub.conf auth_zone_transfer example.com + if test $? -ne 0; then + echo "wrong exit value from unbound-control" + exit 1 + fi +} + +# do the test +query +# add custom http-user-agent +echo "server: http-user-agent: customUA" >> ub.conf +reload_and_retransfer +query +# hide http-user-agent +echo "server: hide-http-user-agent: yes" >> ub.conf +reload_and_retransfer +query + +echo "> cat logfiles" +cat petal.log +cat unbound.log + +# check petal.log for the correct number of occurences. +# It should be 2 User-Agents, one being the custom. +echo "> check User-Agent occurences" +occurences=`grep "User-Agent:" petal.log | wc -l` +echo $occurences +if test $occurences -eq 2; then + echo "OK" +else + echo "Not OK" + exit 1 +fi +echo "> check custom User-Agent" +if grep "User-Agent: customUA" petal.log; then + echo "OK" +else + echo "Not OK" + exit 1 +fi + +exit 0 diff --git a/testdata/http_user_agent.tdir/petal.key b/testdata/http_user_agent.tdir/petal.key new file mode 100644 index 000000000000..6614e498fcd2 --- /dev/null +++ b/testdata/http_user_agent.tdir/petal.key @@ -0,0 +1,21 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIDfQIBAAKBwQC1xQ/Kca6zszZbcCtdOTIH2Uy2gOy/DfabMUU7TmNPm0dVE0NJ +RuN+Rm304SonpwghfP2/ULZNnuDgpG03/32yI7k/VzG6iA4hiF7tT/KAAWC/+2l1 +QCsawCV2bSrFK0VhcZr7ALqXd8vkDaQ867K029ypjOQtAJ85qdO3mERy7TGtdUcu +O6hLeVet419YeQ2F8cfNxn63d7bOzNGLPW5xwaCd3UcgD+Ib0k4xfFvbinvPQUeU +J/i4YDWexFYSL+ECAwEAAQKBwCLXXQl+9O+5AEhSnd1Go1Jh0pSA7eBJOuXQcebG +Rb7ykp+6C4G2NtDziwwPRNdI6wQQQ0sym18RfyVQHydGr78/nbiIbB3HCn5e92Mh +mefzW6ow9Kvm2txLzGKA1lvoyRbNm81jnG/eygi3u7Nqd5PNv+4dHj2RkTlmxOeh +qnDMVP5md8uZPv6lYNnrnIzvLCR5vnPNdVwn89AqzI85IcDZdy0R9ZX4NBbsDgAU +6ig6uXuRXvSGiyJ/OUXSrnogaQJhAOjvkHUhVZQkPOxO90TNH4j0GdKKtbSWxIdz +lKfuJeBAEqs0TL+C6vbS81Xw3W1alyDdUBk3rJMOBqW6Ryq5HNL+j5H+Jfsh7fvc +Yle+5wHGci0P9zCFZCrY8It7n9XFIwJhAMfEi6oJa2G8waPJ1bQhxka82Tf9pnKM +XCn/1BBOFjVIx5F842cpA+zp5a62GENTGYPQTTRBB/2/ZwnW5aIkrlg54AtmbqBZ +Oh+2kJdJQD/tfoVmc5soUE2ScTHadK5RKwJhAN4w9kjkXS+MSZjX0kIMsBIBVkhh +C+aREjJqa9ir7/Ey7RvmLXdYuCxtGLRXp7/R8+rjcK49Tx6O+IRJZe042mfhbq3C +EhS1Tr86f4xXix9EXlDhs9bSxrOgcAN9Dv/opQJhAK7eBcPaav0rVfYh/8emqQHS +3fJ9Pu6WnzbEksWTFS2ff9KDGCx9YspIFJ5TF/oXDAaumGZdZrlgirm6O1kr8tGY +F97i04PZl1+bWAaWQH+1TUNI43m2WFUPE7coG2tb8QJgcddDg9VlXliZqgcETZfJ +kJmYETxrcSn3ao6v116N8yxhEgUgjkmsCTiFgx36iDVnXwK6PIt+sIu8MC7eYNa3 +berrv/M21K0LRn20IWRxvUobG070weHCAgkko7fTWgr2 +-----END RSA PRIVATE KEY----- diff --git a/testdata/http_user_agent.tdir/petal.pem b/testdata/http_user_agent.tdir/petal.pem new file mode 100644 index 000000000000..19c8b895ba86 --- /dev/null +++ b/testdata/http_user_agent.tdir/petal.pem @@ -0,0 +1,14 @@ +-----BEGIN CERTIFICATE----- +MIICFzCCAUACCQDO660L5y5LGDANBgkqhkiG9w0BAQUFADAQMQ4wDAYDVQQDEwVw +ZXRhbDAeFw0xMDA5MzAxMzQzMDFaFw0zMDA2MTcxMzQzMDFaMBAxDjAMBgNVBAMT +BXBldGFsMIHfMA0GCSqGSIb3DQEBAQUAA4HNADCByQKBwQC1xQ/Kca6zszZbcCtd +OTIH2Uy2gOy/DfabMUU7TmNPm0dVE0NJRuN+Rm304SonpwghfP2/ULZNnuDgpG03 +/32yI7k/VzG6iA4hiF7tT/KAAWC/+2l1QCsawCV2bSrFK0VhcZr7ALqXd8vkDaQ8 +67K029ypjOQtAJ85qdO3mERy7TGtdUcuO6hLeVet419YeQ2F8cfNxn63d7bOzNGL +PW5xwaCd3UcgD+Ib0k4xfFvbinvPQUeUJ/i4YDWexFYSL+ECAwEAATANBgkqhkiG +9w0BAQUFAAOBwQBBkX9KDP2RXbg+xPmdJ4P6CwvA5x1LZwC++ydVx4NlvT0pWicD +ZUnXjcWAJlkeOuUBAqFG7WHTrXpUUAjmdqFVq2yFjteUYBdrFz0RDB2jM9feeKYO +mTgxdZyT9a6humxCxt5VfgT02axLjm/2AqCyFPMbf4PASoJDln01AEuZLZ8Xl2gV +bYHMnHTGoD1Hu6FNEzRgkMC6XT8X3YjHvzQhpc/qL5wEfEsinQGdX4twsuWbf8xd +q7miNnkO8vd0maw= +-----END CERTIFICATE----- diff --git a/testdata/http_user_agent.tdir/unbound_control.key b/testdata/http_user_agent.tdir/unbound_control.key new file mode 100644 index 000000000000..753a4ef6162e --- /dev/null +++ b/testdata/http_user_agent.tdir/unbound_control.key @@ -0,0 +1,39 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIG4gIBAAKCAYEAstEp+Pyh8XGrtZ77A4FhYjvbeB3dMa7Q2rGWxobzlA9przhA +1aChAvUtCOAuM+rB6NTNB8YWfZJbQHawyMNpmC77cg6vXLYCGUQHZyAqidN049RJ +F5T7j4N8Vniv17LiRdr0S6swy4PRvEnIPPV43EQHZqC5jVvHsKkhIfmBF/Dj5TXR +ypeawWV/m5jeU6/4HRYMfytBZdO1mPXuWLh0lgbQ4SCbgrOUVD3rniMk1yZIbQOm +vlDHYqekjDb/vOW2KxUQLG04aZMJ1mWfdbwG0CKQkSjISEDZ1l76vhM6mTM0fwXb +IvyFZ9yPPCle1mF5aSlxS2cmGuGVSRQaw8XF9fe3a9ACJJTr33HdSpyaZkKRAUzL +cKqLCl323daKv3NwwAT03Tj4iQM416ASMoiyfFa/2GWTKQVjddu8Crar7tGaf5xr +lig4DBmrBvdYA3njy72/RD71hLwmlRoCGU7dRuDr9O6KASUm1Ri91ONZ/qdjMvov +15l2vj4GV+KXR00dAgMBAAECggGAHepIL1N0dEQkCdpy+/8lH54L9WhpnOo2HqAf +LU9eaKK7d4jdr9+TkD8cLaPzltPrZNxVALvu/0sA4SP6J1wpyj/x6P7z73qzly5+ +Xo5PD4fEwmi9YaiW/UduAblnEZrnp/AddptJKoL/D5T4XtpiQddPtael4zQ7kB57 +YIexRSQTvEDovA/o3/nvA0TrzOxfgd4ycQP3iOWGN/TMzyLsvjydrUwbOB567iz9 +whL3Etdgvnwh5Sz2blbFfH+nAR8ctvFFz+osPvuIVR21VMEI6wm7kTpSNnQ6sh/c +lrLb/bTADn4g7z/LpIZJ+MrLvyEcoqValrLYeFBhM9CV8woPxvkO2P3pU47HVGax +tC7GV6a/kt5RoKFd/TNdiA3OC7NGZtaeXv9VkPf4fVwBtSO9d5ZZXTGEynDD/rUQ +U4KFJe6OD23APjse08HiiKqTPhsOneOONU67iqoaTdIkT2R4EdlkVEDpXVtWb+G9 +Q+IqYzVljlzuyHrhWXLJw/FMa2aBAoHBAOnZbi4gGpH+P6886WDWVgIlTccuXoyc +Mg9QQYk9UDeXxL0AizR5bZy49Sduegz9vkHpAiZARQsUnizHjZ8YlRcrmn4t6tx3 +ahTIKAjdprnxJfYINM580j8CGbXvX5LhIlm3O267D0Op+co3+7Ujy+cjsIuFQrP+ +1MqMgXSeBjzC1APivmps7HeFE+4w0k2PfN5wSMDNCzLo99PZuUG5XZ93OVOS5dpN +b+WskdcD8NOoJy/X/5A08veEI/jYO/DyqQKBwQDDwUQCOWf41ecvJLtBHKmEnHDz +ftzHino9DRKG8a9XaN4rmetnoWEaM2vHGX3pf3mwH+dAe8vJdAQueDhBKYeEpm6C +TYNOpou1+Zs5s99BilCTNYo8fkMOAyqwRwmz9zgHS6QxXuPwsghKefLJGt6o6RFF +tfWVTfLlYJ+I3GQe3ySsk3wjVz4oUTKiyiq5+KzD+HhEkS7u+RQ7Z0ZI2xd2cF8Y +aN2hjKDpcOiFf3CDoqka5D1qMNLgIHO52AHww1UCgcA1h7o7AMpURRka6hyaODY0 +A4oMYEbwdQjYjIyT998W+rzkbu1us6UtzQEBZ760npkgyU/epbOoV63lnkCC/MOU +LD0PST+L/CHiY/cWIHb79YG1EifUZKpUFg0Aoq0EGFkepF0MefGCkbRGYA5UZr9U +R80wAu9D+L+JJiS0J0BSRF74DL196zUuHt5zFeXuLzxsRtPAnq9DliS08BACRYZy +7H3I7cWD9Vn5/0jbKWHFcaaWwyETR6uekTcSzZzbCRECgcBeoE3/xUA9SSk34Mmj +7/cB4522Ft0imA3+9RK/qJTZ7Bd5fC4PKjOGNtUiqW/0L2rjeIiQ40bfWvWqgPKw +jSK1PL6uvkl6+4cNsFsYyZpiVDoe7wKju2UuoNlB3RUTqa2r2STFuNj2wRjA57I1 +BIgdnox65jqQsd14g/yaa+75/WP9CE45xzKEyrtvdcqxm0Pod3OrsYK+gikFjiar +kT0GQ8u0QPzh2tjt/2ZnIfOBrl+QYERP0MofDZDjhUdq2wECgcB0Lu841+yP5cdR +qbJhXO4zJNh7oWNcJlOuQp3ZMNFrA1oHpe9pmLukiROOy01k9WxIMQDzU5GSqRv3 +VLkYOIcbhJ3kClKAcM3j95SkKbU2H5/RENb3Ck52xtl4pNU1x/3PnVFZfDVuuHO9 +MZ9YBcIeK98MyP2jr5JtFKnOyPE7xKq0IHIhXadpbc2wjje5FtZ1cUtMyEECCXNa +C1TpXebHGyXGpY9WdWXhjdE/1jPvfS+uO5WyuDpYPr339gsdq1g= +-----END RSA PRIVATE KEY----- diff --git a/testdata/http_user_agent.tdir/unbound_control.pem b/testdata/http_user_agent.tdir/unbound_control.pem new file mode 100644 index 000000000000..a1edf7017f1d --- /dev/null +++ b/testdata/http_user_agent.tdir/unbound_control.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDszCCAhsCFGD5193whHQ2bVdzbaQfdf1gc4SkMA0GCSqGSIb3DQEBCwUAMBIx +EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjMwWhcNNDAwMzI1MTMzMjMw +WjAaMRgwFgYDVQQDDA91bmJvdW5kLWNvbnRyb2wwggGiMA0GCSqGSIb3DQEBAQUA +A4IBjwAwggGKAoIBgQCy0Sn4/KHxcau1nvsDgWFiO9t4Hd0xrtDasZbGhvOUD2mv +OEDVoKEC9S0I4C4z6sHo1M0HxhZ9kltAdrDIw2mYLvtyDq9ctgIZRAdnICqJ03Tj +1EkXlPuPg3xWeK/XsuJF2vRLqzDLg9G8Scg89XjcRAdmoLmNW8ewqSEh+YEX8OPl +NdHKl5rBZX+bmN5Tr/gdFgx/K0Fl07WY9e5YuHSWBtDhIJuCs5RUPeueIyTXJkht +A6a+UMdip6SMNv+85bYrFRAsbThpkwnWZZ91vAbQIpCRKMhIQNnWXvq+EzqZMzR/ +Bdsi/IVn3I88KV7WYXlpKXFLZyYa4ZVJFBrDxcX197dr0AIklOvfcd1KnJpmQpEB +TMtwqosKXfbd1oq/c3DABPTdOPiJAzjXoBIyiLJ8Vr/YZZMpBWN127wKtqvu0Zp/ +nGuWKDgMGasG91gDeePLvb9EPvWEvCaVGgIZTt1G4Ov07ooBJSbVGL3U41n+p2My ++i/XmXa+PgZX4pdHTR0CAwEAATANBgkqhkiG9w0BAQsFAAOCAYEAd++Wen6l8Ifj +4h3p/y16PhSsWJWuJ4wdNYy3/GM84S26wGjzlEEwiW76HpH6VJzPOiBAeWnFKE83 +hFyetEIxgJeIPbcs9ZP/Uoh8GZH9tRISBSN9Hgk2Slr9llo4t1H0g/XTgA5HqMQU +9YydlBh43G7Vw3FVwh09OM6poNOGQKNc/tq2/QdKeUMtyBbLWpRmjH5XcCT35fbn +ZiVOUldqSHD4kKrFO4nJYXZyipRbcXybsLiX9GP0GLemc3IgIvOXyJ2RPp06o/SJ +pzlMlkcAfLJaSuEW57xRakhuNK7m051TKKzJzIEX+NFYOVdafFHS8VwGrYsdrFvD +72tMfu+Fu55y3awdWWGc6YlaGogZiuMnJkvQphwgn+5qE/7CGEckoKEsH601rqIZ +muaIc85+nEcHJeijd/ZlBN9zeltjFoMuqTUENgmv8+tUAdVm/UMY9Vjme6b43ydP +uv6DS02+k9z8toxXworLiPr94BGaiGV1NxgwZKLZigYJt/Fi2Qte +-----END CERTIFICATE----- diff --git a/testdata/http_user_agent.tdir/unbound_server.key b/testdata/http_user_agent.tdir/unbound_server.key new file mode 100644 index 000000000000..370a7bbb2f22 --- /dev/null +++ b/testdata/http_user_agent.tdir/unbound_server.key @@ -0,0 +1,39 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIG5AIBAAKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI +0x41iG32a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+Nqq +GRS7XVQ24vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Z +uh9MDgotaBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8K +WaBe1ca4TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5 +FzUReSXZuTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xP +q6O9UPj4+nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XL +A5UoZgRzXgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP +7kFZSngxdy1+A/bNAgMBAAECggGBALpTOIqQwVg4CFBylL/a8K1IWJTI/I65sklf +XxYL7G7SB2HlEJ//z+E+F0+S4Vlao1vyLQ5QkgE82pAUB8FoMWvY1qF0Y8A5wtm6 +iZSGk4OLK488ZbT8Ii9i+AGKgPe2XbVxsJwj8N4k7Zooqec9hz73Up8ATEWJkRz7 +2u7oMGG4z91E0PULA64dOi3l/vOQe5w/Aa+CwVbAWtI05o7kMvQEBMDJn6C7CByo +MB5op9wueJMnz7PM7hns+U7Dy6oE4ljuolJUy51bDzFWwoM54cRoQqLFNHd8JVQj +WxldCkbfF43iyprlsEcUrTyUjtdA+ZeiG39vg/mtdmgNpGmdupHJZQvSuG8IcVlz +O+eMSeQS1QXPD6Ik8UK4SU0h+zOl8xIWtRrsxQuh4fnTN40udm/YUWl/6gOebsBI +IrVLlKGqJSfB3tMjpCRqdTzJ0dA9keVpkqm2ugZkxEf1+/efq/rFIQ2pUBLCqNTN +qpNqruK8y8FphP30I2uI4Ej2UIB8AQKBwQDd2Yptj2FyDyaXCycsyde0wYkNyzGU +dRnzdibfHnMZwjgTjwAwgIUBVIS8H0/z7ZJQKN7osJfddMrtjJtYYUk9g/dCpHXs +bNh2QSoWah3FdzNGuWd0iRf9+LFxhjAAMo/FS8zFJAJKrFsBdCGTfFUMdsLC0bjr +YjiWBuvV72uKf8XIZX5KIZruKdWBBcWukcb21R1UDyFYyXRBsly5XHaIYKZql3km +7pV7MKWO0IYgHbHIqGUqPQlzZ/lkunS1jKECgcEA23wHffD6Ou9/x3okPx2AWpTr +gh8rgqbyo6hQkBW5Y90Wz824cqaYebZDaBR/xlVx/YwjKkohv8Bde2lpH/ZxRZ1Z +5Sk2s6GJ/vU0L9RsJZgCgj4L6Coal1NMxuZtCXAlnOpiCdxSZgfqbshbTVz30KsG +ZJG361Cua1ScdAHxlZBxT52/1Sm0zRC2hnxL7h4qo7Idmtzs40LAJvYOKekR0pPN +oWeJfra7vgx/jVNvMFWoOoSLpidVO4g+ot4ery6tAoHAdW3rCic1C2zdnmH28Iw+ +s50l8Lk3mz+I5wgJd1zkzCO0DxZIoWPGA3g7cmCYr6N3KRsZMs4W9NAXgjpFGDkW +zYsG3K21BdpvkdjYcFjnPVjlOXB2RIc0vehf9Jl02wXoeCSxVUDEPcaRvWk9RJYx +ZpGOchUU7vNkxHURbIJ4yCzuAi9G8/Jp0dsu+kaV5tufF5SjG5WOrzKjaQsCbdN1 +oqaWMCHRrTvov/Z2C+xwsptFOdN5CSyZzg6hQiI4GMlBAoHAXyb6KINcOEi0YMp3 +BFXJ23tMTnEs78tozcKeipigcsbaqORK3omS+NEnj+uzKUzJyl4CsMbKstK2tFYS +mSTCHqgE3PBtIpsZtEqhgUraR8IK9GPpzZDTTl9ynZgwFTNlWw3RyuyVXF56J+T8 +kCGJ3hEHCHqT/ZRQyX85BKIDFhA0z4tYKxWVqIFiYBNq56R0X9tMMmMs36mEnF93 +7Ht6mowxTZQRa7nU0qOgeKh/P7ki4Zus3y+WJ+T9IqahLtlRAoHBAIhqMrcxSAB8 +RpB9jukJlAnidw2jCMPgrFE8tP0khhVvGrXMldxAUsMKntDIo8dGCnG1KTcWDI0O +jepvSPHSsxVLFugL79h0eVIS5z4huW48i9xgU8VlHdgAcgEPIAOFcOw2BCu/s0Vp +O+MM/EyUOdo3NsibB3qc/GJI6iNBYS7AljYEVo6rXo5V/MZvZUF4vClen6Obzsre +MTTb+4sJjfqleWuvr1XNMeu2mBfXBQkWGZP1byBK0MvD/aQ2PWq92A== +-----END RSA PRIVATE KEY----- diff --git a/testdata/http_user_agent.tdir/unbound_server.pem b/testdata/http_user_agent.tdir/unbound_server.pem new file mode 100644 index 000000000000..986807310f2b --- /dev/null +++ b/testdata/http_user_agent.tdir/unbound_server.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDqzCCAhMCFBHWXeQ6ZIa9QcQbXLFfC6tj+KA+MA0GCSqGSIb3DQEBCwUAMBIx +EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjI5WhcNNDAwMzI1MTMzMjI5 +WjASMRAwDgYDVQQDDAd1bmJvdW5kMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIB +igKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI0x41iG32 +a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+NqqGRS7XVQ2 +4vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Zuh9MDgot +aBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8KWaBe1ca4 +TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5FzUReSXZ +uTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xPq6O9UPj4 ++nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XLA5UoZgRz +XgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP7kFZSngx +dy1+A/bNAgMBAAEwDQYJKoZIhvcNAQELBQADggGBABunf93MKaCUHiZgnoOTinsW +84/EgInrgtKzAyH+BhnKkJOhhR0kkIAx5d9BpDlaSiRTACFon9moWCgDIIsK/Ar7 +JE0Kln9cV//wiiNoFU0O4mnzyGUIMvlaEX6QHMJJQYvL05+w/3AAcf5XmMJtR5ca +fJ8FqvGC34b2WxX9lTQoyT52sRt+1KnQikiMEnEyAdKktMG+MwKsFDdOwDXyZhZg +XZhRrfX3/NVJolqB6EahjWIGXDeKuSSKZVtCyib6LskyeMzN5lcRfvubKDdlqFVF +qlD7rHBsKhQUWK/IO64mGf7y/de+CgHtED5vDvr/p2uj/9sABATfbrOQR3W/Of25 +sLBj4OEfrJ7lX8hQgFaxkMI3x6VFT3W8dTCp7xnQgb6bgROWB5fNEZ9jk/gjSRmD +yIU+r0UbKe5kBk/CmZVFXL2TyJ92V5NYEQh8V4DGy19qZ6u/XKYyNJL4ocs35GGe +CA8SBuyrmdhx38h1RHErR2Skzadi1S7MwGf1y431fQ== +-----END CERTIFICATE----- diff --git a/testdata/root_key_sentinel.rpl b/testdata/root_key_sentinel.rpl old mode 100755 new mode 100644 diff --git a/testdata/rpz_rootwc.rpl b/testdata/rpz_rootwc.rpl new file mode 100644 index 000000000000..1fb94a1439fa --- /dev/null +++ b/testdata/rpz_rootwc.rpl @@ -0,0 +1,162 @@ +; config options +server: + module-config: "respip validator iterator" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: no + +rpz: + name: "rpz.example.com." + zonefile: +TEMPFILE_NAME rpz.example.com +TEMPFILE_CONTENTS rpz.example.com +$ORIGIN example.com. +rpz 3600 IN SOA ns1.rpz.example.com. hostmaster.rpz.example.com. ( + 1379078166 28800 7200 604800 7200 ) + 3600 IN NS ns1.rpz.example.com. + 3600 IN NS ns2.rpz.example.com. +$ORIGIN rpz.example.com. +a CNAME . +a CNAME *. ; duplicate CNAME here on purpose +*.a TXT "wildcard local data" +* CNAME . +b.a CNAME *. +c.a CNAME rpz-passthru. +TEMPFILE_END + +rpz: + name: "rpz2.example.com." + zonefile: +TEMPFILE_NAME rpz2.example.com +TEMPFILE_CONTENTS rpz2.example.com +$ORIGIN example.com. +rpz2 3600 IN SOA ns1.rpz.example.com. hostmaster.rpz.example.com. ( + 1379078166 28800 7200 604800 7200 ) + 3600 IN NS ns1.rpz.example.com. + 3600 IN NS ns2.rpz.example.com. +$ORIGIN rpz2.example.com. +a TXT "local data 2nd zone" +d TXT "local data 2nd zone" +e CNAME *.a.example. +*.e CNAME *.b.example. +drop CNAME rpz-drop. +TEMPFILE_END + +stub-zone: + name: "a." + stub-addr: 10.20.30.40 +stub-zone: + name: "example." + stub-addr: 10.20.30.50 +CONFIG_END + +SCENARIO_BEGIN Test RPZ QNAME trigger for root wildcard. + +; a. +RANGE_BEGIN 0 100 + ADDRESS 10.20.30.40 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +a. IN NS +SECTION ANSWER +a. IN NS ns.a. +SECTION ADDITIONAL +ns.a IN A 10.20.30.40 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +c.a. IN TXT +SECTION ANSWER +c.a. IN TXT "answer from upstream ns" +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +x.b.a. IN TXT +SECTION ANSWER +x.b.a. IN TXT "answer from upstream ns" +ENTRY_END + +RANGE_END + +; example. +RANGE_BEGIN 0 100 + ADDRESS 10.20.30.50 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example. IN NS +SECTION ANSWER +example. IN NS ns.example. +SECTION ADDITIONAL +ns.example IN A 10.20.30.50 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +e.a.example. IN TXT +SECTION ANSWER +e.a.example. IN TXT "e.a.example. answer from upstream ns" +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +something.e.b.example. IN TXT +SECTION ANSWER +something.e.b.example. IN TXT "*.b.example. answer from upstream ns" +ENTRY_END + +RANGE_END + +STEP 10 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +x. IN TXT +ENTRY_END + +; wildcard deny all +STEP 20 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AA NXDOMAIN +SECTION QUESTION +x. IN TXT +SECTION ANSWER +ENTRY_END + +STEP 30 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +y.tld. IN TXT +ENTRY_END + +; wildcard deny all +STEP 40 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AA NXDOMAIN +SECTION QUESTION +y.tld. IN TXT +SECTION ANSWER +ENTRY_END + +SCENARIO_END diff --git a/testdata/svcb.tdir/crypto.cloudflare.com.zone b/testdata/svcb.tdir/crypto.cloudflare.com.zone new file mode 100644 index 000000000000..53c89c735ba1 --- /dev/null +++ b/testdata/svcb.tdir/crypto.cloudflare.com.zone @@ -0,0 +1,9 @@ +crypto.cloudflare.com. 3600 IN SOA jobs.ns.cloudflare.com. dns.cloudflare.com. ( + 2037099480 ; serial + 10000 ; refresh (2 hours 46 minutes 40 seconds) + 2400 ; retry (40 minutes) + 604800 ; expire (1 week) + 3600 ; minimum (1 hour) + ) +crypto.cloudflare.com. 300 IN HTTPS 1 . alpn=h2 ipv4hint=162.159.135.79,162.159.136.79 echconfig=AEj+CgBETwAgACDeVpr34JzYHDGNFoGWhksj5mpBxradonbqH3X9+h7jHgAEAAEAAQAAABNjbG91ZGZsYXJlLWVzbmkuY29tAAA= ipv6hint=2606:4700:7::a29f:874f,2606:4700:7::a29f:884f + diff --git a/testdata/svcb.tdir/svcb.dsc b/testdata/svcb.tdir/svcb.dsc new file mode 100644 index 000000000000..6eae7638e9b0 --- /dev/null +++ b/testdata/svcb.tdir/svcb.dsc @@ -0,0 +1,16 @@ +BaseName: svcb +Version: 1.0 +Description: Test SVCB and HTTPS parsing +CreationDate: Fri May 25 12:51:22 UTC 2021 +Maintainer: Tom Carpay +Category: +Component: +CmdDepends: +Depends: +Help: +Pre: +Post: +Test: svcb.test +AuxFiles: +Passed: +Failure: diff --git a/testdata/svcb.tdir/svcb.failure-cases-01 b/testdata/svcb.tdir/svcb.failure-cases-01 new file mode 100644 index 000000000000..c60151692ee8 --- /dev/null +++ b/testdata/svcb.tdir/svcb.failure-cases-01 @@ -0,0 +1,9 @@ +$ORIGIN failure-cases. +$TTL 3600 + +@ SOA primary admin 0 0 0 0 0 + +; Here there are multiple instances of the same SvcParamKey in the mandatory list + +f21 HTTPS 1 foo.example.com. ech="123" +f21 HTTPS 1 foo.example.com. echconfig="123" diff --git a/testdata/svcb.tdir/svcb.failure-cases-02 b/testdata/svcb.tdir/svcb.failure-cases-02 new file mode 100644 index 000000000000..9d6f0186d535 --- /dev/null +++ b/testdata/svcb.tdir/svcb.failure-cases-02 @@ -0,0 +1,8 @@ +$ORIGIN failure-cases. +$TTL 3600 + +@ SOA primary admin 0 0 0 0 0 + +; Port must be a positive number < 65536 + +f22 HTTPS 1 foo.example.com. port=65536 diff --git a/testdata/svcb.tdir/svcb.failure-cases-03 b/testdata/svcb.tdir/svcb.failure-cases-03 new file mode 100644 index 000000000000..bb819daae316 --- /dev/null +++ b/testdata/svcb.tdir/svcb.failure-cases-03 @@ -0,0 +1,8 @@ +$ORIGIN failure-cases. +$TTL 3600 + +@ SOA primary admin 0 0 0 0 0 + +; 65 SvcParams is too many SvcParams; the limit is 64 + +f23 HTTPS 1 foo.example.com. ( key11=a key12=a key13=a key14=a key15=a key16=a key17=a key18=a key19=a key110=a key111=a key112=a key113=a key114=a key115=a key116=a key117=a key118=a key119=a key120=a key121=a key122=a key123=a key124=a key125=a key126=a key127=a key128=a key129=a key130=a key131=a key132=a key133=a key134=a key135=a key136=a key137=a key138=a key139=a key140=a key141=a key142=a key143=a key144=a key145=a key146=a key147=a key148=a key149=a key150=a key151=a key152=a key153=a key154=a key155=a key156=a key157=a key158=a key159=a key160=a key161=a key162=a key163=a key164=a key165=a ) \ No newline at end of file diff --git a/testdata/svcb.tdir/svcb.failure-cases-04 b/testdata/svcb.tdir/svcb.failure-cases-04 new file mode 100644 index 000000000000..ae02ac417b1b --- /dev/null +++ b/testdata/svcb.tdir/svcb.failure-cases-04 @@ -0,0 +1,8 @@ +$ORIGIN failure-cases. +$TTL 3600 + +@ SOA primary admin 0 0 0 0 0 + +; 256 is too many characters for an alpn; maximum is 255 + +f23 HTTPS 1 foo.example.com. ( alpn="aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" ) \ No newline at end of file diff --git a/testdata/svcb.tdir/svcb.success-cases.zone b/testdata/svcb.tdir/svcb.success-cases.zone new file mode 100644 index 000000000000..5d6339542f67 --- /dev/null +++ b/testdata/svcb.tdir/svcb.success-cases.zone @@ -0,0 +1,47 @@ +$ORIGIN success-cases. +$TTL 3600 + +@ SOA primary admin 0 0 0 0 0 + + +; A particular key does not need to have a value + +s01 SVCB 0 . key123 + + +; echconfig does not need to have a value + +s02 SVCB 0 . echconfig + + +; When "no-default-alpn" is specified in an RR, "alpn" must also be specified +; in order for the RR to be "self-consistent" + +s03 HTTPS 0 . alpn="h2,h3" no-default-alpn + + +; SHOULD is not MUST (so allowed) +; Zone-file implementations SHOULD enforce self-consistency + +s04 HTTPS 0 . no-default-alpn + + +; SHOULD is not MUST (so allowed) +; (port and no-default-alpn are automatically mandatory keys with HTTPS) +; Other automatically mandatory keys SHOULD NOT appear in the list either. + +s05 HTTPS 0 . alpn="dot" no-default-alpn port=853 mandatory=port + +; Any valid base64 is okay for ech +s06 HTTPS 0 . ech="aGVsbG93b3JsZCE=" + +; echconfig is an alias for ech +s07 HTTPS 0 . echconfig="aGVsbG93b3JsZCE=" + +; maximum size allowed in a svcb rdata set (63 SvcParams) + +s08 HTTPS 0 . ( key11=a key12=a key13=a key14=a key15=a key16=a key17=a key18=a key19=a key110=a key111=a key112=a key113=a key114=a key115=a key116=a key117=a key118=a key119=a key120=a key121=a key122=a key123=a key124=a key125=a key126=a key127=a key128=a key129=a key130=a key131=a key132=a key133=a key134=a key135=a key136=a key137=a key138=a key139=a key140=a key141=a key142=a key143=a key144=a key145=a key146=a key147=a key148=a key149=a key150=a key151=a key152=a key153=a key154=a key155=a key156=a key157=a key158=a key159=a key160=a key161=a key162=a key163=a) + +; maximum alpn size allowed (255 characters) + +s09 HTTPS 0 . ( alpn="aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" ) diff --git a/testdata/svcb.tdir/svcb.success-cases.zone.cmp b/testdata/svcb.tdir/svcb.success-cases.zone.cmp new file mode 100644 index 000000000000..e504e7b18ad5 --- /dev/null +++ b/testdata/svcb.tdir/svcb.success-cases.zone.cmp @@ -0,0 +1,10 @@ +success-cases. 3600 IN SOA primary.success-cases. admin.success-cases. 0 0 0 0 0 +s01.success-cases. 3600 IN SVCB 0 . key123 +s02.success-cases. 3600 IN SVCB 0 . ech +s03.success-cases. 3600 IN HTTPS 0 . alpn="h2,h3" no-default-alpn +s04.success-cases. 3600 IN HTTPS 0 . no-default-alpn +s05.success-cases. 3600 IN HTTPS 0 . mandatory=port alpn="dot" no-default-alpn port=853 +s06.success-cases. 3600 IN HTTPS 0 . ech="aGVsbG93b3JsZCE=" +s07.success-cases. 3600 IN HTTPS 0 . ech="aGVsbG93b3JsZCE=" +s08.success-cases. 3600 IN HTTPS 0 . key11="a" key12="a" key13="a" key14="a" key15="a" key16="a" key17="a" key18="a" key19="a" key110="a" key111="a" key112="a" key113="a" key114="a" key115="a" key116="a" key117="a" key118="a" key119="a" key120="a" key121="a" key122="a" key123="a" key124="a" key125="a" key126="a" key127="a" key128="a" key129="a" key130="a" key131="a" key132="a" key133="a" key134="a" key135="a" key136="a" key137="a" key138="a" key139="a" key140="a" key141="a" key142="a" key143="a" key144="a" key145="a" key146="a" key147="a" key148="a" key149="a" key150="a" key151="a" key152="a" key153="a" key154="a" key155="a" key156="a" key157="a" key158="a" key159="a" key160="a" key161="a" key162="a" key163="a" +s09.success-cases. 3600 IN HTTPS 0 . alpn="aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" diff --git a/testdata/svcb.tdir/svcb.test b/testdata/svcb.tdir/svcb.test new file mode 100644 index 000000000000..707287d5cf89 --- /dev/null +++ b/testdata/svcb.tdir/svcb.test @@ -0,0 +1,97 @@ +# #-- svcb.test --# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test + + +# check and write the test vectors in their respective formats +PRE=../.. +if ! $PRE/readzone svcb.test-vectors-pf.zone > svcb.test-vectors-pf.zone.out +then + echo "Could not parse presentation format zone" + exit 1 + +elif ! $PRE/readzone svcb.test-vectors-pf.zone.out > svcb.test-vectors-pf.zone.out.out +then + echo "Could not parse output from presentation format zone" + exit 1 + +elif ! $PRE/readzone svcb.test-vectors-wf.zone > svcb.test-vectors-wf.zone.out +then + echo "Could not parse RFC3597 formatted zone" + exit 1 + +elif ! $PRE/readzone svcb.test-vectors-wf.zone.out > svcb.test-vectors-wf.zone.out.out +then + echo "Could not parse output from RFC3597 formatted zone" + exit 1 +else + echo "All test zones parsed successfully" +fi + + +# check the formatting of the written files +if ! diff svcb.test-vectors-pf.zone.out svcb.test-vectors-pf.zone.out.out +then + echo "Parsing inconsistency 1" + exit 1 + +elif ! diff svcb.test-vectors-pf.zone.out svcb.test-vectors-wf.zone.out +then + echo "Parsing inconsistency 2" + exit 1 + +elif ! diff svcb.test-vectors-pf.zone.out svcb.test-vectors-wf.zone.out.out +then + echo "Parsing inconsistency 3" + exit 1 +else + echo "Parsing of SVCB and HTTPS was consistent" +fi + + +# check all the failure cases +if $PRE/readzone svcb.failure-cases-01 +then + echo "Failure case 01: ech value is not base64 encoded" + echo "Incorrectly succeeded" + exit 1 + +elif $PRE/readzone svcb.failure-cases-02 +then + echo "Failure case 02: port value needs to be a positive integer < 65536" + echo "Incorrectly succeeded" + exit 1 + +elif $PRE/readzone svcb.failure-cases-03 +then + echo "Failure case 02: 65 SvcParams is too many SvcParams; the limit is 64" + echo "Incorrectly succeeded" + exit 1 + +elif $PRE/readzone svcb.failure-cases-04 +then + echo "Failure case 04: 256 is too many characters for an alpn; maximum is 255" + echo "Incorrectly succeeded" + exit 1 +else + echo "All failure cases test successfully" +fi + + +# check all the succes and write them +if ! $PRE/readzone svcb.success-cases.zone > svcb.success-cases.zone.out +then + echo "Some particular success cases did not succeed to parse" + exit 1 + +elif ! diff svcb.success-cases.zone.out svcb.success-cases.zone.cmp +then + echo "Some success cases could not be printed" + exit 1 +else + echo "All particular success cases parsed and printed successfully" +fi + + diff --git a/testdata/svcb.tdir/svcb.test-vectors-pf.zone b/testdata/svcb.tdir/svcb.test-vectors-pf.zone new file mode 100644 index 000000000000..d2cb5087bf9a --- /dev/null +++ b/testdata/svcb.tdir/svcb.test-vectors-pf.zone @@ -0,0 +1,92 @@ +$ORIGIN test-vectors. +$TTL 3600 + +@ SOA primary admin 1 3600 1800 7200 3600 + + NS primary +primary A 127.0.0.1 +; D.1. AliasForm + +v01 SVCB 0 foo.example.com. + +; D.2. ServiceForm +; The first form is the simple "use the ownername". + +v02 SVCB 1 . + +; This vector only has a port. + +v03 SVCB 16 foo.example.com. port=53 + +; This example has a key that is not registered, its value is unquoted. + +v04 SVCB 1 foo.example.com. key667=hello + +; This example has a key that is not registered, its value is quoted and +; contains a decimal-escaped character. + +v05 SVCB 1 foo.example.com. key667="hello\210qoo" + +; Here, two IPv6 hints are quoted in the presentation format. + +v06 SVCB 1 foo.example.com. ipv6hint="2001:db8::1,2001:db8::53:1" + +; This example shows a single IPv6 hint in IPv4 mapped IPv6 presentation format. + +v07 SVCB 1 example.com. ipv6hint="2001:db8:ffff:ffff:ffff:ffff:198.51.100.100" + +; In the next vector, neither the SvcParamValues nor the mandatory keys are +; sorted in presentation format, but are correctly sorted in the wire-format. + +v08 SVCB 16 foo.example.org. (alpn=h2,h3-19 mandatory=ipv4hint,alpn + ipv4hint=192.0.2.1) + +; This last (two) vectors has an alpn value with an escaped comma and an +; escaped backslash in two presentation formats. + +v09 SVCB 16 foo.example.org. alpn="f\\\\oo\\,bar,h2" +v10 SVCB 16 foo.example.org. alpn=f\\\092oo\092,bar,h2 + + +; D.1. AliasForm + +v11 HTTPS 0 foo.example.com. + +; D.2. ServiceForm +; The first form is the simple "use the ownername". + +v12 HTTPS 1 . + +; This vector only has a port. + +v13 HTTPS 16 foo.example.com. port=53 + +; This example has a key that is not registered, its value is unquoted. + +v14 HTTPS 1 foo.example.com. key667=hello + +; This example has a key that is not registered, its value is quoted and +; contains a decimal-escaped character. + +v15 HTTPS 1 foo.example.com. key667="hello\210qoo" + +; Here, two IPv6 hints are quoted in the presentation format. + +v16 HTTPS 1 foo.example.com. ipv6hint="2001:db8::1,2001:db8::53:1" + +; This example shows a single IPv6 hint in IPv4 mapped IPv6 presentation format. + +v17 HTTPS 1 example.com. ipv6hint="2001:db8:ffff:ffff:ffff:ffff:198.51.100.100" + +; In the next vector, neither the SvcParamValues nor the mandatory keys are +; sorted in presentation format, but are correctly sorted in the wire-format. + +v18 HTTPS 16 foo.example.org. (alpn=h2,h3-19 mandatory=ipv4hint,alpn + ipv4hint=192.0.2.1) + +; This last (two) vectors has an alpn value with an escaped comma and an +; escaped backslash in two presentation formats. + +v19 HTTPS 16 foo.example.org. alpn="f\\\\oo\\,bar,h2" +v20 HTTPS 16 foo.example.org. alpn=f\\\092oo\092,bar,h2 + diff --git a/testdata/svcb.tdir/svcb.test-vectors-wf.zone b/testdata/svcb.tdir/svcb.test-vectors-wf.zone new file mode 100644 index 000000000000..bf47ab75c594 --- /dev/null +++ b/testdata/svcb.tdir/svcb.test-vectors-wf.zone @@ -0,0 +1,232 @@ +$ORIGIN test-vectors. +$TTL 3600 + +@ SOA primary admin 1 3600 1800 7200 3600 + + NS primary +primary A 127.0.0.1 + +; D.1. AliasForm + +v01 SVCB \# 19 ( +00 00 ; priority +03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 63 6f 6d 00 ; target +) + +; D.2. ServiceForm +; The first form is the simple "use the ownername". + +v02 SVCB \# 3 ( +00 01 ; priority +00 ; target (root label) +) + +; This vector only has a port. + +v03 SVCB \# 25 ( +00 10 ; priority +03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 63 6f 6d 00 ; target +00 03 ; key 3 +00 02 ; length 2 +00 35 ; value +) + +; This example has a key that is not registered, its value is unquoted. + +v04 SVCB \# 28 ( +00 01 ; priority +03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 63 6f 6d 00 ; target +02 9b ; key 667 +00 05 ; length 5 +68 65 6c 6c 6f ; value +) + +; This example has a key that is not registered, its value is quoted and +; contains a decimal-escaped character. + +v05 SVCB \# 32 ( +00 01 ; priority +03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 63 6f 6d 00 ; target +02 9b ; key 667 +00 09 ; length 9 +68 65 6c 6c 6f d2 71 6f 6f ; value +) + +; Here, two IPv6 hints are quoted in the presentation format. + +v06 SVCB \# 55 ( +00 01 ; priority +03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 63 6f 6d 00 ; target +00 06 ; key 6 +00 20 ; length 32 +20 01 0d b8 00 00 00 00 00 00 00 00 00 00 00 01 ; first address +20 01 0d b8 00 00 00 00 00 00 00 00 00 53 00 01 ; second address +) + +; This example shows a single IPv6 hint in IPv4 mapped IPv6 presentation format. + +v07 SVCB \# 35 ( +00 01 ; priority +07 65 78 61 6d 70 6c 65 03 63 6f 6d 00 ; target +00 06 ; key 6 +00 10 ; length 16 +20 01 0d b8 ff ff ff ff ff ff ff ff c6 33 64 64 ; address +) + +; In the next vector, neither the SvcParamValues nor the mandatory keys are +; sorted in presentation format, but are correctly sorted in the wire-format. + +v08 SVCB \# 48 ( +00 10 ; priority +03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 6f 72 67 00 ; target +00 00 ; key 0 +00 04 ; param length 4 +00 01 ; value: key 1 +00 04 ; value: key 4 +00 01 ; key 1 +00 09 ; param length 9 +02 ; alpn length 2 +68 32 ; alpn value +05 ; alpn length 5 +68 33 2d 31 39 ; alpn value +00 04 ; key 4 +00 04 ; param length 4 +c0 00 02 01 ; param value +) + +; This last (two) vectors has an alpn value with an escaped comma and an +; escaped backslash in two presentation formats. + +v09 SVCB \# 35 ( +00 10 ; priority +03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 6f 72 67 00 ; target +00 01 ; key 1 +00 0c ; param length 12 +08 ; alpn length 8 +66 5c 6f 6f 2c 62 61 72 ; alpn value +02 ; alpn length 2 +68 32 ; alpn value +) +v10 SVCB \# 35 ( +00 10 ; priority +03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 6f 72 67 00 ; target +00 01 ; key 1 +00 0c ; param length 12 +08 ; alpn length 8 +66 5c 6f 6f 2c 62 61 72 ; alpn value +02 ; alpn length 2 +68 32 ; alpn value +) + +; D.1. AliasForm + +v11 HTTPS \# 19 ( +00 00 ; priority +03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 63 6f 6d 00 ; target +) + +; D.2. ServiceForm +; The first form is the simple "use the ownername". + +v12 HTTPS \# 3 ( +00 01 ; priority +00 ; target (root label) +) + +; This vector only has a port. + +v13 HTTPS \# 25 ( +00 10 ; priority +03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 63 6f 6d 00 ; target +00 03 ; key 3 +00 02 ; length 2 +00 35 ; value +) + +; This example has a key that is not registered, its value is unquoted. + +v14 HTTPS \# 28 ( +00 01 ; priority +03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 63 6f 6d 00 ; target +02 9b ; key 667 +00 05 ; length 5 +68 65 6c 6c 6f ; value +) + +; This example has a key that is not registered, its value is quoted and +; contains a decimal-escaped character. + +v15 HTTPS \# 32 ( +00 01 ; priority +03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 63 6f 6d 00 ; target +02 9b ; key 667 +00 09 ; length 9 +68 65 6c 6c 6f d2 71 6f 6f ; value +) + +; Here, two IPv6 hints are quoted in the presentation format. + +v16 HTTPS \# 55 ( +00 01 ; priority +03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 63 6f 6d 00 ; target +00 06 ; key 6 +00 20 ; length 32 +20 01 0d b8 00 00 00 00 00 00 00 00 00 00 00 01 ; first address +20 01 0d b8 00 00 00 00 00 00 00 00 00 53 00 01 ; second address +) + +; This example shows a single IPv6 hint in IPv4 mapped IPv6 presentation format. + +v17 HTTPS \# 35 ( +00 01 ; priority +07 65 78 61 6d 70 6c 65 03 63 6f 6d 00 ; target +00 06 ; key 6 +00 10 ; length 16 +20 01 0d b8 ff ff ff ff ff ff ff ff c6 33 64 64 ; address +) + +; In the next vector, neither the SvcParamValues nor the mandatory keys are +; sorted in presentation format, but are correctly sorted in the wire-format. + +v18 HTTPS \# 48 ( +00 10 ; priority +03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 6f 72 67 00 ; target +00 00 ; key 0 +00 04 ; param length 4 +00 01 ; value: key 1 +00 04 ; value: key 4 +00 01 ; key 1 +00 09 ; param length 9 +02 ; alpn length 2 +68 32 ; alpn value +05 ; alpn length 5 +68 33 2d 31 39 ; alpn value +00 04 ; key 4 +00 04 ; param length 4 +c0 00 02 01 ; param value +) + +; This last (two) vectors has an alpn value with an escaped comma and an +; escaped backslash in two presentation formats. + +v19 HTTPS \# 35 ( +00 10 ; priority +03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 6f 72 67 00 ; target +00 01 ; key 1 +00 0c ; param length 12 +08 ; alpn length 8 +66 5c 6f 6f 2c 62 61 72 ; alpn value +02 ; alpn length 2 +68 32 ; alpn value +) +v20 HTTPS \# 35 ( +00 10 ; priority +03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 6f 72 67 00 ; target +00 01 ; key 1 +00 0c ; param length 12 +08 ; alpn length 8 +66 5c 6f 6f 2c 62 61 72 ; alpn value +02 ; alpn length 2 +68 32 ; alpn value +) + diff --git a/testdata/test_ldnsrr.5 b/testdata/test_ldnsrr.5 index d5f4650a784f..c6e7ea2ba549 100644 --- a/testdata/test_ldnsrr.5 +++ b/testdata/test_ldnsrr.5 @@ -151,3 +151,24 @@ blabla. 0 ANY TSIG hmac-md5.sig-alg.reg.int. 1480585012 300 16 k9mSMs2t5vq5FV2D blabla. 0 ANY TSIG hmac-md5.sig-alg.reg.int. 1480523776 300 16 sBfx00GRs+tfRTm4uRCjyQ== 25791 0 0 blabla. 0 ANY TSIG hmac-md5.sig-alg.reg.int. 1480585449 300 0 59692 BADSIG 0 blabla. 0 ANY TSIG hmac-md5.sig-alg.reg.int. 1480585462 300 16 6wvlG82sEVHyqsTtBLvRQw== 26044 NOERROR 0 + +; Test for ZONEMD +example.org. 86400 IN ZONEMD 5 1 2 c1b8eddf4ef128db88125ede9008d6ff0b33a047b8a8a4d77b00271f7d8e7ae5ccd6c86d8398f64f0de0615bf3121ffba6946a3cd5f32acbc4e8d0649b4a78e6 +; from draft-ietf-dnsop-dns-zone-digest-12#section-2.4 +example.com. 86400 IN ZONEMD 2018031500 1 1 ( FEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEE 7EB1A7B641A47BA7FED2DD5B97AE499FAFA4F22C6BD647DE ) +; from draft-ietf-dnsop-dns-zone-digest-12#section-A.1 +example. 86400 IN ZONEMD 2018031900 1 1 ( c68090d90a7aed71 6bc459f9340e3d7c 1370d4d24b7e2fc3 a1ddc0b9a87153b9 a9713b3c9ae5cc27 777f98b8e730044c ) +; from draft-ietf-dnsop-dns-zone-digest-12#section-A.2 +example. 86400 IN ZONEMD 2018031900 1 1 ( 31cefb03814f5062 ad12fa951ba0ef5f 8da6ae354a415767 246f7dc932ceb1e7 42a2108f529db6a3 3a11c01493de358d ) +non-apex.example. 900 IN ZONEMD 2018031900 1 1 ( 616c6c6f77656420 6275742069676e6f 7265642e20616c6c 6f77656420627574 2069676e6f726564 2e20616c6c6f7765 ) +; from draft-ietf-dnsop-dns-zone-digest-12#section-A.3 +example. 86400 IN ZONEMD 2018031900 1 1 ( 62e6cf51b02e54b9 b5f967d547ce4313 6792901f9f88e637 493daaf401c92c27 9dd10f0edb1c56f8 080211f8480ee306 ) +example. 86400 IN ZONEMD 2018031900 1 2 ( 08cfa1115c7b948c 4163a901270395ea 226a930cd2cbcf2f a9a5e6eb85f37c8a 4e114d884e66f176 eab121cb02db7d65 2e0cc4827e7a3204 f166b47e5613fd27 ) +example. 86400 IN ZONEMD 2018031900 1 240 ( e2d523f654b9422a 96c5a8f44607bbee ) +example. 86400 IN ZONEMD 2018031900 241 1 ( e1846540e33a9e41 89792d18d5d131f6 05fc283e ) +; from draft-ietf-dnsop-dns-zone-digest-12#section-A.4 +uri.arpa. 3600 IN ZONEMD 2018100702 1 1 ( 1291b78ddf7669b1a39d014d87626b709b55774c5d7d58fa dc556439889a10eaf6f11d615900a4f996bd46279514e473 ) +; from draft-ietf-dnsop-dns-zone-digest-12#section-A.5 +root-servers.net. 3600000 IN ZONEMD 2018091100 1 1 ( f1ca0ccd91bd5573d9f431c00ee0101b2545c97602be0a97 8a3b11dbfc1c776d5b3e86ae3d973d6b5349ba7f04340f79 ) +; from ldns issue #121, 0.10m was parsed as 0.01m. +foo. 12345 IN LOC 12 45 52.333 N 105 40 33.452 W -24m 0.1m 0.1m 0.1m diff --git a/testdata/test_ldnsrr.c5 b/testdata/test_ldnsrr.c5 index 1e292ba6465f..f30aa0b7357c 100644 --- a/testdata/test_ldnsrr.c5 +++ b/testdata/test_ldnsrr.c5 @@ -188,3 +188,27 @@ blabla. 0 ANY TSIG hmac-md5.sig-alg.reg.int. 1480523776 300 16 sBfx00GRs+tfRTm4u blabla. 0 ANY TSIG hmac-md5.sig-alg.reg.int. 1480585449 300 0 59692 BADSIG 0 06626C61626C610000FA00FF00000000003A08686D61632D6D6435077369672D616C670372656703696E74000000583FF0F6012C0010EB0BE51BCDAC1151F2AAC4ED04BBD14365BC00000000 blabla. 0 ANY TSIG hmac-md5.sig-alg.reg.int. 1480585462 300 16 6wvlG82sEVHyqsTtBLvRQw== 26044 NOERROR 0 +076578616D706C65036F726700003F0001000151800046000000050102C1B8EDDF4EF128DB88125EDE9008D6FF0B33A047B8A8A4D77B00271F7D8E7AE5CCD6C86D8398F64F0DE0615BF3121FFBA6946A3CD5F32ACBC4E8D0649B4A78E6 +example.org. 86400 IN ZONEMD 5 1 2 C1B8EDDF4EF128DB88125EDE9008D6FF0B33A047B8A8A4D77B00271F7D8E7AE5CCD6C86D8398F64F0DE0615BF3121FFBA6946A3CD5F32ACBC4E8D0649B4A78E6 +076578616D706C6503636F6D00003F00010001518000367848B78C0101FEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEE7EB1A7B641A47BA7FED2DD5B97AE499FAFA4F22C6BD647DE +example.com. 86400 IN ZONEMD 2018031500 1 1 FEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEE7EB1A7B641A47BA7FED2DD5B97AE499FAFA4F22C6BD647DE +076578616D706C6500003F00010001518000367848B91C0101C68090D90A7AED716BC459F9340E3D7C1370D4D24B7E2FC3A1DDC0B9A87153B9A9713B3C9AE5CC27777F98B8E730044C +example. 86400 IN ZONEMD 2018031900 1 1 C68090D90A7AED716BC459F9340E3D7C1370D4D24B7E2FC3A1DDC0B9A87153B9A9713B3C9AE5CC27777F98B8E730044C +076578616D706C6500003F00010001518000367848B91C010131CEFB03814F5062AD12FA951BA0EF5F8DA6AE354A415767246F7DC932CEB1E742A2108F529DB6A33A11C01493DE358D +example. 86400 IN ZONEMD 2018031900 1 1 31CEFB03814F5062AD12FA951BA0EF5F8DA6AE354A415767246F7DC932CEB1E742A2108F529DB6A33A11C01493DE358D +086E6F6E2D61706578076578616D706C6500003F00010000038400367848B91C0101616C6C6F776564206275742069676E6F7265642E20616C6C6F776564206275742069676E6F7265642E20616C6C6F7765 +non-apex.example. 900 IN ZONEMD 2018031900 1 1 616C6C6F776564206275742069676E6F7265642E20616C6C6F776564206275742069676E6F7265642E20616C6C6F7765 +076578616D706C6500003F00010001518000367848B91C010162E6CF51B02E54B9B5F967D547CE43136792901F9F88E637493DAAF401C92C279DD10F0EDB1C56F8080211F8480EE306 +example. 86400 IN ZONEMD 2018031900 1 1 62E6CF51B02E54B9B5F967D547CE43136792901F9F88E637493DAAF401C92C279DD10F0EDB1C56F8080211F8480EE306 +076578616D706C6500003F00010001518000467848B91C010208CFA1115C7B948C4163A901270395EA226A930CD2CBCF2FA9A5E6EB85F37C8A4E114D884E66F176EAB121CB02DB7D652E0CC4827E7A3204F166B47E5613FD27 +example. 86400 IN ZONEMD 2018031900 1 2 08CFA1115C7B948C4163A901270395EA226A930CD2CBCF2FA9A5E6EB85F37C8A4E114D884E66F176EAB121CB02DB7D652E0CC4827E7A3204F166B47E5613FD27 +076578616D706C6500003F00010001518000167848B91C01F0E2D523F654B9422A96C5A8F44607BBEE +example. 86400 IN ZONEMD 2018031900 1 240 E2D523F654B9422A96C5A8F44607BBEE +076578616D706C6500003F000100015180001A7848B91CF101E1846540E33A9E4189792D18D5D131F605FC283E +example. 86400 IN ZONEMD 2018031900 241 1 E1846540E33A9E4189792D18D5D131F605FC283E +03757269046172706100003F000100000E1000367849C5DE01011291B78DDF7669B1A39D014D87626B709B55774C5D7D58FADC556439889A10EAF6F11D615900A4F996BD46279514E473 +uri.arpa. 3600 IN ZONEMD 2018100702 1 1 1291B78DDF7669B1A39D014D87626B709B55774C5D7D58FADC556439889A10EAF6F11D615900A4F996BD46279514E473 +0C726F6F742D73657276657273036E657400003F00010036EE8000367849A05C0101F1CA0CCD91BD5573D9F431C00EE0101B2545C97602BE0A978A3B11DBFC1C776D5B3E86AE3D973D6B5349BA7F04340F79 +root-servers.net. 3600000 IN ZONEMD 2018091100 1 1 F1CA0CCD91BD5573D9F431C00EE0101B2545C97602BE0A978A3B11DBFC1C776D5B3E86AE3D973D6B5349BA7F04340F79 +03666F6F00001D00010000303900100011111182BD2D4D69530BD400988D20 +foo. 12345 IN LOC 12 45 52.333 N 105 40 33.452 W -24m 0.10m 0.10m 0.10m diff --git a/testdata/zonemd.example1.zone b/testdata/zonemd.example1.zone new file mode 100644 index 000000000000..b1a44895f05c --- /dev/null +++ b/testdata/zonemd.example1.zone @@ -0,0 +1,4 @@ +example.org. IN SOA ns.example.org. hostmaster.example.org. 200154054 28800 7200 604800 3600 +example.org. IN NS ns.example.org. +www.example.org. IN A 127.0.0.1 +ns.example.org. IN A 127.0.0.1 diff --git a/testdata/zonemd.example10.zone b/testdata/zonemd.example10.zone new file mode 100644 index 000000000000..33ca2828e019 --- /dev/null +++ b/testdata/zonemd.example10.zone @@ -0,0 +1,35 @@ +; DNSSEC signed but RRSIG on SOA is wrong. + +example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 +; old sig +; example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM= +; wrong sig +example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgeAAAAA= +example.com. 3600 IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg= +example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b} +example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA= +example.com. 3600 IN TYPE63 \# 70 0bee1bc6010258f7620f93204bbb31b44f795b3409cc4abd9ef5601decc15675bd7751213152984eddce0626e6062e744b03b3e47711202fbb79e4a2eb8bc5cf46741b5cae6f +example.com. 3600 IN RRSIG TYPE63 8 2 3600 20201116135527 20201019135527 55566 example.com. orn8ZF/yqj9u4WrhiO6gtEcTaVsnZSWWZLfXhcIOiWSB8kKCxtZl5cG17dD3Du1NllUwMRqkp0KleLhIoUS9xeQ/0x05u+CYLrfQ62oAiD7q54ZQzpXJIH52aQzKV70ZnO03CZowhQBnetmIoKX6xLogKo8pt+BdQbo3oVHxV8Y= +example.com. 3600 IN NSEC bar.example.com. NS SOA RRSIG NSEC DNSKEY TYPE63 +example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ufLrlOQprAqjnH85Rt3T0Mxd3ZB0mBeeNIr84eFJ8Rk6WiWEPm0Y1R7GRufNI24Mj7iqLcL4nJM6KK6B7dJqjqu73jw1acuYNnbsoV2BNDRXRFP2FNWTpctVdi+955f3FzgsmEJXfGiSUG0YXAEcZmdCPCn5ii2jk8mk7r6KKYo= +bar.example.com. 3600 IN A 1.2.3.4 +bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds= +bar.example.com. 3600 IN NSEC ding.example.com. A RRSIG NSEC +bar.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. VhsGuBx20DXQZNU8ITAMnasn6NVyEjN9xtB8msH5xJn80UCuaqvFBURzcPWN3aHnykEvGfdPF/9P3WvlON0cMikWkqSLy6Q9bpvgAq13HWYh+ZcDoqLtICaB7RkBQc+6aHAqZFyQbD8/m8Kxt5eVJtV6rEuf+yPX0+3aXHhsRg0= +ding.example.com. 3600 IN A 1.2.3.4 +ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko= +ding.example.com. 3600 IN NSEC foo.example.com. A RRSIG NSEC +ding.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. nb1W2aaKrU5iAQiY8gMsoMOejID19JMTEwY2rRoe+KsvzMs0rE0ifEkqit4blXaU0tfy0foJ70uqdJFqBoGz1NcSwZ6GNk/iNfGvG3XpxZ/zqEe7kkIucqqei794G7z9psqV94yZ3WaT+IswPpWrSaWv1w41RtcWufPhe4fOAmU= +foo.example.com. 3600 IN A 1.2.3.4 +foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA= +foo.example.com. 3600 IN NSEC ns.example.com. A RRSIG NSEC +foo.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. fUZEpkEULRWDntN5Z7Kr8M83Hjhf08ECMKRpo6IBoBc3ayenj+YMgWAvFXC825wjENPYYWNGag0d32U83zCZxqgv+8uXZd3B7QDpTbL41aWZdc++s5YWTkYjyOWwJ1XHOv4nL3qEnJBXVzo/E1gbSKhTFuG97i+7J1MFd9MsC5s= +ns.example.com. 3600 IN A 127.0.0.1 +ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg= +ns.example.com. 3600 IN NSEC www.example.com. A RRSIG NSEC +ns.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. 0upKNYjiow4NDJm3I1RbUddE9GGuFYEVKswww5BAc/6WHuukupncL30lskvcSKGpByDssP2Hi2CufyEtYeGWh6q1TxtOFRqFBX1p6Q5b3tBlCtvv4h31dQR9uqLvq+GkGS5MR+0LO5kWagIpZmnI8YY5plVdXEtNbp2Ar8zvz/A= +www.example.com. 3600 IN A 127.0.0.1 +www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ= +www.example.com. 3600 IN NSEC example.com. A RRSIG NSEC +www.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. meg/t6nIBqQZ0d5/dT7uu/3CuP4vE+HxqFQaj2fjUNceA/6C7QIQnqQ5Kyblg+XijDkQX0yvyFNHYdgF16UDgFT7tlNUCHk1SpF5BWzV4c4tBEhxASTz7UQo111O3Tyd6CldPzO/Se15Ud0/ZYltHEqWTfY5nJoXC/OJD9V2QOI= diff --git a/testdata/zonemd.example11.zone b/testdata/zonemd.example11.zone new file mode 100644 index 000000000000..7562f79729b7 --- /dev/null +++ b/testdata/zonemd.example11.zone @@ -0,0 +1,33 @@ +; DNSSEC NSEC zone, but ZONEMD is missing + +example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 +example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM= +example.com. 3600 IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg= +example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b} +example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA= +; missing ZONEMD +;example.com. 3600 IN TYPE63 \# 70 0bee1bc6010258f7620f93204bbb31b44f795b3409cc4abd9ef5601decc15675bd7751213152984eddce0626e6062e744b03b3e47711202fbb79e4a2eb8bc5cf46741b5cae6f +;example.com. 3600 IN RRSIG TYPE63 8 2 3600 20201116135527 20201019135527 55566 example.com. orn8ZF/yqj9u4WrhiO6gtEcTaVsnZSWWZLfXhcIOiWSB8kKCxtZl5cG17dD3Du1NllUwMRqkp0KleLhIoUS9xeQ/0x05u+CYLrfQ62oAiD7q54ZQzpXJIH52aQzKV70ZnO03CZowhQBnetmIoKX6xLogKo8pt+BdQbo3oVHxV8Y= +example.com. 3600 IN NSEC bar.example.com. NS SOA RRSIG NSEC DNSKEY TYPE63 +example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ufLrlOQprAqjnH85Rt3T0Mxd3ZB0mBeeNIr84eFJ8Rk6WiWEPm0Y1R7GRufNI24Mj7iqLcL4nJM6KK6B7dJqjqu73jw1acuYNnbsoV2BNDRXRFP2FNWTpctVdi+955f3FzgsmEJXfGiSUG0YXAEcZmdCPCn5ii2jk8mk7r6KKYo= +bar.example.com. 3600 IN A 1.2.3.4 +bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds= +bar.example.com. 3600 IN NSEC ding.example.com. A RRSIG NSEC +bar.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. VhsGuBx20DXQZNU8ITAMnasn6NVyEjN9xtB8msH5xJn80UCuaqvFBURzcPWN3aHnykEvGfdPF/9P3WvlON0cMikWkqSLy6Q9bpvgAq13HWYh+ZcDoqLtICaB7RkBQc+6aHAqZFyQbD8/m8Kxt5eVJtV6rEuf+yPX0+3aXHhsRg0= +ding.example.com. 3600 IN A 1.2.3.4 +ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko= +ding.example.com. 3600 IN NSEC foo.example.com. A RRSIG NSEC +ding.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. nb1W2aaKrU5iAQiY8gMsoMOejID19JMTEwY2rRoe+KsvzMs0rE0ifEkqit4blXaU0tfy0foJ70uqdJFqBoGz1NcSwZ6GNk/iNfGvG3XpxZ/zqEe7kkIucqqei794G7z9psqV94yZ3WaT+IswPpWrSaWv1w41RtcWufPhe4fOAmU= +foo.example.com. 3600 IN A 1.2.3.4 +foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA= +foo.example.com. 3600 IN NSEC ns.example.com. A RRSIG NSEC +foo.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. fUZEpkEULRWDntN5Z7Kr8M83Hjhf08ECMKRpo6IBoBc3ayenj+YMgWAvFXC825wjENPYYWNGag0d32U83zCZxqgv+8uXZd3B7QDpTbL41aWZdc++s5YWTkYjyOWwJ1XHOv4nL3qEnJBXVzo/E1gbSKhTFuG97i+7J1MFd9MsC5s= +ns.example.com. 3600 IN A 127.0.0.1 +ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg= +ns.example.com. 3600 IN NSEC www.example.com. A RRSIG NSEC +ns.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. 0upKNYjiow4NDJm3I1RbUddE9GGuFYEVKswww5BAc/6WHuukupncL30lskvcSKGpByDssP2Hi2CufyEtYeGWh6q1TxtOFRqFBX1p6Q5b3tBlCtvv4h31dQR9uqLvq+GkGS5MR+0LO5kWagIpZmnI8YY5plVdXEtNbp2Ar8zvz/A= +www.example.com. 3600 IN A 127.0.0.1 +www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ= +www.example.com. 3600 IN NSEC example.com. A RRSIG NSEC +www.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. meg/t6nIBqQZ0d5/dT7uu/3CuP4vE+HxqFQaj2fjUNceA/6C7QIQnqQ5Kyblg+XijDkQX0yvyFNHYdgF16UDgFT7tlNUCHk1SpF5BWzV4c4tBEhxASTz7UQo111O3Tyd6CldPzO/Se15Ud0/ZYltHEqWTfY5nJoXC/OJD9V2QOI= diff --git a/testdata/zonemd.example12.zone b/testdata/zonemd.example12.zone new file mode 100644 index 000000000000..4fc04bf88eb2 --- /dev/null +++ b/testdata/zonemd.example12.zone @@ -0,0 +1,35 @@ +; DNSSEC NSEC3 zone, but ZONEMD is missing + +example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 +example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM= +example.com. 3600 IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg= +example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b} +example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA= +example.com. 3600 IN NSEC3PARAM 1 0 1 012345 +example.com. 3600 IN RRSIG NSEC3PARAM 8 2 3600 20201116135527 20201019135527 55566 example.com. CDbcPLDrpVUyk3v7kwQ3LNzzhDHS40e0LDv7IZrzMt2AO/6SJ7xhlG+qByhc7CFBUMvBNaOteO5th0tvotWxk0UrVhqRyyXNCr8SmDdAaPH4SGwJ2p+XPIwn0CTXDpyOcgCrW0Kt2OjubA+4fQwjkGYFuDATY5QOITe6kGJpKpw= +; missing ZONEMD +;example.com. 3600 IN TYPE63 \# 70 0bee1bc6010246e31506f321c58db811c934c6446141d651a8574fb21088a2bb6feec875fc8b60f50beae00e7f6554e2cf3cb048350ef92e2946137443e30079813db4d1bfbd +;example.com. 3600 IN RRSIG TYPE63 8 2 3600 20201116135527 20201019135527 55566 example.com. M0f4wkOn6dcYtaQtwvp698QL7HuKEgi+PPjYJawV8d1VNOWbbRTF9L9tHFDK42Ylq238uOxi223ZEk/pq4BP64Sm31dV54K2V95QqdzN9NDD34+sqKEgGyRcmBiE50gm3kZZ4ENqBQKc+GdlbZ2fHSI6gf6X694sSmZ7dfjq+2k= +v4cknoe1mioduf5bmhgfjjq4dlqet8fm.example.com. 3600 IN NSEC3 1 0 1 012345 2v43f6ripfocif5h6bbi07glq6849rnj NS SOA RRSIG DNSKEY NSEC3PARAM TYPE63 +v4cknoe1mioduf5bmhgfjjq4dlqet8fm.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. Yd+g1m2aDKDUuZNv2KpKk4uSNrpB5KLM3QUqypm484VjOpnj5Wy3BjUULH3P8z+S9PG7XbaOf+yUYHK8cI6i5GTcrMhoLKaanAD09i1KbXbTVJujwA9Za7WzlFVZ3o6f1D8CbrSS3YPWNF3Mb2FYaptvZ9so7MlecuLYdEer7DY= +bar.example.com. 3600 IN A 1.2.3.4 +bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds= +c6ntadrd765diocebcrq6trs8npn83o3.example.com. 3600 IN NSEC3 1 0 1 012345 f0lpjkgefgrobj5pucem78r2ouo53fq8 A RRSIG +c6ntadrd765diocebcrq6trs8npn83o3.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. gTDi/2e/RPeSOwoBr6oqfoFsGXAknLX3J96EHzMmhtRR7W4pEW8uXKsMJ3rr4qgUUX+ZtzoCMYy+UBkiJfjpWvMToGtuADNOzz0rF8BESaW/8k6iDKPmqmwdGyLGMmfGjYPcb4qg3+9egLejA+fF1OSrhHuINeO80ouw++PL0ns= +ding.example.com. 3600 IN A 1.2.3.4 +ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko= +r18q2sl76hceldh0keqr7vnqc15db64a.example.com. 3600 IN NSEC3 1 0 1 012345 v4cknoe1mioduf5bmhgfjjq4dlqet8fm A RRSIG +r18q2sl76hceldh0keqr7vnqc15db64a.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. VugivzPyv5+qZhl+x0frrykYyOOdZfcKdmIA13P4OzhtiRNhCRHznhrdTlmfLw/b5Rs5jFX7Iw/hhU80Geg72cYG4KVJwtP6zTyFApDl/8x3rj3vhZOc2nwpYmjjFsyrlb7M2RhcStnS6c/2R4+dBFwwVZXyJBi3fo9NybujI9g= +foo.example.com. 3600 IN A 1.2.3.4 +foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA= +f0lpjkgefgrobj5pucem78r2ouo53fq8.example.com. 3600 IN NSEC3 1 0 1 012345 r18q2sl76hceldh0keqr7vnqc15db64a A RRSIG +f0lpjkgefgrobj5pucem78r2ouo53fq8.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. zishUbm8GxjaHOOUdbz0ZEut99dm+DQ/zvxhOTeS3kmUnL8t3ISew641JeNvvajAUk/xn6eGHjLBuHfwNG+itF2pSD8Gl6Ppo22Y0C9uO5TyRQalYpjtz1kI/VlIelcd0TyusmIMaRChswtpctPKITbr8Wl+MoZZtPQhJ5NjQlQ= +ns.example.com. 3600 IN A 127.0.0.1 +ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg= +2v43f6ripfocif5h6bbi07glq6849rnj.example.com. 3600 IN NSEC3 1 0 1 012345 91onuasouslv1so1i62id4rf0l763dss A RRSIG +2v43f6ripfocif5h6bbi07glq6849rnj.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. d9CluwN3zWfLe20J212CuwNzJVbVsDR4eijuJyLpyHzziSc10CauWtUiuHeQMXCVJNwhPSb5kQTfKtql+Jd44BQlenRt/sHfa6YZEOwClN4O8V0vZ43K4vlwwWbh5kxQbFQ/e+w4vlYb1m4PHwzDLtqocNQ9T4A8SXl3A8paZqI= +www.example.com. 3600 IN A 127.0.0.1 +www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ= +91onuasouslv1so1i62id4rf0l763dss.example.com. 3600 IN NSEC3 1 0 1 012345 c6ntadrd765diocebcrq6trs8npn83o3 A RRSIG +91onuasouslv1so1i62id4rf0l763dss.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. czJf5HkfHLpfGcku2iZnCu9tXnM7VWOYYhGtVAwkYG0M6BO4LzRxGCV3SkUvHLFxoqQY0DZLnafPl2MKg8zsF+tusf3e3xmpcCSR29IfuDYH7GzuVCj3H0ScmXM0lvyQ92JpJ0AMqq2mW1nvKmgjkyugs+EMpxcFVjhibljocLU= diff --git a/testdata/zonemd.example13.zone b/testdata/zonemd.example13.zone new file mode 100644 index 000000000000..9f311c91291e --- /dev/null +++ b/testdata/zonemd.example13.zone @@ -0,0 +1,33 @@ +; DNSSEC NSEC zone without ZONEMD, but NSEC RRSIG is wrong + +example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 +example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM= +example.com. 3600 IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg= +example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b} +example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA= +example.com. 3600 IN NSEC bar.example.com. NS SOA RRSIG NSEC DNSKEY +; old sig +;example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ROT+Kh6Y0sEf+L9c2HGPvppLL/DFP5KcX/zSjy7ovM7vXTrrdhEhOedbuccN84tk6VU8udGIixd5Usc+juZ+WsiWwaSNB5rKo6lZ9ceOJlYVzLCmawePzTsl6VAIiIVXwrMxGz/amBd+Ou/1NCuXJiWVThU9PDyJ/lQZbVJEHMA= +; wrong sig +example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ROT+Kh6Y0sEf+L9c2HGPvppLL/DFP5KcX/zSjy7ovM7vXTrrdhEhOedbuccN84tk6VU8udGIixd5Usc+juZ+WsiWwaSNB5rKo6lZ9ceOJlYVzLCmawePzTsl6VAIiIVXwrMxGz/amBd+Ou/1NCuXJiWVThU9PDyJ/lQZbVAAAAA= +bar.example.com. 3600 IN A 1.2.3.4 +bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds= +bar.example.com. 3600 IN NSEC ding.example.com. A RRSIG NSEC +bar.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. VhsGuBx20DXQZNU8ITAMnasn6NVyEjN9xtB8msH5xJn80UCuaqvFBURzcPWN3aHnykEvGfdPF/9P3WvlON0cMikWkqSLy6Q9bpvgAq13HWYh+ZcDoqLtICaB7RkBQc+6aHAqZFyQbD8/m8Kxt5eVJtV6rEuf+yPX0+3aXHhsRg0= +ding.example.com. 3600 IN A 1.2.3.4 +ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko= +ding.example.com. 3600 IN NSEC foo.example.com. A RRSIG NSEC +ding.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. nb1W2aaKrU5iAQiY8gMsoMOejID19JMTEwY2rRoe+KsvzMs0rE0ifEkqit4blXaU0tfy0foJ70uqdJFqBoGz1NcSwZ6GNk/iNfGvG3XpxZ/zqEe7kkIucqqei794G7z9psqV94yZ3WaT+IswPpWrSaWv1w41RtcWufPhe4fOAmU= +foo.example.com. 3600 IN A 1.2.3.4 +foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA= +foo.example.com. 3600 IN NSEC ns.example.com. A RRSIG NSEC +foo.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. fUZEpkEULRWDntN5Z7Kr8M83Hjhf08ECMKRpo6IBoBc3ayenj+YMgWAvFXC825wjENPYYWNGag0d32U83zCZxqgv+8uXZd3B7QDpTbL41aWZdc++s5YWTkYjyOWwJ1XHOv4nL3qEnJBXVzo/E1gbSKhTFuG97i+7J1MFd9MsC5s= +ns.example.com. 3600 IN A 127.0.0.1 +ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg= +ns.example.com. 3600 IN NSEC www.example.com. A RRSIG NSEC +ns.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. 0upKNYjiow4NDJm3I1RbUddE9GGuFYEVKswww5BAc/6WHuukupncL30lskvcSKGpByDssP2Hi2CufyEtYeGWh6q1TxtOFRqFBX1p6Q5b3tBlCtvv4h31dQR9uqLvq+GkGS5MR+0LO5kWagIpZmnI8YY5plVdXEtNbp2Ar8zvz/A= +www.example.com. 3600 IN A 127.0.0.1 +www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ= +www.example.com. 3600 IN NSEC example.com. A RRSIG NSEC +www.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. meg/t6nIBqQZ0d5/dT7uu/3CuP4vE+HxqFQaj2fjUNceA/6C7QIQnqQ5Kyblg+XijDkQX0yvyFNHYdgF16UDgFT7tlNUCHk1SpF5BWzV4c4tBEhxASTz7UQo111O3Tyd6CldPzO/Se15Ud0/ZYltHEqWTfY5nJoXC/OJD9V2QOI= diff --git a/testdata/zonemd.example14.zone b/testdata/zonemd.example14.zone new file mode 100644 index 000000000000..bc4cdacdbbf5 --- /dev/null +++ b/testdata/zonemd.example14.zone @@ -0,0 +1,35 @@ +; DNSSEC NSEC3 zone without ZONEMD, but NSEC3 RRSIG is wrong + +example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 +example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM= +example.com. 3600 IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg= +example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b} +example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA= +example.com. 3600 IN NSEC3PARAM 1 0 1 012345 +example.com. 3600 IN RRSIG NSEC3PARAM 8 2 3600 20201116135527 20201019135527 55566 example.com. CDbcPLDrpVUyk3v7kwQ3LNzzhDHS40e0LDv7IZrzMt2AO/6SJ7xhlG+qByhc7CFBUMvBNaOteO5th0tvotWxk0UrVhqRyyXNCr8SmDdAaPH4SGwJ2p+XPIwn0CTXDpyOcgCrW0Kt2OjubA+4fQwjkGYFuDATY5QOITe6kGJpKpw= +v4cknoe1mioduf5bmhgfjjq4dlqet8fm.example.com. 3600 IN NSEC3 1 0 1 012345 2v43f6ripfocif5h6bbi07glq6849rnj NS SOA RRSIG DNSKEY NSEC3PARAM +; old sig +;v4cknoe1mioduf5bmhgfjjq4dlqet8fm.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. J2LISTGtBe+x2pNESBOYrBHAJjEDVFkmjJf2kj0GSFYisvSuy6ZUvQZZUB9sfLmEX18FpdNTieE8MrR2nbpKWfgVBDdGtcU72x/GOIRRq586A1KNtP2eJ81vcblM5dvqvpht46tF+xy85j9G9BYxpcT1PQRpvmho9yhgCxq2kUQ= +; wrong sig +v4cknoe1mioduf5bmhgfjjq4dlqet8fm.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. J2LISTGtBe+x2pNESBOYrBHAJjEDVFkmjJf2kj0GSFYisvSuy6ZUvQZZUB9sfLmEX18FpdNTieE8MrR2nbpKWfgVBDdGtcU72x/GOIRRq586A1KNtP2eJ81vcblM5dvqvpht46tF+xy85j9G9BYxpcT1PQRpvmho9yhgCxAAAAA= +bar.example.com. 3600 IN A 1.2.3.4 +bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds= +c6ntadrd765diocebcrq6trs8npn83o3.example.com. 3600 IN NSEC3 1 0 1 012345 f0lpjkgefgrobj5pucem78r2ouo53fq8 A RRSIG +c6ntadrd765diocebcrq6trs8npn83o3.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. gTDi/2e/RPeSOwoBr6oqfoFsGXAknLX3J96EHzMmhtRR7W4pEW8uXKsMJ3rr4qgUUX+ZtzoCMYy+UBkiJfjpWvMToGtuADNOzz0rF8BESaW/8k6iDKPmqmwdGyLGMmfGjYPcb4qg3+9egLejA+fF1OSrhHuINeO80ouw++PL0ns= +ding.example.com. 3600 IN A 1.2.3.4 +ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko= +r18q2sl76hceldh0keqr7vnqc15db64a.example.com. 3600 IN NSEC3 1 0 1 012345 v4cknoe1mioduf5bmhgfjjq4dlqet8fm A RRSIG +r18q2sl76hceldh0keqr7vnqc15db64a.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. VugivzPyv5+qZhl+x0frrykYyOOdZfcKdmIA13P4OzhtiRNhCRHznhrdTlmfLw/b5Rs5jFX7Iw/hhU80Geg72cYG4KVJwtP6zTyFApDl/8x3rj3vhZOc2nwpYmjjFsyrlb7M2RhcStnS6c/2R4+dBFwwVZXyJBi3fo9NybujI9g= +foo.example.com. 3600 IN A 1.2.3.4 +foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA= +f0lpjkgefgrobj5pucem78r2ouo53fq8.example.com. 3600 IN NSEC3 1 0 1 012345 r18q2sl76hceldh0keqr7vnqc15db64a A RRSIG +f0lpjkgefgrobj5pucem78r2ouo53fq8.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. zishUbm8GxjaHOOUdbz0ZEut99dm+DQ/zvxhOTeS3kmUnL8t3ISew641JeNvvajAUk/xn6eGHjLBuHfwNG+itF2pSD8Gl6Ppo22Y0C9uO5TyRQalYpjtz1kI/VlIelcd0TyusmIMaRChswtpctPKITbr8Wl+MoZZtPQhJ5NjQlQ= +ns.example.com. 3600 IN A 127.0.0.1 +ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg= +2v43f6ripfocif5h6bbi07glq6849rnj.example.com. 3600 IN NSEC3 1 0 1 012345 91onuasouslv1so1i62id4rf0l763dss A RRSIG +2v43f6ripfocif5h6bbi07glq6849rnj.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. d9CluwN3zWfLe20J212CuwNzJVbVsDR4eijuJyLpyHzziSc10CauWtUiuHeQMXCVJNwhPSb5kQTfKtql+Jd44BQlenRt/sHfa6YZEOwClN4O8V0vZ43K4vlwwWbh5kxQbFQ/e+w4vlYb1m4PHwzDLtqocNQ9T4A8SXl3A8paZqI= +www.example.com. 3600 IN A 127.0.0.1 +www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ= +91onuasouslv1so1i62id4rf0l763dss.example.com. 3600 IN NSEC3 1 0 1 012345 c6ntadrd765diocebcrq6trs8npn83o3 A RRSIG +91onuasouslv1so1i62id4rf0l763dss.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. czJf5HkfHLpfGcku2iZnCu9tXnM7VWOYYhGtVAwkYG0M6BO4LzRxGCV3SkUvHLFxoqQY0DZLnafPl2MKg8zsF+tusf3e3xmpcCSR29IfuDYH7GzuVCj3H0ScmXM0lvyQ92JpJ0AMqq2mW1nvKmgjkyugs+EMpxcFVjhibljocLU= diff --git a/testdata/zonemd.example15.zone b/testdata/zonemd.example15.zone new file mode 100644 index 000000000000..8a10689101d7 --- /dev/null +++ b/testdata/zonemd.example15.zone @@ -0,0 +1,35 @@ +; DNSSEC signed but DNSKEY RRSIG is wrong. + +example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 +example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM= +example.com. 3600 IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg= +example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b} +; old sig +;example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA= +; wrong sig +example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2AAAAA= +example.com. 3600 IN TYPE63 \# 70 0bee1bc6010258f7620f93204bbb31b44f795b3409cc4abd9ef5601decc15675bd7751213152984eddce0626e6062e744b03b3e47711202fbb79e4a2eb8bc5cf46741b5cae6f +example.com. 3600 IN RRSIG TYPE63 8 2 3600 20201116135527 20201019135527 55566 example.com. orn8ZF/yqj9u4WrhiO6gtEcTaVsnZSWWZLfXhcIOiWSB8kKCxtZl5cG17dD3Du1NllUwMRqkp0KleLhIoUS9xeQ/0x05u+CYLrfQ62oAiD7q54ZQzpXJIH52aQzKV70ZnO03CZowhQBnetmIoKX6xLogKo8pt+BdQbo3oVHxV8Y= +example.com. 3600 IN NSEC bar.example.com. NS SOA RRSIG NSEC DNSKEY TYPE63 +example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ufLrlOQprAqjnH85Rt3T0Mxd3ZB0mBeeNIr84eFJ8Rk6WiWEPm0Y1R7GRufNI24Mj7iqLcL4nJM6KK6B7dJqjqu73jw1acuYNnbsoV2BNDRXRFP2FNWTpctVdi+955f3FzgsmEJXfGiSUG0YXAEcZmdCPCn5ii2jk8mk7r6KKYo= +bar.example.com. 3600 IN A 1.2.3.4 +bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds= +bar.example.com. 3600 IN NSEC ding.example.com. A RRSIG NSEC +bar.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. VhsGuBx20DXQZNU8ITAMnasn6NVyEjN9xtB8msH5xJn80UCuaqvFBURzcPWN3aHnykEvGfdPF/9P3WvlON0cMikWkqSLy6Q9bpvgAq13HWYh+ZcDoqLtICaB7RkBQc+6aHAqZFyQbD8/m8Kxt5eVJtV6rEuf+yPX0+3aXHhsRg0= +ding.example.com. 3600 IN A 1.2.3.4 +ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko= +ding.example.com. 3600 IN NSEC foo.example.com. A RRSIG NSEC +ding.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. nb1W2aaKrU5iAQiY8gMsoMOejID19JMTEwY2rRoe+KsvzMs0rE0ifEkqit4blXaU0tfy0foJ70uqdJFqBoGz1NcSwZ6GNk/iNfGvG3XpxZ/zqEe7kkIucqqei794G7z9psqV94yZ3WaT+IswPpWrSaWv1w41RtcWufPhe4fOAmU= +foo.example.com. 3600 IN A 1.2.3.4 +foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA= +foo.example.com. 3600 IN NSEC ns.example.com. A RRSIG NSEC +foo.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. fUZEpkEULRWDntN5Z7Kr8M83Hjhf08ECMKRpo6IBoBc3ayenj+YMgWAvFXC825wjENPYYWNGag0d32U83zCZxqgv+8uXZd3B7QDpTbL41aWZdc++s5YWTkYjyOWwJ1XHOv4nL3qEnJBXVzo/E1gbSKhTFuG97i+7J1MFd9MsC5s= +ns.example.com. 3600 IN A 127.0.0.1 +ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg= +ns.example.com. 3600 IN NSEC www.example.com. A RRSIG NSEC +ns.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. 0upKNYjiow4NDJm3I1RbUddE9GGuFYEVKswww5BAc/6WHuukupncL30lskvcSKGpByDssP2Hi2CufyEtYeGWh6q1TxtOFRqFBX1p6Q5b3tBlCtvv4h31dQR9uqLvq+GkGS5MR+0LO5kWagIpZmnI8YY5plVdXEtNbp2Ar8zvz/A= +www.example.com. 3600 IN A 127.0.0.1 +www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ= +www.example.com. 3600 IN NSEC example.com. A RRSIG NSEC +www.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. meg/t6nIBqQZ0d5/dT7uu/3CuP4vE+HxqFQaj2fjUNceA/6C7QIQnqQ5Kyblg+XijDkQX0yvyFNHYdgF16UDgFT7tlNUCHk1SpF5BWzV4c4tBEhxASTz7UQo111O3Tyd6CldPzO/Se15Ud0/ZYltHEqWTfY5nJoXC/OJD9V2QOI= diff --git a/testdata/zonemd.example16.zone b/testdata/zonemd.example16.zone new file mode 100644 index 000000000000..7520744d3180 --- /dev/null +++ b/testdata/zonemd.example16.zone @@ -0,0 +1,11 @@ +example.com. IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 +example.com. IN NS ns.example.com. +; the ZONEMD that should be in this file, without DNSSEC +example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D728B22 +; duplicate zonemd with same scheme and algorithm (different at end) +example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D720000 +www.example.com. IN A 127.0.0.1 +ns.example.com. IN A 127.0.0.1 +bar.example.com. IN A 1.2.3.4 +ding.example.com. IN A 1.2.3.4 +foo.example.com. IN A 1.2.3.4 diff --git a/testdata/zonemd.example17.zone b/testdata/zonemd.example17.zone new file mode 100644 index 000000000000..4315f9054af4 --- /dev/null +++ b/testdata/zonemd.example17.zone @@ -0,0 +1,11 @@ +example.com. IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 +; capitalisation is different here. +exaMPLe.cOM. IN NS Ns.exaMPLe.cOm. +; the ZONEMD that should be in this file, without DNSSEC +example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D728B22 +; capitalisation is different here. +wWW.exAMPLe.cOM. IN A 127.0.0.1 +ns.example.com. IN A 127.0.0.1 +bar.example.com. IN A 1.2.3.4 +ding.example.com. IN A 1.2.3.4 +foo.example.com. IN A 1.2.3.4 diff --git a/testdata/zonemd.example2.zone b/testdata/zonemd.example2.zone new file mode 100644 index 000000000000..14b7ea689ffa --- /dev/null +++ b/testdata/zonemd.example2.zone @@ -0,0 +1,15 @@ +example.com. IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 +example.com. IN NS ns.example.com. +; the ZONEMD that should be in this file, without DNSSEC +example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D728B22 +; incorrect digest in example3 and example4. +;example.com. IN TYPE63 \# 70 0BEE1BC60102EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D728B22 +; correct digest for example 5. +;example.com. IN TYPE63 \# 70 0BEE1BC6010258F7620F93204BBB31B44F795B3409CC4ABD9EF5601DECC15675BD7751213152984EDDCE0626E6062E744B03B3E47711202FBB79E4A2EB8BC5CF46741B5CAE6F +; correct digest for example 6. +;example.com. IN TYPE63 \# 70 0BEE1BC6010246E31506F321C58DB811C934C6446141D651A8574FB21088A2BB6FEEC875FC8B60F50BEAE00E7F6554E2CF3CB048350EF92E2946137443E30079813DB4D1BFBD +www.example.com. IN A 127.0.0.1 +ns.example.com. IN A 127.0.0.1 +bar.example.com. IN A 1.2.3.4 +ding.example.com. IN A 1.2.3.4 +foo.example.com. IN A 1.2.3.4 diff --git a/testdata/zonemd.example3.zone b/testdata/zonemd.example3.zone new file mode 100644 index 000000000000..12389f3d5181 --- /dev/null +++ b/testdata/zonemd.example3.zone @@ -0,0 +1,34 @@ +; signed version of zonemd.example2.zone +; with ldns-signzone -e 20201116135527 -i 20201019135527 zonemd.example2.zone Kexample.com.+008+55566 +; this zonefile has an incorrect ZONEMD digest, with correct DNSSEC signature. + +example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 +example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM= +example.com. 3600 IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg= +example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b} +example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA= +example.com. 3600 IN TYPE63 \# 70 0bee1bc60102efaa5b78b38ab1c45de57b8167bcce906451d0e72118e1f5e80b5f0c3cf04bffc65d53c011185528ead439d6f3a02f511961e090e5e4e0dfa013bd276d728b22 +example.com. 3600 IN RRSIG TYPE63 8 2 3600 20201116135527 20201019135527 55566 example.com. RdHiJlugposfoRbog+Mkg2xeJXSzBi/UXxBnyHVF/Usqhp6Z7Acy4XwtRRb8YAbJevP9nBpCh23Fh4b1Vxl4xI0iB8aXWKtHeb98m81rfsflWvnTYbeau3ltfP/OJWqdmFsBy8DOwNxiN8sAMbGwQK8PFDk3lcRCqv8qq/tmow8= +example.com. 3600 IN NSEC bar.example.com. NS SOA RRSIG NSEC DNSKEY TYPE63 +example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ufLrlOQprAqjnH85Rt3T0Mxd3ZB0mBeeNIr84eFJ8Rk6WiWEPm0Y1R7GRufNI24Mj7iqLcL4nJM6KK6B7dJqjqu73jw1acuYNnbsoV2BNDRXRFP2FNWTpctVdi+955f3FzgsmEJXfGiSUG0YXAEcZmdCPCn5ii2jk8mk7r6KKYo= +bar.example.com. 3600 IN A 1.2.3.4 +bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds= +bar.example.com. 3600 IN NSEC ding.example.com. A RRSIG NSEC +bar.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. VhsGuBx20DXQZNU8ITAMnasn6NVyEjN9xtB8msH5xJn80UCuaqvFBURzcPWN3aHnykEvGfdPF/9P3WvlON0cMikWkqSLy6Q9bpvgAq13HWYh+ZcDoqLtICaB7RkBQc+6aHAqZFyQbD8/m8Kxt5eVJtV6rEuf+yPX0+3aXHhsRg0= +ding.example.com. 3600 IN A 1.2.3.4 +ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko= +ding.example.com. 3600 IN NSEC foo.example.com. A RRSIG NSEC +ding.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. nb1W2aaKrU5iAQiY8gMsoMOejID19JMTEwY2rRoe+KsvzMs0rE0ifEkqit4blXaU0tfy0foJ70uqdJFqBoGz1NcSwZ6GNk/iNfGvG3XpxZ/zqEe7kkIucqqei794G7z9psqV94yZ3WaT+IswPpWrSaWv1w41RtcWufPhe4fOAmU= +foo.example.com. 3600 IN A 1.2.3.4 +foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA= +foo.example.com. 3600 IN NSEC ns.example.com. A RRSIG NSEC +foo.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. fUZEpkEULRWDntN5Z7Kr8M83Hjhf08ECMKRpo6IBoBc3ayenj+YMgWAvFXC825wjENPYYWNGag0d32U83zCZxqgv+8uXZd3B7QDpTbL41aWZdc++s5YWTkYjyOWwJ1XHOv4nL3qEnJBXVzo/E1gbSKhTFuG97i+7J1MFd9MsC5s= +ns.example.com. 3600 IN A 127.0.0.1 +ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg= +ns.example.com. 3600 IN NSEC www.example.com. A RRSIG NSEC +ns.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. 0upKNYjiow4NDJm3I1RbUddE9GGuFYEVKswww5BAc/6WHuukupncL30lskvcSKGpByDssP2Hi2CufyEtYeGWh6q1TxtOFRqFBX1p6Q5b3tBlCtvv4h31dQR9uqLvq+GkGS5MR+0LO5kWagIpZmnI8YY5plVdXEtNbp2Ar8zvz/A= +www.example.com. 3600 IN A 127.0.0.1 +www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ= +www.example.com. 3600 IN NSEC example.com. A RRSIG NSEC +www.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. meg/t6nIBqQZ0d5/dT7uu/3CuP4vE+HxqFQaj2fjUNceA/6C7QIQnqQ5Kyblg+XijDkQX0yvyFNHYdgF16UDgFT7tlNUCHk1SpF5BWzV4c4tBEhxASTz7UQo111O3Tyd6CldPzO/Se15Ud0/ZYltHEqWTfY5nJoXC/OJD9V2QOI= diff --git a/testdata/zonemd.example4.zone b/testdata/zonemd.example4.zone new file mode 100644 index 000000000000..dae0f17c708c --- /dev/null +++ b/testdata/zonemd.example4.zone @@ -0,0 +1,36 @@ +; signed with NSEC3, of zonemd.example.2.zone +; ldns-signzone -n -s 012345 -e 20201116135527 -i 20201019135527 zonemd.example2.zone Kexample.com.+008+55566 +; this zonefile has an incorrect ZONEMD digest, with correct DNSSEC signature. + +example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 +example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM= +example.com. 3600 IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg= +example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b} +example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA= +example.com. 3600 IN NSEC3PARAM 1 0 1 012345 +example.com. 3600 IN RRSIG NSEC3PARAM 8 2 3600 20201116135527 20201019135527 55566 example.com. CDbcPLDrpVUyk3v7kwQ3LNzzhDHS40e0LDv7IZrzMt2AO/6SJ7xhlG+qByhc7CFBUMvBNaOteO5th0tvotWxk0UrVhqRyyXNCr8SmDdAaPH4SGwJ2p+XPIwn0CTXDpyOcgCrW0Kt2OjubA+4fQwjkGYFuDATY5QOITe6kGJpKpw= +example.com. 3600 IN TYPE63 \# 70 0bee1bc60102efaa5b78b38ab1c45de57b8167bcce906451d0e72118e1f5e80b5f0c3cf04bffc65d53c011185528ead439d6f3a02f511961e090e5e4e0dfa013bd276d728b22 +example.com. 3600 IN RRSIG TYPE63 8 2 3600 20201116135527 20201019135527 55566 example.com. RdHiJlugposfoRbog+Mkg2xeJXSzBi/UXxBnyHVF/Usqhp6Z7Acy4XwtRRb8YAbJevP9nBpCh23Fh4b1Vxl4xI0iB8aXWKtHeb98m81rfsflWvnTYbeau3ltfP/OJWqdmFsBy8DOwNxiN8sAMbGwQK8PFDk3lcRCqv8qq/tmow8= +v4cknoe1mioduf5bmhgfjjq4dlqet8fm.example.com. 3600 IN NSEC3 1 0 1 012345 2v43f6ripfocif5h6bbi07glq6849rnj NS SOA RRSIG DNSKEY NSEC3PARAM TYPE63 +v4cknoe1mioduf5bmhgfjjq4dlqet8fm.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. Yd+g1m2aDKDUuZNv2KpKk4uSNrpB5KLM3QUqypm484VjOpnj5Wy3BjUULH3P8z+S9PG7XbaOf+yUYHK8cI6i5GTcrMhoLKaanAD09i1KbXbTVJujwA9Za7WzlFVZ3o6f1D8CbrSS3YPWNF3Mb2FYaptvZ9so7MlecuLYdEer7DY= +bar.example.com. 3600 IN A 1.2.3.4 +bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds= +c6ntadrd765diocebcrq6trs8npn83o3.example.com. 3600 IN NSEC3 1 0 1 012345 f0lpjkgefgrobj5pucem78r2ouo53fq8 A RRSIG +c6ntadrd765diocebcrq6trs8npn83o3.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. gTDi/2e/RPeSOwoBr6oqfoFsGXAknLX3J96EHzMmhtRR7W4pEW8uXKsMJ3rr4qgUUX+ZtzoCMYy+UBkiJfjpWvMToGtuADNOzz0rF8BESaW/8k6iDKPmqmwdGyLGMmfGjYPcb4qg3+9egLejA+fF1OSrhHuINeO80ouw++PL0ns= +ding.example.com. 3600 IN A 1.2.3.4 +ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko= +r18q2sl76hceldh0keqr7vnqc15db64a.example.com. 3600 IN NSEC3 1 0 1 012345 v4cknoe1mioduf5bmhgfjjq4dlqet8fm A RRSIG +r18q2sl76hceldh0keqr7vnqc15db64a.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. VugivzPyv5+qZhl+x0frrykYyOOdZfcKdmIA13P4OzhtiRNhCRHznhrdTlmfLw/b5Rs5jFX7Iw/hhU80Geg72cYG4KVJwtP6zTyFApDl/8x3rj3vhZOc2nwpYmjjFsyrlb7M2RhcStnS6c/2R4+dBFwwVZXyJBi3fo9NybujI9g= +foo.example.com. 3600 IN A 1.2.3.4 +foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA= +f0lpjkgefgrobj5pucem78r2ouo53fq8.example.com. 3600 IN NSEC3 1 0 1 012345 r18q2sl76hceldh0keqr7vnqc15db64a A RRSIG +f0lpjkgefgrobj5pucem78r2ouo53fq8.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. zishUbm8GxjaHOOUdbz0ZEut99dm+DQ/zvxhOTeS3kmUnL8t3ISew641JeNvvajAUk/xn6eGHjLBuHfwNG+itF2pSD8Gl6Ppo22Y0C9uO5TyRQalYpjtz1kI/VlIelcd0TyusmIMaRChswtpctPKITbr8Wl+MoZZtPQhJ5NjQlQ= +ns.example.com. 3600 IN A 127.0.0.1 +ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg= +2v43f6ripfocif5h6bbi07glq6849rnj.example.com. 3600 IN NSEC3 1 0 1 012345 91onuasouslv1so1i62id4rf0l763dss A RRSIG +2v43f6ripfocif5h6bbi07glq6849rnj.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. d9CluwN3zWfLe20J212CuwNzJVbVsDR4eijuJyLpyHzziSc10CauWtUiuHeQMXCVJNwhPSb5kQTfKtql+Jd44BQlenRt/sHfa6YZEOwClN4O8V0vZ43K4vlwwWbh5kxQbFQ/e+w4vlYb1m4PHwzDLtqocNQ9T4A8SXl3A8paZqI= +www.example.com. 3600 IN A 127.0.0.1 +www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ= +91onuasouslv1so1i62id4rf0l763dss.example.com. 3600 IN NSEC3 1 0 1 012345 c6ntadrd765diocebcrq6trs8npn83o3 A RRSIG +91onuasouslv1so1i62id4rf0l763dss.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. czJf5HkfHLpfGcku2iZnCu9tXnM7VWOYYhGtVAwkYG0M6BO4LzRxGCV3SkUvHLFxoqQY0DZLnafPl2MKg8zsF+tusf3e3xmpcCSR29IfuDYH7GzuVCj3H0ScmXM0lvyQ92JpJ0AMqq2mW1nvKmgjkyugs+EMpxcFVjhibljocLU= diff --git a/testdata/zonemd.example5.zone b/testdata/zonemd.example5.zone new file mode 100644 index 000000000000..d88380ade09f --- /dev/null +++ b/testdata/zonemd.example5.zone @@ -0,0 +1,34 @@ +; signed version of zonemd.example2.zone +; with ldns-signzone -e 20201116135527 -i 20201019135527 zonemd.example2.zone Kexample.com.+008+55566 +; this zonefile has a correct ZONEMD digest, with correct DNSSEC signature. + +example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 +example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM= +example.com. 3600 IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg= +example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b} +example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA= +example.com. 3600 IN TYPE63 \# 70 0bee1bc6010258f7620f93204bbb31b44f795b3409cc4abd9ef5601decc15675bd7751213152984eddce0626e6062e744b03b3e47711202fbb79e4a2eb8bc5cf46741b5cae6f +example.com. 3600 IN RRSIG TYPE63 8 2 3600 20201116135527 20201019135527 55566 example.com. orn8ZF/yqj9u4WrhiO6gtEcTaVsnZSWWZLfXhcIOiWSB8kKCxtZl5cG17dD3Du1NllUwMRqkp0KleLhIoUS9xeQ/0x05u+CYLrfQ62oAiD7q54ZQzpXJIH52aQzKV70ZnO03CZowhQBnetmIoKX6xLogKo8pt+BdQbo3oVHxV8Y= +example.com. 3600 IN NSEC bar.example.com. NS SOA RRSIG NSEC DNSKEY TYPE63 +example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ufLrlOQprAqjnH85Rt3T0Mxd3ZB0mBeeNIr84eFJ8Rk6WiWEPm0Y1R7GRufNI24Mj7iqLcL4nJM6KK6B7dJqjqu73jw1acuYNnbsoV2BNDRXRFP2FNWTpctVdi+955f3FzgsmEJXfGiSUG0YXAEcZmdCPCn5ii2jk8mk7r6KKYo= +bar.example.com. 3600 IN A 1.2.3.4 +bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds= +bar.example.com. 3600 IN NSEC ding.example.com. A RRSIG NSEC +bar.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. VhsGuBx20DXQZNU8ITAMnasn6NVyEjN9xtB8msH5xJn80UCuaqvFBURzcPWN3aHnykEvGfdPF/9P3WvlON0cMikWkqSLy6Q9bpvgAq13HWYh+ZcDoqLtICaB7RkBQc+6aHAqZFyQbD8/m8Kxt5eVJtV6rEuf+yPX0+3aXHhsRg0= +ding.example.com. 3600 IN A 1.2.3.4 +ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko= +ding.example.com. 3600 IN NSEC foo.example.com. A RRSIG NSEC +ding.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. nb1W2aaKrU5iAQiY8gMsoMOejID19JMTEwY2rRoe+KsvzMs0rE0ifEkqit4blXaU0tfy0foJ70uqdJFqBoGz1NcSwZ6GNk/iNfGvG3XpxZ/zqEe7kkIucqqei794G7z9psqV94yZ3WaT+IswPpWrSaWv1w41RtcWufPhe4fOAmU= +foo.example.com. 3600 IN A 1.2.3.4 +foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA= +foo.example.com. 3600 IN NSEC ns.example.com. A RRSIG NSEC +foo.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. fUZEpkEULRWDntN5Z7Kr8M83Hjhf08ECMKRpo6IBoBc3ayenj+YMgWAvFXC825wjENPYYWNGag0d32U83zCZxqgv+8uXZd3B7QDpTbL41aWZdc++s5YWTkYjyOWwJ1XHOv4nL3qEnJBXVzo/E1gbSKhTFuG97i+7J1MFd9MsC5s= +ns.example.com. 3600 IN A 127.0.0.1 +ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg= +ns.example.com. 3600 IN NSEC www.example.com. A RRSIG NSEC +ns.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. 0upKNYjiow4NDJm3I1RbUddE9GGuFYEVKswww5BAc/6WHuukupncL30lskvcSKGpByDssP2Hi2CufyEtYeGWh6q1TxtOFRqFBX1p6Q5b3tBlCtvv4h31dQR9uqLvq+GkGS5MR+0LO5kWagIpZmnI8YY5plVdXEtNbp2Ar8zvz/A= +www.example.com. 3600 IN A 127.0.0.1 +www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ= +www.example.com. 3600 IN NSEC example.com. A RRSIG NSEC +www.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. meg/t6nIBqQZ0d5/dT7uu/3CuP4vE+HxqFQaj2fjUNceA/6C7QIQnqQ5Kyblg+XijDkQX0yvyFNHYdgF16UDgFT7tlNUCHk1SpF5BWzV4c4tBEhxASTz7UQo111O3Tyd6CldPzO/Se15Ud0/ZYltHEqWTfY5nJoXC/OJD9V2QOI= diff --git a/testdata/zonemd.example6.zone b/testdata/zonemd.example6.zone new file mode 100644 index 000000000000..0a7b05a8dcea --- /dev/null +++ b/testdata/zonemd.example6.zone @@ -0,0 +1,36 @@ +; signed with NSEC3, of zonemd.example.2.zone +; ldns-signzone -n -s 012345 -e 20201116135527 -i 20201019135527 zonemd.example2.zone Kexample.com.+008+55566 +; this zonefile has a correct ZONEMD digest, with correct DNSSEC signature. + +example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 +example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM= +example.com. 3600 IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg= +example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b} +example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA= +example.com. 3600 IN NSEC3PARAM 1 0 1 012345 +example.com. 3600 IN RRSIG NSEC3PARAM 8 2 3600 20201116135527 20201019135527 55566 example.com. CDbcPLDrpVUyk3v7kwQ3LNzzhDHS40e0LDv7IZrzMt2AO/6SJ7xhlG+qByhc7CFBUMvBNaOteO5th0tvotWxk0UrVhqRyyXNCr8SmDdAaPH4SGwJ2p+XPIwn0CTXDpyOcgCrW0Kt2OjubA+4fQwjkGYFuDATY5QOITe6kGJpKpw= +example.com. 3600 IN TYPE63 \# 70 0bee1bc6010246e31506f321c58db811c934c6446141d651a8574fb21088a2bb6feec875fc8b60f50beae00e7f6554e2cf3cb048350ef92e2946137443e30079813db4d1bfbd +example.com. 3600 IN RRSIG TYPE63 8 2 3600 20201116135527 20201019135527 55566 example.com. M0f4wkOn6dcYtaQtwvp698QL7HuKEgi+PPjYJawV8d1VNOWbbRTF9L9tHFDK42Ylq238uOxi223ZEk/pq4BP64Sm31dV54K2V95QqdzN9NDD34+sqKEgGyRcmBiE50gm3kZZ4ENqBQKc+GdlbZ2fHSI6gf6X694sSmZ7dfjq+2k= +v4cknoe1mioduf5bmhgfjjq4dlqet8fm.example.com. 3600 IN NSEC3 1 0 1 012345 2v43f6ripfocif5h6bbi07glq6849rnj NS SOA RRSIG DNSKEY NSEC3PARAM TYPE63 +v4cknoe1mioduf5bmhgfjjq4dlqet8fm.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. Yd+g1m2aDKDUuZNv2KpKk4uSNrpB5KLM3QUqypm484VjOpnj5Wy3BjUULH3P8z+S9PG7XbaOf+yUYHK8cI6i5GTcrMhoLKaanAD09i1KbXbTVJujwA9Za7WzlFVZ3o6f1D8CbrSS3YPWNF3Mb2FYaptvZ9so7MlecuLYdEer7DY= +bar.example.com. 3600 IN A 1.2.3.4 +bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds= +c6ntadrd765diocebcrq6trs8npn83o3.example.com. 3600 IN NSEC3 1 0 1 012345 f0lpjkgefgrobj5pucem78r2ouo53fq8 A RRSIG +c6ntadrd765diocebcrq6trs8npn83o3.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. gTDi/2e/RPeSOwoBr6oqfoFsGXAknLX3J96EHzMmhtRR7W4pEW8uXKsMJ3rr4qgUUX+ZtzoCMYy+UBkiJfjpWvMToGtuADNOzz0rF8BESaW/8k6iDKPmqmwdGyLGMmfGjYPcb4qg3+9egLejA+fF1OSrhHuINeO80ouw++PL0ns= +ding.example.com. 3600 IN A 1.2.3.4 +ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko= +r18q2sl76hceldh0keqr7vnqc15db64a.example.com. 3600 IN NSEC3 1 0 1 012345 v4cknoe1mioduf5bmhgfjjq4dlqet8fm A RRSIG +r18q2sl76hceldh0keqr7vnqc15db64a.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. VugivzPyv5+qZhl+x0frrykYyOOdZfcKdmIA13P4OzhtiRNhCRHznhrdTlmfLw/b5Rs5jFX7Iw/hhU80Geg72cYG4KVJwtP6zTyFApDl/8x3rj3vhZOc2nwpYmjjFsyrlb7M2RhcStnS6c/2R4+dBFwwVZXyJBi3fo9NybujI9g= +foo.example.com. 3600 IN A 1.2.3.4 +foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA= +f0lpjkgefgrobj5pucem78r2ouo53fq8.example.com. 3600 IN NSEC3 1 0 1 012345 r18q2sl76hceldh0keqr7vnqc15db64a A RRSIG +f0lpjkgefgrobj5pucem78r2ouo53fq8.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. zishUbm8GxjaHOOUdbz0ZEut99dm+DQ/zvxhOTeS3kmUnL8t3ISew641JeNvvajAUk/xn6eGHjLBuHfwNG+itF2pSD8Gl6Ppo22Y0C9uO5TyRQalYpjtz1kI/VlIelcd0TyusmIMaRChswtpctPKITbr8Wl+MoZZtPQhJ5NjQlQ= +ns.example.com. 3600 IN A 127.0.0.1 +ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg= +2v43f6ripfocif5h6bbi07glq6849rnj.example.com. 3600 IN NSEC3 1 0 1 012345 91onuasouslv1so1i62id4rf0l763dss A RRSIG +2v43f6ripfocif5h6bbi07glq6849rnj.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. d9CluwN3zWfLe20J212CuwNzJVbVsDR4eijuJyLpyHzziSc10CauWtUiuHeQMXCVJNwhPSb5kQTfKtql+Jd44BQlenRt/sHfa6YZEOwClN4O8V0vZ43K4vlwwWbh5kxQbFQ/e+w4vlYb1m4PHwzDLtqocNQ9T4A8SXl3A8paZqI= +www.example.com. 3600 IN A 127.0.0.1 +www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ= +91onuasouslv1so1i62id4rf0l763dss.example.com. 3600 IN NSEC3 1 0 1 012345 c6ntadrd765diocebcrq6trs8npn83o3 A RRSIG +91onuasouslv1so1i62id4rf0l763dss.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. czJf5HkfHLpfGcku2iZnCu9tXnM7VWOYYhGtVAwkYG0M6BO4LzRxGCV3SkUvHLFxoqQY0DZLnafPl2MKg8zsF+tusf3e3xmpcCSR29IfuDYH7GzuVCj3H0ScmXM0lvyQ92JpJ0AMqq2mW1nvKmgjkyugs+EMpxcFVjhibljocLU= diff --git a/testdata/zonemd.example7.zone b/testdata/zonemd.example7.zone new file mode 100644 index 000000000000..4339bd570c56 --- /dev/null +++ b/testdata/zonemd.example7.zone @@ -0,0 +1,31 @@ +; DNSSEC NSEC zone without ZONEMD +; created with +; ldns-signzone -e 20201116135527 -i 20201019135527 zonemd.example2.zone Kexample.com.+008+55566 +example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 +example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM= +example.com. 3600 IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg= +example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b} +example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA= +example.com. 3600 IN NSEC bar.example.com. NS SOA RRSIG NSEC DNSKEY +example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ROT+Kh6Y0sEf+L9c2HGPvppLL/DFP5KcX/zSjy7ovM7vXTrrdhEhOedbuccN84tk6VU8udGIixd5Usc+juZ+WsiWwaSNB5rKo6lZ9ceOJlYVzLCmawePzTsl6VAIiIVXwrMxGz/amBd+Ou/1NCuXJiWVThU9PDyJ/lQZbVJEHMA= +bar.example.com. 3600 IN A 1.2.3.4 +bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds= +bar.example.com. 3600 IN NSEC ding.example.com. A RRSIG NSEC +bar.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. VhsGuBx20DXQZNU8ITAMnasn6NVyEjN9xtB8msH5xJn80UCuaqvFBURzcPWN3aHnykEvGfdPF/9P3WvlON0cMikWkqSLy6Q9bpvgAq13HWYh+ZcDoqLtICaB7RkBQc+6aHAqZFyQbD8/m8Kxt5eVJtV6rEuf+yPX0+3aXHhsRg0= +ding.example.com. 3600 IN A 1.2.3.4 +ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko= +ding.example.com. 3600 IN NSEC foo.example.com. A RRSIG NSEC +ding.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. nb1W2aaKrU5iAQiY8gMsoMOejID19JMTEwY2rRoe+KsvzMs0rE0ifEkqit4blXaU0tfy0foJ70uqdJFqBoGz1NcSwZ6GNk/iNfGvG3XpxZ/zqEe7kkIucqqei794G7z9psqV94yZ3WaT+IswPpWrSaWv1w41RtcWufPhe4fOAmU= +foo.example.com. 3600 IN A 1.2.3.4 +foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA= +foo.example.com. 3600 IN NSEC ns.example.com. A RRSIG NSEC +foo.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. fUZEpkEULRWDntN5Z7Kr8M83Hjhf08ECMKRpo6IBoBc3ayenj+YMgWAvFXC825wjENPYYWNGag0d32U83zCZxqgv+8uXZd3B7QDpTbL41aWZdc++s5YWTkYjyOWwJ1XHOv4nL3qEnJBXVzo/E1gbSKhTFuG97i+7J1MFd9MsC5s= +ns.example.com. 3600 IN A 127.0.0.1 +ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg= +ns.example.com. 3600 IN NSEC www.example.com. A RRSIG NSEC +ns.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. 0upKNYjiow4NDJm3I1RbUddE9GGuFYEVKswww5BAc/6WHuukupncL30lskvcSKGpByDssP2Hi2CufyEtYeGWh6q1TxtOFRqFBX1p6Q5b3tBlCtvv4h31dQR9uqLvq+GkGS5MR+0LO5kWagIpZmnI8YY5plVdXEtNbp2Ar8zvz/A= +www.example.com. 3600 IN A 127.0.0.1 +www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ= +www.example.com. 3600 IN NSEC example.com. A RRSIG NSEC +www.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. meg/t6nIBqQZ0d5/dT7uu/3CuP4vE+HxqFQaj2fjUNceA/6C7QIQnqQ5Kyblg+XijDkQX0yvyFNHYdgF16UDgFT7tlNUCHk1SpF5BWzV4c4tBEhxASTz7UQo111O3Tyd6CldPzO/Se15Ud0/ZYltHEqWTfY5nJoXC/OJD9V2QOI= diff --git a/testdata/zonemd.example8.zone b/testdata/zonemd.example8.zone new file mode 100644 index 000000000000..2900753c0483 --- /dev/null +++ b/testdata/zonemd.example8.zone @@ -0,0 +1,34 @@ +; DNSSEC NSEC3 zone without ZONEMD +; created with +; ldns-signzone -n -s 012345 -e 20201116135527 -i 20201019135527 zonemd.example2.zone Kexample.com.+008+55566 + +example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 +example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM= +example.com. 3600 IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg= +example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b} +example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA= +example.com. 3600 IN NSEC3PARAM 1 0 1 012345 +example.com. 3600 IN RRSIG NSEC3PARAM 8 2 3600 20201116135527 20201019135527 55566 example.com. CDbcPLDrpVUyk3v7kwQ3LNzzhDHS40e0LDv7IZrzMt2AO/6SJ7xhlG+qByhc7CFBUMvBNaOteO5th0tvotWxk0UrVhqRyyXNCr8SmDdAaPH4SGwJ2p+XPIwn0CTXDpyOcgCrW0Kt2OjubA+4fQwjkGYFuDATY5QOITe6kGJpKpw= +v4cknoe1mioduf5bmhgfjjq4dlqet8fm.example.com. 3600 IN NSEC3 1 0 1 012345 2v43f6ripfocif5h6bbi07glq6849rnj NS SOA RRSIG DNSKEY NSEC3PARAM +v4cknoe1mioduf5bmhgfjjq4dlqet8fm.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. J2LISTGtBe+x2pNESBOYrBHAJjEDVFkmjJf2kj0GSFYisvSuy6ZUvQZZUB9sfLmEX18FpdNTieE8MrR2nbpKWfgVBDdGtcU72x/GOIRRq586A1KNtP2eJ81vcblM5dvqvpht46tF+xy85j9G9BYxpcT1PQRpvmho9yhgCxq2kUQ= +bar.example.com. 3600 IN A 1.2.3.4 +bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds= +c6ntadrd765diocebcrq6trs8npn83o3.example.com. 3600 IN NSEC3 1 0 1 012345 f0lpjkgefgrobj5pucem78r2ouo53fq8 A RRSIG +c6ntadrd765diocebcrq6trs8npn83o3.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. gTDi/2e/RPeSOwoBr6oqfoFsGXAknLX3J96EHzMmhtRR7W4pEW8uXKsMJ3rr4qgUUX+ZtzoCMYy+UBkiJfjpWvMToGtuADNOzz0rF8BESaW/8k6iDKPmqmwdGyLGMmfGjYPcb4qg3+9egLejA+fF1OSrhHuINeO80ouw++PL0ns= +ding.example.com. 3600 IN A 1.2.3.4 +ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko= +r18q2sl76hceldh0keqr7vnqc15db64a.example.com. 3600 IN NSEC3 1 0 1 012345 v4cknoe1mioduf5bmhgfjjq4dlqet8fm A RRSIG +r18q2sl76hceldh0keqr7vnqc15db64a.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. VugivzPyv5+qZhl+x0frrykYyOOdZfcKdmIA13P4OzhtiRNhCRHznhrdTlmfLw/b5Rs5jFX7Iw/hhU80Geg72cYG4KVJwtP6zTyFApDl/8x3rj3vhZOc2nwpYmjjFsyrlb7M2RhcStnS6c/2R4+dBFwwVZXyJBi3fo9NybujI9g= +foo.example.com. 3600 IN A 1.2.3.4 +foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA= +f0lpjkgefgrobj5pucem78r2ouo53fq8.example.com. 3600 IN NSEC3 1 0 1 012345 r18q2sl76hceldh0keqr7vnqc15db64a A RRSIG +f0lpjkgefgrobj5pucem78r2ouo53fq8.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. zishUbm8GxjaHOOUdbz0ZEut99dm+DQ/zvxhOTeS3kmUnL8t3ISew641JeNvvajAUk/xn6eGHjLBuHfwNG+itF2pSD8Gl6Ppo22Y0C9uO5TyRQalYpjtz1kI/VlIelcd0TyusmIMaRChswtpctPKITbr8Wl+MoZZtPQhJ5NjQlQ= +ns.example.com. 3600 IN A 127.0.0.1 +ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg= +2v43f6ripfocif5h6bbi07glq6849rnj.example.com. 3600 IN NSEC3 1 0 1 012345 91onuasouslv1so1i62id4rf0l763dss A RRSIG +2v43f6ripfocif5h6bbi07glq6849rnj.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. d9CluwN3zWfLe20J212CuwNzJVbVsDR4eijuJyLpyHzziSc10CauWtUiuHeQMXCVJNwhPSb5kQTfKtql+Jd44BQlenRt/sHfa6YZEOwClN4O8V0vZ43K4vlwwWbh5kxQbFQ/e+w4vlYb1m4PHwzDLtqocNQ9T4A8SXl3A8paZqI= +www.example.com. 3600 IN A 127.0.0.1 +www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ= +91onuasouslv1so1i62id4rf0l763dss.example.com. 3600 IN NSEC3 1 0 1 012345 c6ntadrd765diocebcrq6trs8npn83o3 A RRSIG +91onuasouslv1so1i62id4rf0l763dss.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. czJf5HkfHLpfGcku2iZnCu9tXnM7VWOYYhGtVAwkYG0M6BO4LzRxGCV3SkUvHLFxoqQY0DZLnafPl2MKg8zsF+tusf3e3xmpcCSR29IfuDYH7GzuVCj3H0ScmXM0lvyQ92JpJ0AMqq2mW1nvKmgjkyugs+EMpxcFVjhibljocLU= diff --git a/testdata/zonemd.example9.zone b/testdata/zonemd.example9.zone new file mode 100644 index 000000000000..9c035aa1310d --- /dev/null +++ b/testdata/zonemd.example9.zone @@ -0,0 +1,35 @@ +; signed zone but RRSIG on ZONEMD is wrong. + +example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 +example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM= +example.com. 3600 IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg= +example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b} +example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA= +example.com. 3600 IN TYPE63 \# 70 0bee1bc6010258f7620f93204bbb31b44f795b3409cc4abd9ef5601decc15675bd7751213152984eddce0626e6062e744b03b3e47711202fbb79e4a2eb8bc5cf46741b5cae6f +; old sig +; example.com. 3600 IN RRSIG TYPE63 8 2 3600 20201116135527 20201019135527 55566 example.com. orn8ZF/yqj9u4WrhiO6gtEcTaVsnZSWWZLfXhcIOiWSB8kKCxtZl5cG17dD3Du1NllUwMRqkp0KleLhIoUS9xeQ/0x05u+CYLrfQ62oAiD7q54ZQzpXJIH52aQzKV70ZnO03CZowhQBnetmIoKX6xLogKo8pt+BdQbo3oVHxV8Y= +; wrong sig +example.com. 3600 IN RRSIG TYPE63 8 2 3600 20201116135527 20201019135527 55566 example.com. orn8ZF/yqj9u4WrhiO6gtEcTaVsnZSWWZLfXhcIOiWSB8kKCxtZl5cG17dD3Du1NllUwMRqkp0KleLhIoUS9xeQ/0x05u+CYLrfQ62oAiD7q54ZQzpXJIH52aQzKV70ZnO03CZowhQBnetmIoKX6xLogKo8pt+BdQbo3oVAAAAA= +example.com. 3600 IN NSEC bar.example.com. NS SOA RRSIG NSEC DNSKEY TYPE63 +example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ufLrlOQprAqjnH85Rt3T0Mxd3ZB0mBeeNIr84eFJ8Rk6WiWEPm0Y1R7GRufNI24Mj7iqLcL4nJM6KK6B7dJqjqu73jw1acuYNnbsoV2BNDRXRFP2FNWTpctVdi+955f3FzgsmEJXfGiSUG0YXAEcZmdCPCn5ii2jk8mk7r6KKYo= +bar.example.com. 3600 IN A 1.2.3.4 +bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds= +bar.example.com. 3600 IN NSEC ding.example.com. A RRSIG NSEC +bar.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. VhsGuBx20DXQZNU8ITAMnasn6NVyEjN9xtB8msH5xJn80UCuaqvFBURzcPWN3aHnykEvGfdPF/9P3WvlON0cMikWkqSLy6Q9bpvgAq13HWYh+ZcDoqLtICaB7RkBQc+6aHAqZFyQbD8/m8Kxt5eVJtV6rEuf+yPX0+3aXHhsRg0= +ding.example.com. 3600 IN A 1.2.3.4 +ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko= +ding.example.com. 3600 IN NSEC foo.example.com. A RRSIG NSEC +ding.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. nb1W2aaKrU5iAQiY8gMsoMOejID19JMTEwY2rRoe+KsvzMs0rE0ifEkqit4blXaU0tfy0foJ70uqdJFqBoGz1NcSwZ6GNk/iNfGvG3XpxZ/zqEe7kkIucqqei794G7z9psqV94yZ3WaT+IswPpWrSaWv1w41RtcWufPhe4fOAmU= +foo.example.com. 3600 IN A 1.2.3.4 +foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA= +foo.example.com. 3600 IN NSEC ns.example.com. A RRSIG NSEC +foo.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. fUZEpkEULRWDntN5Z7Kr8M83Hjhf08ECMKRpo6IBoBc3ayenj+YMgWAvFXC825wjENPYYWNGag0d32U83zCZxqgv+8uXZd3B7QDpTbL41aWZdc++s5YWTkYjyOWwJ1XHOv4nL3qEnJBXVzo/E1gbSKhTFuG97i+7J1MFd9MsC5s= +ns.example.com. 3600 IN A 127.0.0.1 +ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg= +ns.example.com. 3600 IN NSEC www.example.com. A RRSIG NSEC +ns.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. 0upKNYjiow4NDJm3I1RbUddE9GGuFYEVKswww5BAc/6WHuukupncL30lskvcSKGpByDssP2Hi2CufyEtYeGWh6q1TxtOFRqFBX1p6Q5b3tBlCtvv4h31dQR9uqLvq+GkGS5MR+0LO5kWagIpZmnI8YY5plVdXEtNbp2Ar8zvz/A= +www.example.com. 3600 IN A 127.0.0.1 +www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ= +www.example.com. 3600 IN NSEC example.com. A RRSIG NSEC +www.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. meg/t6nIBqQZ0d5/dT7uu/3CuP4vE+HxqFQaj2fjUNceA/6C7QIQnqQ5Kyblg+XijDkQX0yvyFNHYdgF16UDgFT7tlNUCHk1SpF5BWzV4c4tBEhxASTz7UQo111O3Tyd6CldPzO/Se15Ud0/ZYltHEqWTfY5nJoXC/OJD9V2QOI= diff --git a/testdata/zonemd.example_a1.zone b/testdata/zonemd.example_a1.zone new file mode 100644 index 000000000000..331b45a153d6 --- /dev/null +++ b/testdata/zonemd.example_a1.zone @@ -0,0 +1,6 @@ +example. 86400 IN SOA ns1 admin 2018031900 ( 1800 900 604800 86400 ) + 86400 IN NS ns1 + 86400 IN NS ns2 + 86400 IN ZONEMD 2018031900 1 1 ( c68090d90a7aed71 6bc459f9340e3d7c 1370d4d24b7e2fc3 a1ddc0b9a87153b9 a9713b3c9ae5cc27 777f98b8e730044c ) +ns1 3600 IN A 203.0.113.63 +ns2 3600 IN AAAA 2001:db8::63 diff --git a/testdata/zonemd.example_a2.zone b/testdata/zonemd.example_a2.zone new file mode 100644 index 000000000000..56d06ae066bf --- /dev/null +++ b/testdata/zonemd.example_a2.zone @@ -0,0 +1,25 @@ +example. 86400 IN SOA ns1 admin 2018031900 ( + 1800 900 604800 86400 ) + 86400 IN NS ns1 + 86400 IN NS ns2 + 86400 IN ZONEMD 2018031900 1 1 ( + 31cefb03814f5062 + ad12fa951ba0ef5f + 8da6ae354a415767 + 246f7dc932ceb1e7 + 42a2108f529db6a3 + 3a11c01493de358d ) +ns1 3600 IN A 203.0.113.63 +ns2 3600 IN AAAA 2001:db8::63 +occluded.sub 7200 IN TXT "I'm occluded but must be digested" +sub 7200 IN NS ns1 +duplicate 300 IN TXT "I must be digested just once" +duplicate 300 IN TXT "I must be digested just once" +foo.test. 555 IN TXT "out-of-zone data must be excluded" +non-apex 900 IN ZONEMD 2018031900 1 1 ( + 616c6c6f77656420 + 6275742069676e6f + 7265642e20616c6c + 6f77656420627574 + 2069676e6f726564 + 2e20616c6c6f7765 ) diff --git a/testdata/zonemd.example_a3.zone b/testdata/zonemd.example_a3.zone new file mode 100644 index 000000000000..45c47ad0508e --- /dev/null +++ b/testdata/zonemd.example_a3.zone @@ -0,0 +1,30 @@ +example. 86400 IN SOA ns1 admin 2018031900 ( + 1800 900 604800 86400 ) +example. 86400 IN NS ns1.example. +example. 86400 IN NS ns2.example. +example. 86400 IN ZONEMD 2018031900 1 1 ( + 62e6cf51b02e54b9 + b5f967d547ce4313 + 6792901f9f88e637 + 493daaf401c92c27 + 9dd10f0edb1c56f8 + 080211f8480ee306 ) +example. 86400 IN ZONEMD 2018031900 1 2 ( + 08cfa1115c7b948c + 4163a901270395ea + 226a930cd2cbcf2f + a9a5e6eb85f37c8a + 4e114d884e66f176 + eab121cb02db7d65 + 2e0cc4827e7a3204 + f166b47e5613fd27 ) +example. 86400 IN ZONEMD 2018031900 1 240 ( + e2d523f654b9422a + 96c5a8f44607bbee ) +example. 86400 IN ZONEMD 2018031900 241 1 ( + e1846540e33a9e41 + 89792d18d5d131f6 + 05fc283e ) +ns1.example. 3600 IN A 203.0.113.63 +ns2.example. 86400 IN TXT "This example has multiple digests" +ns2.example. 3600 IN AAAA 2001:db8::63 diff --git a/testdata/zonemd.example_a4.zone b/testdata/zonemd.example_a4.zone new file mode 100644 index 000000000000..74b913c89e2b --- /dev/null +++ b/testdata/zonemd.example_a4.zone @@ -0,0 +1,127 @@ +uri.arpa. 3600 IN SOA sns.dns.icann.org. ( + noc.dns.icann.org. 2018100702 10800 3600 1209600 3600 ) +uri.arpa. 3600 IN RRSIG NSEC 8 2 3600 ( + 20181028142623 20181007205525 47155 uri.arpa. + eEC4w/oXLR1Epwgv4MBiDtSBsXhqrJVvJWUpbX8XpetAvD35bxwNCUTi + /pAJVUXefegWeiriD2rkTgCBCMmn7YQIm3gdR+HjY/+o3BXNQnz97f+e + HAE9EDDzoNVfL1PyV/2fde9tDeUuAGVVwmD399NGq9jWYMRpyri2kysr q/g= ) +uri.arpa. 86400 IN RRSIG NS 8 2 86400 ( + 20181028172020 20181007175821 47155 uri.arpa. + ATyV2A2A8ZoggC+68u4GuP5MOUuR+2rr3eWOkEU55zAHld/7FiBxl4ln + 4byJYy7NudUwlMOEXajqFZE7DVl8PpcvrP3HeeGaVzKqaWj+aus0jbKF + Bsvs2b1qDZemBfkz/IfAhUTJKnto0vSUicJKfItu0GjyYNJCz2CqEuGD Wxc= ) +uri.arpa. 600 IN RRSIG MX 8 2 600 ( + 20181028170556 20181007175821 47155 uri.arpa. + e7/r3KXDohX1lyVavetFFObp8fB8aXT76HnN9KCQDxSnSghNM83UQV0t + lTtD8JVeN1mCvcNFZpagwIgB7XhTtm6Beur/m5ES+4uSnVeS6Q66HBZK + A3mR95IpevuVIZvvJ+GcCAQpBo6KRODYvJ/c/ZG6sfYWkZ7qg/Em5/+3 4UI= ) +uri.arpa. 3600 IN RRSIG DNSKEY 8 2 3600 ( + 20181028152832 20181007175821 15796 uri.arpa. + nzpbnh0OqsgBBP8St28pLvPEQ3wZAUdEBuUwil+rtjjWlYYiqjPxZ286 + XF4Rq1usfV5x71jZz5IqswOaQgia91ylodFpLuXD6FTGs2nXGhNKkg1V + chHgtwj70mXU72GefVgo8TxrFYzxuEFP5ZTP92t97FVWVVyyFd86sbbR + 6DZj3uA2wEvqBVLECgJLrMQ9Yy7MueJl3UA4h4E6zO2JY9Yp0W9woq0B + dqkkwYTwzogyYffPmGAJG91RJ2h6cHtFjEZe2MnaY2glqniZ0WT9vXXd + uFPm0KD9U77Ac+ZtctAF9tsZwSdAoL365E2L1usZbA+K0BnPPqGFJRJk + 5R0A1w== ) +uri.arpa. 3600 IN RRSIG DNSKEY 8 2 3600 ( + 20181028152832 20181007175821 55480 uri.arpa. + lWtQV/5szQjkXmbcD47/+rOW8kJPksRFHlzxxmzt906+DBYyfrH6uq5X + nHvrUlQO6M12uhqDeL+bDFVgqSpNy+42/OaZvaK3J8EzPZVBHPJykKMV + 63T83aAiJrAyHzOaEdmzLCpalqcEE2ImzlLHSafManRfJL8Yuv+JDZFj + 2WDWfEcUuwkmIZWX11zxp+DxwzyUlRl7x4+ok5iKZWIg5UnBAf6B8T75 + WnXzlhCw3F2pXI0a5LYg71L3Tp/xhjN6Yy9jGlIRf5BjB59X2zra3a2R + PkI09SSnuEwHyF1mDaV5BmQrLGRnCjvwXA7ho2m+vv4SP5dUdXf+GTeA + 1HeBfw== ) +uri.arpa. 3600 IN RRSIG SOA 8 2 3600 ( + 20181029114753 20181008222815 47155 uri.arpa. + qn8yBNoHDjGdT79U2Wu9IIahoS0YPOgYP8lG+qwPcrZ1BwGiHywuoUa2 + Mx6BWZlg+HDyaxj2iOmox+IIqoUHhXUbO7IUkJFlgrOKCgAR2twDHrXu + 9BUQHy9SoV16wYm3kBTEPyxW5FFm8vcdnKAF7sxSY8BbaYNpRIEjDx4A JUc= ) +uri.arpa. 3600 IN NSEC ftp.uri.arpa. NS SOA ( + MX RRSIG NSEC DNSKEY ) +uri.arpa. 86400 IN NS a.iana-servers.net. +uri.arpa. 86400 IN NS b.iana-servers.net. +uri.arpa. 86400 IN NS c.iana-servers.net. +uri.arpa. 86400 IN NS ns2.lacnic.net. +uri.arpa. 86400 IN NS sec3.apnic.net. +uri.arpa. 600 IN MX 10 pechora.icann.org. +uri.arpa. 3600 IN DNSKEY 256 3 8 ( + AwEAAcBi7tSart2J599zbYWspMNGN70IBWb4ziqyQYH9MTB/VCz6WyUK + uXunwiJJbbQ3bcLqTLWEw134B6cTMHrZpjTAb5WAwg4XcWUu8mdcPTiL + Bl6qVRlRD0WiFCTzuYUfkwsh1Rbr7rvrxSQhF5rh71zSpwV5jjjp65Wx + SdJjlH0B ) +uri.arpa. 3600 IN DNSKEY 257 3 8 ( + AwEAAbNVv6ulgRdO31MtAehz7j3ALRjwZglWesnzvllQl/+hBRZr9QoY + cO2I+DkO4Q1NKxox4DUIxj8SxPO3GwDuOFR9q2/CFi2O0mZjafbdYtWc + 3zSdBbi3q0cwCIx7GuG9eqlL+pg7mdk9dgdNZfHwB0LnqTD8ebLPsrO/ + Id7kBaiqYOfMlZnh2fp+2h6OOJZHtY0DK1UlssyB5PKsE0tVzo5s6zo9 + iXKe5u+8WTMaGDY49vG80JPAKE7ezMiH/NZcUMiE0PRZ8D3foq2dYuS5 + ym+vA83Z7v8A+Rwh4UGnjxKB8zmr803V0ASAmHz/gwH5Vb0nH+LObwFt + l3wpbp+Wpm8= ) +uri.arpa. 3600 IN DNSKEY 257 3 8 ( + AwEAAbwnFTakCvaUKsXji4mgmxZUJi1IygbnGahbkmFEa0L16J+TchKR + wcgzVfsxUGa2MmeA4hgkAooC3uy+tTmoMsgy8uq/JAj24DjiHzd46LfD + FK/qMidVqFpYSHeq2Vv5ojkuIsx4oe4KsafGWYNOczKZgH5loGjN2aJG + mrIm++XCphOskgCsQYl65MIzuXffzJyxlAuts+ecAIiVeqRaqQfr8LRU + 7wIsLxinXirprtQrbor+EtvlHp9qXE6ARTZDzf4jvsNpKvLFZtmxzFf3 + e/UJz5eHjpwDSiZL7xE8aE1o1nGfPtJx9ZnB3bapltaJ5wY+5XOCKgY0 + xmJVvNQlwdE= ) +ftp.uri.arpa. 3600 IN RRSIG NSEC 8 3 3600 ( + 20181028080856 20181007175821 47155 uri.arpa. + HClGAqPxzkYkAT7Q/QNtQeB6YrkP6EPOef+9Qo5/2zngwAewXEAQiyF9 + jD1USJiroM11QqBS3v3aIdW/LXORs4Ez3hLcKNO1cKHsOuWAqzmE+BPP + Arfh8N95jqh/q6vpaB9UtMkQ53tM2fYU1GszOLN0knxbHgDHAh2axMGH lqM= ) +ftp.uri.arpa. 604800 IN RRSIG NAPTR 8 3 604800 ( + 20181028103644 20181007205525 47155 uri.arpa. + WoLi+vZzkxaoLr2IGZnwkRvcDf6KxiWQd1WZP/U+AWnV+7MiqsWPZaf0 + 9toRErerGoFOiOASNxZjBGJrRgjmavOM9U+LZSconP9zrNFd4dIu6kp5 + YxlQJ0uHOvx1ZHFCj6lAt1ACUIw04ZhMydTmi27c8MzEOMepvn7iH7r7 k7k= ) +ftp.uri.arpa. 3600 IN NSEC http.uri.arpa. NAPTR ( + RRSIG NSEC ) +ftp.uri.arpa. 604800 IN NAPTR 0 0 "" "" ( + "!^ftp://([^:/?#]*).*$!\\1!i" . ) +http.uri.arpa. 3600 IN RRSIG NSEC 8 3 3600 ( + 20181029010647 20181007175821 47155 uri.arpa. + U03NntQ73LHWpfLmUK8nMsqkwVsOGW2KdsyuHYAjqQSZvKbtmbv7HBmE + H1+Ii3Z+wtfdMZBy5aC/6sHdx69BfZJs16xumycMlAy6325DKTQbIMN+ + ift9GrKBC7cgCd2msF/uzSrYxxg4MJQzBPvlkwXnY3b7eJSlIXisBIn7 3b8= ) +http.uri.arpa. 604800 IN RRSIG NAPTR 8 3 604800 ( + 20181029011815 20181007205525 47155 uri.arpa. + T7mRrdag+WSmG+n22mtBSQ/0Y3v+rdDnfQV90LN5Fq32N5K2iYFajF7F + Tp56oOznytfcL4fHrqOE0wRc9NWOCCUec9C7Wa1gJQcllEvgoAM+L6f0 + RsEjWq6+9jvlLKMXQv0xQuMX17338uoD/xiAFQSnDbiQKxwWMqVAimv5 7Zs= ) +http.uri.arpa. 3600 IN NSEC mailto.uri.arpa. NAPTR ( + RRSIG NSEC ) +http.uri.arpa. 604800 IN NAPTR 0 0 "" "" ( + "!^http://([^:/?#]*).*$!\\1!i" . ) +mailto.uri.arpa. 3600 IN RRSIG NSEC 8 3 3600 ( + 20181028110727 20181007175821 47155 uri.arpa. + GvxzVL85rEukwGqtuLxek9ipwjBMfTOFIEyJ7afC8HxVMs6mfFa/nEM/ + IdFvvFg+lcYoJSQYuSAVYFl3xPbgrxVSLK125QutCFMdC/YjuZEnq5cl + fQciMRD7R3+znZfm8d8u/snLV9w4D+lTBZrJJUBe1Efc8vum5vvV7819 ZoY= ) +mailto.uri.arpa. 604800 IN RRSIG NAPTR 8 3 604800 ( + 20181028141825 20181007205525 47155 uri.arpa. + MaADUgc3fc5v++M0YmqjGk3jBdfIA5RuP62hUSlPsFZO4k37erjIGCfF + j+g84yc+QgbSde0PQHszl9fE/+SU5ZXiS9YdcbzSZxp2erFpZOTchrpg + 916T4vx6i59scodjb0l6bDyZ+mtIPrc1w6b4hUyOUTsDQoAJYxdfEuMg Vy4= ) +mailto.uri.arpa. 3600 IN NSEC urn.uri.arpa. NAPTR ( + RRSIG NSEC ) +mailto.uri.arpa. 604800 IN NAPTR 0 0 "" "" ( + "!^mailto:(.*)@(.*)$!\\2!i" . ) +urn.uri.arpa. 3600 IN RRSIG NSEC 8 3 3600 ( + 20181028123243 20181007175821 47155 uri.arpa. + Hgsw4Deops1O8uWyELGe6hpR/OEqCnTHvahlwiQkHhO5CSEQrbhmFAWe + UOkmGAdTEYrSz+skLRQuITRMwzyFf4oUkZihGyhZyzHbcxWfuDc/Pd/9 + DSl56gdeBwy1evn5wBTms8yWQVkNtphbJH395gRqZuaJs3LD/qTyJ5Dp LvA= ) +urn.uri.arpa. 604800 IN RRSIG NAPTR 8 3 604800 ( + 20181029071816 20181007205525 47155 uri.arpa. + ALIZD0vBqAQQt40GQ0Efaj8OCyE9xSRJRdyvyn/H/wZVXFRFKrQYrLAS + D/K7q6CMTOxTRCu2J8yes63WJiaJEdnh+dscXzZkmOg4n5PsgZbkvUSW + BiGtxvz5jNncM0xVbkjbtByrvJQAO1cU1mnlDKe1FmVB1uLpVdA9Ib4J hMU= ) +urn.uri.arpa. 3600 IN NSEC uri.arpa. NAPTR RRSIG ( + NSEC ) +urn.uri.arpa. 604800 IN NAPTR 0 0 "" "" ( + "/urn:([^:]+)/\\1/i" . ) +uri.arpa. 3600 IN SOA sns.dns.icann.org. ( + noc.dns.icann.org. 2018100702 10800 3600 1209600 3600 ) diff --git a/testdata/zonemd.example_a5.zone b/testdata/zonemd.example_a5.zone new file mode 100644 index 000000000000..246f5e2376db --- /dev/null +++ b/testdata/zonemd.example_a5.zone @@ -0,0 +1,48 @@ +root-servers.net. 3600000 IN SOA a.root-servers.net. ( + nstld.verisign-grs.com. 2018091100 14400 7200 1209600 3600000 ) +root-servers.net. 3600000 IN NS a.root-servers.net. +root-servers.net. 3600000 IN NS b.root-servers.net. +root-servers.net. 3600000 IN NS c.root-servers.net. +root-servers.net. 3600000 IN NS d.root-servers.net. +root-servers.net. 3600000 IN NS e.root-servers.net. +root-servers.net. 3600000 IN NS f.root-servers.net. +root-servers.net. 3600000 IN NS g.root-servers.net. +root-servers.net. 3600000 IN NS h.root-servers.net. +root-servers.net. 3600000 IN NS i.root-servers.net. +root-servers.net. 3600000 IN NS j.root-servers.net. +root-servers.net. 3600000 IN NS k.root-servers.net. +root-servers.net. 3600000 IN NS l.root-servers.net. +root-servers.net. 3600000 IN NS m.root-servers.net. +a.root-servers.net. 3600000 IN AAAA 2001:503:ba3e::2:30 +a.root-servers.net. 3600000 IN A 198.41.0.4 +b.root-servers.net. 3600000 IN MX 20 mail.isi.edu. +b.root-servers.net. 3600000 IN AAAA 2001:500:200::b +b.root-servers.net. 3600000 IN A 199.9.14.201 +c.root-servers.net. 3600000 IN AAAA 2001:500:2::c +c.root-servers.net. 3600000 IN A 192.33.4.12 +d.root-servers.net. 3600000 IN AAAA 2001:500:2d::d +d.root-servers.net. 3600000 IN A 199.7.91.13 +e.root-servers.net. 3600000 IN AAAA 2001:500:a8::e +e.root-servers.net. 3600000 IN A 192.203.230.10 +f.root-servers.net. 3600000 IN AAAA 2001:500:2f::f +f.root-servers.net. 3600000 IN A 192.5.5.241 +g.root-servers.net. 3600000 IN AAAA 2001:500:12::d0d +g.root-servers.net. 3600000 IN A 192.112.36.4 +h.root-servers.net. 3600000 IN AAAA 2001:500:1::53 +h.root-servers.net. 3600000 IN A 198.97.190.53 +i.root-servers.net. 3600000 IN MX 10 mx.i.root-servers.org. +i.root-servers.net. 3600000 IN AAAA 2001:7fe::53 +i.root-servers.net. 3600000 IN A 192.36.148.17 +j.root-servers.net. 3600000 IN AAAA 2001:503:c27::2:30 +j.root-servers.net. 3600000 IN A 192.58.128.30 +k.root-servers.net. 3600000 IN AAAA 2001:7fd::1 +k.root-servers.net. 3600000 IN A 193.0.14.129 +l.root-servers.net. 3600000 IN AAAA 2001:500:9f::42 +l.root-servers.net. 3600000 IN A 199.7.83.42 +m.root-servers.net. 3600000 IN AAAA 2001:dc3::35 +m.root-servers.net. 3600000 IN A 202.12.27.33 +root-servers.net. 3600000 IN SOA a.root-servers.net. ( + nstld.verisign-grs.com. 2018091100 14400 7200 1209600 3600000 ) +root-servers.net. 3600000 IN ZONEMD 2018091100 1 1 ( + f1ca0ccd91bd5573d9f431c00ee0101b2545c97602be0a97 + 8a3b11dbfc1c776d5b3e86ae3d973d6b5349ba7f04340f79 ) diff --git a/testdata/zonemd_reload.tdir/zonemd_reload.conf b/testdata/zonemd_reload.tdir/zonemd_reload.conf new file mode 100644 index 000000000000..9afd6e2b1e23 --- /dev/null +++ b/testdata/zonemd_reload.tdir/zonemd_reload.conf @@ -0,0 +1,23 @@ +server: + verbosity: 7 + # num-threads: 1 + interface: 127.0.0.1 + port: @PORT@ + use-syslog: no + directory: "" + pidfile: "unbound.pid" + chroot: "" + username: "" + do-not-query-localhost: no + use-caps-for-id: yes +remote-control: + control-enable: yes + control-interface: @CONTROL_PATH@/controlpipe.@CONTROL_PID@ + control-use-cert: no +auth-zone: + name: "example.com" + for-upstream: yes + for-downstream: yes + zonefile: "zonemd_reload.zone" + zonemd-check: yes + #master: "127.0.0.1@@TOPORT@" diff --git a/testdata/zonemd_reload.tdir/zonemd_reload.dsc b/testdata/zonemd_reload.tdir/zonemd_reload.dsc new file mode 100644 index 000000000000..016c3d6c7ff0 --- /dev/null +++ b/testdata/zonemd_reload.tdir/zonemd_reload.dsc @@ -0,0 +1,16 @@ +BaseName: zonemd_reload +Version: 1.0 +Description: ZONEMD check after auth_zone_reload +CreationDate: Tue 23 Oct 12:00:00 CEST 2020 +Maintainer: dr. W.C.A. Wijngaards +Category: +Component: +CmdDepends: +Depends: +Help: +Pre: zonemd_reload.pre +Post: zonemd_reload.post +Test: zonemd_reload.test +AuxFiles: +Passed: +Failure: diff --git a/testdata/zonemd_reload.tdir/zonemd_reload.post b/testdata/zonemd_reload.tdir/zonemd_reload.post new file mode 100644 index 000000000000..5e315088a097 --- /dev/null +++ b/testdata/zonemd_reload.tdir/zonemd_reload.post @@ -0,0 +1,14 @@ +# #-- zonemd_reload.post --# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# source the test var file when it's there +[ -f .tpkg.var.test ] && source .tpkg.var.test +# +# do your teardown here +. ../common.sh +echo "> cat logfiles" +cat fwd.log +cat unbound.log +kill_pid $FWD_PID +kill_pid $UNBOUND_PID +rm -f $CONTROL_PATH/controlpipe.$CONTROL_PID diff --git a/testdata/zonemd_reload.tdir/zonemd_reload.pre b/testdata/zonemd_reload.tdir/zonemd_reload.pre new file mode 100644 index 000000000000..fa5e4ca29bbf --- /dev/null +++ b/testdata/zonemd_reload.tdir/zonemd_reload.pre @@ -0,0 +1,35 @@ +# #-- zonemd_reload.pre--# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test + +. ../common.sh +get_random_port 2 +UNBOUND_PORT=$RND_PORT +FWD_PORT=$(($RND_PORT + 1)) +echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test +echo "FWD_PORT=$FWD_PORT" >> .tpkg.var.test + +# start forwarder +get_ldns_testns +$LDNS_TESTNS -p $FWD_PORT zonemd_reload.testns >fwd.log 2>&1 & +FWD_PID=$! +echo "FWD_PID=$FWD_PID" >> .tpkg.var.test + +# make config file +CONTROL_PATH=/tmp +CONTROL_PID=$$ +sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@TOPORT\@/'$FWD_PORT'/' -e 's?@CONTROL_PATH\@?'$CONTROL_PATH'?' -e 's/@CONTROL_PID@/'$CONTROL_PID'/' < zonemd_reload.conf > ub.conf +# start unbound in the background +PRE="../.." +$PRE/unbound -d -c ub.conf >unbound.log 2>&1 & +UNBOUND_PID=$! +echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test +echo "CONTROL_PATH=$CONTROL_PATH" >> .tpkg.var.test +echo "CONTROL_PID=$CONTROL_PID" >> .tpkg.var.test + +cat .tpkg.var.test +wait_ldns_testns_up fwd.log +wait_unbound_up unbound.log + diff --git a/testdata/zonemd_reload.tdir/zonemd_reload.test b/testdata/zonemd_reload.tdir/zonemd_reload.test new file mode 100644 index 000000000000..fbdf07511306 --- /dev/null +++ b/testdata/zonemd_reload.tdir/zonemd_reload.test @@ -0,0 +1,74 @@ +# #-- zonemd_reload.test --# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test + +PRE="../.." +# do the test +echo "> dig www.example.com." +dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile +if grep SERVFAIL outfile; then + echo "> try again" + dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile +fi +if grep SERVFAIL outfile; then + echo "> try again" + sleep 1 + dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile +fi +if grep SERVFAIL outfile; then + echo "> try again" + sleep 1 + dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile +fi +if grep SERVFAIL outfile; then + echo "> try again" + sleep 1 + dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile +fi +if grep SERVFAIL outfile; then + echo "> try again" + sleep 10 + dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile +fi +if grep SERVFAIL outfile; then + echo "> try again" + sleep 10 + dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile +fi +echo "> cat logfiles" +cat fwd.log +cat unbound.log +echo "> check answer" +if grep www.example.com outfile | grep "192.0.2.1"; then + echo "OK" +else + echo "Not OK" + exit 1 +fi + +echo "> unbound-control status" +$PRE/unbound-control -c ub.conf status +if test $? -ne 0; then + echo "wrong exit value." + exit 1 +else + echo "exit value: OK" +fi + +echo "> unbound-control auth_zone_reload example.com" +$PRE/unbound-control -c ub.conf auth_zone_reload example.com 2>&1 | tee outfile +if test $? -ne 0; then + echo "wrong exit value." + exit 1 +fi +echo "> check unbound-control output" +if grep "example.com: ZONEMD verification successful" outfile; then + echo "OK" +else + echo "Not OK" + exit 1 +fi + +exit 0 diff --git a/testdata/zonemd_reload.tdir/zonemd_reload.testns b/testdata/zonemd_reload.tdir/zonemd_reload.testns new file mode 100644 index 000000000000..f1678a1ccc30 --- /dev/null +++ b/testdata/zonemd_reload.tdir/zonemd_reload.testns @@ -0,0 +1,27 @@ +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.com. IN SOA +SECTION ANSWER +example.com. IN SOA ns.example.com. hostmaster.example.com. 1 3600 900 86400 3600 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.com. IN AXFR +SECTION ANSWER +example.com. IN SOA ns.example.com. hostmaster.example.com. 1 3600 900 86400 3600 +example.com. IN NS ns.example.net. +EXTRA_PACKET +REPLY QR AA NOERROR +SECTION QUESTION +example.com. IN AXFR +SECTION ANSWER +www.example.com. IN A 1.2.3.4 +example.com. IN SOA ns.example.com. hostmaster.example.com. 1 3600 900 86400 3600 +ENTRY_END diff --git a/testdata/zonemd_reload.tdir/zonemd_reload.zone b/testdata/zonemd_reload.tdir/zonemd_reload.zone new file mode 100644 index 000000000000..01e57a738e37 --- /dev/null +++ b/testdata/zonemd_reload.tdir/zonemd_reload.zone @@ -0,0 +1,8 @@ +example.com. IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 +example.com. IN NS ns.example.com. +example.com. IN ZONEMD 200154054 1 2 D207FBBD1403DC8FDDC0159AB1F4B4C54A2FEB814E5CB1E82841C51D1372E78E4F6C75F7A9D710CC78C54E2DB3B92D07C72990644F93E1C44AC356EACA3980C5 +www.example.com. IN A 192.0.2.1 +ns.example.com. IN A 192.0.2.1 +bar.example.com. IN A 1.2.3.4 +ding.example.com. IN A 1.2.3.4 +foo.example.com. IN A 1.2.3.4 diff --git a/util/config_file.c b/util/config_file.c index 4d87dee9b496..50b0e645af8f 100644 --- a/util/config_file.c +++ b/util/config_file.c @@ -105,11 +105,14 @@ config_create(void) cfg->do_ip6 = 1; cfg->do_udp = 1; cfg->do_tcp = 1; + cfg->tcp_reuse_timeout = 60 * 1000; /* 60s in milisecs */ + cfg->max_reuse_tcp_queries = 200; cfg->tcp_upstream = 0; cfg->udp_upstream_without_downstream = 0; cfg->tcp_mss = 0; cfg->outgoing_tcp_mss = 0; cfg->tcp_idle_timeout = 30 * 1000; /* 30s in millisecs */ + cfg->tcp_auth_query_timeout = 3 * 1000; /* 3s in millisecs */ cfg->do_tcp_keepalive = 0; cfg->tcp_keepalive_timeout = 120 * 1000; /* 120s in millisecs */ cfg->ssl_service_key = NULL; @@ -235,8 +238,10 @@ config_create(void) cfg->hide_identity = 0; cfg->hide_version = 0; cfg->hide_trustanchor = 0; + cfg->hide_http_user_agent = 0; cfg->identity = NULL; cfg->version = NULL; + cfg->http_user_agent = NULL; cfg->nsid_cfg_str = NULL; cfg->nsid = NULL; cfg->nsid_len = 0; @@ -250,6 +255,7 @@ config_create(void) cfg->val_date_override = 0; cfg->val_sig_skew_min = 3600; /* at least daylight savings trouble */ cfg->val_sig_skew_max = 86400; /* at most timezone settings trouble */ + cfg->val_max_restart = 5; cfg->val_clean_additional = 1; cfg->val_log_level = 0; cfg->val_log_squelch = 0; @@ -262,6 +268,7 @@ config_create(void) cfg->serve_expired_reply_ttl = 30; cfg->serve_expired_client_timeout = 0; cfg->serve_original_ttl = 0; + cfg->zonemd_permissive_mode = 0; cfg->add_holddown = 30*24*3600; cfg->del_holddown = 30*24*3600; cfg->keep_missing = 366*24*3600; /* one year plus a little leeway */ @@ -305,7 +312,7 @@ config_create(void) if(!(cfg->module_conf = strdup("validator iterator"))) goto error_exit; #endif if(!(cfg->val_nsec3_key_iterations = - strdup("1024 150 2048 500 4096 2500"))) goto error_exit; + strdup("1024 150 2048 150 4096 150"))) goto error_exit; #if defined(DNSTAP_SOCKET_PATH) if(!(cfg->dnstap_socket_path = strdup(DNSTAP_SOCKET_PATH))) goto error_exit; @@ -516,7 +523,10 @@ int config_set_option(struct config_file* cfg, const char* opt, udp_upstream_without_downstream) else S_NUMBER_NONZERO("tcp-mss:", tcp_mss) else S_NUMBER_NONZERO("outgoing-tcp-mss:", outgoing_tcp_mss) + else S_NUMBER_NONZERO("tcp-auth-query-timeout:", tcp_auth_query_timeout) else S_NUMBER_NONZERO("tcp-idle-timeout:", tcp_idle_timeout) + else S_NUMBER_NONZERO("max-reuse-tcp-queries:", max_reuse_tcp_queries) + else S_NUMBER_NONZERO("tcp-reuse-timeout:", tcp_reuse_timeout) else S_YNO("edns-tcp-keepalive:", do_tcp_keepalive) else S_NUMBER_NONZERO("edns-tcp-keepalive-timeout:", tcp_keepalive_timeout) else S_YNO("ssl-upstream:", ssl_upstream) @@ -587,8 +597,10 @@ int config_set_option(struct config_file* cfg, const char* opt, else S_YNO("hide-identity:", hide_identity) else S_YNO("hide-version:", hide_version) else S_YNO("hide-trustanchor:", hide_trustanchor) + else S_YNO("hide-http-user-agent:", hide_http_user_agent) else S_STR("identity:", identity) else S_STR("version:", version) + else S_STR("http-user-agent:", http_user_agent) else if(strcmp(opt, "nsid:") == 0) { free(cfg->nsid_cfg_str); if (!(cfg->nsid_cfg_str = strdup(val))) @@ -649,6 +661,7 @@ int config_set_option(struct config_file* cfg, const char* opt, else S_NUMBER_OR_ZERO("serve-expired-client-timeout:", serve_expired_client_timeout) else S_YNO("serve-original-ttl:", serve_original_ttl) else S_STR("val-nsec3-keysize-iterations:", val_nsec3_key_iterations) + else S_YNO("zonemd-permissive-mode:", zonemd_permissive_mode) else S_UNSIGNED_OR_ZERO("add-holddown:", add_holddown) else S_UNSIGNED_OR_ZERO("del-holddown:", del_holddown) else S_UNSIGNED_OR_ZERO("keep-missing:", keep_missing) @@ -756,12 +769,14 @@ int config_set_option(struct config_file* cfg, const char* opt, #endif else if(strcmp(opt, "define-tag:") ==0) { return config_add_tag(cfg, val); - /* val_sig_skew_min and max are copied into val_env during init, - * so this does not update val_env with set_option */ + /* val_sig_skew_min, max and val_max_restart are copied into val_env + * during init so this does not update val_env with set_option */ } else if(strcmp(opt, "val-sig-skew-min:") == 0) { IS_NUMBER_OR_ZERO; cfg->val_sig_skew_min = (int32_t)atoi(val); } else if(strcmp(opt, "val-sig-skew-max:") == 0) { IS_NUMBER_OR_ZERO; cfg->val_sig_skew_max = (int32_t)atoi(val); } + else if(strcmp(opt, "val-max-restart:") == 0) + { IS_NUMBER_OR_ZERO; cfg->val_max_restart = (int32_t)atoi(val); } else if (strcmp(opt, "outgoing-interface:") == 0) { char* d = strdup(val); char** oi = @@ -1005,7 +1020,10 @@ config_get_option(struct config_file* cfg, const char* opt, else O_YNO(opt, "udp-upstream-without-downstream", udp_upstream_without_downstream) else O_DEC(opt, "tcp-mss", tcp_mss) else O_DEC(opt, "outgoing-tcp-mss", outgoing_tcp_mss) + else O_DEC(opt, "tcp-auth-query-timeout", tcp_auth_query_timeout) else O_DEC(opt, "tcp-idle-timeout", tcp_idle_timeout) + else O_DEC(opt, "max-reuse-tcp-queries", max_reuse_tcp_queries) + else O_DEC(opt, "tcp-reuse-timeout", tcp_reuse_timeout) else O_YNO(opt, "edns-tcp-keepalive", do_tcp_keepalive) else O_DEC(opt, "edns-tcp-keepalive-timeout", tcp_keepalive_timeout) else O_YNO(opt, "ssl-upstream", ssl_upstream) @@ -1041,8 +1059,10 @@ config_get_option(struct config_file* cfg, const char* opt, else O_YNO(opt, "hide-identity", hide_identity) else O_YNO(opt, "hide-version", hide_version) else O_YNO(opt, "hide-trustanchor", hide_trustanchor) + else O_YNO(opt, "hide-http-user-agent", hide_http_user_agent) else O_STR(opt, "identity", identity) else O_STR(opt, "version", version) + else O_STR(opt, "http-user-agent", http_user_agent) else O_STR(opt, "nsid", nsid_cfg_str) else O_STR(opt, "target-fetch-policy", target_fetch_policy) else O_YNO(opt, "harden-short-bufsize", harden_short_bufsize) @@ -1070,6 +1090,7 @@ config_get_option(struct config_file* cfg, const char* opt, else O_DEC(opt, "serve-expired-client-timeout", serve_expired_client_timeout) else O_YNO(opt, "serve-original-ttl", serve_original_ttl) else O_STR(opt, "val-nsec3-keysize-iterations",val_nsec3_key_iterations) + else O_YNO(opt, "zonemd-permissive-mode", zonemd_permissive_mode) else O_UNS(opt, "add-holddown", add_holddown) else O_UNS(opt, "del-holddown", del_holddown) else O_UNS(opt, "keep-missing", keep_missing) @@ -1178,6 +1199,7 @@ config_get_option(struct config_file* cfg, const char* opt, else O_DEC(opt, "fast-server-permil", fast_server_permil) else O_DEC(opt, "val-sig-skew-min", val_sig_skew_min) else O_DEC(opt, "val-sig-skew-max", val_sig_skew_max) + else O_DEC(opt, "val-max-restart", val_max_restart) else O_YNO(opt, "qname-minimisation", qname_minimisation) else O_YNO(opt, "qname-minimisation-strict", qname_minimisation_strict) else O_IFC(opt, "define-tag", num_tags, tagname) @@ -1516,6 +1538,7 @@ config_delete(struct config_file* cfg) #endif free(cfg->identity); free(cfg->version); + free(cfg->http_user_agent); free(cfg->nsid_cfg_str); free(cfg->nsid); free(cfg->module_conf); @@ -1681,6 +1704,37 @@ int cfg_condense_ports(struct config_file* cfg, int** avail) return num; } +void cfg_apply_local_port_policy(struct config_file* cfg, int num) { +(void)cfg; +(void)num; +#ifdef USE_LINUX_IP_LOCAL_PORT_RANGE + { + int i = 0; + FILE* range_fd; + if ((range_fd = fopen(LINUX_IP_LOCAL_PORT_RANGE_PATH, "r")) != NULL) { + int min_port = 0; + int max_port = num - 1; + if (fscanf(range_fd, "%d %d", &min_port, &max_port) == 2) { + for(i=0; ioutgoing_avail_ports[i] = 0; + } + for(i=max_port+1; ioutgoing_avail_ports[i] = 0; + } + } else { + log_err("unexpected port range in %s", + LINUX_IP_LOCAL_PORT_RANGE_PATH); + } + fclose(range_fd); + } else { + log_err("failed to read from file: %s (%s)", + LINUX_IP_LOCAL_PORT_RANGE_PATH, + strerror(errno)); + } + } +#endif +} + /** print error with file and line number */ static void ub_c_error_va_list(const char *fmt, va_list args) { @@ -2605,3 +2659,27 @@ int options_remote_is_address(struct config_file* cfg) return (cfg->control_ifs.first->str[0] != '/'); } +/** see if interface is https, its port number == the https port number */ +int +if_is_https(const char* ifname, const char* port, int https_port) +{ + char* p = strchr(ifname, '@'); + if(!p && atoi(port) == https_port) + return 1; + if(p && atoi(p+1) == https_port) + return 1; + return 0; +} + +/** see if config contains https turned on */ +int cfg_has_https(struct config_file* cfg) +{ + int i; + char portbuf[32]; + snprintf(portbuf, sizeof(portbuf), "%d", cfg->port); + for(i = 0; inum_ifs; i++) { + if(if_is_https(cfg->ifs[i], portbuf, cfg->https_port)) + return 1; + } + return 0; +} diff --git a/util/config_file.h b/util/config_file.h index 7cf27cc2c3e3..aed6812dafe8 100644 --- a/util/config_file.h +++ b/util/config_file.h @@ -93,6 +93,12 @@ struct config_file { int do_udp; /** do tcp query support. */ int do_tcp; + /** max number of queries on a reuse connection. */ + size_t max_reuse_tcp_queries; + /** timeout for REUSE entries in milliseconds. */ + int tcp_reuse_timeout; + /** timeout in milliseconds for TCP queries to auth servers. */ + int tcp_auth_query_timeout; /** tcp upstream queries (no UDP upstream queries) */ int tcp_upstream; /** udp upstream enabled when no UDP downstream is enabled (do_udp no)*/ @@ -334,10 +340,14 @@ struct config_file { int hide_version; /** do not report trustanchor (trustanchor.unbound) */ int hide_trustanchor; + /** do not report the User-Agent HTTP header */ + int hide_http_user_agent; /** identity, hostname is returned if "". */ char* identity; /** version, package version returned if "". */ char* version; + /** User-Agent for HTTP header */ + char* http_user_agent; /** nsid */ char *nsid_cfg_str; uint8_t *nsid; @@ -367,6 +377,8 @@ struct config_file { int32_t val_sig_skew_min; /** the maximum for signature clock skew */ int32_t val_sig_skew_max; + /** max number of query restarts, number of IPs to probe */ + int32_t val_max_restart; /** this value sets the number of seconds before revalidating bogus */ int bogus_ttl; /** should validator clean additional section for secure msgs */ @@ -396,6 +408,8 @@ struct config_file { int serve_original_ttl; /** nsec3 maximum iterations per key size, string */ char* val_nsec3_key_iterations; + /** if zonemd failures are permitted, only logged */ + int zonemd_permissive_mode; /** autotrust add holddown time, in seconds */ unsigned int add_holddown; /** autotrust del holddown time, in seconds */ @@ -727,6 +741,10 @@ struct config_auth { /** Always reply with this CNAME target if the cname override action is * used */ char* rpz_cname; + /** Check ZONEMD records for this zone */ + int zonemd_check; + /** Reject absence of ZONEMD records, zone must have one */ + int zonemd_reject_absence; }; /** @@ -1172,6 +1190,13 @@ int cfg_mark_ports(const char* str, int allow, int* avail, int num); */ int cfg_condense_ports(struct config_file* cfg, int** avail); +/** + * Apply system specific port range policy. + * @param cfg: config file. + * @param num: size of the array (65536). + */ +void cfg_apply_local_port_policy(struct config_file* cfg, int num); + /** * Scan ports available * @param avail: the array from cfg. @@ -1301,5 +1326,19 @@ void w_config_adjust_directory(struct config_file* cfg); /** debug option for unit tests. */ extern int fake_dsa, fake_sha1; +/** see if interface is https, its port number == the https port number */ +int if_is_https(const char* ifname, const char* port, int https_port); + +/** + * Return true if the config contains settings that enable https. + * @param cfg: config information. + * @return true if https ports are used for server. + */ +int cfg_has_https(struct config_file* cfg); + +#ifdef USE_LINUX_IP_LOCAL_PORT_RANGE +#define LINUX_IP_LOCAL_PORT_RANGE_PATH "/proc/sys/net/ipv4/ip_local_port_range" +#endif + #endif /* UTIL_CONFIG_FILE_H */ diff --git a/util/configlexer.c b/util/configlexer.c index 5e51c68869aa..7c3f3fde8844 100644 --- a/util/configlexer.c +++ b/util/configlexer.c @@ -354,8 +354,8 @@ static void yynoreturn yy_fatal_error ( const char* msg ); (yy_hold_char) = *yy_cp; \ *yy_cp = '\0'; \ (yy_c_buf_p) = yy_cp; -#define YY_NUM_RULES 343 -#define YY_END_OF_BUFFER 344 +#define YY_NUM_RULES 352 +#define YY_END_OF_BUFFER 353 /* This struct is not used in this scanner, but its presence is necessary. */ struct yy_trans_info @@ -363,377 +363,391 @@ struct yy_trans_info flex_int32_t yy_verify; flex_int32_t yy_nxt; }; -static const flex_int16_t yy_accept[3354] = +static const flex_int16_t yy_accept[3484] = { 0, - 1, 1, 317, 317, 321, 321, 325, 325, 329, 329, - 1, 1, 333, 333, 337, 337, 344, 341, 1, 315, - 315, 342, 2, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 342, 317, 318, 318, 319, - 342, 321, 322, 322, 323, 342, 328, 325, 326, 326, - 327, 342, 329, 330, 330, 331, 342, 340, 316, 2, - 320, 340, 342, 336, 333, 334, 334, 335, 342, 337, - 338, 338, 339, 342, 341, 0, 1, 2, 2, 2, - 2, 341, 341, 341, 341, 341, 341, 341, 341, 341, + 1, 1, 326, 326, 330, 330, 334, 334, 338, 338, + 1, 1, 342, 342, 346, 346, 353, 350, 1, 324, + 324, 351, 2, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 351, 326, 327, 327, 328, + 351, 330, 331, 331, 332, 351, 337, 334, 335, 335, + 336, 351, 338, 339, 339, 340, 351, 349, 325, 2, + 329, 349, 351, 345, 342, 343, 343, 344, 351, 346, + 347, 347, 348, 351, 350, 0, 1, 2, 2, 2, + 2, 350, 350, 350, 350, 350, 350, 350, 350, 350, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 317, - 0, 321, 0, 328, 0, 325, 329, 0, 340, 0, - 2, 2, 340, 336, 0, 333, 337, 0, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 326, + 0, 330, 0, 337, 0, 334, 338, 0, 349, 0, + 2, 2, 349, 345, 0, 342, 346, 0, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 340, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 349, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 125, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 134, - 341, 341, 341, 341, 341, 341, 341, 340, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 128, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 137, + 350, 350, 350, 350, 350, 350, 350, 349, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 109, 341, 314, 341, - 341, 341, 341, 341, 341, 341, 8, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 112, 350, 323, + 350, 350, 350, 350, 350, 350, 350, 8, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, - 341, 341, 341, 341, 341, 341, 126, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 139, 341, 340, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, + 350, 350, 350, 350, 350, 350, 350, 129, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 142, 350, 350, 349, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, - 341, 341, 341, 341, 341, 341, 341, 307, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 316, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 340, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 64, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 239, 341, 14, 15, 341, 19, 18, 341, 341, 223, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 349, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 67, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 248, 350, 14, 15, 350, 19, 18, 350, + 350, 232, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, - 341, 132, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 221, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 3, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 135, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 230, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 3, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, - 340, 341, 341, 341, 341, 341, 341, 341, 301, 341, - 341, 300, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 324, - 341, 341, 341, 341, 341, 341, 341, 341, 63, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 67, 341, 270, 341, 341, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 349, + 350, 350, 350, 350, 350, 350, 350, 310, 350, 350, + 309, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 333, 350, 350, 350, 350, 350, 350, 350, 350, 66, - 341, 341, 341, 341, 341, 341, 308, 309, 341, 341, - 341, 341, 341, 341, 341, 68, 341, 341, 133, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 129, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 210, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 21, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 158, 341, 341, 340, 324, 341, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 70, 350, 279, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 317, 318, + 350, 350, 350, 350, 350, 350, 350, 71, 350, 350, + 136, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 132, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 219, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 21, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 107, 341, 341, 341, 341, 341, 341, 341, 278, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 182, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 157, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 162, + 350, 350, 350, 350, 350, 349, 333, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 110, 350, + 350, 350, 350, 350, 350, 350, 287, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 188, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 106, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 32, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 33, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 65, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 131, 340, 341, 341, + 350, 350, 350, 350, 350, 350, 161, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 109, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 35, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, - 341, 341, 341, 124, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 66, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 243, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 183, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 54, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, + 350, 350, 350, 36, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 68, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 134, 350, 350, 350, 349, 350, 350, 350, 350, 350, + 127, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 69, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 252, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 189, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 261, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 58, 341, 59, - 341, 341, 341, 341, 341, 110, 341, 111, 341, 341, - 341, 341, 108, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 57, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 270, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 61, 350, 62, - 341, 341, 7, 341, 340, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 232, 341, 341, 341, 341, 160, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 244, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 45, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 55, 341, 341, 341, 341, 341, 341, 341, + 350, 350, 350, 350, 350, 113, 350, 114, 350, 350, + 350, 350, 111, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 7, 350, 350, 350, 350, + 349, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 241, + 350, 350, 350, 350, 165, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 253, 350, 350, 350, 350, 350, 350, 350, 350, - 341, 341, 341, 341, 341, 341, 341, 202, 341, 201, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 16, 17, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 69, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 209, 341, 341, 341, - 341, 341, 341, 113, 341, 112, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 193, 341, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 48, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 58, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 211, 350, 210, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 16, 17, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, - 341, 341, 341, 341, 341, 341, 341, 140, 340, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 101, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 89, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 222, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 94, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 62, 341, 341, 341, + 350, 350, 72, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 218, 350, 350, 350, 350, + 350, 350, 116, 350, 115, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 202, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 143, + 350, 350, 350, 349, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 104, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 92, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 196, 197, 341, 341, 341, - 272, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 6, 341, 341, 341, 341, 341, 341, - 291, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 276, 341, - 341, 341, 341, 341, 341, 302, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 42, 341, 341, - 341, 341, 44, 341, 341, 341, 90, 341, 341, 341, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 231, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 97, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 65, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 205, 206, 350, 350, 350, 281, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 6, 350, 350, 350, 350, 350, 350, 300, 350, - 341, 341, 52, 341, 341, 341, 341, 341, 341, 341, - 340, 341, 189, 341, 341, 341, 135, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 214, 341, 190, - 341, 341, 341, 229, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 53, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 137, 118, 341, 119, 341, - 341, 341, 117, 341, 341, 341, 341, 341, 341, 341, - 341, 155, 341, 341, 50, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 285, 350, 350, 350, + 350, 350, 350, 311, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 45, 350, 350, + 350, 350, 47, 350, 350, 350, 93, 350, 350, 350, + 350, 350, 55, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 349, 350, 198, 350, 350, 350, + 138, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 223, 350, 199, 350, 350, 350, 238, 350, 350, - 341, 260, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 191, 341, 341, 341, 341, 341, 194, 341, 200, - 341, 341, 341, 341, 341, 228, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 105, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 130, 341, 341, 341, 341, 341, 341, 341, 60, - 341, 341, 341, 26, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 20, 341, 341, 341, 341, 341, 341, - 27, 36, 341, 165, 341, 341, 341, 341, 341, 341, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 56, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 140, + 121, 350, 122, 350, 350, 350, 120, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 158, 350, 350, 53, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 269, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 200, 350, 350, + 350, 350, 350, 203, 350, 209, 350, 350, 350, 350, + 350, 350, 237, 350, 350, 350, 350, 350, 350, 350, - 341, 341, 341, 341, 341, 341, 341, 340, 341, 341, - 341, 341, 341, 341, 77, 79, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 280, - 341, 341, 341, 341, 240, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 120, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 154, 341, 46, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 295, 341, 341, 341, 341, 341, 341, 341, 341, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 108, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 133, 350, + 350, 350, 350, 350, 350, 350, 63, 350, 350, 350, + 29, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 20, 350, 350, 350, 350, 350, 350, 30, + 39, 350, 170, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 196, 350, 350, + 349, 350, 350, 350, 350, 350, 350, 80, 82, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 159, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 289, 341, 341, 341, 220, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 305, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 176, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 114, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 171, - 341, 184, 341, 341, 341, 341, 340, 341, 143, 341, - 341, 341, 341, 341, 100, 341, 341, 341, 341, 212, + 350, 350, 289, 350, 350, 350, 350, 249, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 123, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 157, 350, 49, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 304, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 164, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 298, - 341, 341, 341, 341, 341, 341, 230, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 252, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 136, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 175, - 341, 341, 341, 341, 341, 341, 80, 341, 81, 341, - 341, 341, 341, 341, 61, 298, 341, 341, 341, 341, - 341, 88, 185, 341, 203, 341, 233, 341, 341, 195, - 273, 341, 341, 341, 341, 341, 73, 341, 187, 341, - 341, 341, 341, 341, 9, 341, 341, 341, 341, 341, + 350, 350, 350, 229, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 314, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 182, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 117, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 177, 350, 190, + 350, 350, 350, 350, 350, 350, 350, 349, 350, 146, + 350, 350, 350, 350, 350, 103, 350, 350, 350, 350, + 221, 350, 350, 350, 350, 350, 350, 239, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, - 104, 341, 341, 341, 341, 265, 341, 341, 341, 341, - 211, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 340, 341, 341, - 341, 341, 174, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 161, 341, 279, 341, 341, 341, 341, - 341, 251, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 224, 341, 341, 341, 341, 341, 271, + 350, 350, 350, 350, 261, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 139, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 181, 350, 350, 350, 350, 350, 350, 83, + 350, 84, 350, 350, 350, 350, 350, 64, 307, 350, + 350, 350, 350, 350, 91, 191, 350, 212, 350, 242, + 350, 350, 204, 282, 350, 350, 350, 350, 350, 350, + 76, 350, 193, 350, 350, 350, 350, 350, 9, 350, + 350, 350, 350, 350, 107, 350, 350, 350, 350, 274, + 350, 350, 350, 350, 220, 350, 350, 350, 350, 350, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 299, 341, 186, 341, 341, 341, 341, 341, 341, 341, - 72, 74, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 103, 341, 341, 341, 341, 263, 341, 341, 341, - 341, 275, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 216, 34, 28, 30, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 35, 341, 29, - 31, 341, 341, 341, 341, 341, 341, 341, 341, 99, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 349, 350, 350, 350, + 350, 180, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 166, 350, 288, 350, 350, 350, 350, 350, + 260, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 233, 350, 350, 350, 350, 350, 280, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, - 341, 341, 341, 341, 341, 341, 340, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 218, 215, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 71, 341, - 341, 341, 138, 341, 121, 341, 341, 341, 341, 341, - 341, 341, 341, 156, 47, 341, 341, 341, 332, 13, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 293, 341, 296, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 12, 341, 341, 22, 341, 341, 341, - 341, 341, 269, 341, 341, 341, 341, 277, 341, 341, + 350, 350, 350, 350, 350, 163, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 308, 350, 192, 350, 350, 350, 350, 350, 350, + 350, 350, 75, 77, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 106, 350, 350, 350, 350, 272, 350, + 350, 350, 350, 284, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 225, 37, 31, 33, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 38, 350, 32, 34, 350, 350, 350, 350, 350, + 350, 350, 350, 102, 350, 176, 350, 350, 350, 350, - 341, 75, 341, 226, 341, 341, 341, 341, 341, 217, - 341, 341, 70, 341, 341, 341, 341, 23, 341, 43, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 170, 169, 332, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 219, 213, 341, 231, 341, 341, - 281, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 82, 341, 341, 341, 341, 264, 341, - 341, 341, 341, 199, 341, 341, 341, 341, 225, 341, + 350, 350, 350, 349, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 227, 224, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 74, 350, 350, 350, 141, + 350, 124, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 159, 50, 350, 350, 350, 341, 13, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 302, 350, + 305, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 12, 350, 350, 22, 350, 350, 350, 350, + 350, 278, 350, 350, 350, 350, 286, 350, 350, 350, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 303, 304, 167, 341, 341, 76, 341, 341, 341, 341, - 177, 341, 341, 341, 115, 116, 341, 341, 341, 341, - 162, 341, 164, 341, 204, 341, 341, 341, 341, 168, - 341, 341, 234, 341, 341, 341, 341, 341, 341, 341, - 145, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 242, 341, 341, 341, 341, 341, 341, - 341, 312, 341, 24, 341, 274, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 86, 205, 341, 341, 262, 341, 297, 341, 198, 341, + 78, 350, 235, 350, 350, 350, 350, 350, 226, 350, + 350, 73, 350, 350, 350, 350, 350, 23, 350, 350, + 46, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 175, 174, 350, 350, 341, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 228, 222, 350, + 240, 350, 350, 290, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 85, 350, 350, + 350, 350, 273, 350, 350, 350, 350, 208, 350, 350, - 341, 341, 341, 56, 341, 341, 341, 341, 341, 341, - 4, 341, 341, 341, 341, 128, 144, 341, 341, 341, - 181, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 237, 37, 38, 341, - 341, 341, 341, 341, 341, 341, 282, 341, 341, 341, - 341, 341, 341, 341, 250, 341, 341, 341, 341, 341, - 341, 341, 341, 208, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 85, 341, 57, 268, - 341, 238, 341, 341, 341, 341, 11, 341, 341, 341, - 341, 341, 341, 341, 341, 127, 341, 341, 341, 341, + 350, 350, 350, 234, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 312, 313, 172, 350, 350, + 79, 350, 350, 350, 350, 183, 350, 350, 350, 118, + 119, 350, 350, 350, 25, 350, 350, 167, 350, 169, + 350, 213, 350, 350, 350, 350, 173, 350, 350, 350, + 350, 243, 350, 350, 350, 350, 350, 350, 350, 148, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 251, 350, 350, 350, 350, 350, 350, 350, + 321, 350, 27, 350, 283, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, - 206, 91, 341, 40, 341, 341, 341, 341, 341, 341, - 341, 341, 173, 341, 341, 341, 341, 341, 147, 341, - 341, 341, 341, 241, 341, 341, 341, 341, 341, 249, - 341, 341, 341, 341, 141, 341, 341, 341, 122, 123, - 341, 341, 341, 93, 97, 92, 341, 341, 341, 341, - 83, 341, 341, 341, 341, 341, 10, 341, 341, 341, - 341, 341, 266, 306, 341, 341, 341, 341, 311, 39, - 341, 341, 341, 341, 341, 172, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 98, + 89, 214, 350, 350, 271, 350, 306, 350, 207, 350, + 350, 350, 350, 350, 59, 350, 350, 350, 350, 350, + 350, 4, 350, 350, 350, 350, 131, 147, 350, 350, + 350, 187, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 246, 40, 41, 350, 350, 350, 350, 350, 350, 350, + 291, 350, 350, 350, 350, 350, 350, 350, 259, 350, + 350, 350, 350, 350, 350, 350, 350, 217, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 88, 350, 60, 277, 350, 247, 350, 350, 350, - 96, 341, 51, 341, 341, 84, 294, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 192, 341, 341, 341, - 341, 341, 207, 341, 341, 341, 341, 341, 341, 341, - 341, 163, 78, 341, 341, 341, 341, 341, 283, 341, - 341, 341, 341, 341, 341, 341, 246, 341, 341, 245, - 142, 341, 341, 95, 48, 341, 148, 149, 152, 153, - 150, 151, 87, 292, 341, 341, 267, 341, 341, 341, - 341, 166, 341, 341, 341, 341, 341, 236, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 179, 178, + 350, 350, 11, 350, 350, 350, 350, 350, 350, 350, + 350, 130, 350, 350, 350, 350, 215, 94, 350, 350, + 43, 350, 350, 350, 350, 350, 350, 350, 350, 179, + 350, 350, 350, 350, 350, 350, 350, 150, 350, 350, + 350, 350, 250, 350, 350, 350, 350, 350, 258, 350, + 350, 350, 350, 144, 350, 350, 350, 125, 126, 350, + 350, 350, 96, 100, 95, 160, 350, 350, 350, 350, + 86, 350, 350, 350, 350, 350, 350, 10, 350, 350, + 350, 350, 350, 275, 315, 350, 350, 350, 350, 350, + 320, 42, 350, 350, 350, 350, 350, 178, 350, 350, - 41, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 290, 341, 341, 341, 341, 102, 341, - 235, 341, 259, 287, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 313, 341, 49, 5, 341, - 341, 227, 341, 341, 288, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 247, 25, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 248, 341, - 341, 341, 146, 341, 341, 341, 341, 341, 341, 341, - 341, 180, 341, 188, 341, 341, 341, 341, 341, 341, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 101, 99, 350, 54, 350, 350, 87, + 303, 350, 350, 350, 350, 24, 350, 350, 350, 350, + 350, 201, 350, 350, 350, 350, 350, 216, 350, 350, + 350, 350, 350, 350, 350, 350, 197, 350, 350, 168, + 81, 350, 350, 350, 350, 350, 292, 350, 350, 350, + 350, 350, 350, 350, 255, 350, 350, 254, 145, 350, + 350, 98, 51, 350, 151, 152, 155, 156, 153, 154, + 90, 301, 350, 350, 276, 350, 350, 350, 26, 350, - 341, 341, 341, 284, 341, 341, 341, 341, 341, 341, - 341, 341, 341, 341, 341, 341, 341, 341, 341, 341, - 341, 310, 341, 341, 255, 341, 341, 341, 341, 341, - 285, 341, 341, 341, 341, 341, 341, 286, 341, 341, - 341, 253, 341, 256, 257, 341, 341, 341, 341, 341, - 254, 258, 0 + 171, 350, 350, 350, 350, 195, 350, 245, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 185, 184, + 44, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 299, 350, 350, 350, 350, 105, 350, + 244, 350, 268, 296, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 322, 350, 52, 5, 350, + 350, 236, 350, 350, 297, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 256, 28, 350, 350, 350, 350, + + 350, 350, 350, 350, 350, 350, 350, 350, 257, 350, + 350, 350, 149, 350, 350, 350, 350, 350, 350, 350, + 350, 186, 350, 194, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 293, 350, 350, 350, 350, 350, 350, + 350, 350, 350, 350, 350, 350, 350, 350, 350, 350, + 350, 319, 350, 350, 264, 350, 350, 350, 350, 350, + 294, 350, 350, 350, 350, 350, 350, 295, 350, 350, + 350, 262, 350, 265, 266, 350, 350, 350, 350, 350, + 263, 267, 0 } ; static const YY_CHAR yy_ec[256] = @@ -779,17 +793,17 @@ static const YY_CHAR yy_meta[67] = 1, 1, 1, 1, 1, 1 } ; -static const flex_int16_t yy_base[3372] = +static const flex_int16_t yy_base[3502] = { 0, 0, 0, 64, 67, 70, 72, 78, 84, 89, 92, - 131, 137, 112, 118, 123, 142, 429, 383, 96, 9568, - 9568, 9568, 160, 185, 116, 183, 229, 132, 175, 173, + 131, 137, 112, 118, 123, 142, 429, 383, 96, 9961, + 9961, 9961, 160, 185, 116, 183, 229, 132, 175, 173, 232, 50, 66, 120, 263, 275, 151, 323, 134, 375, - 416, 286, 308, 283, 126, 237, 374, 9568, 9568, 9568, - 95, 372, 9568, 9568, 9568, 186, 361, 373, 9568, 9568, - 9568, 258, 309, 9568, 9568, 9568, 104, 293, 9568, 266, - 9568, 167, 351, 281, 311, 9568, 9568, 9568, 369, 268, - 9568, 9568, 9568, 146, 252, 378, 177, 0, 392, 0, + 416, 286, 308, 283, 126, 237, 374, 9961, 9961, 9961, + 95, 372, 9961, 9961, 9961, 186, 361, 373, 9961, 9961, + 9961, 258, 309, 9961, 9961, 9961, 104, 293, 9961, 266, + 9961, 167, 351, 281, 311, 9961, 9961, 9961, 369, 268, + 9961, 9961, 9961, 146, 252, 378, 177, 0, 392, 0, 0, 303, 270, 235, 317, 362, 344, 384, 178, 177, 226, 420, 377, 330, 379, 402, 414, 419, 410, 453, @@ -817,719 +831,749 @@ static const flex_int16_t yy_base[3372] = 1051, 1052, 1053, 1036, 1057, 1062, 1072, 1069, 1070, 1076, 1079, 1088, 1055, 1067, 1065, 1082, 1092, 1098, 1087, 1100, 1091, 1103, 1115, 1106, 1120, 1099, 1134, 1132, 1127, 1159, - 1136, 1128, 1148, 1180, 1154, 1147, 1170, 1162, 1193, 1187, - 1169, 1191, 1198, 1204, 1206, 1207, 1199, 1197, 1218, 1226, - 1217, 1225, 1224, 1220, 1235, 1241, 1242, 1264, 9568, 1250, - 1253, 1246, 1266, 1273, 1269, 1261, 1301, 1280, 1259, 1286, - 1223, 1303, 1306, 1354, 1294, 1331, 1297, 1311, 1296, 9568, - 1337, 1318, 1403, 1336, 1353, 1365, 1360, 1347, 1367, 1361, - 1363, 1382, 1323, 1381, 1394, 1371, 1416, 1430, 1404, 1409, + 1136, 1128, 1148, 1189, 1154, 1143, 1162, 1185, 1169, 1155, + 1190, 1182, 1193, 1205, 1191, 1204, 1197, 1206, 1224, 1227, + 1215, 1231, 1229, 1220, 1226, 1233, 1249, 1258, 9961, 1242, + 1240, 1269, 1260, 1266, 1275, 1267, 1296, 1273, 1283, 1279, + 1291, 1298, 1344, 1392, 1293, 1311, 1301, 1304, 1307, 9961, + 1333, 1308, 1441, 1339, 1328, 1329, 1363, 1340, 1331, 1355, + 1364, 1356, 1300, 1359, 1367, 1390, 1403, 1400, 1379, 1389, - 1410, 1364, 1412, 1421, 1437, 1439, 1428, 1436, 1431, 1443, - 1263, 1455, 1473, 1449, 1458, 1462, 1461, 1477, 1488, 1480, - 1493, 1482, 1494, 1499, 1476, 1498, 1509, 1522, 1567, 1466, - 1518, 1524, 1526, 1519, 1537, 1538, 1541, 1548, 1560, 1556, - 1546, 1569, 1549, 1533, 1573, 1564, 1591, 1587, 1594, 1586, - 1582, 1590, 1597, 1614, 1604, 1600, 1608, 1621, 1607, 1628, - 1624, 1637, 1634, 1619, 1643, 1627, 9568, 1651, 9568, 1635, - 1650, 1648, 1647, 1664, 1653, 1660, 9568, 1670, 1671, 1666, - 1667, 1687, 1683, 1706, 1697, 1691, 1696, 1700, 1695, 1710, - 1711, 1701, 1717, 1731, 1726, 1730, 1719, 1718, 1738, 1745, + 1406, 1419, 1410, 1306, 1438, 1442, 1437, 1431, 1383, 1434, + 1447, 1468, 1479, 1465, 1472, 1475, 1480, 1495, 1506, 1489, + 1492, 1500, 1486, 1483, 1487, 1513, 1515, 1535, 1580, 1452, + 1525, 1532, 1541, 1538, 1522, 1527, 1533, 1542, 1560, 1572, + 1556, 1578, 1568, 1401, 1583, 1573, 1590, 1607, 1592, 1599, + 1595, 1604, 1606, 1626, 1617, 1610, 1621, 1620, 1637, 1641, + 1638, 1633, 1648, 1647, 1634, 1650, 1636, 9961, 1669, 9961, + 1659, 1663, 1672, 1662, 1679, 1667, 1676, 9961, 1673, 1674, + 1675, 1690, 1710, 1700, 1717, 1708, 1702, 1715, 1718, 1711, + 1719, 1729, 1712, 1727, 1733, 1735, 1736, 1742, 1744, 1743, - 1728, 1746, 1744, 1737, 1748, 1788, 9568, 1754, 1764, 1755, - 1765, 1782, 1786, 1813, 1770, 1800, 1817, 1801, 1825, 1811, - 1823, 1816, 1824, 1828, 1841, 1829, 1857, 1844, 1849, 1850, - 1843, 1845, 1868, 1855, 1860, 1863, 1874, 9568, 1884, 1892, - 1768, 1871, 1882, 1885, 1888, 1898, 1881, 1910, 1890, 1916, - 1908, 1919, 1921, 1933, 1922, 1938, 1924, 1939, 1930, 1935, - 1947, 1953, 1959, 1954, 1958, 1960, 1955, 1964, 1972, 1976, - 1984, 1977, 1993, 1969, 1980, 1986, 1996, 1979, 2000, 1991, - 2004, 1987, 2003, 2011, 2017, 2020, 2014, 2021, 2019, 2028, - 2025, 2018, 2038, 2034, 2037, 2059, 2053, 2048, 2060, 2051, + 1750, 1752, 1753, 1756, 1754, 1762, 1802, 9961, 1766, 1763, + 1782, 1792, 1768, 1793, 1788, 1813, 1827, 1811, 1807, 1831, + 1824, 1851, 1837, 1841, 1839, 1838, 1853, 1866, 1845, 1874, + 1871, 1864, 1872, 1880, 1863, 1883, 1884, 1895, 1893, 1891, + 1890, 9961, 1910, 1911, 1917, 1897, 1913, 1914, 1907, 1916, + 1920, 1909, 1924, 1932, 1947, 1934, 1942, 1551, 1965, 1951, + 1969, 1954, 1964, 1956, 1953, 1974, 1972, 1989, 1957, 1987, + 1990, 1986, 1988, 1994, 2004, 2007, 2014, 2023, 1999, 2000, + 2016, 2006, 2009, 2002, 2021, 2017, 2029, 2026, 2036, 2047, + 2034, 2053, 2041, 2055, 2044, 2061, 2049, 2048, 2065, 2071, - 2073, 2061, 2065, 2077, 2078, 2080, 2076, 9568, 2098, 2088, - 2099, 2107, 2108, 2109, 2114, 2100, 2104, 2110, 2115, 2118, - 2127, 2130, 2139, 2132, 2136, 2144, 2146, 2137, 2150, 2159, - 2169, 2167, 2160, 2154, 2168, 2171, 2142, 2189, 2185, 2196, - 2197, 2177, 2188, 2206, 2192, 2194, 2217, 2213, 2199, 2216, - 2223, 2211, 2229, 2232, 2243, 2215, 2235, 2260, 2253, 2240, - 2244, 2249, 2258, 2252, 2264, 2266, 2268, 2270, 2263, 2299, - 2294, 2291, 2288, 2290, 2296, 2293, 2295, 2304, 2306, 2310, - 2316, 2317, 2321, 2325, 2320, 2326, 2327, 2331, 2341, 2330, - 2347, 2358, 2362, 2356, 2352, 2353, 2367, 2368, 2374, 2365, + 2050, 2074, 2078, 2095, 2085, 2103, 2086, 2082, 2089, 2092, + 2097, 2113, 2109, 2105, 9961, 2130, 2119, 2134, 2139, 2144, + 2145, 2146, 2136, 2135, 2147, 2155, 2162, 2157, 2156, 2160, + 2166, 2170, 2172, 2181, 2174, 2203, 2194, 2199, 2207, 2206, + 2205, 2193, 2208, 2214, 2197, 2212, 2218, 2230, 2225, 2215, + 2226, 2256, 2234, 2235, 2249, 2264, 2244, 2251, 2261, 2245, + 2272, 2270, 2276, 2275, 2274, 2293, 2285, 2283, 2280, 2287, + 2290, 2313, 2300, 2301, 2304, 2307, 2303, 2329, 2333, 2330, + 2328, 2332, 2334, 2335, 2336, 2350, 2346, 2324, 2353, 2356, + 2357, 2351, 2363, 2381, 2369, 2370, 2371, 2383, 2388, 2395, - 2369, 2392, 2397, 2396, 2400, 2401, 2386, 2407, 2409, 2398, - 2411, 2410, 2416, 2432, 2436, 2428, 2437, 2429, 2438, 2430, - 2272, 2449, 2453, 2455, 2445, 9568, 2447, 2380, 2441, 2471, - 2472, 2464, 2465, 2383, 2478, 2463, 2476, 2479, 2480, 2530, - 9568, 2481, 9568, 9568, 2492, 9568, 9568, 2511, 2495, 9568, - 2518, 2517, 2498, 2529, 2536, 2545, 2543, 2516, 2541, 2538, - 2553, 2585, 2566, 2557, 2556, 2563, 2564, 2591, 2594, 2581, - 2602, 2582, 2593, 2633, 2618, 2609, 2620, 2627, 2638, 2636, - 2637, 2643, 2575, 2644, 2630, 2631, 2645, 2654, 2634, 2670, - 2655, 2664, 2671, 2683, 2668, 2675, 2666, 2694, 2691, 2690, + 2377, 2392, 2413, 2397, 2404, 2394, 2412, 2420, 2414, 2416, + 2424, 2429, 2428, 2438, 2422, 2443, 2449, 2440, 2452, 2457, + 2447, 2460, 2456, 2476, 2472, 2475, 2485, 2480, 2473, 2483, + 2487, 2470, 2490, 2510, 2506, 2503, 2504, 9961, 2496, 2497, + 2500, 2518, 2514, 2507, 2521, 2534, 2528, 2537, 2525, 2529, + 2530, 2580, 9961, 2545, 9961, 9961, 2551, 9961, 9961, 2567, + 2563, 9961, 2577, 2570, 2595, 2587, 2597, 2604, 2590, 2603, + 2606, 2566, 2613, 2648, 2614, 2610, 2624, 2617, 2632, 2619, + 2653, 2651, 2662, 2659, 2670, 2644, 2665, 2703, 2683, 2687, + 2684, 2696, 2704, 2697, 2706, 2708, 2707, 2714, 2710, 2700, - 2699, 9568, 2695, 2697, 2708, 2702, 2709, 2713, 2714, 2711, - 2725, 2728, 2722, 2715, 2726, 2732, 2727, 2721, 2742, 2744, - 2741, 2743, 2756, 2767, 2746, 9568, 2754, 2766, 2752, 2769, - 2771, 2779, 2781, 2770, 2760, 2790, 2778, 2800, 2788, 2795, - 2801, 2805, 2797, 2807, 2827, 9568, 2802, 2819, 2812, 2818, - 2815, 2824, 2829, 2813, 2839, 2834, 2841, 2851, 2840, 2850, - 2877, 2865, 2861, 2856, 2866, 2878, 2867, 2882, 2879, 2870, - 2886, 2883, 2891, 2892, 2893, 2897, 2901, 2928, 2930, 2913, - 2934, 2917, 2918, 2937, 2939, 2929, 2922, 2947, 2945, 2925, - 2935, 2942, 2948, 2952, 2958, 2981, 2960, 2982, 2965, 2979, + 2717, 2698, 2720, 2730, 2741, 2735, 2737, 2752, 2736, 2743, + 2734, 2679, 2762, 2758, 2776, 9961, 2768, 2725, 2765, 2764, + 2769, 2777, 2772, 2780, 2779, 2788, 2790, 2785, 2791, 2792, + 2798, 2803, 2800, 2804, 2808, 2801, 2814, 2826, 2834, 2819, + 9961, 2824, 2830, 2818, 2835, 2843, 2841, 2849, 2845, 2831, + 2846, 2850, 2880, 2873, 2869, 2866, 2878, 2864, 2871, 2891, + 9961, 2890, 2895, 2876, 2899, 2906, 2893, 2903, 2910, 2908, + 2916, 2911, 2935, 2918, 2922, 2883, 2933, 2944, 2938, 2937, + 2940, 2945, 2960, 2943, 2958, 2962, 2959, 2967, 2968, 2969, + 2970, 2971, 2972, 2980, 2987, 2997, 2995, 3007, 2996, 2985, - 2993, 2974, 2986, 2994, 2969, 2985, 2997, 2996, 9568, 2976, - 3011, 9568, 3001, 2999, 3009, 3055, 3034, 3036, 3028, 3004, - 3020, 3046, 3038, 3042, 3054, 3061, 3079, 3069, 3070, 3085, - 3077, 3094, 3083, 3102, 3086, 3087, 3103, 3106, 3112, 3119, - 3125, 3128, 3131, 381, 3130, 3110, 3121, 3120, 3167, 3137, - 3145, 3129, 3151, 3152, 3156, 3174, 3157, 3170, 3172, 3169, - 3165, 3198, 3192, 3188, 3194, 3199, 3205, 3207, 3202, 9568, - 3212, 3220, 3208, 3219, 3215, 3241, 3235, 3226, 9568, 3234, - 3239, 3236, 3246, 3247, 3238, 3253, 3244, 3255, 3261, 3265, - 3251, 3267, 3280, 3272, 3295, 9568, 3282, 9568, 3279, 3285, + 3016, 3018, 3015, 3002, 3013, 3023, 3014, 3029, 3031, 3036, + 3041, 3020, 3026, 3054, 3047, 3051, 3043, 3059, 3066, 3077, + 3058, 3071, 3078, 3065, 3056, 3085, 3070, 9961, 3083, 3081, + 9961, 3086, 3098, 3094, 3143, 3100, 3116, 3108, 3124, 3104, + 3126, 3134, 3141, 3131, 3151, 3144, 3153, 3158, 3179, 3169, + 3182, 3176, 3185, 3180, 3177, 3186, 3192, 3196, 3203, 3142, + 3210, 3133, 381, 3221, 3204, 3147, 3214, 3259, 3206, 3215, + 3222, 3227, 3242, 3229, 3247, 3241, 3248, 3225, 3231, 3256, + 3269, 3271, 3268, 3263, 3275, 3270, 3283, 3140, 3289, 3284, + 9961, 3314, 3310, 3298, 3316, 3306, 3327, 3318, 3305, 9961, - 3283, 3287, 3297, 3296, 3312, 3313, 9568, 9568, 3314, 3321, - 3299, 3326, 3322, 3320, 3323, 9568, 3327, 3356, 9568, 3333, - 3349, 3341, 3339, 3351, 3347, 3358, 3354, 3377, 3353, 3380, - 3372, 3379, 3374, 9568, 3386, 3370, 3385, 3397, 3392, 3394, - 3400, 3404, 3383, 9568, 3414, 3407, 3419, 3431, 3428, 3424, - 3421, 3434, 3441, 3422, 3426, 3436, 3435, 3430, 3449, 3459, - 3466, 3468, 3469, 3464, 9568, 3457, 3458, 3482, 3476, 3479, - 3480, 3483, 3470, 3485, 3484, 3491, 3502, 3512, 3505, 3508, - 3503, 3529, 3530, 3511, 3528, 3527, 3515, 3531, 3524, 91, - 3519, 3532, 3543, 3540, 9568, 3547, 3548, 3549, 128, 3557, + 3320, 3325, 3322, 3331, 3326, 3336, 3337, 3339, 3343, 3340, + 3356, 3362, 3363, 3367, 3358, 3379, 9961, 3361, 9961, 3364, + 3376, 3387, 3374, 3383, 3389, 3394, 3403, 3406, 9961, 9961, + 3410, 3404, 3416, 3385, 3418, 3414, 3412, 9961, 3430, 3453, + 9961, 3454, 3444, 3435, 3439, 3434, 3433, 3452, 3448, 3437, + 3464, 3472, 3468, 3482, 3474, 9961, 3466, 3473, 3492, 3493, + 3486, 3480, 3499, 3500, 3491, 9961, 3506, 3501, 3516, 3511, + 3508, 3514, 3518, 3531, 3539, 3519, 3528, 3532, 3545, 3529, + 3556, 3558, 3549, 3555, 3562, 3563, 3567, 9961, 3565, 3553, + 3557, 3578, 3581, 3588, 3582, 3584, 3583, 3580, 3597, 3603, - 3558, 3567, 3572, 3574, 3578, 3560, 3586, 3587, 3575, 3585, - 3593, 3592, 3589, 3594, 3604, 3596, 3606, 3619, 3600, 3610, - 9568, 3628, 3618, 3616, 3624, 3635, 3620, 3644, 9568, 3646, - 3647, 3652, 3654, 3662, 3651, 3661, 3653, 3668, 3673, 3678, - 3674, 3685, 3689, 3684, 3691, 3687, 9568, 3703, 3699, 3710, - 3707, 3712, 3718, 3714, 3713, 3720, 3719, 3724, 3733, 3725, - 3731, 3734, 3745, 3746, 3750, 3742, 3747, 3751, 3759, 3761, - 3760, 3769, 3763, 3772, 3774, 3765, 9568, 3805, 3787, 3790, - 3799, 3791, 3794, 3808, 3803, 3825, 3800, 3809, 3820, 3821, - 3860, 3826, 3835, 3848, 3827, 3840, 3849, 3862, 3854, 3872, + 3585, 3609, 3598, 3590, 3612, 3608, 3624, 3607, 3627, 3621, + 3618, 3626, 3630, 3620, 91, 3628, 3635, 3633, 3636, 9961, + 3647, 3650, 3648, 3663, 3665, 3658, 128, 3662, 3657, 3669, + 3675, 3673, 3686, 3667, 3696, 3703, 3685, 3699, 3708, 3706, + 3702, 3705, 3712, 3700, 3721, 3718, 3707, 3728, 9961, 3724, + 3727, 3732, 3738, 3730, 3742, 3756, 9961, 3754, 3759, 3766, + 3764, 3769, 3765, 3781, 3763, 3777, 3785, 3773, 3788, 3789, + 3805, 3799, 3803, 3798, 9961, 3818, 3815, 3819, 3809, 3822, + 3831, 3830, 3823, 3828, 3833, 3836, 3844, 3846, 3849, 3845, + 3847, 3851, 3871, 3866, 3872, 3862, 3863, 3875, 3870, 3873, - 3863, 3853, 3881, 3900, 3887, 3866, 3885, 3893, 3892, 3888, - 3898, 3922, 3923, 3921, 3924, 3947, 3930, 3917, 3932, 3939, - 3941, 9568, 3942, 3836, 3927, 3955, 3975, 3962, 3954, 3972, - 3966, 3969, 3968, 3981, 3970, 3990, 3985, 3993, 3992, 4004, - 3996, 4007, 4008, 4003, 3997, 4013, 4025, 4011, 4029, 4030, - 9568, 4036, 4041, 4028, 4035, 4050, 4031, 4054, 4059, 4056, - 4043, 4048, 4065, 4052, 4073, 4062, 4075, 4058, 4088, 4066, - 9568, 4092, 4083, 4096, 4091, 4099, 4089, 4103, 4109, 4115, - 4113, 4116, 4111, 4100, 4127, 4124, 9568, 4118, 4149, 4141, - 4154, 4143, 4131, 4142, 4155, 4139, 9568, 4145, 4147, 4148, + 3889, 3886, 3890, 3879, 3908, 3887, 9961, 3923, 3909, 3906, + 3914, 3910, 3911, 3921, 3913, 3944, 3936, 3929, 3918, 3945, + 3982, 3948, 3950, 3965, 3966, 3957, 3970, 3969, 3971, 3975, + 3984, 3992, 3998, 4018, 3988, 4002, 3973, 4007, 4004, 4022, + 4019, 4012, 4009, 4042, 4036, 4034, 4061, 4039, 4045, 4055, + 4086, 4051, 9961, 4049, 4072, 4046, 4065, 4095, 4084, 4076, + 4089, 4082, 4091, 4088, 4105, 4103, 4110, 4111, 4118, 4114, + 4130, 4115, 4122, 4133, 4125, 4121, 4142, 4136, 4139, 4150, + 4157, 9961, 4158, 4160, 4145, 4162, 4168, 4155, 4176, 4177, + 4174, 4169, 4172, 4180, 4188, 4183, 4191, 4189, 4202, 4206, - 4162, 4168, 4172, 9568, 4170, 4176, 4164, 4165, 4181, 4174, - 4182, 4201, 4186, 4189, 4192, 4199, 4207, 4195, 4216, 9568, - 4205, 4230, 4217, 4227, 4231, 4226, 4223, 4234, 4251, 4233, - 4244, 4241, 9568, 4269, 4243, 4261, 4280, 4258, 4263, 4266, - 4276, 4282, 4273, 4274, 4290, 4278, 9568, 4283, 4288, 4301, - 4311, 4309, 4302, 4304, 4307, 4314, 4308, 4316, 4317, 4322, - 4329, 4340, 4335, 4346, 4334, 4349, 4354, 4350, 4357, 4343, - 4359, 4373, 4376, 4369, 4374, 4382, 4364, 4368, 4392, 4399, - 4403, 4404, 4401, 4405, 9568, 4408, 4407, 4409, 4394, 4410, - 4400, 4398, 4416, 4419, 4424, 4434, 4443, 4438, 4435, 4458, + 4203, 4217, 4195, 9961, 4220, 4199, 4226, 4210, 4227, 4234, + 4238, 4222, 4240, 4247, 4250, 4239, 4254, 4249, 4251, 9961, + 4267, 4268, 4266, 4274, 4273, 4276, 4261, 4275, 4289, 4270, + 9961, 4287, 4278, 4294, 4284, 4288, 4295, 4314, 4315, 4319, + 9961, 4329, 4313, 4310, 4312, 4316, 4320, 4326, 4335, 4331, + 4323, 4346, 4360, 4349, 4343, 4362, 9961, 4350, 4379, 4354, + 4359, 4374, 4370, 4373, 4387, 4399, 4376, 4381, 4403, 9961, + 4395, 4394, 4408, 4418, 4397, 4401, 4415, 4431, 4432, 4420, + 4421, 4434, 4429, 9961, 4426, 4444, 4451, 4454, 4446, 4452, + 4453, 4425, 4463, 4464, 4460, 4471, 4473, 4465, 4480, 4487, - 4460, 4436, 4463, 4440, 4447, 4467, 4468, 4453, 4457, 4470, - 4462, 4487, 4475, 4483, 4479, 4490, 4510, 4489, 4493, 4494, - 4499, 4495, 4503, 4514, 4506, 4528, 4519, 4523, 4520, 4527, - 4543, 4539, 4545, 4535, 4551, 4540, 4555, 9568, 4546, 4558, - 4562, 4559, 4565, 4568, 4578, 4598, 4582, 4586, 4589, 4592, - 4603, 4591, 4602, 4605, 4595, 4608, 4600, 9568, 4610, 9568, - 4612, 4626, 4616, 4641, 4625, 9568, 4640, 9568, 4643, 4648, - 4634, 4635, 9568, 4653, 4637, 4654, 4658, 4661, 4644, 4647, - 4664, 4668, 4678, 4680, 4681, 4683, 4675, 4667, 4696, 4690, - 4693, 4707, 4686, 4715, 4714, 4702, 4720, 4708, 4725, 4728, + 4490, 4491, 4498, 4496, 4502, 4489, 4497, 4500, 4507, 4531, + 4533, 4523, 4538, 4540, 4535, 4526, 4522, 4546, 4549, 4550, + 4553, 4554, 4556, 9961, 4552, 4559, 4562, 4567, 4560, 4547, + 4576, 4568, 4592, 4577, 4588, 4595, 4587, 4586, 4611, 4621, + 4590, 4606, 4612, 4616, 4617, 4620, 4622, 4609, 4624, 4613, + 4640, 4630, 4628, 4651, 4644, 4653, 4665, 4647, 4656, 4657, + 4660, 4668, 4643, 4646, 4684, 4686, 4677, 4678, 4687, 4694, + 4698, 4695, 4703, 4688, 4708, 4705, 4727, 9961, 4692, 4715, + 4716, 4721, 4722, 4736, 4734, 4713, 4735, 4740, 4747, 4751, + 4760, 4749, 4754, 4748, 4763, 4775, 4759, 9961, 4767, 9961, - 4724, 4735, 9568, 4719, 4717, 4738, 4723, 4734, 4744, 4741, - 4768, 4767, 4755, 4757, 4773, 4765, 4771, 4759, 4785, 4783, - 4794, 4770, 4796, 9568, 4791, 4807, 4789, 4803, 9568, 4806, - 4795, 4812, 4823, 4814, 4802, 4810, 4839, 4826, 4830, 4831, - 4829, 4856, 4836, 4840, 4841, 9568, 4852, 4868, 4853, 4879, - 4864, 4870, 4886, 4872, 4883, 4889, 4897, 4880, 4881, 4875, - 4895, 4876, 4912, 4903, 4923, 4920, 4924, 4904, 4921, 4928, - 4929, 4917, 4913, 4916, 4918, 4943, 4944, 4919, 4940, 4945, - 4964, 4950, 9568, 4956, 4961, 4962, 4979, 4960, 4970, 4974, - 4976, 4977, 9568, 4978, 4988, 5004, 4987, 5010, 4997, 5002, + 4768, 4766, 4787, 4797, 4780, 9961, 4801, 9961, 4802, 4803, + 4790, 4792, 9961, 4810, 4799, 4784, 4809, 4814, 4821, 4823, + 4825, 4824, 4837, 4830, 4852, 4845, 4840, 4841, 4835, 4839, + 4862, 4861, 4864, 4869, 4877, 4876, 4880, 4873, 4894, 4883, + 4879, 4886, 4904, 4896, 4907, 9961, 4899, 4911, 4903, 4913, + 4901, 4909, 4919, 4928, 4923, 4924, 4951, 4953, 4936, 4939, + 4957, 4960, 4962, 4941, 4963, 4966, 4828, 4950, 4977, 9961, + 4968, 4973, 4972, 4975, 9961, 4996, 4979, 5004, 5006, 4997, + 4992, 4998, 5009, 5014, 4999, 5008, 5002, 5040, 5021, 5045, + 5049, 9961, 5018, 5048, 5030, 5056, 5051, 5061, 5065, 5057, - 4995, 5000, 5014, 5005, 5021, 5040, 5017, 9568, 5036, 9568, - 5032, 5031, 5042, 5053, 5050, 5046, 5063, 5054, 5055, 5067, - 5060, 5069, 5078, 5072, 5076, 5079, 5095, 5091, 5045, 5075, - 5089, 5101, 5090, 5096, 5103, 5126, 5106, 5117, 9568, 9568, - 5115, 5121, 5131, 5127, 5136, 5142, 5149, 5148, 5146, 5134, - 5141, 5153, 5186, 9568, 5168, 5170, 5161, 5187, 5195, 5175, - 5194, 5201, 5198, 5190, 5205, 5200, 9568, 5188, 5197, 5210, - 5213, 5220, 5212, 9568, 5228, 9568, 5215, 5222, 5235, 5237, - 5231, 5232, 5238, 5240, 5248, 5256, 5262, 5247, 5266, 5257, - 5258, 5259, 5280, 5275, 5287, 5268, 5281, 5273, 9568, 5292, + 5063, 5070, 5066, 5069, 5081, 5082, 5080, 5083, 5084, 5086, + 5107, 5101, 5109, 5089, 5110, 5105, 5113, 5102, 5097, 5104, + 5121, 5108, 5111, 5129, 5128, 5126, 5150, 5155, 5139, 5152, + 9961, 5148, 5149, 5156, 5167, 5144, 5147, 5145, 5166, 5168, + 9961, 5197, 5178, 5194, 5188, 5201, 5191, 5190, 5184, 5185, + 5205, 5195, 5212, 5211, 5218, 9961, 5228, 9961, 5215, 5233, + 5244, 5249, 5239, 5235, 5254, 5252, 5245, 5237, 5260, 5266, + 5263, 5255, 5261, 5264, 5267, 5290, 5280, 5303, 5297, 5285, + 5293, 5291, 5294, 5295, 5315, 5314, 5313, 9961, 9961, 5312, + 5316, 5322, 5328, 5318, 5326, 5347, 5351, 5352, 5338, 5345, - 5274, 5295, 5293, 5301, 5304, 5302, 5289, 9568, 5315, 5308, - 5310, 5313, 5318, 5322, 5334, 5329, 5337, 5335, 5336, 9568, - 5333, 5326, 5356, 5353, 5340, 5349, 5366, 5369, 5377, 9568, - 5373, 5375, 5374, 5381, 5376, 5385, 5383, 5370, 5367, 5380, - 5391, 5401, 5414, 5411, 5410, 5408, 5416, 5417, 5404, 5440, - 5427, 5415, 5429, 5400, 5413, 9568, 5436, 5441, 5442, 5444, - 5463, 5459, 5461, 5470, 5474, 5456, 5477, 5479, 5457, 5472, - 5481, 5490, 5500, 5495, 9568, 5501, 5491, 5515, 5486, 5513, - 5512, 5499, 5518, 5514, 5517, 5503, 5526, 5528, 5530, 5520, - 5551, 5534, 5542, 5546, 5553, 5547, 9568, 5576, 5558, 5562, + 5341, 5381, 9961, 5353, 5355, 5369, 5368, 5374, 5380, 5377, + 5390, 5383, 5378, 5404, 5396, 9961, 5386, 5389, 5414, 5399, + 5418, 5416, 9961, 5420, 9961, 5405, 5415, 5429, 5417, 5426, + 5423, 5431, 5425, 5432, 5443, 5460, 5471, 5473, 5456, 5472, + 5455, 5458, 5459, 5474, 5464, 5484, 5466, 5479, 5462, 9961, + 5490, 5489, 5493, 5487, 5498, 5505, 5507, 5504, 5500, 9961, + 5515, 5519, 5527, 5517, 5506, 5535, 5522, 5531, 5532, 5538, + 5533, 5545, 5549, 5554, 9961, 5544, 5553, 5569, 5555, 5557, + 5571, 5583, 5582, 5586, 9961, 5584, 5578, 5574, 5591, 5580, + 5593, 5594, 5579, 5581, 5605, 5607, 5610, 5612, 5618, 5616, - 5573, 5541, 5568, 5587, 5579, 5578, 5580, 5584, 5582, 5585, - 5596, 5595, 5618, 5620, 5604, 9568, 9568, 5621, 5602, 5623, - 9568, 5625, 5609, 5631, 5633, 5628, 5626, 5635, 5629, 5613, - 5636, 5644, 5651, 9568, 5668, 5677, 5654, 5672, 5680, 5681, - 9568, 5663, 5685, 5684, 5686, 5678, 5669, 5696, 5690, 5695, - 5701, 5694, 5723, 5708, 5731, 5707, 5717, 5729, 9568, 5710, - 5714, 5734, 5738, 5721, 5728, 9568, 5726, 5748, 5761, 5758, - 5759, 5769, 5767, 5766, 5773, 5753, 5770, 5780, 5776, 5763, - 5785, 5792, 5787, 5801, 5813, 5814, 5812, 9568, 5808, 5807, - 5800, 5821, 9568, 5822, 5830, 5797, 9568, 5836, 5811, 5841, + 5614, 5626, 5624, 5620, 5652, 5643, 5634, 5635, 5641, 5638, + 9961, 5644, 5647, 5653, 5658, 5670, 5667, 5676, 5682, 5687, + 5668, 5689, 5691, 5679, 5680, 5698, 5707, 5717, 5699, 9961, + 5718, 5703, 5722, 5715, 5706, 5729, 5723, 5716, 5719, 5735, + 5725, 5733, 5734, 5748, 5756, 5750, 5742, 5759, 5765, 5752, + 5767, 5769, 5768, 9961, 5806, 5762, 5775, 5789, 5782, 5792, + 5809, 5799, 5801, 5802, 5741, 5784, 5812, 5804, 5800, 5829, + 5825, 5818, 9961, 9961, 5832, 5816, 5833, 9961, 5835, 5826, + 5851, 5839, 5854, 5837, 5846, 5856, 5866, 5850, 5869, 5853, + 5868, 9961, 5862, 5877, 5871, 5880, 5897, 5898, 9961, 5882, - 5839, 5857, 9568, 5842, 5849, 5843, 5831, 5864, 5838, 5866, - 5862, 5859, 9568, 5863, 5858, 5869, 9568, 5876, 5887, 5872, - 5892, 5880, 5902, 5889, 5903, 5899, 5901, 9568, 5904, 9568, - 5914, 5906, 5911, 9568, 5913, 5922, 5915, 5921, 5937, 5938, - 5945, 5948, 5953, 5935, 5947, 5936, 5939, 5963, 5952, 5964, - 5942, 5959, 5970, 5962, 9568, 5992, 5978, 5989, 5979, 6000, - 6002, 5995, 5987, 6005, 6017, 9568, 9568, 6009, 9568, 6015, - 5997, 6023, 9568, 6006, 6027, 6022, 6026, 6045, 6049, 6047, - 6044, 9568, 6055, 6057, 9568, 6033, 6053, 6066, 6060, 6042, - 6061, 6062, 6068, 6071, 6084, 6085, 6086, 6087, 6076, 6090, + 5904, 5886, 5903, 5896, 5890, 5893, 5907, 5913, 5911, 5895, + 5914, 5931, 5938, 5924, 5930, 5932, 9961, 5927, 5928, 5948, + 5949, 5941, 5946, 9961, 5943, 5963, 5965, 5958, 5969, 5981, + 5979, 5984, 5982, 5976, 5972, 5985, 5993, 5987, 5996, 5974, + 5999, 6003, 6010, 6006, 6002, 6020, 6024, 9961, 6023, 6025, + 6029, 6035, 9961, 6038, 6058, 6044, 9961, 6045, 6034, 6052, + 6042, 6069, 9961, 6055, 6062, 6061, 6074, 6053, 6079, 6064, + 6082, 6070, 6071, 6072, 6098, 6083, 9961, 6096, 6085, 6102, + 9961, 6111, 6115, 6118, 6120, 6101, 6088, 6126, 6119, 6127, + 6128, 9961, 6131, 9961, 6141, 6138, 6139, 9961, 6145, 6149, - 6103, 9568, 6080, 6083, 6104, 6115, 6107, 6117, 6118, 6130, - 6119, 9568, 6133, 6145, 6123, 6146, 6148, 9568, 6131, 9568, - 6136, 6144, 6149, 6157, 6150, 9568, 6168, 6165, 6156, 6163, - 6180, 6191, 6182, 6194, 6183, 6178, 6196, 6195, 6190, 6192, - 6213, 6207, 9568, 6205, 6219, 6202, 6210, 6220, 6216, 6244, - 6240, 6239, 6230, 6242, 6249, 6243, 6251, 6253, 6247, 6259, - 6266, 9568, 6278, 6271, 6267, 6297, 6277, 6286, 6291, 9568, - 6294, 6296, 6302, 9568, 6299, 6300, 6310, 6308, 6313, 6314, - 6309, 6324, 6327, 9568, 6333, 6336, 6323, 6339, 6350, 6340, - 9568, 9568, 6362, 9568, 6347, 6334, 6358, 6360, 6361, 6370, + 6147, 6156, 6153, 6164, 6165, 6172, 6173, 6158, 6177, 6163, + 6168, 6189, 6196, 6199, 6180, 6194, 6188, 6195, 9961, 6217, + 6192, 6215, 6207, 6211, 6222, 6220, 6214, 6238, 6233, 9961, + 9961, 6240, 9961, 6245, 6234, 6236, 9961, 6242, 6239, 6260, + 6247, 6267, 6269, 6258, 6278, 6273, 9961, 6282, 6285, 9961, + 6265, 6277, 6294, 6279, 6290, 6280, 6291, 6298, 6292, 6295, + 6315, 6318, 6308, 6319, 6306, 6321, 6328, 9961, 6317, 6326, + 6329, 6339, 6333, 6342, 6364, 6360, 6350, 9961, 6366, 6373, + 6354, 6374, 6376, 9961, 6377, 9961, 6378, 6381, 6368, 6382, + 6393, 6387, 9961, 6413, 6402, 6418, 6395, 6414, 6422, 6420, - 6356, 6382, 6390, 6374, 6388, 6389, 6383, 6376, 6404, 6407, - 6412, 6408, 6406, 6402, 9568, 9568, 6424, 6427, 6421, 6432, - 6435, 6425, 6429, 6417, 6438, 6439, 6445, 6441, 6431, 9568, - 6456, 6451, 6457, 6455, 9568, 6452, 6476, 6462, 6478, 6486, - 6472, 6479, 6474, 6487, 6488, 6496, 6503, 6482, 6506, 6499, - 6509, 6504, 6513, 6523, 6522, 6521, 6529, 9568, 6533, 6526, - 6538, 6519, 6520, 6548, 6537, 6549, 6552, 9568, 6536, 9568, - 6564, 6556, 6568, 6578, 6581, 6582, 6583, 6576, 6579, 6585, - 6591, 6590, 6594, 6599, 6600, 6609, 6601, 6621, 6611, 6624, - 6626, 9568, 6627, 6614, 6617, 6623, 6639, 6640, 6628, 6643, + 6423, 6408, 6407, 6435, 6431, 6443, 6432, 6437, 6430, 9961, + 6441, 6447, 6466, 6468, 6452, 6453, 6477, 6470, 6474, 6463, + 6483, 6478, 6480, 6484, 6488, 6497, 6493, 6495, 9961, 6505, + 6507, 6500, 6528, 6518, 6520, 6519, 9961, 6523, 6532, 6533, + 9961, 6526, 6522, 6534, 6551, 6536, 6549, 6552, 6546, 6558, + 6559, 6570, 9961, 6565, 6576, 6560, 6578, 6579, 6573, 9961, + 9961, 6602, 9961, 6585, 6566, 6598, 6596, 6592, 6611, 6622, + 6615, 6626, 6609, 6612, 6628, 6625, 6633, 9961, 6618, 6601, + 6634, 6667, 6638, 6639, 6647, 6655, 6648, 9961, 9961, 6643, + 6670, 6672, 6676, 6677, 6674, 6661, 6689, 6675, 6690, 6687, - 6638, 6645, 6648, 6641, 6652, 6669, 6657, 6667, 6664, 6658, - 9568, 6675, 6681, 6668, 6682, 6670, 6683, 6690, 6685, 6692, - 6699, 6696, 6698, 9568, 6706, 6703, 6724, 9568, 6709, 6708, - 6717, 6730, 6737, 6720, 6735, 6726, 6727, 9568, 6743, 6745, - 6748, 6736, 6753, 6756, 6752, 6759, 6764, 6779, 6791, 9568, - 6757, 6776, 6780, 6790, 6772, 6783, 6792, 6799, 6763, 9568, - 6815, 6822, 6787, 6798, 6807, 6835, 6832, 6834, 6808, 6830, - 6838, 6836, 6842, 6844, 6847, 6859, 6849, 6855, 6848, 9568, - 6857, 9568, 6858, 6880, 6863, 6886, 6883, 6869, 9568, 6876, - 6882, 6893, 6884, 6896, 9568, 6885, 6890, 6912, 6909, 9568, + 6688, 6694, 9961, 6705, 6699, 6706, 6702, 9961, 6700, 6723, + 6707, 6716, 6733, 6717, 6724, 6721, 6734, 6720, 6745, 6749, + 6744, 6751, 6737, 6752, 6761, 6755, 6772, 6762, 6766, 6754, + 9961, 6779, 6776, 6786, 6769, 6767, 6788, 6789, 6796, 6799, + 6697, 9961, 6794, 9961, 6785, 6803, 6818, 6825, 6811, 6828, + 6834, 6826, 6830, 6819, 6835, 6840, 6842, 6847, 6850, 6844, + 6851, 6862, 6870, 6865, 6872, 6868, 9961, 6875, 6861, 6867, + 6871, 6884, 6885, 6874, 6896, 6886, 6903, 6890, 6910, 6916, + 6918, 6907, 6913, 6902, 6911, 6908, 9961, 6923, 6924, 6914, + 6926, 6929, 6930, 6941, 6957, 6939, 6940, 6949, 6960, 9961, - 6925, 6924, 6910, 6919, 6934, 6937, 9568, 6935, 6939, 6936, - 6945, 6948, 6940, 6944, 6933, 6952, 6958, 6959, 6962, 6976, - 6955, 6964, 6979, 9568, 6983, 6985, 6990, 6989, 6986, 6992, - 6982, 7003, 6993, 7005, 9568, 7019, 7006, 7011, 7009, 7021, - 7015, 7022, 7042, 7033, 7029, 7036, 7038, 7054, 7040, 9568, - 7052, 7056, 7063, 7046, 7062, 7069, 9568, 7066, 9568, 7073, - 7076, 7082, 7079, 7091, 9568, 9568, 7090, 7049, 7089, 7080, - 7099, 9568, 9568, 7110, 9568, 7093, 9568, 7109, 7097, 9568, - 9568, 7117, 7103, 7120, 7126, 7115, 9568, 7127, 9568, 7138, - 7133, 7130, 7121, 7136, 9568, 7132, 7142, 7150, 7152, 7139, + 6950, 6942, 6970, 9961, 6952, 6955, 6966, 6971, 6980, 6976, + 6985, 6979, 6986, 9961, 6983, 6984, 6989, 7000, 6991, 6997, + 6993, 7024, 7017, 7027, 7030, 9961, 7035, 7020, 7034, 7038, + 7042, 7036, 7037, 7063, 7045, 9961, 7069, 7073, 7064, 7060, + 7085, 7061, 7066, 7088, 7084, 7087, 7072, 7090, 7083, 7093, + 7095, 7098, 7109, 7112, 7128, 7132, 7117, 9961, 7113, 9961, + 7115, 7129, 7136, 7146, 7142, 7140, 7153, 7145, 7162, 9961, + 7131, 7152, 7161, 7156, 7166, 9961, 7173, 7170, 7172, 7178, + 9961, 7188, 7189, 7176, 7180, 7201, 7203, 9961, 7206, 7205, + 7215, 7227, 7229, 7216, 7210, 7212, 7233, 7224, 7230, 7219, - 9568, 7158, 7160, 7153, 7159, 9568, 7175, 7173, 7163, 7165, - 9568, 7180, 7184, 7188, 7177, 7187, 7192, 7203, 7185, 7202, - 7194, 7208, 7198, 7207, 7212, 7228, 7231, 7236, 7237, 7226, - 7223, 7242, 7245, 7248, 7239, 7240, 7250, 7244, 7256, 7261, - 7257, 7259, 7271, 7269, 7278, 7277, 7272, 7286, 7273, 7274, - 7290, 7297, 7276, 7295, 7298, 7299, 7300, 7316, 7309, 7321, - 7317, 7319, 9568, 7313, 7325, 7312, 7342, 7337, 7344, 7348, - 7354, 7356, 7359, 9568, 7362, 9568, 7364, 7350, 7355, 7369, - 7352, 9568, 7377, 7380, 7378, 7379, 7375, 7381, 7383, 7389, - 7395, 7396, 7402, 9568, 7417, 7404, 7410, 7411, 7419, 9568, + 7239, 7232, 7231, 7243, 9961, 7237, 7246, 7250, 7257, 7260, + 7265, 7258, 7275, 7255, 7267, 9961, 7276, 7263, 7266, 7277, + 7284, 7289, 7290, 7302, 7292, 7299, 7294, 7301, 7304, 7319, + 7311, 7314, 9961, 7318, 7317, 7329, 7340, 7335, 7346, 9961, + 7328, 9961, 7338, 7341, 7350, 7345, 7357, 9961, 9961, 7359, + 7354, 7362, 7366, 7367, 9961, 9961, 7378, 9961, 7364, 9961, + 7369, 7372, 9961, 9961, 7387, 7380, 7381, 7390, 7399, 7397, + 9961, 7400, 9961, 7416, 7411, 7405, 7391, 7415, 9961, 7409, + 7422, 7418, 7423, 7434, 9961, 7432, 7442, 7426, 7431, 9961, + 7451, 7453, 7445, 7436, 9961, 7459, 7465, 7461, 7449, 7468, - 7412, 7433, 7416, 7424, 7428, 7437, 7431, 7436, 7440, 7438, - 7450, 7453, 7446, 7460, 7462, 7470, 7471, 7477, 7464, 7459, - 7469, 7476, 7480, 7472, 7486, 7489, 7473, 7508, 7509, 7510, - 9568, 7495, 9568, 7515, 7499, 7513, 7500, 7523, 7512, 7527, - 9568, 9568, 7529, 7531, 7530, 7533, 7526, 7543, 7551, 7550, - 7559, 9568, 7552, 7560, 7566, 7555, 9568, 7554, 7577, 7578, - 7572, 9568, 7573, 7574, 7576, 7584, 7587, 7588, 7603, 7593, - 7600, 7601, 7599, 7609, 9568, 9568, 9568, 9568, 7617, 7610, - 7621, 7625, 7626, 7614, 7622, 7634, 7627, 9568, 7647, 9568, - 9568, 7646, 7650, 7643, 7658, 7648, 7641, 7653, 7659, 9568, + 7469, 7473, 7470, 7471, 7478, 7494, 7462, 7483, 7501, 7507, + 7508, 7513, 7514, 7504, 7497, 7517, 7518, 7524, 7511, 7500, + 7527, 7509, 7532, 7521, 7555, 7538, 7558, 7560, 7550, 7551, + 7562, 7556, 7547, 7565, 7552, 7566, 7571, 7564, 7575, 7577, + 7581, 7592, 7582, 7593, 7588, 7609, 7600, 7613, 7608, 7616, + 7627, 9961, 7628, 7596, 7598, 7623, 7633, 7624, 7644, 7652, + 7657, 7658, 9961, 7660, 9961, 7662, 7648, 7653, 7651, 7650, + 9961, 7674, 7654, 7673, 7676, 7689, 7682, 7681, 7684, 7687, + 7688, 7711, 9961, 7707, 7699, 7697, 7708, 7718, 9961, 7721, + 7720, 7709, 7710, 7734, 7735, 7724, 7725, 7733, 7737, 7746, - 7649, 7666, 7674, 7673, 7672, 7681, 7692, 7689, 7690, 7684, - 7685, 7709, 7700, 7706, 7682, 7708, 7710, 7714, 9568, 9568, - 7712, 7718, 7717, 7726, 7723, 7733, 7729, 7736, 7742, 7744, - 7739, 7747, 7750, 7730, 7759, 7764, 7756, 7755, 9568, 7765, - 7763, 7776, 9568, 7769, 9568, 7775, 7782, 7766, 7785, 7788, - 7791, 7803, 7792, 9568, 9568, 7795, 7810, 7811, 9568, 9568, - 7802, 7796, 7807, 7820, 7825, 7814, 7827, 7824, 7835, 7823, - 9568, 7830, 9568, 7829, 7851, 7846, 7840, 7863, 7866, 7869, - 7868, 7862, 7872, 9568, 7871, 7861, 9568, 7876, 7878, 7875, - 7873, 7894, 9568, 7883, 7867, 7886, 7891, 9568, 7915, 7912, + 7758, 7759, 7745, 7748, 7757, 9961, 7767, 7771, 7779, 7760, + 7773, 7762, 7768, 7786, 7776, 7777, 7794, 7800, 7801, 7805, + 7810, 9961, 7792, 9961, 7803, 7795, 7804, 7813, 7815, 7830, + 7824, 7826, 9961, 9961, 7828, 7822, 7836, 7831, 7832, 7854, + 7853, 7841, 7857, 9961, 7851, 7863, 7865, 7869, 9961, 7859, + 7875, 7877, 7876, 9961, 7873, 7878, 7894, 7879, 7880, 7889, + 7903, 7901, 7902, 7905, 7893, 7911, 9961, 9961, 9961, 9961, + 7914, 7909, 7919, 7920, 7921, 7930, 7940, 7941, 7927, 7932, + 7928, 9961, 7951, 9961, 9961, 7948, 7957, 7942, 7958, 7964, + 7946, 7973, 7966, 9961, 7971, 9961, 7976, 7983, 7979, 7987, - 7914, 9568, 7917, 9568, 7900, 7918, 7910, 7929, 7913, 9568, - 7906, 7927, 9568, 7930, 7931, 7932, 7921, 9568, 7933, 9568, - 7943, 7938, 7965, 7964, 7952, 7968, 7956, 7953, 7958, 7978, - 7974, 7973, 9568, 9568, 73, 7981, 7959, 7983, 7986, 7991, - 7980, 7962, 7984, 8002, 9568, 9568, 8007, 9568, 8008, 8014, - 9568, 7994, 8020, 8021, 8009, 8032, 8013, 8005, 8024, 8028, - 8042, 8057, 8047, 8043, 8055, 8071, 8072, 8054, 8075, 8076, - 8078, 8084, 8090, 8070, 8087, 8074, 8081, 8088, 8097, 8104, - 8101, 8102, 8103, 9568, 8125, 8126, 8124, 8114, 9568, 8133, - 8128, 8138, 8134, 9568, 8140, 8136, 8137, 8147, 9568, 8130, + 7995, 7991, 7978, 8002, 8000, 7999, 7993, 7998, 8017, 8014, + 8027, 8015, 8031, 8032, 8033, 9961, 9961, 8022, 8037, 8042, + 8052, 8034, 8043, 8026, 8055, 8047, 8060, 8059, 8056, 8069, + 8063, 8061, 8078, 8075, 8064, 9961, 8074, 8088, 8082, 9961, + 8087, 9961, 8089, 8092, 8095, 8104, 8091, 8101, 8105, 8114, + 8120, 9961, 9961, 8111, 8135, 8128, 9961, 9961, 8124, 8119, + 8126, 8136, 8141, 8130, 8133, 8144, 8154, 8146, 9961, 8152, + 9961, 8157, 8160, 8158, 8153, 8179, 8187, 8170, 8194, 8183, + 8182, 8191, 9961, 8184, 8185, 9961, 8200, 8199, 8197, 8189, + 8192, 9961, 8212, 8204, 8208, 8232, 9961, 8233, 8234, 8231, - 8142, 8154, 8159, 8151, 8160, 8161, 8182, 8166, 8175, 8185, - 9568, 9568, 9568, 8186, 8180, 9568, 8190, 8178, 8169, 8181, - 9568, 8200, 8195, 8198, 9568, 9568, 8203, 8205, 8209, 8206, - 9568, 8208, 9568, 8213, 9568, 8218, 8219, 8237, 8230, 9568, - 8243, 8258, 9568, 8215, 8244, 8249, 8245, 8233, 8250, 8247, - 9568, 8263, 8268, 8277, 8267, 8260, 8271, 8270, 8279, 8274, - 8293, 8287, 8299, 9568, 8298, 8303, 8310, 8306, 8294, 8301, - 8309, 9568, 8311, 9568, 8317, 9568, 8314, 8319, 8318, 8338, - 8334, 8329, 8344, 8355, 8356, 8353, 8345, 8340, 8364, 8349, - 9568, 9568, 8369, 8370, 9568, 8365, 9568, 8373, 9568, 8372, + 9961, 8237, 9961, 8221, 8239, 8230, 8250, 8235, 9961, 8226, + 8251, 9961, 8243, 8254, 8253, 8259, 8262, 9961, 8255, 8249, + 9961, 8264, 8285, 8286, 8288, 8277, 8290, 8280, 8278, 8281, + 8302, 8298, 8297, 9961, 9961, 8305, 8304, 73, 8321, 8283, + 8307, 8310, 8312, 8308, 8313, 8322, 8341, 9961, 9961, 8337, + 9961, 8335, 8344, 9961, 8325, 8348, 8345, 8349, 8353, 8361, + 8336, 8368, 8359, 8370, 8378, 8373, 8371, 8383, 8401, 8404, + 8388, 8392, 8402, 8411, 8419, 8421, 8397, 8418, 8405, 8400, + 8427, 8428, 8416, 8431, 8442, 8417, 8439, 9961, 8456, 8457, + 8458, 8447, 9961, 8467, 8463, 8471, 8468, 9961, 8472, 8466, - 8378, 8382, 8376, 9568, 8385, 8384, 8392, 8328, 8379, 8391, - 9568, 8406, 8400, 8397, 8417, 9568, 9568, 8403, 8425, 8421, - 9568, 8413, 8422, 8432, 8418, 8436, 8431, 8430, 8427, 8451, - 8437, 8448, 8441, 8467, 8468, 8469, 9568, 9568, 9568, 8464, - 8452, 8478, 8477, 8481, 8485, 8474, 9568, 8488, 8486, 8495, - 8483, 8490, 8489, 8509, 9568, 8511, 8503, 8499, 8501, 8518, - 8512, 8516, 8526, 9568, 8525, 8537, 8539, 8528, 8541, 8540, - 8547, 8549, 8543, 8534, 8559, 8552, 9568, 8563, 9568, 9568, - 8553, 9568, 8555, 8566, 8567, 8564, 9568, 8575, 8569, 8578, - 8571, 8580, 8592, 8581, 8603, 9568, 8583, 8586, 8590, 8613, + 8478, 8480, 8482, 9961, 8483, 8476, 8477, 8497, 8492, 8485, + 8498, 8520, 8504, 8512, 8518, 9961, 9961, 9961, 8524, 8526, + 9961, 8527, 8516, 8507, 8519, 9961, 8535, 8533, 8538, 9961, + 9961, 8536, 8547, 8546, 9961, 8548, 8563, 9961, 8554, 9961, + 8549, 9961, 8562, 8573, 8571, 8574, 9961, 8575, 8579, 8577, + 8607, 9961, 8585, 8586, 8587, 8594, 8589, 8596, 8612, 9961, + 8601, 8619, 8620, 8622, 8613, 8614, 8606, 8632, 8630, 8634, + 8618, 8650, 9961, 8651, 8657, 8658, 8659, 8646, 8641, 8652, + 9961, 8649, 9961, 8666, 9961, 8661, 8668, 8676, 8682, 8683, + 8678, 8690, 8695, 8684, 8701, 8703, 8688, 8687, 8716, 8715, - 9568, 9568, 8611, 9568, 8614, 8615, 8607, 8628, 8617, 8623, - 8625, 8627, 9568, 8619, 8633, 8630, 8637, 8645, 9568, 8655, - 8642, 8647, 8648, 9568, 8652, 8657, 8669, 8644, 8672, 9568, - 8676, 8671, 8688, 8680, 9568, 8682, 8690, 8692, 9568, 9568, - 8689, 8701, 8706, 9568, 9568, 9568, 8711, 8716, 8703, 8723, - 9568, 8724, 4983, 8727, 8736, 8735, 9568, 8726, 8732, 8740, - 8728, 8730, 9568, 9568, 8725, 8749, 8751, 8747, 9568, 9568, - 8750, 8753, 8757, 8755, 8766, 9568, 8752, 8776, 8788, 8765, - 8786, 8779, 8790, 8792, 8805, 8803, 8782, 8784, 8793, 8813, - 8819, 8806, 8810, 8828, 8821, 8829, 8835, 8823, 8831, 9568, + 9961, 9961, 8719, 8720, 9961, 8711, 9961, 8721, 9961, 8725, + 8728, 8718, 8733, 8730, 9961, 8736, 8731, 8745, 8742, 8743, + 8737, 9961, 8752, 8759, 8748, 8765, 9961, 9961, 8757, 8779, + 8780, 9961, 8760, 8788, 8789, 8775, 8771, 8795, 8786, 8792, + 8776, 8804, 8802, 8793, 8806, 8808, 8810, 8824, 8831, 8829, + 9961, 9961, 9961, 8828, 8816, 8815, 8811, 8841, 8850, 8842, + 9961, 8854, 8839, 8857, 8845, 8851, 8856, 8849, 9961, 8853, + 8852, 8863, 8869, 8875, 8866, 8878, 8886, 9961, 8898, 8899, + 8901, 8889, 8902, 8904, 8908, 8910, 8911, 8905, 8893, 8922, + 8909, 9961, 8923, 9961, 9961, 8920, 9961, 8921, 8929, 8925, - 9568, 8839, 9568, 8842, 8834, 9568, 9568, 8844, 8847, 8849, - 8853, 8857, 8859, 8860, 8864, 8841, 9568, 8863, 8873, 8866, - 8865, 8858, 9568, 8862, 8879, 8868, 8869, 8876, 8896, 8886, - 8898, 9568, 9568, 8889, 8908, 8891, 8913, 8894, 9568, 8916, - 8925, 8915, 8921, 8903, 8909, 8931, 9568, 8939, 8923, 9568, - 9568, 8933, 8936, 9568, 9568, 8935, 9568, 9568, 9568, 9568, - 9568, 9568, 9568, 9568, 8950, 8954, 9568, 8952, 8967, 8968, - 8969, 9568, 8948, 8964, 8966, 8956, 8972, 9568, 8962, 8979, - 8975, 8999, 8989, 9007, 8992, 8991, 8993, 8998, 8996, 9000, - 9013, 8997, 9024, 9012, 9025, 9043, 9026, 9039, 9568, 9568, + 8931, 8941, 9961, 8927, 8933, 8936, 8947, 8937, 8956, 8940, + 8962, 9961, 8977, 8967, 8954, 8970, 9961, 9961, 8958, 8976, + 9961, 8990, 8986, 8981, 8982, 8984, 8985, 8998, 8994, 9961, + 8997, 9000, 9009, 9010, 9011, 9007, 9025, 9961, 9027, 9014, + 9020, 9022, 9961, 9021, 9028, 9046, 9024, 9048, 9961, 9054, + 9041, 9055, 9060, 9961, 9050, 9071, 9066, 9961, 9961, 9076, + 9078, 9080, 9961, 9961, 9961, 9961, 9083, 9089, 9077, 9085, + 9961, 9095, 9101, 9110, 9102, 9115, 9113, 9961, 9114, 9109, + 9120, 9106, 9111, 9961, 9961, 9107, 9112, 9121, 9130, 9123, + 9961, 9961, 9131, 9128, 9145, 9151, 9146, 9961, 9147, 9158, - 9568, 9031, 9027, 9050, 9052, 9055, 9058, 9062, 9063, 9048, - 9049, 9065, 9073, 9075, 9056, 9072, 9070, 9077, 9086, 9079, - 9093, 9083, 9101, 9568, 9109, 9097, 9096, 9116, 9568, 9102, - 9568, 9104, 9568, 9568, 9119, 9120, 9118, 9108, 9137, 9138, - 9136, 9128, 9132, 9129, 9140, 9568, 9152, 9568, 9568, 9139, - 9142, 9568, 9143, 9154, 9568, 9153, 9166, 9155, 9159, 9163, - 9156, 9183, 9186, 9192, 9568, 9568, 9177, 9178, 9187, 9194, - 9190, 9212, 9207, 9204, 9211, 9215, 9210, 9217, 9568, 9225, - 9221, 9227, 9568, 9224, 9213, 9223, 9222, 9239, 9250, 9242, - 9233, 9568, 9262, 9568, 9264, 9266, 9260, 9252, 9253, 9254, + 9164, 9157, 9167, 9169, 9171, 9162, 9170, 9191, 9186, 9172, + 9155, 9190, 9185, 9196, 9204, 9189, 9210, 9184, 9213, 9214, + 9215, 9207, 9216, 9961, 9961, 9220, 9961, 9224, 9217, 9961, + 9961, 9225, 9229, 9238, 9239, 9961, 9245, 9250, 9254, 9255, + 9231, 9961, 9251, 9259, 9252, 9256, 9242, 9961, 9263, 9248, + 9264, 9258, 9279, 9281, 9269, 9271, 9961, 9284, 9274, 9961, + 9961, 9285, 9277, 9283, 9301, 9287, 9961, 9310, 9320, 9304, + 9311, 9298, 9306, 9307, 9961, 9315, 9326, 9961, 9961, 9337, + 9312, 9961, 9961, 9329, 9961, 9961, 9961, 9961, 9961, 9961, + 9961, 9961, 9344, 9343, 9961, 9339, 9357, 9358, 9961, 9359, - 9269, 9277, 9273, 9568, 9257, 9294, 9284, 9300, 9305, 9302, - 9308, 9293, 9314, 9311, 9317, 9318, 9324, 9329, 9321, 9320, - 9330, 9568, 9323, 9334, 9568, 9332, 9350, 9335, 9341, 9364, - 9568, 9366, 9351, 9352, 9368, 9372, 9367, 9568, 9373, 9375, - 9376, 9568, 9379, 9568, 9568, 9380, 9386, 9389, 9388, 9390, - 9568, 9568, 9568, 9448, 9455, 9462, 9469, 9476, 9483, 9490, - 102, 9497, 9504, 9511, 9518, 9525, 9532, 9539, 9546, 9553, - 9560 + 9961, 9338, 9351, 9363, 9354, 9961, 9366, 9961, 9368, 9372, + 9370, 9387, 9377, 9395, 9385, 9381, 9388, 9393, 9378, 9402, + 9404, 9399, 9416, 9407, 9419, 9432, 9415, 9434, 9961, 9961, + 9961, 9423, 9425, 9441, 9438, 9449, 9452, 9454, 9456, 9444, + 9440, 9455, 9464, 9465, 9448, 9462, 9483, 9472, 9476, 9479, + 9493, 9474, 9495, 9961, 9498, 9487, 9489, 9505, 9961, 9492, + 9961, 9491, 9961, 9961, 9512, 9516, 9515, 9511, 9529, 9531, + 9513, 9520, 9518, 9536, 9528, 9961, 9546, 9961, 9961, 9532, + 9542, 9961, 9534, 9545, 9961, 9547, 9560, 9551, 9539, 9558, + 9563, 9572, 9576, 9583, 9961, 9961, 9564, 9568, 9569, 9593, + + 9595, 9606, 9601, 9607, 9609, 9611, 9598, 9610, 9961, 9618, + 9619, 9621, 9961, 9622, 9604, 9625, 9628, 9635, 9640, 9637, + 9644, 9961, 9641, 9961, 9658, 9651, 9661, 9646, 9653, 9662, + 9669, 9671, 9664, 9961, 9668, 9678, 9681, 9685, 9706, 9696, + 9702, 9691, 9711, 9712, 9713, 9714, 9718, 9719, 9697, 9727, + 9703, 9961, 9720, 9729, 9961, 9730, 9745, 9736, 9739, 9759, + 9961, 9751, 9742, 9746, 9763, 9767, 9769, 9961, 9768, 9770, + 9772, 9961, 9766, 9961, 9961, 9775, 9762, 9782, 9783, 9784, + 9961, 9961, 9961, 9841, 9848, 9855, 9862, 9869, 9876, 9883, + 102, 9890, 9897, 9904, 9911, 9918, 9925, 9932, 9939, 9946, + + 9953 } ; -static const flex_int16_t yy_def[3372] = +static const flex_int16_t yy_def[3502] = { 0, - 3353, 1, 3354, 3354, 3355, 3355, 3356, 3356, 3357, 3357, - 3358, 3358, 3359, 3359, 3360, 3360, 3353, 3361, 3353, 3353, - 3353, 3353, 3362, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3363, 3353, 3353, 3353, - 3363, 3364, 3353, 3353, 3353, 3364, 3365, 3353, 3353, 3353, - 3353, 3365, 3366, 3353, 3353, 3353, 3366, 3367, 3353, 3368, - 3353, 3367, 3367, 3369, 3353, 3353, 3353, 3353, 3369, 3370, - 3353, 3353, 3353, 3370, 3361, 3361, 3353, 3371, 3362, 3371, - 3362, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, + 3483, 1, 3484, 3484, 3485, 3485, 3486, 3486, 3487, 3487, + 3488, 3488, 3489, 3489, 3490, 3490, 3483, 3491, 3483, 3483, + 3483, 3483, 3492, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3493, 3483, 3483, 3483, + 3493, 3494, 3483, 3483, 3483, 3494, 3495, 3483, 3483, 3483, + 3483, 3495, 3496, 3483, 3483, 3483, 3496, 3497, 3483, 3498, + 3483, 3497, 3497, 3499, 3483, 3483, 3483, 3483, 3499, 3500, + 3483, 3483, 3483, 3500, 3491, 3491, 3483, 3501, 3492, 3501, + 3492, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3363, - 3363, 3364, 3364, 3365, 3365, 3353, 3366, 3366, 3367, 3367, - 3368, 3368, 3367, 3369, 3369, 3353, 3370, 3370, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3493, + 3493, 3494, 3494, 3495, 3495, 3483, 3496, 3496, 3497, 3497, + 3498, 3498, 3497, 3499, 3499, 3483, 3500, 3500, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3367, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3497, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3353, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3353, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3367, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3483, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3483, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3497, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3353, 3361, 3353, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3353, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3483, 3491, 3483, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3483, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, - 3361, 3361, 3361, 3361, 3361, 3361, 3353, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3353, 3361, 3367, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3483, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3483, 3491, 3491, 3497, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3353, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3483, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3367, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3353, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3353, 3361, 3353, 3353, 3361, 3353, 3353, 3361, 3361, 3353, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3497, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3483, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3483, 3491, 3483, 3483, 3491, 3483, 3483, 3491, + 3491, 3483, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, - 3361, 3353, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3353, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3353, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3483, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3483, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3483, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, - 3367, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3353, 3361, - 3361, 3353, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3353, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3353, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3353, 3361, 3353, 3361, 3361, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3497, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3483, 3491, 3491, + 3483, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3483, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3483, - 3361, 3361, 3361, 3361, 3361, 3361, 3353, 3353, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3353, 3361, 3361, 3353, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3353, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3353, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3353, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3353, 3361, 3361, 3367, 3367, 3361, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3483, 3491, 3483, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3483, 3483, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3483, 3491, 3491, + 3483, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3483, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3483, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3483, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3353, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3353, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3353, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3353, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3483, + 3491, 3491, 3491, 3491, 3491, 3497, 3497, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3483, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3483, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3483, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3353, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3353, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3353, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3353, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3353, 3367, 3361, 3361, + 3491, 3491, 3491, 3491, 3491, 3491, 3483, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3483, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3483, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, - 3361, 3361, 3361, 3353, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3353, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3353, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3353, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3353, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, + 3491, 3491, 3491, 3483, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3483, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3483, 3491, 3491, 3491, 3497, 3491, 3491, 3491, 3491, 3491, + 3483, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3483, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3483, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3483, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3353, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3353, 3361, 3353, - 3361, 3361, 3361, 3361, 3361, 3353, 3361, 3353, 3361, 3361, - 3361, 3361, 3353, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3483, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3483, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3483, 3491, 3483, - 3361, 3361, 3353, 3361, 3367, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3353, 3361, 3361, 3361, 3361, 3353, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3353, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3353, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3353, 3361, 3361, 3361, 3361, 3361, 3361, 3361, + 3491, 3491, 3491, 3491, 3491, 3483, 3491, 3483, 3491, 3491, + 3491, 3491, 3483, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3483, 3491, 3491, 3491, 3491, + 3497, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3483, + 3491, 3491, 3491, 3491, 3483, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3483, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3353, 3361, 3353, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3353, 3353, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3353, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3353, 3361, 3361, 3361, - 3361, 3361, 3361, 3353, 3361, 3353, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3353, 3361, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3483, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3483, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3483, 3491, 3483, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3483, 3483, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3353, 3367, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3353, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3353, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3353, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3353, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3353, 3361, 3361, 3361, + 3491, 3491, 3483, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3483, 3491, 3491, 3491, 3491, + 3491, 3491, 3483, 3491, 3483, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3483, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3483, + 3491, 3491, 3491, 3497, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3483, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3483, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3353, 3353, 3361, 3361, 3361, - 3353, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3353, 3361, 3361, 3361, 3361, 3361, 3361, - 3353, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3353, 3361, - 3361, 3361, 3361, 3361, 3361, 3353, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3353, 3361, 3361, - 3361, 3361, 3353, 3361, 3361, 3361, 3353, 3361, 3361, 3361, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3483, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3483, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3483, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3483, 3483, 3491, 3491, 3491, 3483, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3483, 3491, 3491, 3491, 3491, 3491, 3491, 3483, 3491, - 3361, 3361, 3353, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3367, 3361, 3353, 3361, 3361, 3361, 3353, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3353, 3361, 3353, - 3361, 3361, 3361, 3353, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3353, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3353, 3353, 3361, 3353, 3361, - 3361, 3361, 3353, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3353, 3361, 3361, 3353, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3483, 3491, 3491, 3491, + 3491, 3491, 3491, 3483, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3483, 3491, 3491, + 3491, 3491, 3483, 3491, 3491, 3491, 3483, 3491, 3491, 3491, + 3491, 3491, 3483, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3497, 3491, 3483, 3491, 3491, 3491, + 3483, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3483, 3491, 3483, 3491, 3491, 3491, 3483, 3491, 3491, - 3361, 3353, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3353, 3361, 3361, 3361, 3361, 3361, 3353, 3361, 3353, - 3361, 3361, 3361, 3361, 3361, 3353, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3353, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3353, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3353, - 3361, 3361, 3361, 3353, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3353, 3361, 3361, 3361, 3361, 3361, 3361, - 3353, 3353, 3361, 3353, 3361, 3361, 3361, 3361, 3361, 3361, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3483, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3483, + 3483, 3491, 3483, 3491, 3491, 3491, 3483, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3483, 3491, 3491, 3483, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3483, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3483, 3491, 3491, + 3491, 3491, 3491, 3483, 3491, 3483, 3491, 3491, 3491, 3491, + 3491, 3491, 3483, 3491, 3491, 3491, 3491, 3491, 3491, 3491, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3367, 3361, 3361, - 3361, 3361, 3361, 3361, 3353, 3353, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3353, - 3361, 3361, 3361, 3361, 3353, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3353, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3353, 3361, 3353, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3353, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3483, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3483, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3483, 3491, 3491, 3491, + 3483, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3483, 3491, 3491, 3491, 3491, 3491, 3491, 3483, + 3483, 3491, 3483, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3483, 3491, 3491, + 3497, 3491, 3491, 3491, 3491, 3491, 3491, 3483, 3483, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3353, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3353, 3361, 3361, 3361, 3353, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3353, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3353, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3353, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3353, - 3361, 3353, 3361, 3361, 3361, 3361, 3367, 3361, 3353, 3361, - 3361, 3361, 3361, 3361, 3353, 3361, 3361, 3361, 3361, 3353, + 3491, 3491, 3483, 3491, 3491, 3491, 3491, 3483, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3483, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3483, 3491, 3483, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3483, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3483, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3483, - 3361, 3361, 3361, 3361, 3361, 3361, 3353, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3353, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3353, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3353, - 3361, 3361, 3361, 3361, 3361, 3361, 3353, 3361, 3353, 3361, - 3361, 3361, 3361, 3361, 3353, 3353, 3361, 3361, 3361, 3361, - 3361, 3353, 3353, 3361, 3353, 3361, 3353, 3361, 3361, 3353, - 3353, 3361, 3361, 3361, 3361, 3361, 3353, 3361, 3353, 3361, - 3361, 3361, 3361, 3361, 3353, 3361, 3361, 3361, 3361, 3361, + 3491, 3491, 3491, 3483, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3483, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3483, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3483, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3483, 3491, 3483, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3497, 3491, 3483, + 3491, 3491, 3491, 3491, 3491, 3483, 3491, 3491, 3491, 3491, + 3483, 3491, 3491, 3491, 3491, 3491, 3491, 3483, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, - 3353, 3361, 3361, 3361, 3361, 3353, 3361, 3361, 3361, 3361, - 3353, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3367, 3361, 3361, - 3361, 3361, 3353, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3353, 3361, 3353, 3361, 3361, 3361, 3361, - 3361, 3353, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3353, 3361, 3361, 3361, 3361, 3361, 3353, + 3491, 3491, 3491, 3491, 3483, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3483, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3483, 3491, 3491, 3491, 3491, 3491, 3491, 3483, + 3491, 3483, 3491, 3491, 3491, 3491, 3491, 3483, 3483, 3491, + 3491, 3491, 3491, 3491, 3483, 3483, 3491, 3483, 3491, 3483, + 3491, 3491, 3483, 3483, 3491, 3491, 3491, 3491, 3491, 3491, + 3483, 3491, 3483, 3491, 3491, 3491, 3491, 3491, 3483, 3491, + 3491, 3491, 3491, 3491, 3483, 3491, 3491, 3491, 3491, 3483, + 3491, 3491, 3491, 3491, 3483, 3491, 3491, 3491, 3491, 3491, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3353, 3361, 3353, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3353, 3353, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3353, 3361, 3361, 3361, 3361, 3353, 3361, 3361, 3361, - 3361, 3353, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3353, 3353, 3353, 3353, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3353, 3361, 3353, - 3353, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3353, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3497, 3491, 3491, 3491, + 3491, 3483, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3483, 3491, 3483, 3491, 3491, 3491, 3491, 3491, + 3483, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3483, 3491, 3491, 3491, 3491, 3491, 3483, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, - 3361, 3361, 3361, 3361, 3361, 3361, 3367, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3353, 3353, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3353, 3361, - 3361, 3361, 3353, 3361, 3353, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3353, 3353, 3361, 3361, 3361, 3353, 3353, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3353, 3361, 3353, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3353, 3361, 3361, 3353, 3361, 3361, 3361, - 3361, 3361, 3353, 3361, 3361, 3361, 3361, 3353, 3361, 3361, + 3491, 3491, 3491, 3491, 3491, 3483, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3483, 3491, 3483, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3483, 3483, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3483, 3491, 3491, 3491, 3491, 3483, 3491, + 3491, 3491, 3491, 3483, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3483, 3483, 3483, 3483, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3483, 3491, 3483, 3483, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3483, 3491, 3483, 3491, 3491, 3491, 3491, - 3361, 3353, 3361, 3353, 3361, 3361, 3361, 3361, 3361, 3353, - 3361, 3361, 3353, 3361, 3361, 3361, 3361, 3353, 3361, 3353, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3353, 3353, 3367, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3353, 3353, 3361, 3353, 3361, 3361, - 3353, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3353, 3361, 3361, 3361, 3361, 3353, 3361, - 3361, 3361, 3361, 3353, 3361, 3361, 3361, 3361, 3353, 3361, + 3491, 3491, 3491, 3497, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3483, 3483, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3483, 3491, 3491, 3491, 3483, + 3491, 3483, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3483, 3483, 3491, 3491, 3491, 3483, 3483, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3483, 3491, + 3483, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3483, 3491, 3491, 3483, 3491, 3491, 3491, 3491, + 3491, 3483, 3491, 3491, 3491, 3491, 3483, 3491, 3491, 3491, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3353, 3353, 3353, 3361, 3361, 3353, 3361, 3361, 3361, 3361, - 3353, 3361, 3361, 3361, 3353, 3353, 3361, 3361, 3361, 3361, - 3353, 3361, 3353, 3361, 3353, 3361, 3361, 3361, 3361, 3353, - 3361, 3361, 3353, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3353, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3353, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3353, 3361, 3353, 3361, 3353, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3353, 3353, 3361, 3361, 3353, 3361, 3353, 3361, 3353, 3361, + 3483, 3491, 3483, 3491, 3491, 3491, 3491, 3491, 3483, 3491, + 3491, 3483, 3491, 3491, 3491, 3491, 3491, 3483, 3491, 3491, + 3483, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3483, 3483, 3491, 3491, 3497, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3483, 3483, 3491, + 3483, 3491, 3491, 3483, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3483, 3491, 3491, + 3491, 3491, 3483, 3491, 3491, 3491, 3491, 3483, 3491, 3491, - 3361, 3361, 3361, 3353, 3361, 3361, 3361, 3361, 3361, 3361, - 3353, 3361, 3361, 3361, 3361, 3353, 3353, 3361, 3361, 3361, - 3353, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3353, 3353, 3353, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3353, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3353, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3353, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3353, 3361, 3353, 3353, - 3361, 3353, 3361, 3361, 3361, 3361, 3353, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3353, 3361, 3361, 3361, 3361, + 3491, 3491, 3491, 3483, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3483, 3483, 3483, 3491, 3491, + 3483, 3491, 3491, 3491, 3491, 3483, 3491, 3491, 3491, 3483, + 3483, 3491, 3491, 3491, 3483, 3491, 3491, 3483, 3491, 3483, + 3491, 3483, 3491, 3491, 3491, 3491, 3483, 3491, 3491, 3491, + 3491, 3483, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3483, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3483, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3483, 3491, 3483, 3491, 3483, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, - 3353, 3353, 3361, 3353, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3353, 3361, 3361, 3361, 3361, 3361, 3353, 3361, - 3361, 3361, 3361, 3353, 3361, 3361, 3361, 3361, 3361, 3353, - 3361, 3361, 3361, 3361, 3353, 3361, 3361, 3361, 3353, 3353, - 3361, 3361, 3361, 3353, 3353, 3353, 3361, 3361, 3361, 3361, - 3353, 3361, 3361, 3361, 3361, 3361, 3353, 3361, 3361, 3361, - 3361, 3361, 3353, 3353, 3361, 3361, 3361, 3361, 3353, 3353, - 3361, 3361, 3361, 3361, 3361, 3353, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3353, + 3483, 3483, 3491, 3491, 3483, 3491, 3483, 3491, 3483, 3491, + 3491, 3491, 3491, 3491, 3483, 3491, 3491, 3491, 3491, 3491, + 3491, 3483, 3491, 3491, 3491, 3491, 3483, 3483, 3491, 3491, + 3491, 3483, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3483, 3483, 3483, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3483, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3483, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3483, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3483, 3491, 3483, 3483, 3491, 3483, 3491, 3491, 3491, - 3353, 3361, 3353, 3361, 3361, 3353, 3353, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3353, 3361, 3361, 3361, - 3361, 3361, 3353, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3353, 3353, 3361, 3361, 3361, 3361, 3361, 3353, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3353, 3361, 3361, 3353, - 3353, 3361, 3361, 3353, 3353, 3361, 3353, 3353, 3353, 3353, - 3353, 3353, 3353, 3353, 3361, 3361, 3353, 3361, 3361, 3361, - 3361, 3353, 3361, 3361, 3361, 3361, 3361, 3353, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3353, 3353, + 3491, 3491, 3483, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3483, 3491, 3491, 3491, 3491, 3483, 3483, 3491, 3491, + 3483, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3483, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3483, 3491, 3491, + 3491, 3491, 3483, 3491, 3491, 3491, 3491, 3491, 3483, 3491, + 3491, 3491, 3491, 3483, 3491, 3491, 3491, 3483, 3483, 3491, + 3491, 3491, 3483, 3483, 3483, 3483, 3491, 3491, 3491, 3491, + 3483, 3491, 3491, 3491, 3491, 3491, 3491, 3483, 3491, 3491, + 3491, 3491, 3491, 3483, 3483, 3491, 3491, 3491, 3491, 3491, + 3483, 3483, 3491, 3491, 3491, 3491, 3491, 3483, 3491, 3491, - 3353, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3353, 3361, 3361, 3361, 3361, 3353, 3361, - 3353, 3361, 3353, 3353, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3353, 3361, 3353, 3353, 3361, - 3361, 3353, 3361, 3361, 3353, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3353, 3353, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3353, 3361, - 3361, 3361, 3353, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3353, 3361, 3353, 3361, 3361, 3361, 3361, 3361, 3361, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3483, 3483, 3491, 3483, 3491, 3491, 3483, + 3483, 3491, 3491, 3491, 3491, 3483, 3491, 3491, 3491, 3491, + 3491, 3483, 3491, 3491, 3491, 3491, 3491, 3483, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3483, 3491, 3491, 3483, + 3483, 3491, 3491, 3491, 3491, 3491, 3483, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3483, 3491, 3491, 3483, 3483, 3491, + 3491, 3483, 3483, 3491, 3483, 3483, 3483, 3483, 3483, 3483, + 3483, 3483, 3491, 3491, 3483, 3491, 3491, 3491, 3483, 3491, - 3361, 3361, 3361, 3353, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, 3361, - 3361, 3353, 3361, 3361, 3353, 3361, 3361, 3361, 3361, 3361, - 3353, 3361, 3361, 3361, 3361, 3361, 3361, 3353, 3361, 3361, - 3361, 3353, 3361, 3353, 3353, 3361, 3361, 3361, 3361, 3361, - 3353, 3353, 0, 3353, 3353, 3353, 3353, 3353, 3353, 3353, - 3353, 3353, 3353, 3353, 3353, 3353, 3353, 3353, 3353, 3353, - 3353 + 3483, 3491, 3491, 3491, 3491, 3483, 3491, 3483, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3483, 3483, + 3483, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3483, 3491, 3491, 3491, 3491, 3483, 3491, + 3483, 3491, 3483, 3483, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3483, 3491, 3483, 3483, 3491, + 3491, 3483, 3491, 3491, 3483, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3483, 3483, 3491, 3491, 3491, 3491, + + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3483, 3491, + 3491, 3491, 3483, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3483, 3491, 3483, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3483, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, 3491, + 3491, 3483, 3491, 3491, 3483, 3491, 3491, 3491, 3491, 3491, + 3483, 3491, 3491, 3491, 3491, 3491, 3491, 3483, 3491, 3491, + 3491, 3483, 3491, 3483, 3483, 3491, 3491, 3491, 3491, 3491, + 3483, 3483, 0, 3483, 3483, 3483, 3483, 3483, 3483, 3483, + 3483, 3483, 3483, 3483, 3483, 3483, 3483, 3483, 3483, 3483, + + 3483 } ; -static const flex_int16_t yy_nxt[9635] = +static const flex_int16_t yy_nxt[10028] = { 0, 18, 19, 20, 21, 22, 23, 22, 18, 18, 18, 18, 18, 22, 24, 25, 26, 27, 28, 29, 18, @@ -1542,7 +1586,7 @@ static const flex_int16_t yy_nxt[9635] = 59, 60, 61, 120, 22, 58, 59, 60, 61, 86, 22, 64, 65, 66, 64, 65, 66, 87, 160, 160, - 1291, 88, 85, 51, 119, 86, 51, 167, 167, 56, + 1325, 88, 85, 51, 119, 86, 51, 167, 167, 56, 120, 56, 170, 75, 76, 77, 78, 62, 22, 75, 76, 77, 78, 62, 22, 81, 82, 83, 67, 97, 86, 67, 19, 20, 21, 69, 70, 71, 19, 20, @@ -1572,60 +1616,60 @@ static const flex_int16_t yy_nxt[9635] = 134, 152, 169, 135, 169, 169, 86, 169, 86, 184, 136, 153, 86, 131, 195, 154, 155, 132, 182, 86, 174, 133, 174, 174, 166, 174, 205, 134, 86, 85, - 135, 85, 85, 86, 85, 332, 184, 136, 138, 1148, + 135, 85, 85, 86, 85, 332, 184, 136, 138, 1176, 85, 195, 139, 90, 183, 90, 90, 206, 90, 185, 165, 86, 140, 141, 90, 142, 86, 193, 194, 197, 196, 163, 186, 161, 86, 138, 86, 86, 86, 139, - 86, 183, 86, 86, 206, 240, 185, 198, 3353, 140, + 86, 183, 86, 86, 206, 240, 185, 198, 3483, 140, 141, 91, 142, 143, 193, 194, 144, 196, 190, 186, 199, 86, 201, 145, 191, 200, 192, 146, 147, 86, - 334, 86, 240, 86, 198, 86, 207, 3353, 86, 86, - 143, 208, 3353, 144, 209, 190, 215, 199, 86, 201, + 334, 86, 240, 86, 198, 86, 207, 3483, 86, 86, + 143, 208, 3483, 144, 209, 190, 215, 199, 86, 201, 145, 191, 200, 192, 146, 147, 202, 203, 211, 86, - 210, 212, 86, 207, 204, 228, 86, 3353, 208, 217, - 216, 209, 86, 86, 213, 214, 3353, 86, 86, 86, + 210, 212, 86, 207, 204, 228, 86, 3483, 208, 217, + 216, 209, 86, 86, 213, 214, 3483, 86, 86, 86, - 225, 3353, 86, 202, 203, 211, 218, 210, 212, 226, + 225, 3483, 86, 202, 203, 211, 218, 210, 212, 226, 220, 204, 228, 86, 221, 223, 217, 216, 227, 229, 224, 213, 214, 86, 232, 230, 219, 225, 86, 253, 222, 86, 86, 218, 86, 231, 226, 220, 86, 86, 233, 221, 223, 86, 86, 227, 229, 224, 235, 86, 234, 232, 230, 219, 237, 236, 253, 222, 238, 86, - 3353, 239, 231, 86, 86, 241, 245, 233, 86, 246, - 86, 86, 86, 3353, 242, 235, 86, 234, 86, 247, - 248, 237, 236, 243, 251, 238, 3353, 86, 239, 244, - 3353, 249, 241, 245, 257, 250, 246, 86, 86, 3353, + 3483, 239, 231, 86, 86, 241, 245, 233, 86, 246, + 86, 86, 86, 3483, 242, 235, 86, 234, 86, 247, + 248, 237, 236, 243, 251, 238, 3483, 86, 239, 244, + 3483, 249, 241, 245, 257, 250, 246, 86, 86, 3483, 254, 242, 259, 261, 86, 258, 247, 248, 262, 86, 243, 251, 267, 86, 86, 260, 244, 255, 249, 86, 256, 257, 250, 86, 263, 266, 86, 254, 268, 259, 261, 270, 258, 264, 86, 262, 277, 269, 272, 267, 86, 271, 260, 86, 255, 265, 86, 256, 86, 86, - 3353, 263, 266, 86, 86, 268, 177, 177, 270, 3353, - 264, 3353, 170, 277, 269, 272, 3353, 273, 271, 3353, - 3353, 164, 265, 164, 164, 169, 164, 169, 169, 90, + 3483, 263, 266, 86, 86, 268, 177, 177, 270, 3483, + 264, 3483, 170, 277, 269, 272, 3483, 273, 271, 3483, + 3483, 164, 265, 164, 164, 169, 164, 169, 169, 90, 169, 90, 90, 174, 90, 174, 174, 274, 174, 86, - 3353, 276, 3353, 280, 273, 278, 281, 282, 283, 284, + 3483, 276, 3483, 280, 273, 278, 281, 282, 283, 284, - 86, 275, 279, 3353, 285, 86, 338, 3353, 3353, 86, + 86, 275, 279, 3483, 285, 86, 338, 3483, 3483, 86, 86, 86, 286, 290, 86, 86, 291, 172, 276, 86, 280, 86, 278, 281, 282, 283, 284, 287, 275, 279, 86, 285, 340, 288, 289, 86, 86, 293, 86, 286, - 290, 294, 86, 291, 301, 303, 3353, 302, 306, 3353, + 290, 294, 86, 291, 301, 303, 3483, 302, 306, 3483, 307, 304, 308, 86, 305, 314, 310, 86, 295, 86, - 288, 289, 86, 86, 86, 86, 311, 86, 294, 3353, + 288, 289, 86, 86, 86, 86, 311, 86, 294, 3483, 86, 301, 303, 86, 302, 306, 86, 307, 304, 86, 309, 305, 314, 310, 86, 295, 296, 312, 86, 318, 317, 297, 313, 311, 326, 370, 298, 315, 86, 86, - 316, 86, 299, 300, 319, 86, 325, 309, 3353, 86, - 3353, 86, 86, 296, 312, 329, 318, 317, 297, 313, + 316, 86, 299, 300, 319, 86, 325, 309, 3483, 86, + 3483, 86, 86, 296, 312, 329, 318, 317, 297, 313, 86, 326, 370, 298, 315, 327, 86, 316, 86, 299, 300, 319, 320, 325, 330, 321, 86, 322, 337, 335, - 333, 86, 329, 342, 86, 331, 339, 86, 3353, 323, - 344, 324, 327, 336, 341, 3353, 3353, 3353, 86, 320, - 345, 3353, 321, 343, 322, 337, 86, 333, 86, 351, + 333, 86, 329, 342, 86, 331, 339, 86, 3483, 323, + 344, 324, 327, 336, 341, 3483, 3483, 3483, 86, 320, + 345, 3483, 321, 343, 322, 337, 86, 333, 86, 351, 346, 86, 331, 339, 86, 86, 323, 86, 324, 347, 336, 341, 86, 86, 348, 349, 86, 345, 86, 352, 343, 86, 353, 356, 350, 354, 351, 346, 355, 86, @@ -1634,966 +1678,1009 @@ static const flex_int16_t yy_nxt[9635] = 86, 348, 349, 86, 86, 367, 352, 86, 358, 353, 356, 350, 354, 359, 86, 355, 363, 357, 373, 360, 369, 86, 86, 86, 368, 361, 362, 365, 366, 372, - 371, 86, 374, 375, 376, 378, 86, 86, 86, 3353, + 371, 86, 374, 375, 376, 378, 86, 86, 86, 3483, 86, 86, 86, 363, 377, 381, 379, 369, 86, 86, - 86, 368, 380, 383, 365, 366, 372, 371, 3353, 86, + 86, 368, 380, 383, 365, 366, 372, 371, 3483, 86, 375, 384, 378, 386, 86, 387, 86, 86, 382, 388, - 390, 377, 86, 379, 389, 3353, 391, 86, 385, 86, + 390, 377, 86, 379, 389, 3483, 391, 86, 385, 86, 392, 394, 86, 86, 170, 86, 86, 86, 384, 86, 386, 395, 387, 396, 393, 382, 388, 390, 86, 398, - 397, 389, 86, 391, 3353, 385, 399, 392, 401, 403, + 397, 389, 86, 391, 3483, 385, 399, 392, 401, 403, 405, 400, 402, 86, 404, 86, 86, 86, 86, 406, 396, 393, 86, 86, 86, 86, 407, 397, 86, 408, - 3353, 86, 411, 399, 412, 401, 403, 413, 400, 402, + 3483, 86, 411, 399, 412, 401, 403, 413, 400, 402, 410, 404, 86, 86, 415, 414, 406, 416, 86, 86, 419, 86, 420, 407, 421, 86, 408, 86, 86, 411, 86, 412, 417, 418, 413, 86, 422, 410, 86, 423, - 86, 415, 414, 426, 416, 424, 428, 431, 3353, 420, + 86, 415, 414, 426, 416, 424, 428, 431, 3483, 420, 86, 86, 86, 427, 86, 429, 86, 432, 433, 417, 418, 86, 425, 422, 86, 435, 86, 434, 86, 86, 426, 86, 424, 436, 431, 86, 438, 437, 86, 430, 427, 86, 439, 445, 432, 433, 86, 86, 441, 425, 86, 86, 435, 440, 434, 443, 442, 86, 86, 86, - 436, 446, 86, 438, 437, 86, 430, 447, 3353, 439, - 445, 448, 444, 3353, 86, 441, 3353, 455, 456, 86, - 440, 3353, 443, 442, 3353, 457, 86, 86, 3353, 461, - 3353, 86, 462, 86, 447, 86, 464, 465, 448, 444, - 449, 469, 3353, 450, 455, 456, 86, 86, 451, 452, - 453, 454, 457, 86, 463, 458, 461, 459, 86, 462, - - 466, 86, 468, 464, 465, 467, 3353, 449, 86, 86, - 450, 477, 3353, 460, 478, 451, 452, 453, 454, 86, - 470, 463, 458, 471, 459, 472, 86, 475, 476, 468, - 86, 479, 86, 473, 474, 507, 86, 86, 86, 480, - 460, 478, 482, 86, 481, 86, 86, 470, 483, 487, - 471, 484, 472, 493, 475, 476, 86, 86, 479, 86, - 473, 474, 86, 86, 86, 86, 480, 485, 486, 482, - 492, 481, 505, 3353, 86, 483, 3353, 488, 484, 489, - 86, 86, 491, 494, 497, 86, 498, 499, 490, 86, - 495, 565, 86, 506, 485, 486, 496, 492, 86, 505, - - 86, 504, 86, 86, 488, 86, 489, 3353, 86, 491, - 494, 497, 86, 498, 499, 490, 500, 495, 565, 86, - 508, 509, 524, 496, 522, 86, 519, 510, 504, 501, - 545, 511, 502, 86, 503, 86, 86, 3353, 523, 512, - 86, 3353, 86, 500, 527, 86, 520, 508, 509, 524, - 86, 522, 525, 519, 510, 3353, 501, 86, 511, 502, - 3353, 503, 86, 535, 521, 523, 512, 513, 526, 514, - 86, 527, 537, 520, 536, 86, 86, 538, 539, 525, - 540, 556, 515, 3353, 543, 516, 170, 517, 542, 518, - 535, 521, 86, 86, 513, 526, 514, 548, 541, 86, - - 86, 536, 86, 86, 86, 539, 86, 540, 556, 515, - 86, 543, 516, 544, 517, 542, 518, 528, 529, 546, - 86, 86, 3353, 549, 548, 541, 547, 530, 558, 531, - 532, 533, 550, 86, 534, 3353, 553, 555, 563, 557, - 544, 554, 86, 86, 528, 529, 546, 551, 86, 86, - 559, 86, 561, 547, 530, 86, 531, 532, 533, 550, - 86, 534, 562, 553, 555, 552, 557, 86, 554, 86, - 86, 560, 566, 594, 551, 86, 86, 559, 86, 561, - 564, 569, 86, 567, 568, 3353, 570, 572, 86, 562, - 571, 573, 552, 3353, 86, 580, 577, 86, 560, 566, - - 86, 86, 574, 575, 583, 86, 3353, 564, 569, 578, - 3353, 3353, 86, 570, 572, 86, 86, 571, 573, 86, - 576, 86, 580, 577, 579, 581, 582, 86, 584, 574, - 575, 583, 86, 86, 3353, 585, 578, 86, 86, 595, - 598, 596, 597, 586, 599, 608, 3353, 576, 86, 3353, - 3353, 579, 581, 582, 587, 584, 588, 86, 86, 601, - 3353, 86, 585, 86, 602, 86, 595, 598, 596, 597, - 586, 600, 86, 604, 607, 603, 86, 86, 605, 3353, - 86, 587, 606, 588, 589, 86, 601, 86, 86, 610, - 609, 602, 590, 591, 612, 86, 592, 593, 600, 86, - - 604, 607, 603, 86, 611, 605, 86, 616, 86, 606, - 613, 589, 86, 614, 617, 615, 610, 609, 3353, 590, - 591, 86, 624, 592, 593, 86, 86, 618, 620, 86, - 86, 611, 621, 86, 616, 619, 86, 613, 622, 86, - 614, 617, 615, 86, 625, 623, 86, 86, 626, 624, - 627, 628, 629, 86, 618, 620, 630, 3353, 86, 621, - 86, 631, 619, 86, 632, 622, 86, 86, 633, 635, - 634, 625, 623, 86, 86, 626, 86, 627, 628, 629, - 636, 637, 86, 630, 639, 638, 86, 86, 631, 86, - 86, 632, 86, 644, 645, 633, 635, 634, 643, 86, - - 640, 642, 641, 86, 646, 86, 86, 636, 637, 86, - 86, 639, 638, 647, 648, 652, 650, 649, 655, 651, - 644, 653, 86, 3353, 3353, 643, 86, 640, 642, 641, - 86, 646, 657, 656, 86, 86, 86, 654, 658, 86, - 86, 648, 652, 650, 649, 86, 651, 661, 653, 86, - 86, 663, 660, 662, 664, 666, 86, 86, 86, 657, - 656, 659, 665, 667, 654, 86, 3353, 86, 669, 86, - 86, 681, 668, 670, 661, 714, 86, 86, 663, 660, - 662, 664, 666, 86, 86, 86, 679, 86, 659, 665, - 667, 680, 3353, 86, 86, 669, 682, 687, 681, 668, - - 670, 671, 684, 86, 86, 3353, 672, 86, 673, 86, - 683, 3353, 3353, 679, 674, 3353, 675, 688, 680, 676, - 677, 86, 691, 682, 687, 86, 678, 86, 671, 684, - 685, 696, 692, 672, 686, 673, 3353, 683, 694, 86, - 86, 674, 693, 675, 688, 689, 676, 677, 690, 691, - 86, 695, 86, 678, 699, 86, 86, 685, 696, 697, - 698, 686, 86, 86, 86, 694, 700, 86, 86, 693, - 701, 702, 689, 703, 705, 690, 708, 704, 695, 706, - 86, 699, 86, 86, 86, 707, 697, 698, 86, 86, - 710, 709, 711, 700, 86, 715, 86, 701, 702, 86, - - 703, 705, 86, 708, 704, 712, 706, 86, 713, 716, - 86, 720, 707, 86, 718, 722, 717, 710, 709, 711, - 86, 86, 715, 86, 86, 719, 721, 86, 3353, 86, - 723, 170, 712, 726, 3353, 713, 716, 86, 720, 725, - 727, 718, 722, 717, 724, 729, 728, 86, 730, 86, - 3353, 3353, 719, 721, 731, 86, 732, 723, 86, 3353, - 86, 86, 733, 86, 734, 740, 725, 743, 735, 86, - 741, 724, 86, 728, 86, 730, 744, 86, 86, 745, - 736, 731, 739, 732, 748, 742, 86, 737, 746, 733, - 738, 734, 86, 86, 86, 735, 747, 86, 86, 86, - - 749, 753, 751, 86, 752, 750, 757, 736, 86, 739, - 755, 86, 742, 754, 737, 86, 86, 738, 86, 86, - 756, 758, 759, 86, 762, 86, 86, 761, 753, 751, - 86, 752, 86, 757, 760, 86, 763, 755, 765, 86, - 754, 767, 86, 86, 764, 766, 3353, 756, 758, 759, - 86, 769, 768, 86, 761, 770, 86, 86, 86, 86, - 86, 760, 771, 763, 86, 765, 773, 86, 767, 772, - 774, 764, 766, 86, 775, 776, 86, 86, 769, 768, - 777, 780, 770, 778, 779, 3353, 781, 86, 3353, 771, - 86, 782, 86, 783, 784, 785, 772, 774, 86, 86, - - 86, 775, 776, 787, 86, 788, 786, 777, 780, 789, - 778, 779, 86, 781, 790, 86, 86, 86, 782, 86, - 783, 784, 785, 791, 794, 793, 3353, 86, 796, 798, - 787, 795, 3353, 786, 797, 800, 789, 86, 86, 86, - 799, 790, 802, 86, 808, 792, 86, 86, 86, 86, - 791, 794, 793, 86, 86, 796, 798, 86, 795, 801, - 803, 797, 800, 804, 805, 806, 86, 799, 809, 86, - 807, 86, 792, 818, 810, 86, 86, 814, 86, 811, - 812, 86, 813, 86, 815, 86, 801, 803, 817, 86, - 804, 805, 806, 86, 816, 809, 819, 807, 86, 86, - - 818, 810, 820, 821, 814, 824, 86, 86, 86, 813, - 86, 815, 822, 825, 823, 817, 86, 827, 826, 828, - 832, 816, 841, 3353, 86, 3353, 3353, 86, 86, 820, - 833, 86, 824, 86, 829, 86, 86, 834, 86, 822, - 835, 823, 837, 836, 827, 86, 828, 3353, 830, 831, - 86, 838, 86, 847, 86, 86, 86, 833, 839, 842, - 845, 829, 86, 849, 834, 846, 851, 835, 86, 837, - 836, 86, 3353, 840, 86, 830, 831, 843, 838, 86, - 847, 848, 86, 86, 909, 839, 842, 844, 86, 850, - 849, 86, 86, 851, 852, 856, 853, 86, 854, 86, - - 840, 855, 86, 86, 843, 86, 857, 86, 848, 86, - 858, 86, 859, 866, 844, 860, 850, 861, 3353, 864, - 3353, 852, 856, 853, 863, 854, 862, 86, 855, 86, - 86, 865, 86, 86, 86, 86, 867, 858, 86, 859, - 868, 871, 860, 86, 861, 86, 864, 878, 869, 86, - 872, 863, 870, 862, 873, 86, 86, 874, 865, 86, - 86, 875, 876, 867, 86, 86, 86, 868, 871, 86, - 86, 880, 877, 879, 878, 869, 884, 872, 881, 870, - 86, 873, 882, 883, 874, 886, 86, 916, 875, 876, - 922, 86, 86, 885, 889, 86, 888, 86, 880, 877, - - 879, 86, 887, 884, 86, 881, 86, 86, 86, 882, - 883, 890, 886, 86, 891, 892, 895, 893, 894, 86, - 885, 889, 86, 888, 898, 86, 896, 3353, 3353, 887, - 897, 86, 899, 901, 900, 86, 86, 86, 890, 86, - 86, 891, 892, 895, 893, 894, 86, 902, 86, 86, - 86, 898, 903, 896, 904, 170, 906, 897, 905, 899, - 901, 900, 910, 908, 907, 912, 914, 86, 86, 86, - 911, 86, 913, 917, 902, 86, 86, 86, 915, 903, - 86, 904, 924, 906, 86, 905, 86, 918, 86, 910, - 908, 907, 86, 914, 86, 921, 919, 911, 923, 913, - - 917, 920, 86, 86, 86, 915, 925, 3353, 935, 924, - 86, 86, 927, 938, 918, 86, 926, 86, 86, 86, - 86, 936, 921, 919, 3353, 923, 941, 3353, 920, 3353, - 3353, 86, 937, 925, 86, 935, 939, 86, 940, 927, - 938, 3353, 3353, 926, 928, 942, 946, 929, 936, 943, - 86, 930, 3353, 941, 931, 86, 86, 86, 944, 937, - 949, 932, 933, 939, 934, 940, 945, 947, 86, 86, - 948, 928, 942, 946, 929, 86, 943, 86, 930, 960, - 86, 931, 86, 957, 86, 944, 959, 979, 932, 933, - 958, 934, 86, 945, 947, 86, 86, 948, 950, 951, - - 961, 952, 86, 86, 953, 86, 960, 962, 968, 954, - 957, 964, 965, 959, 86, 955, 956, 958, 3353, 967, - 86, 86, 972, 963, 86, 950, 951, 961, 952, 966, - 86, 953, 86, 86, 962, 968, 954, 971, 964, 965, - 969, 86, 955, 956, 974, 970, 967, 973, 86, 972, - 963, 975, 977, 976, 981, 3353, 966, 86, 980, 86, - 978, 983, 982, 3353, 971, 985, 86, 3353, 987, 86, - 86, 974, 86, 86, 973, 86, 86, 86, 975, 977, - 976, 981, 86, 86, 86, 980, 984, 978, 983, 982, - 986, 988, 985, 86, 86, 987, 990, 989, 991, 992, - - 993, 994, 996, 86, 1000, 86, 997, 86, 995, 86, - 86, 998, 999, 984, 86, 1001, 1003, 986, 988, 1002, - 3353, 3353, 86, 990, 989, 991, 992, 993, 1004, 86, - 86, 1006, 1005, 86, 86, 995, 86, 1007, 86, 999, - 1008, 86, 1009, 1011, 3353, 1010, 1002, 86, 86, 1014, - 86, 1012, 86, 86, 86, 1004, 1016, 1013, 1006, 1005, - 86, 86, 1017, 1018, 86, 86, 86, 86, 1019, 1009, - 1011, 86, 1010, 1015, 1020, 1022, 1014, 1021, 1012, 3353, - 86, 86, 86, 86, 1013, 86, 1025, 1023, 1024, 1017, - 1018, 86, 1026, 86, 1027, 86, 1029, 1030, 1028, 86, - - 1015, 1035, 1022, 1032, 1021, 86, 86, 1033, 86, 86, - 86, 1031, 1034, 1025, 1023, 1024, 1043, 86, 86, 1026, - 86, 1027, 1036, 1029, 1030, 1028, 1038, 86, 1035, 86, - 1032, 1044, 1037, 1039, 86, 1046, 86, 1040, 1031, 86, - 86, 86, 1041, 1043, 86, 1045, 86, 1050, 1047, 1036, - 1042, 86, 86, 1038, 86, 1052, 1048, 86, 86, 1037, - 1039, 1049, 1046, 86, 1040, 3353, 86, 1054, 86, 1041, - 1055, 1051, 1045, 86, 1050, 1047, 1053, 1042, 86, 86, - 86, 1056, 1052, 1048, 1057, 1059, 1058, 1060, 1049, 86, - 86, 1065, 1061, 1063, 1054, 86, 1062, 1055, 1051, 1064, - - 86, 3353, 1066, 1053, 86, 86, 86, 1067, 1056, 86, - 3353, 1069, 1059, 1058, 1060, 1068, 86, 86, 86, 1061, - 1063, 86, 86, 1062, 1070, 86, 1064, 1071, 1072, 1066, - 86, 86, 86, 1073, 1067, 1074, 86, 1075, 1069, 1076, - 86, 1077, 1068, 1078, 1080, 1082, 1081, 3353, 1088, 1089, - 1079, 1070, 86, 1083, 1071, 1072, 86, 86, 1087, 3353, - 1073, 86, 1086, 1090, 86, 3353, 1076, 86, 86, 86, - 1078, 1084, 1082, 86, 86, 1088, 86, 1079, 86, 1085, - 1083, 86, 1091, 1092, 86, 1087, 86, 86, 1093, 1086, - 1090, 86, 1094, 3353, 1095, 1096, 1097, 86, 1084, 86, - - 1098, 1100, 1101, 1103, 86, 1099, 1085, 1102, 86, 1091, - 1092, 3353, 1107, 86, 1105, 86, 1121, 1104, 86, 1094, - 86, 86, 1096, 1097, 86, 86, 1109, 1106, 1100, 1101, - 1103, 1110, 170, 86, 1102, 86, 86, 1108, 86, 1107, - 86, 1105, 1111, 86, 1104, 3353, 3353, 1118, 86, 3353, - 86, 3353, 1119, 1109, 1106, 1120, 3353, 1122, 1110, 86, - 3353, 3353, 1123, 3353, 1108, 1124, 3353, 86, 1125, 1111, - 1112, 1126, 1113, 86, 1118, 86, 1114, 86, 1115, 1119, - 3353, 86, 1120, 1116, 1122, 86, 1128, 1127, 1117, 1123, - 1130, 1129, 1124, 86, 86, 1125, 1131, 1112, 1126, 1113, - - 86, 1132, 3353, 1114, 1134, 1115, 3353, 1137, 86, 86, - 1116, 1135, 1139, 1133, 1127, 1117, 86, 1130, 86, 1138, - 1140, 1136, 86, 1131, 86, 86, 86, 1142, 1132, 1141, - 1143, 1134, 1145, 86, 1137, 1146, 1144, 1149, 1135, 1139, - 1133, 86, 86, 1147, 1150, 86, 1138, 1140, 1136, 86, - 1152, 86, 1151, 3353, 1142, 1162, 1141, 1143, 86, 86, - 86, 1160, 1161, 1144, 86, 1164, 3353, 86, 86, 86, - 86, 1150, 1171, 1165, 3353, 1163, 86, 1152, 3353, 1151, - 1153, 3353, 1162, 1167, 86, 1154, 3353, 1155, 1160, 1161, - 86, 86, 1164, 1156, 1166, 86, 86, 1170, 1157, 1158, - - 1165, 1168, 1163, 1169, 86, 1159, 86, 1153, 86, 86, - 1167, 86, 1154, 86, 1155, 1172, 1173, 1177, 1174, 1180, - 1156, 1166, 1175, 1178, 1170, 1157, 1158, 86, 1168, 1176, - 1169, 86, 1159, 86, 1179, 1181, 1183, 86, 86, 1182, - 1184, 86, 1172, 1173, 86, 1174, 86, 86, 1185, 1175, - 1178, 86, 1186, 1191, 86, 1188, 1176, 1187, 86, 86, - 1189, 1179, 1181, 1183, 1190, 86, 1182, 1184, 1192, 1193, - 1194, 3353, 1199, 86, 86, 86, 1195, 86, 86, 1186, - 86, 1196, 1188, 86, 1187, 86, 86, 1189, 1200, 1198, - 86, 1190, 86, 1197, 86, 1192, 1193, 1194, 1201, 1199, - - 86, 1202, 1203, 1195, 86, 1205, 86, 3353, 1196, 3353, - 1204, 86, 1215, 1208, 1207, 1200, 1198, 1206, 86, 86, - 1197, 86, 86, 1210, 86, 1201, 86, 1209, 1202, 1211, - 1212, 1213, 1205, 1216, 86, 86, 86, 1204, 86, 1215, - 1208, 1207, 1214, 1217, 1206, 3353, 1223, 1218, 1219, 1224, - 1210, 86, 86, 86, 1209, 1220, 1211, 1212, 1213, 86, - 86, 86, 86, 1221, 1225, 86, 86, 1226, 1222, 1214, - 1217, 1227, 86, 1223, 1218, 1219, 1224, 1229, 86, 1228, - 86, 1231, 1220, 1230, 1232, 1233, 86, 1234, 86, 3353, - 86, 1225, 86, 86, 1226, 86, 1236, 86, 1227, 1235, - - 1237, 1238, 1240, 1239, 1229, 3353, 1228, 1246, 1231, 86, - 1230, 86, 1233, 86, 1241, 1243, 86, 1244, 86, 86, - 1242, 1245, 86, 1236, 86, 86, 1235, 1237, 1238, 1240, - 1239, 86, 1247, 86, 1246, 1248, 86, 1249, 1250, 86, - 1251, 1241, 1243, 86, 1244, 1252, 86, 1242, 1245, 1254, - 1259, 1253, 1256, 86, 1255, 1260, 1261, 1257, 86, 1247, - 86, 86, 1248, 86, 1249, 86, 1262, 86, 1258, 86, - 86, 1266, 1252, 86, 86, 86, 1254, 1259, 1253, 1256, - 86, 1255, 1260, 1263, 1257, 1264, 1265, 1267, 86, 1269, - 1268, 1271, 3353, 1270, 3353, 1258, 86, 86, 86, 1276, - - 1274, 1272, 3353, 86, 1273, 86, 1277, 86, 86, 86, - 1263, 3353, 1264, 1265, 1267, 86, 1275, 1268, 86, 86, - 1270, 86, 86, 86, 86, 1278, 1276, 1274, 1272, 1279, - 86, 1273, 1281, 1277, 1282, 1280, 1283, 1284, 1285, 1287, - 3353, 86, 86, 1275, 86, 1286, 1288, 86, 1290, 1292, - 86, 86, 1278, 1293, 86, 3353, 1279, 1289, 86, 1281, - 1297, 1282, 1280, 86, 3353, 1285, 86, 86, 86, 86, - 86, 86, 1286, 1288, 1294, 1290, 1292, 1295, 1296, 86, - 1293, 1298, 86, 1299, 1289, 1300, 86, 86, 170, 1302, - 1304, 1301, 1305, 1306, 1307, 1303, 86, 86, 3353, 86, - - 3353, 1294, 1309, 1308, 1295, 1296, 86, 1310, 1298, 1311, - 1299, 86, 1300, 86, 86, 1312, 1302, 86, 1301, 1305, - 1313, 1314, 1303, 1315, 86, 86, 86, 1318, 86, 1309, - 1308, 86, 86, 86, 1310, 86, 1311, 1316, 1317, 86, - 1320, 1319, 1312, 86, 1321, 86, 1322, 1313, 1314, 86, - 1315, 1323, 1325, 1324, 1318, 86, 3353, 86, 86, 86, - 1331, 1326, 1330, 86, 1316, 1317, 1333, 86, 1319, 1332, - 1327, 1321, 1328, 1322, 86, 1329, 1336, 1335, 1323, 1325, - 1324, 1334, 3353, 86, 1337, 86, 86, 1331, 1326, 1330, - 86, 86, 86, 86, 1339, 1340, 1332, 1327, 1338, 1328, - - 86, 86, 1329, 1336, 1335, 1341, 1343, 86, 1334, 1342, - 1344, 1337, 86, 86, 1345, 1347, 1348, 86, 1346, 3353, - 3353, 1339, 1340, 86, 86, 1338, 86, 1349, 86, 1351, - 86, 3353, 1341, 1343, 1352, 1353, 1342, 1344, 86, 1350, - 1354, 1345, 86, 1348, 1359, 1346, 86, 1355, 1357, 86, - 1356, 86, 86, 86, 1349, 1360, 1351, 86, 86, 86, - 1358, 1352, 1353, 86, 86, 1361, 1350, 1354, 1364, 1365, - 86, 1359, 86, 86, 1355, 1357, 1363, 1356, 1362, 1366, - 1368, 86, 1360, 1367, 86, 86, 86, 1358, 1369, 86, - 86, 1370, 1361, 1371, 1372, 1364, 1365, 1375, 86, 86, - - 86, 1374, 86, 1363, 86, 1362, 1366, 1368, 86, 1373, - 1367, 86, 1376, 86, 1377, 1369, 1378, 3353, 1370, 1379, - 1371, 1372, 1381, 1380, 1375, 1382, 86, 1383, 1374, 86, - 86, 1386, 1384, 86, 1389, 1387, 1373, 1385, 86, 86, - 1400, 1377, 86, 1378, 86, 1388, 1379, 86, 86, 1381, - 1380, 1397, 1382, 3353, 1383, 1399, 1398, 1401, 1386, 86, - 86, 1389, 1387, 1434, 86, 86, 86, 1400, 3353, 1403, - 1402, 1404, 1388, 1390, 86, 86, 1406, 1391, 1397, 86, - 1392, 1393, 3353, 1398, 1401, 1394, 1407, 86, 86, 1405, - 1434, 1395, 86, 86, 1408, 1396, 1412, 1402, 1404, 86, - - 1390, 86, 86, 1406, 1391, 86, 1413, 1392, 1393, 1415, - 3353, 86, 1394, 1407, 1416, 1409, 1405, 1410, 1395, 1411, - 86, 1408, 1396, 1412, 86, 1414, 86, 86, 1417, 1418, - 1419, 86, 86, 1413, 3353, 3353, 1415, 86, 1420, 86, - 1421, 1416, 1409, 1428, 1410, 1429, 1411, 1427, 3353, 1430, - 1431, 3353, 1414, 3353, 3353, 1417, 86, 1435, 1433, 3353, - 86, 86, 86, 86, 1432, 1420, 86, 1421, 1422, 86, - 1428, 86, 1429, 1423, 1427, 1424, 1436, 1425, 86, 1426, - 86, 86, 1437, 1439, 1435, 1433, 86, 1438, 1440, 1441, - 1443, 1432, 1442, 86, 86, 1422, 1446, 1447, 1448, 1444, - - 1423, 86, 1424, 1436, 1425, 86, 1426, 86, 86, 86, - 1439, 86, 1445, 1449, 86, 1440, 1441, 1443, 1450, 1442, - 86, 1451, 1452, 1446, 86, 1448, 1444, 1454, 1453, 86, - 1457, 86, 86, 1455, 1456, 86, 86, 1458, 1459, 1445, - 1449, 1460, 86, 86, 1461, 1450, 86, 86, 1451, 1452, - 86, 1462, 86, 3353, 1454, 1453, 1465, 1457, 1463, 1464, - 1455, 1456, 1466, 1467, 86, 1459, 1468, 86, 86, 86, - 86, 1461, 1469, 1470, 86, 86, 1471, 1473, 1462, 1478, - 86, 1472, 86, 1465, 1474, 1463, 1464, 86, 1475, 86, - 1467, 86, 1477, 86, 1476, 86, 1480, 86, 86, 1469, - - 1470, 86, 1479, 1471, 86, 86, 1478, 1481, 1472, 1486, - 1482, 1474, 86, 1483, 86, 1475, 1485, 1484, 1493, 1477, - 1487, 1476, 86, 1480, 1488, 1496, 1490, 86, 86, 1479, - 86, 86, 1489, 1491, 1481, 86, 1486, 1482, 86, 86, - 1483, 1492, 86, 1485, 1484, 1493, 1494, 1487, 86, 1495, - 86, 1488, 86, 1490, 86, 86, 1497, 86, 1498, 1489, - 1491, 1499, 1501, 86, 1500, 1502, 86, 1503, 1492, 1508, - 86, 1504, 1505, 1494, 3353, 1509, 1495, 1511, 86, 1506, - 86, 86, 86, 1507, 170, 1498, 86, 86, 86, 1501, - 1510, 1500, 1502, 86, 86, 3353, 1514, 1515, 1504, 1505, - - 1517, 86, 1512, 86, 86, 1516, 1506, 86, 1513, 86, - 1507, 86, 1518, 86, 1519, 86, 1523, 1510, 1520, 1524, - 86, 86, 1522, 1514, 1515, 86, 1521, 1517, 86, 1512, - 1525, 86, 1516, 1526, 86, 1513, 1527, 1528, 86, 1518, - 86, 1519, 1529, 1523, 86, 1520, 86, 1530, 1531, 1522, - 1534, 1532, 1533, 1521, 1539, 86, 86, 1525, 1540, 1543, - 1526, 1535, 86, 1527, 1536, 86, 86, 1541, 1537, 86, - 86, 1538, 86, 86, 1530, 1531, 1542, 1534, 1532, 1533, - 86, 1539, 86, 86, 1544, 1540, 1543, 1545, 1535, 1547, - 86, 1536, 1546, 1550, 1541, 1537, 1549, 86, 1538, 1551, - - 86, 1548, 86, 1552, 3353, 86, 1553, 1554, 86, 1556, - 1555, 1544, 86, 86, 1563, 86, 1547, 86, 1557, 86, - 1550, 86, 86, 1549, 1559, 1560, 1551, 86, 1548, 86, - 1552, 1558, 1561, 1553, 1554, 1562, 1556, 1555, 1564, 1565, - 86, 86, 1566, 86, 1567, 1557, 86, 86, 86, 1568, - 86, 1559, 1560, 86, 1571, 86, 86, 1570, 1558, 1561, - 1569, 86, 1562, 1572, 1573, 1564, 1565, 1575, 86, 1566, - 1574, 1567, 1579, 86, 86, 1578, 1568, 1576, 1577, 86, - 1580, 1571, 86, 1581, 1570, 86, 1583, 1569, 86, 86, - 1572, 1573, 1585, 86, 1575, 1582, 86, 1574, 86, 1579, - - 1584, 1586, 1578, 86, 1576, 1577, 1588, 86, 86, 1587, - 1589, 1590, 86, 86, 1591, 86, 3353, 3353, 1592, 1585, - 1593, 86, 1582, 1594, 1596, 1599, 1598, 1584, 1586, 3353, - 1595, 86, 1601, 86, 1597, 1600, 1587, 86, 86, 86, - 86, 1591, 86, 86, 86, 1592, 86, 86, 86, 86, - 1594, 1596, 1599, 1598, 1603, 86, 1602, 1595, 86, 1601, - 1604, 1597, 1600, 86, 1605, 1607, 1606, 1609, 1611, 1620, - 1608, 1613, 1610, 86, 86, 86, 1612, 86, 1614, 86, - 3353, 1603, 86, 1602, 1617, 1616, 86, 1604, 1615, 1618, - 1623, 1605, 86, 1606, 3353, 1611, 86, 86, 1613, 86, - - 1619, 86, 86, 1612, 1621, 1614, 86, 86, 1625, 86, - 1624, 1617, 1616, 1622, 86, 1615, 1618, 1626, 86, 1634, - 1627, 1631, 86, 3353, 1628, 1629, 86, 1619, 86, 86, - 1630, 1621, 86, 86, 86, 1625, 1632, 1624, 86, 1639, - 1622, 1633, 86, 1635, 1638, 86, 1634, 1627, 1631, 86, - 1636, 1628, 1629, 86, 1637, 1640, 1641, 1630, 86, 86, - 1643, 1642, 86, 1632, 3353, 1645, 86, 86, 1633, 1646, - 1635, 1638, 1644, 1647, 86, 1650, 1649, 1636, 86, 86, - 1654, 1637, 86, 1641, 86, 86, 1648, 1643, 1642, 1651, - 86, 1652, 1645, 1653, 86, 1655, 1646, 86, 86, 1644, - - 1647, 86, 1650, 1649, 86, 1656, 1659, 86, 1660, 1657, - 3353, 1658, 1667, 1648, 3353, 1666, 1651, 86, 1652, 1661, - 1653, 86, 1655, 1662, 3353, 86, 1664, 1665, 86, 1671, - 86, 86, 1663, 1659, 86, 1660, 1657, 86, 1658, 86, - 1668, 86, 86, 1670, 86, 1669, 1661, 86, 1672, 86, - 1662, 86, 1674, 1664, 1665, 86, 1671, 1673, 1675, 1663, - 1676, 3353, 1677, 1678, 86, 86, 3353, 1668, 1679, 1680, - 1670, 1682, 1669, 86, 86, 1681, 86, 1684, 1685, 86, - 86, 1686, 86, 86, 1673, 1675, 86, 86, 1683, 1677, - 1678, 1688, 86, 86, 1687, 1679, 1680, 86, 1682, 1693, - - 86, 1689, 1681, 86, 1684, 1685, 86, 86, 1686, 1694, - 1691, 1690, 1692, 1698, 86, 1683, 1695, 86, 1688, 86, - 86, 1687, 86, 1696, 1697, 86, 1693, 1699, 1689, 86, - 1700, 1708, 86, 1702, 1701, 86, 1694, 1691, 1690, 1692, - 1698, 86, 1703, 1695, 1705, 1709, 86, 86, 1704, 1711, - 1696, 1697, 1707, 86, 86, 1706, 170, 1700, 86, 86, - 1702, 1701, 86, 86, 86, 1712, 1713, 86, 1710, 1703, - 1714, 1705, 1709, 86, 86, 1704, 1711, 86, 1715, 1707, - 86, 1716, 1706, 86, 1717, 1720, 1721, 1718, 1722, 1719, - 3353, 1723, 1712, 1713, 86, 1710, 86, 1714, 86, 1724, - - 1725, 1726, 1727, 1728, 86, 1715, 86, 86, 1716, 86, - 86, 1717, 86, 1721, 1718, 1722, 1719, 1729, 1723, 1730, - 1731, 1732, 86, 1733, 86, 1735, 1724, 1725, 86, 1727, - 86, 1734, 1738, 86, 86, 86, 1736, 1739, 3353, 1741, - 1737, 86, 86, 1748, 1729, 86, 86, 1731, 1732, 86, - 1733, 86, 1735, 86, 1740, 1743, 1750, 1749, 1734, 1738, - 1742, 1744, 86, 1736, 1739, 86, 1741, 1737, 86, 86, - 86, 1745, 1751, 1752, 1746, 86, 1756, 1757, 86, 86, - 86, 1740, 1743, 1750, 1749, 1753, 1747, 1742, 1744, 1759, - 1754, 86, 86, 1758, 1755, 86, 1760, 1763, 1745, 1751, - - 1752, 1746, 1761, 86, 1762, 1765, 1764, 86, 1767, 86, - 1769, 86, 1753, 1747, 86, 86, 1759, 1754, 86, 86, - 86, 1755, 86, 1760, 1763, 86, 1766, 1768, 86, 1761, - 1770, 1772, 1765, 1764, 86, 1767, 86, 1771, 1774, 1773, - 1775, 3353, 86, 86, 1780, 1778, 1776, 1777, 1779, 1783, - 3353, 86, 86, 1766, 1768, 86, 86, 86, 86, 86, - 86, 1785, 86, 86, 1771, 1774, 1773, 86, 86, 1781, - 1782, 1780, 1778, 1776, 1777, 1779, 1783, 1784, 1786, 86, - 1788, 1787, 86, 86, 86, 1789, 1791, 1790, 1785, 86, - 1797, 3353, 1792, 3108, 3109, 86, 1781, 1782, 1793, 86, - - 86, 86, 1795, 86, 1784, 1786, 1794, 1788, 1787, 86, - 1796, 1800, 1789, 86, 1790, 86, 86, 86, 86, 1792, - 1798, 1799, 86, 1801, 1802, 1793, 86, 86, 1803, 1795, - 1805, 1804, 1807, 1794, 86, 1806, 86, 1796, 1800, 86, - 1808, 86, 3353, 86, 86, 1811, 1815, 1798, 1799, 86, - 1801, 1802, 1833, 86, 1816, 1803, 86, 1805, 1804, 1807, - 86, 1809, 1806, 1812, 1810, 1817, 1821, 1808, 1813, 1814, - 86, 86, 1811, 1815, 1818, 86, 1819, 1824, 1820, 86, - 1822, 86, 3353, 3353, 86, 86, 1825, 1834, 1809, 86, - 1812, 1810, 86, 86, 86, 1813, 1814, 1828, 1823, 86, - - 1827, 1818, 86, 1819, 1824, 1820, 86, 1822, 86, 1826, - 1829, 86, 1832, 1825, 86, 86, 1830, 86, 86, 1831, - 1837, 1835, 1838, 1842, 1828, 1823, 1836, 1827, 86, 86, - 86, 1839, 3353, 1840, 86, 86, 1826, 1829, 1841, 1832, - 86, 1843, 86, 1830, 1846, 86, 1831, 1837, 1835, 1838, - 1842, 1845, 1844, 1836, 86, 1847, 86, 1848, 1839, 1849, - 86, 3353, 1850, 1854, 1855, 86, 86, 3353, 1843, 1852, - 86, 1846, 1853, 86, 1856, 86, 1851, 3353, 1845, 1844, - 86, 86, 1847, 1857, 1848, 86, 1849, 86, 86, 1850, - 1854, 1855, 86, 1858, 1860, 1862, 1852, 1861, 1859, 1853, - - 86, 1856, 1864, 1851, 1863, 1865, 1866, 86, 1867, 86, - 1857, 3353, 1870, 3353, 86, 1868, 1869, 1874, 1871, 1878, - 1872, 1860, 1862, 1873, 1861, 86, 86, 86, 3353, 86, - 3353, 1863, 1865, 86, 86, 1876, 86, 86, 1875, 86, - 86, 1877, 1868, 1869, 86, 1871, 1880, 1872, 1879, 86, - 1873, 86, 86, 1881, 86, 1882, 1884, 1885, 1883, 86, - 1888, 86, 1876, 1890, 1886, 1875, 1887, 86, 1877, 1891, - 86, 86, 1892, 1880, 86, 1879, 86, 86, 1893, 86, - 1881, 1889, 1882, 1884, 1885, 1883, 86, 86, 1895, 1894, - 1896, 1886, 1897, 1887, 1899, 86, 86, 86, 86, 1892, - - 1898, 86, 1900, 1902, 1903, 86, 1904, 86, 1889, 1901, - 1906, 1905, 86, 86, 86, 1895, 1894, 1896, 1907, 86, - 86, 1908, 1913, 1909, 1910, 3353, 86, 1898, 86, 1900, - 1902, 86, 86, 1904, 86, 1912, 1901, 1906, 1905, 1911, - 86, 86, 1915, 86, 1914, 1907, 1917, 86, 1908, 86, - 1909, 1910, 86, 1916, 170, 1918, 1919, 86, 1923, 1920, - 1921, 86, 1912, 1924, 1922, 86, 1911, 1927, 86, 1915, - 1926, 1914, 86, 86, 86, 86, 86, 1925, 1928, 86, - 1916, 1933, 1918, 1919, 1929, 1923, 1920, 1921, 86, 1930, - 1931, 1922, 86, 1934, 1927, 86, 1932, 1926, 1937, 1936, - - 1935, 1939, 1938, 3353, 1925, 86, 86, 1956, 86, 86, - 1940, 1929, 86, 86, 86, 86, 86, 1931, 1942, 86, - 86, 1941, 86, 1932, 86, 1937, 1936, 1935, 1939, 1938, - 86, 1943, 1944, 1947, 1945, 1946, 1950, 1940, 1948, 86, - 86, 1955, 1954, 86, 1953, 1942, 1957, 86, 1941, 86, - 86, 1949, 86, 86, 86, 86, 86, 1951, 1943, 1944, - 1947, 1945, 1946, 1950, 1952, 1948, 86, 1958, 86, 1954, - 1960, 1953, 1959, 1957, 1965, 86, 1961, 1962, 1949, 86, - 86, 86, 1966, 86, 1951, 1963, 1967, 1964, 1968, 1969, - 1971, 1952, 1970, 1973, 1958, 86, 86, 1960, 86, 1959, - - 86, 1965, 86, 1961, 1962, 1972, 1974, 1975, 1977, 86, - 1976, 86, 1963, 86, 1964, 1968, 86, 1971, 86, 1970, - 86, 1978, 1979, 1980, 1982, 86, 1985, 1991, 1981, 86, - 86, 1983, 1972, 1974, 86, 1984, 1987, 1976, 86, 86, - 86, 1989, 86, 1988, 1986, 3353, 3353, 1990, 1978, 3353, - 1980, 86, 86, 86, 86, 1981, 86, 86, 1983, 86, - 1999, 3353, 1984, 1987, 2006, 86, 1996, 86, 1989, 86, - 1988, 1986, 1997, 86, 1990, 1992, 1993, 1994, 1998, 2000, - 86, 86, 1995, 2001, 2003, 86, 86, 2005, 2002, 2004, - 86, 2006, 86, 1996, 2008, 2007, 2012, 86, 2014, 1997, - - 2009, 86, 1992, 1993, 1994, 1998, 2000, 86, 3353, 1995, - 2010, 2003, 86, 2011, 2005, 86, 2004, 86, 86, 86, - 2013, 86, 2007, 86, 86, 2014, 86, 2009, 2015, 2016, - 3353, 2017, 2018, 2020, 86, 86, 2019, 2010, 2025, 2021, - 2011, 86, 2024, 86, 2022, 2026, 2023, 2013, 86, 2032, - 2030, 2031, 86, 2028, 2029, 2015, 2016, 86, 2017, 86, - 86, 2027, 86, 2019, 86, 86, 2021, 86, 86, 2024, - 86, 2022, 86, 2023, 86, 86, 2032, 2030, 2031, 2034, - 2028, 2029, 2033, 86, 2036, 2035, 2037, 2039, 2027, 3353, - 86, 2038, 2042, 86, 2041, 2040, 2043, 3353, 3353, 2045, - - 3353, 2046, 86, 2044, 3353, 3353, 2034, 86, 86, 2033, - 2049, 86, 2035, 2037, 2048, 2053, 86, 86, 2038, 86, - 86, 2041, 2040, 86, 86, 86, 2045, 2047, 2046, 86, - 2044, 2050, 2051, 86, 86, 86, 2052, 2049, 2054, 2055, - 86, 2048, 2059, 3353, 2056, 2057, 86, 86, 2060, 86, - 2062, 2061, 2063, 86, 2047, 2064, 86, 2065, 2050, 2051, - 86, 2058, 86, 2052, 2066, 86, 2055, 86, 86, 2059, - 86, 2056, 2057, 86, 2067, 2060, 2068, 86, 2061, 2063, - 2069, 2070, 2064, 2071, 2065, 2074, 2075, 86, 2058, 2072, - 3353, 2066, 86, 2078, 2073, 2079, 2076, 86, 86, 2081, - - 86, 2067, 86, 2068, 2095, 86, 86, 2069, 86, 86, - 2071, 2077, 86, 2075, 2082, 86, 2072, 2080, 2083, 86, - 2078, 2073, 2079, 2076, 86, 2084, 86, 2085, 2086, 2087, - 2088, 86, 2090, 2091, 2092, 2089, 86, 2093, 2077, 86, - 86, 2082, 2094, 2096, 2080, 2083, 86, 86, 3353, 2097, - 86, 86, 86, 86, 2085, 2086, 2087, 2088, 2098, 2090, - 86, 86, 2089, 2099, 2100, 2102, 2101, 2103, 2104, 86, - 86, 2105, 2106, 2107, 3353, 86, 2097, 86, 86, 2108, - 86, 86, 86, 2109, 2115, 2098, 2112, 2110, 86, 2111, - 2099, 2113, 2102, 2101, 2103, 2104, 86, 86, 86, 2106, - - 2114, 170, 86, 86, 2116, 86, 2108, 2119, 86, 2118, - 2109, 86, 2117, 2112, 2110, 86, 2111, 2121, 2113, 86, - 2120, 2123, 2122, 3353, 2126, 3353, 86, 2114, 86, 2124, - 2125, 86, 2129, 2130, 2119, 3353, 3353, 2127, 86, 2117, - 86, 86, 86, 86, 2121, 86, 2128, 2120, 2123, 2122, - 86, 2126, 86, 86, 86, 2132, 2124, 2125, 2131, 2129, - 86, 86, 2133, 2134, 2127, 2135, 2138, 2136, 2137, 2141, - 2139, 2142, 2143, 2128, 86, 86, 86, 86, 86, 2140, - 2144, 86, 2132, 3353, 86, 2131, 86, 86, 2146, 2133, - 2134, 86, 86, 2138, 2136, 2137, 2141, 2139, 86, 2143, - - 2145, 86, 86, 86, 3353, 2147, 2140, 2144, 2149, 86, - 2150, 2151, 3353, 2152, 3353, 2146, 2148, 86, 86, 2154, - 2155, 2158, 2156, 2153, 3353, 2160, 86, 2145, 86, 2164, - 2159, 86, 2147, 2162, 86, 2149, 86, 2150, 2151, 86, - 2152, 86, 2157, 2148, 86, 86, 2154, 2155, 86, 2156, - 2153, 2161, 2160, 2163, 86, 2165, 86, 2159, 2166, 2168, - 2162, 86, 86, 2167, 2169, 86, 86, 2170, 2172, 2157, - 2171, 2173, 86, 2174, 3353, 2178, 2176, 3353, 2161, 2175, - 2163, 86, 2165, 86, 86, 2166, 86, 3353, 86, 2179, - 2167, 2169, 86, 2177, 86, 2172, 86, 2171, 2173, 86, - - 86, 86, 2178, 2176, 2180, 86, 2175, 86, 2181, 2182, - 86, 2184, 2189, 2183, 2185, 86, 2179, 2186, 2190, 86, - 2177, 2187, 86, 86, 86, 86, 86, 2192, 2191, 86, - 3353, 2180, 3353, 2195, 2188, 2181, 2182, 2193, 2184, 2189, - 2183, 2185, 86, 86, 2186, 2190, 86, 2196, 2187, 2194, - 2198, 2197, 2203, 2200, 86, 2191, 86, 86, 86, 2199, - 2195, 2188, 86, 2201, 2193, 2205, 2204, 2202, 2211, 86, - 86, 2207, 86, 2206, 2196, 86, 2194, 2198, 2197, 2203, - 2200, 2208, 2209, 86, 86, 86, 2199, 86, 86, 86, - 2201, 2210, 2205, 2204, 2202, 86, 86, 2213, 2207, 2215, - - 2206, 2212, 86, 2219, 86, 2214, 3353, 86, 2208, 2209, - 2218, 2216, 2220, 2217, 2228, 2221, 2222, 86, 2210, 86, - 2223, 86, 86, 2229, 2213, 2224, 2215, 2225, 2212, 86, - 86, 86, 2214, 86, 86, 86, 2226, 2218, 2216, 2220, - 2217, 86, 2221, 2222, 86, 2227, 86, 2230, 2231, 86, - 2229, 2232, 86, 2234, 2225, 86, 3353, 2233, 86, 86, - 2235, 2238, 2236, 2226, 2240, 3353, 2241, 2239, 2242, 86, - 2237, 3353, 2227, 3353, 2230, 2231, 2243, 3353, 86, 86, - 2234, 86, 86, 86, 2233, 2247, 86, 2235, 86, 2236, - 86, 2240, 86, 2241, 2239, 2242, 2244, 2237, 86, 2245, - - 2248, 2251, 2246, 2243, 2249, 86, 86, 2252, 3353, 2250, - 86, 3353, 2247, 2255, 3353, 2253, 86, 86, 2254, 2256, - 2260, 3353, 3353, 2244, 2257, 86, 2245, 2248, 2251, 2246, - 86, 2259, 2258, 86, 2252, 86, 86, 2263, 86, 86, - 2255, 86, 2253, 2261, 2262, 2254, 2256, 86, 86, 86, - 2264, 2257, 86, 86, 2265, 2268, 2269, 2266, 2259, 2258, - 2267, 2271, 86, 86, 2263, 2274, 86, 2270, 2280, 2275, - 2261, 2262, 86, 86, 3353, 86, 3353, 2264, 86, 86, - 2272, 2265, 2268, 2269, 2266, 2276, 86, 2267, 2271, 86, - 2277, 2279, 2274, 2273, 2270, 86, 2275, 86, 2278, 86, - - 86, 86, 2282, 2281, 2284, 2283, 2285, 2272, 2286, 86, - 2287, 2288, 2276, 86, 2290, 170, 2289, 2277, 2279, 2291, - 2273, 86, 86, 2292, 2304, 2278, 2293, 86, 86, 86, - 2281, 2284, 2283, 2285, 2294, 2286, 2295, 2287, 2309, 3353, - 2296, 86, 2299, 86, 2300, 86, 86, 86, 2301, 2302, - 2292, 86, 2306, 2293, 2297, 2305, 86, 2307, 2308, 2303, - 86, 2294, 3353, 86, 86, 2298, 86, 2296, 86, 2299, - 86, 86, 2310, 2312, 86, 2301, 2302, 86, 86, 2306, - 86, 2297, 2305, 2311, 86, 2308, 2303, 2313, 3353, 2314, - 86, 86, 2298, 2315, 86, 86, 86, 2316, 3353, 2310, - - 2312, 86, 2319, 2318, 2322, 2317, 2321, 2320, 2324, 2326, - 2311, 86, 3353, 86, 2313, 86, 2314, 86, 86, 2325, - 2315, 86, 2323, 2327, 2316, 86, 86, 86, 2330, 2319, - 2318, 2322, 2317, 2321, 2320, 86, 2326, 2328, 86, 2329, - 2332, 2335, 86, 86, 2331, 86, 2325, 2333, 86, 2323, - 2327, 2334, 86, 2336, 2339, 2330, 2340, 2337, 86, 86, - 86, 86, 86, 2345, 2328, 86, 2329, 2332, 86, 2338, - 2342, 2331, 86, 2343, 2333, 86, 86, 86, 2334, 2341, - 2336, 2339, 2347, 2340, 2337, 2344, 2348, 86, 86, 2346, - 2345, 86, 2349, 2350, 3353, 86, 2338, 2342, 2352, 2351, - - 2343, 2353, 2357, 86, 2356, 2354, 2341, 86, 2358, 2347, - 2355, 2359, 2344, 2348, 2362, 86, 2346, 86, 86, 2349, - 86, 86, 86, 2365, 86, 2352, 2351, 2360, 2353, 86, - 86, 2356, 2354, 86, 2361, 2358, 2366, 2355, 86, 86, - 86, 2362, 2363, 2367, 2368, 2364, 2369, 2371, 86, 2370, - 86, 2372, 2373, 86, 2360, 2375, 86, 2377, 2379, 2374, - 86, 2361, 86, 86, 2380, 86, 86, 86, 2376, 2363, - 2367, 2368, 2364, 2369, 2371, 2378, 2370, 86, 86, 86, - 86, 2381, 86, 2382, 86, 2379, 2374, 86, 2383, 2385, - 2384, 86, 2386, 2387, 2389, 2376, 86, 86, 2393, 2388, - - 2390, 2391, 2378, 86, 2395, 2392, 86, 86, 86, 86, - 2382, 3353, 2398, 2394, 86, 2383, 2385, 2384, 3353, 2386, - 86, 86, 86, 2397, 86, 2393, 2388, 2390, 2391, 86, - 2396, 86, 2392, 2399, 2400, 86, 2401, 86, 86, 2398, - 2394, 2402, 86, 2403, 2404, 86, 2405, 86, 86, 2406, - 2397, 2407, 2408, 2409, 2410, 2411, 86, 2396, 3353, 86, - 2399, 2400, 2414, 86, 2424, 86, 86, 2413, 2402, 86, - 2403, 2404, 2418, 2405, 86, 86, 86, 2412, 2407, 2408, - 2409, 2410, 86, 2415, 86, 2419, 2416, 86, 3353, 2414, - 2417, 86, 86, 2420, 2413, 86, 86, 2426, 86, 2418, - - 2425, 2432, 86, 86, 2412, 2436, 2421, 2427, 2429, 2428, - 2415, 86, 2419, 2416, 2435, 86, 2431, 2417, 86, 86, - 2420, 2422, 86, 2423, 2426, 2430, 86, 2425, 2432, 86, - 86, 86, 2433, 2421, 2427, 2429, 2428, 86, 86, 2434, - 2437, 2435, 2438, 2431, 3353, 2441, 86, 86, 2422, 2439, - 2423, 2440, 2430, 2443, 86, 2442, 2449, 2444, 3353, 2433, - 3353, 86, 2450, 2445, 2451, 2446, 2434, 2437, 2447, 86, - 2455, 86, 2441, 86, 86, 86, 2439, 86, 2440, 2453, - 2443, 86, 2442, 86, 2444, 2448, 86, 86, 86, 2452, - 2445, 2451, 2446, 2454, 86, 2447, 86, 86, 86, 2456, - - 2458, 2459, 86, 2460, 2461, 2463, 2453, 2457, 86, 2466, - 2462, 2464, 2448, 3353, 3353, 86, 2452, 2465, 2467, 86, - 2454, 86, 170, 86, 86, 86, 2456, 2458, 2459, 86, - 2460, 2461, 86, 2469, 2457, 86, 2466, 2462, 2464, 2468, - 2470, 2471, 2472, 2473, 2465, 2467, 2474, 2476, 86, 86, - 2475, 86, 2479, 2478, 2477, 2480, 2482, 3353, 86, 2483, - 2469, 2481, 2489, 86, 86, 2484, 2468, 2470, 2471, 2472, - 2473, 3353, 86, 86, 86, 86, 86, 2475, 86, 86, - 2478, 2477, 2485, 86, 86, 2486, 2483, 86, 2481, 2488, - 2490, 86, 2484, 2487, 86, 3353, 2491, 86, 86, 2492, - - 2493, 86, 2494, 86, 3353, 2500, 2495, 2496, 3353, 2485, - 3353, 3353, 2486, 2497, 2498, 86, 2488, 2490, 86, 2499, - 2487, 86, 86, 2491, 86, 86, 2492, 2493, 86, 86, - 2501, 86, 86, 2495, 2496, 2505, 2502, 2506, 2503, 2508, - 2497, 2498, 86, 2504, 86, 86, 2499, 2507, 86, 2509, - 86, 2510, 3353, 2519, 86, 3353, 2529, 2501, 86, 2511, - 86, 86, 2505, 2502, 2506, 2503, 2508, 2512, 86, 2513, - 2504, 2514, 86, 2515, 2507, 86, 2516, 86, 2510, 86, - 2518, 86, 2520, 2521, 2517, 86, 2511, 2522, 86, 2524, - 3353, 86, 2531, 86, 2512, 86, 2513, 2525, 2514, 2523, - - 2515, 86, 86, 2516, 2527, 86, 2528, 2518, 86, 2520, - 2521, 2517, 86, 2530, 2522, 86, 2524, 2526, 86, 86, - 2532, 86, 2533, 2534, 2525, 2536, 2523, 2541, 86, 86, - 86, 2527, 86, 2528, 2537, 2535, 86, 2539, 86, 2542, - 2530, 2538, 86, 2540, 2526, 2543, 2544, 2532, 86, 86, - 2534, 2552, 2536, 2547, 86, 2546, 86, 2549, 2545, 86, - 86, 2537, 2535, 2548, 2539, 86, 86, 2554, 2538, 86, - 2540, 86, 86, 2544, 2550, 86, 2551, 86, 86, 2553, - 2547, 86, 2546, 2555, 2549, 2545, 2556, 2557, 2558, 86, - 2548, 86, 86, 2561, 2559, 2560, 2562, 86, 86, 86, - - 3353, 2550, 86, 2551, 86, 2563, 2553, 2564, 2565, 2566, - 2555, 2568, 86, 2556, 86, 2558, 86, 2567, 2570, 86, - 2561, 2559, 2560, 86, 86, 2571, 86, 86, 2569, 2574, - 2572, 86, 2563, 86, 2564, 2565, 2566, 86, 2568, 2573, - 2575, 86, 86, 2576, 2567, 2570, 86, 86, 2577, 2578, - 2579, 86, 2571, 2580, 3353, 2569, 2574, 2572, 2582, 2581, - 3353, 2583, 86, 2584, 2585, 86, 2573, 86, 2588, 2590, - 86, 2591, 2587, 3353, 3353, 86, 86, 2579, 86, 86, - 2580, 86, 2586, 86, 86, 2582, 2581, 86, 2583, 86, - 2584, 2585, 2589, 2593, 2592, 86, 86, 2594, 86, 2587, - - 86, 2595, 2600, 2597, 2596, 2598, 2599, 3353, 86, 2586, - 86, 86, 86, 86, 2602, 86, 86, 86, 2601, 2589, - 2593, 2592, 2608, 2604, 2594, 86, 2606, 2603, 2595, 86, - 2597, 2596, 2598, 2599, 86, 2605, 86, 86, 86, 86, - 2607, 2602, 2609, 2612, 2610, 2601, 2611, 2614, 86, 2608, - 2604, 86, 86, 2606, 2603, 170, 86, 2615, 86, 2613, - 86, 2617, 2605, 2616, 86, 2618, 2619, 2607, 2620, 2609, - 2612, 2610, 2621, 2611, 2614, 2622, 86, 2623, 2625, 2627, - 2624, 86, 3353, 86, 2615, 3353, 2613, 86, 2617, 86, - 2616, 86, 2618, 86, 86, 86, 2632, 2634, 86, 2621, - - 2626, 86, 2622, 86, 2623, 2625, 2627, 2624, 86, 2628, - 2629, 2631, 2630, 2633, 86, 2638, 86, 86, 86, 86, - 86, 2635, 86, 2632, 2634, 2636, 2637, 2626, 86, 2639, - 2640, 2643, 2642, 2644, 86, 86, 2628, 2629, 2631, 2630, - 2633, 86, 2638, 86, 2641, 2645, 2646, 2648, 2635, 86, - 86, 86, 2636, 2637, 2647, 86, 86, 2640, 86, 2642, - 2644, 2650, 2654, 86, 2649, 2655, 2651, 86, 2652, 2653, - 86, 2641, 86, 2646, 2648, 86, 86, 86, 2656, 86, - 2658, 2647, 2659, 2660, 2661, 86, 2663, 2670, 2650, 86, - 2657, 2649, 86, 2651, 2662, 2652, 2653, 2666, 86, 86, - - 2664, 86, 2665, 86, 2667, 2656, 2669, 2658, 86, 86, - 86, 86, 86, 2663, 2670, 86, 86, 2657, 2668, 86, - 2671, 2662, 2673, 2672, 2666, 86, 2674, 2664, 86, 2665, - 2676, 2667, 2678, 2669, 86, 3353, 2675, 2677, 86, 86, - 2679, 3353, 2684, 3353, 2680, 2668, 2683, 86, 86, 86, - 2672, 86, 86, 2674, 86, 2687, 2686, 2676, 2681, 2678, - 2685, 2682, 86, 2675, 2677, 86, 86, 2679, 86, 86, - 86, 2680, 86, 2683, 2688, 2690, 2692, 2689, 2693, 2691, - 2694, 2695, 86, 2686, 2698, 2681, 3353, 2685, 2682, 86, - 86, 86, 2701, 86, 86, 2700, 2702, 2699, 86, 86, - - 2704, 2688, 2690, 2692, 2689, 86, 2691, 2694, 2695, 2696, - 2697, 86, 86, 86, 2706, 86, 86, 86, 2703, 2701, - 2705, 2710, 2700, 86, 2699, 2708, 86, 86, 2707, 3353, - 2711, 2709, 86, 2713, 3353, 2716, 2696, 2697, 86, 86, - 86, 2706, 86, 2717, 2712, 2703, 2718, 2705, 86, 86, - 2714, 2715, 2708, 86, 2719, 2707, 86, 2711, 2709, 2720, - 86, 86, 2716, 2721, 86, 86, 86, 2722, 2725, 2723, - 2717, 2712, 2726, 86, 2727, 2724, 2729, 2714, 2715, 2728, - 86, 2719, 86, 2730, 2733, 86, 86, 86, 86, 86, - 2721, 2731, 86, 2734, 2722, 2725, 2723, 86, 86, 2726, - - 2732, 2727, 2724, 2729, 2735, 86, 2728, 2737, 2736, 2743, - 2730, 86, 86, 86, 2738, 2739, 2740, 2741, 2731, 2742, - 86, 86, 2745, 86, 86, 2744, 2746, 2732, 86, 86, - 2748, 170, 2749, 2750, 2737, 2736, 2743, 2747, 2751, 86, - 2752, 2738, 2739, 2755, 2741, 86, 2742, 86, 86, 86, - 2753, 86, 2744, 86, 3353, 2754, 86, 86, 2756, 2749, - 2758, 2757, 86, 2761, 2747, 86, 2762, 2752, 86, 86, - 2760, 2763, 86, 2764, 2759, 86, 3353, 2753, 86, 2765, - 2767, 86, 2754, 86, 2766, 2756, 86, 2758, 2757, 86, - 2761, 2768, 2770, 2769, 86, 86, 2772, 2760, 86, 2771, - - 2764, 2759, 86, 86, 86, 86, 2765, 2767, 86, 2774, - 2773, 2766, 2775, 2777, 86, 86, 2776, 2779, 2768, 2770, - 2769, 86, 3353, 2772, 86, 2778, 2771, 86, 2782, 2780, - 86, 86, 2784, 2781, 86, 86, 2774, 2773, 2783, 2775, - 2777, 86, 86, 2776, 2785, 2786, 86, 2789, 2787, 86, - 86, 2788, 2778, 86, 2790, 2782, 2780, 2791, 2794, 86, - 2781, 2792, 86, 86, 86, 2783, 86, 2793, 86, 86, - 2796, 2785, 2786, 2797, 86, 2787, 2798, 2795, 2788, 86, - 2799, 2790, 2800, 2804, 2791, 86, 2803, 3353, 2792, 2801, - 86, 2806, 2802, 2805, 2793, 3353, 2809, 2810, 2811, 2807, - - 86, 86, 86, 2812, 2795, 86, 86, 86, 86, 2800, - 86, 86, 86, 2803, 86, 86, 2801, 86, 2806, 2802, - 2805, 2808, 86, 2809, 2810, 86, 2807, 2813, 2814, 2816, - 86, 2815, 2817, 86, 2819, 2818, 2820, 2822, 2823, 86, - 2824, 2821, 2825, 2826, 3353, 86, 2828, 2827, 2808, 86, - 2831, 86, 86, 86, 86, 2814, 86, 86, 2815, 2817, - 86, 2819, 2818, 2829, 2822, 2823, 86, 2824, 86, 86, - 86, 86, 86, 2828, 2827, 2830, 2833, 86, 2832, 2834, - 2835, 2836, 86, 2837, 2838, 2839, 2840, 2848, 2842, 2841, - 2829, 86, 86, 2843, 2844, 86, 3353, 86, 86, 2849, - - 2850, 86, 2830, 86, 86, 2832, 2834, 86, 2836, 2847, - 2837, 2838, 86, 86, 2851, 2845, 2841, 86, 2846, 86, - 86, 2844, 86, 86, 2852, 86, 2849, 2850, 2853, 2854, - 86, 2855, 3353, 86, 2857, 2856, 2847, 2862, 2858, 2859, - 2864, 86, 2845, 2861, 86, 2846, 86, 86, 86, 2860, - 2863, 2852, 86, 86, 3353, 2853, 2854, 3353, 2855, 86, - 86, 2857, 2856, 86, 2862, 2858, 2859, 86, 2865, 3353, - 2861, 86, 2866, 2868, 2869, 2870, 2860, 2863, 2871, 2873, - 2867, 86, 86, 2872, 2874, 2875, 86, 2876, 3353, 2877, - 3353, 2878, 3353, 86, 86, 2865, 86, 2879, 2881, 2866, - - 2868, 2869, 2870, 2880, 2882, 2885, 2883, 2867, 3353, 86, - 86, 86, 2875, 86, 86, 86, 2877, 86, 2878, 2884, - 86, 2887, 2888, 86, 2879, 2881, 86, 86, 2886, 86, - 2880, 2882, 2885, 2883, 2889, 2890, 86, 2891, 2892, 2893, - 86, 86, 86, 86, 2894, 2895, 2884, 2896, 2887, 2888, - 2897, 2898, 2899, 86, 2904, 2886, 3353, 2900, 2901, 3353, - 2903, 2889, 2890, 86, 86, 86, 2893, 86, 2902, 86, - 2905, 2894, 86, 86, 2896, 86, 86, 86, 2898, 86, - 2906, 86, 2907, 2908, 2900, 2901, 86, 2903, 2909, 2910, - 86, 2912, 2916, 86, 2911, 2902, 2913, 2905, 86, 86, - - 86, 2914, 2917, 2915, 2918, 86, 2919, 2906, 86, 2907, - 2908, 2920, 2921, 2927, 86, 2909, 2922, 86, 2912, 86, - 86, 86, 2923, 2913, 86, 86, 2925, 2937, 2914, 86, - 2915, 2918, 2928, 2919, 86, 2930, 2931, 86, 2920, 86, - 2924, 2926, 86, 2922, 86, 86, 2929, 86, 86, 2923, - 2932, 2933, 86, 2925, 86, 3353, 2938, 86, 86, 2928, - 2934, 2939, 2930, 2931, 2943, 2941, 2940, 2924, 2926, 86, - 2944, 2935, 86, 2929, 2936, 3353, 86, 2932, 2933, 2947, - 3353, 2942, 86, 86, 86, 2945, 86, 2934, 86, 86, - 2948, 2943, 2941, 2940, 2946, 2949, 2951, 86, 2935, 86, - - 2953, 2936, 86, 2950, 2952, 3353, 86, 86, 2942, 86, - 86, 2955, 2945, 86, 2956, 3353, 86, 2948, 86, 2959, - 2957, 2946, 2949, 2951, 2954, 2960, 86, 2958, 2961, 2964, - 2950, 2952, 86, 86, 2967, 2990, 2962, 86, 86, 2965, - 86, 2956, 86, 2963, 2966, 86, 2959, 2957, 86, 86, - 86, 2954, 2960, 86, 2958, 2961, 86, 86, 86, 2968, - 2970, 2967, 2969, 2962, 2971, 3353, 2965, 86, 86, 2973, - 2963, 2966, 2972, 86, 2974, 2975, 2977, 86, 2976, 86, - 2978, 2979, 2980, 86, 86, 2982, 2968, 2970, 86, 2969, - 3353, 2971, 86, 2986, 86, 86, 2973, 2987, 2981, 2972, - - 2983, 2974, 2975, 86, 86, 2976, 2984, 2978, 86, 86, - 2985, 86, 86, 2989, 2991, 86, 2988, 86, 86, 2993, - 2986, 86, 2992, 86, 86, 2981, 2994, 2983, 2995, 2996, - 86, 86, 2998, 2984, 3001, 2997, 86, 2985, 2999, 86, - 2989, 2991, 86, 2988, 3002, 86, 2993, 3000, 3004, 2992, - 3003, 3007, 86, 2994, 3006, 2995, 86, 86, 3009, 3008, - 86, 86, 2997, 3353, 86, 2999, 86, 3005, 3010, 86, - 86, 86, 3011, 3012, 3000, 86, 86, 3003, 3007, 3013, - 86, 3006, 3015, 3014, 3017, 3018, 3008, 86, 3016, 3019, - 86, 86, 3021, 3353, 3005, 3010, 3020, 3027, 3024, 3011, - - 3012, 3353, 3353, 86, 3022, 3023, 86, 86, 86, 3015, - 3014, 3017, 3025, 86, 3026, 3016, 86, 86, 3028, 3029, - 86, 3030, 86, 3020, 86, 86, 3034, 86, 86, 86, - 3035, 3022, 3023, 3032, 86, 3031, 3033, 3039, 86, 3025, - 86, 3026, 86, 3036, 3037, 3028, 3029, 3038, 86, 3040, - 86, 86, 3044, 3034, 3042, 86, 3041, 86, 3043, 3045, - 3032, 3046, 3031, 3033, 86, 86, 3049, 86, 3047, 3050, - 3036, 3037, 3048, 86, 3038, 3051, 86, 3056, 86, 86, - 86, 3042, 86, 3041, 3052, 3043, 86, 3057, 86, 3053, - 3065, 86, 86, 3063, 86, 3047, 3050, 3060, 86, 3048, - - 3054, 3055, 86, 86, 3056, 86, 86, 3058, 86, 3059, - 86, 3052, 3061, 3062, 86, 3064, 3053, 86, 3066, 86, - 86, 3067, 86, 3069, 3060, 86, 3070, 3054, 3055, 86, - 3068, 86, 3071, 3072, 3058, 3073, 3059, 3076, 3353, 3061, - 3062, 3074, 86, 3075, 3077, 3066, 86, 3080, 3067, 3353, - 86, 3078, 86, 86, 86, 3353, 86, 3068, 86, 3071, - 3072, 3081, 86, 3082, 86, 3079, 86, 86, 3074, 86, - 3075, 3077, 86, 3084, 3080, 3083, 86, 3091, 3078, 3085, - 3086, 86, 3087, 86, 86, 3088, 86, 86, 3081, 3092, - 3082, 86, 3079, 3093, 86, 3095, 86, 3096, 3089, 3090, - - 3084, 3100, 3083, 3094, 3091, 3098, 3085, 3086, 86, 3087, - 86, 86, 3088, 3101, 3097, 86, 3092, 3099, 3353, 86, - 3093, 86, 3102, 3103, 3096, 3089, 3090, 86, 86, 86, - 3094, 86, 3098, 3104, 3105, 3106, 3107, 3110, 3111, 3353, - 86, 3097, 86, 3115, 3099, 86, 3112, 3113, 3353, 3102, - 86, 3114, 3117, 3116, 3353, 86, 3119, 3120, 3118, 3123, - 3104, 3105, 86, 86, 86, 86, 86, 86, 3122, 86, - 3115, 86, 3125, 3126, 86, 86, 3127, 3132, 3114, 86, - 3116, 3121, 3129, 3119, 3120, 3118, 86, 3124, 86, 86, - 86, 86, 86, 3128, 86, 3122, 86, 3130, 3133, 3125, - - 3126, 3131, 3353, 3127, 86, 86, 3134, 3135, 3121, 3129, - 3140, 3142, 3138, 3136, 3124, 86, 3137, 3139, 86, 3141, - 3128, 86, 3147, 86, 3130, 86, 3143, 86, 3131, 86, - 3144, 86, 86, 3134, 3135, 3148, 3145, 3146, 3142, 3149, - 3136, 3150, 86, 3137, 86, 86, 3141, 3151, 3153, 86, - 3152, 3154, 86, 3143, 3155, 3156, 3157, 3144, 86, 3158, - 86, 3159, 86, 3145, 3146, 3160, 3149, 86, 86, 3161, - 86, 3162, 3163, 86, 86, 3153, 3164, 3152, 86, 3165, - 86, 86, 3156, 86, 3166, 3167, 86, 3168, 86, 3169, - 3170, 3172, 86, 3171, 3174, 3173, 86, 86, 86, 86, - - 3175, 86, 86, 86, 86, 86, 3165, 86, 86, 3176, - 3178, 3166, 86, 3177, 3168, 86, 3169, 3170, 86, 3179, - 3171, 3174, 3173, 3180, 3183, 86, 3182, 3175, 86, 3181, - 86, 3184, 3185, 86, 3188, 86, 3176, 86, 3187, 3189, - 3177, 3186, 86, 3353, 3192, 3353, 3179, 86, 86, 3193, - 3180, 3183, 86, 3182, 86, 86, 3181, 3191, 3184, 3190, - 86, 3188, 86, 3194, 86, 3187, 3189, 3196, 3186, 3197, - 86, 3192, 86, 3195, 86, 86, 3193, 3198, 86, 3199, - 3200, 3201, 3204, 3202, 3191, 3203, 3190, 86, 3205, 86, - 3194, 86, 3209, 86, 3196, 86, 3197, 3207, 3206, 3353, - - 3195, 86, 3208, 86, 3198, 86, 86, 86, 86, 3204, - 3202, 86, 3203, 3210, 86, 3205, 3211, 3213, 86, 3209, - 3212, 3220, 3214, 3215, 3207, 3206, 3216, 3218, 86, 3208, - 86, 86, 86, 3217, 3219, 86, 86, 86, 86, 86, - 3210, 3221, 3223, 3211, 3213, 3222, 86, 3212, 3220, 3214, - 3215, 86, 86, 3216, 3218, 3224, 3226, 3227, 3225, 3228, - 3217, 3219, 3229, 86, 86, 86, 86, 3231, 3221, 3223, - 86, 3232, 3222, 3230, 3233, 3234, 3353, 3242, 86, 3235, - 3237, 3236, 86, 3226, 3227, 3225, 3228, 86, 86, 86, - 3238, 86, 3239, 3240, 86, 86, 3245, 86, 3232, 3241, - - 3230, 86, 86, 3243, 86, 3246, 3235, 3237, 3236, 86, - 3244, 86, 86, 3248, 86, 3247, 86, 3238, 86, 3239, - 3240, 3249, 86, 3245, 3250, 86, 3241, 3251, 3252, 3253, - 3243, 3255, 86, 3256, 3254, 86, 86, 3244, 3257, 3258, - 86, 86, 3247, 86, 3259, 3260, 3264, 86, 86, 3353, - 3353, 3250, 3265, 3262, 3251, 86, 3253, 86, 86, 86, - 3256, 3254, 3261, 3263, 3266, 3257, 3258, 86, 86, 3269, - 3270, 86, 3267, 3264, 3268, 86, 86, 86, 86, 86, - 3262, 86, 86, 3272, 3274, 3271, 3273, 3276, 3275, 3261, - 3263, 86, 86, 86, 86, 86, 3269, 3270, 86, 3267, - - 3277, 3268, 86, 3278, 3279, 86, 3283, 3284, 3281, 3280, - 3272, 3274, 3271, 3273, 3276, 3275, 86, 86, 3282, 3285, - 3286, 3287, 86, 3353, 3291, 86, 86, 3277, 3288, 86, - 3278, 86, 3289, 86, 3284, 3281, 3280, 3292, 3293, 3294, - 3295, 3290, 3297, 86, 3296, 3282, 86, 3286, 3287, 86, - 86, 86, 86, 3298, 86, 3288, 86, 3300, 3302, 3289, - 86, 86, 86, 86, 86, 3293, 86, 3295, 3290, 3297, - 3299, 3296, 86, 3301, 3353, 3303, 3304, 3307, 86, 3310, - 3298, 86, 3311, 3308, 3309, 3302, 3353, 3305, 3353, 86, - 3306, 86, 86, 86, 3312, 3314, 86, 3299, 3313, 86, - - 3301, 86, 3303, 86, 3307, 86, 3310, 3315, 86, 3311, - 3308, 3309, 86, 3317, 3305, 3316, 86, 3306, 3318, 3319, - 3353, 3312, 3314, 86, 3321, 3313, 3322, 3320, 3323, 3353, - 3325, 3324, 86, 86, 3315, 3331, 3353, 3329, 3353, 86, - 3317, 86, 3316, 3326, 86, 3318, 3319, 86, 3327, 3333, - 86, 3321, 3328, 86, 3320, 3323, 86, 86, 3324, 86, - 86, 3330, 86, 86, 3329, 3332, 3335, 3334, 86, 86, - 3326, 86, 3336, 86, 86, 3327, 3333, 3337, 3338, 3328, - 86, 3341, 3339, 3340, 3342, 3344, 3343, 3345, 3330, 86, - 86, 86, 3332, 3335, 3334, 3346, 3347, 3348, 3353, 3336, - - 3351, 3353, 3352, 86, 3337, 86, 86, 86, 3341, 3339, - 3340, 86, 86, 3343, 86, 86, 3353, 3349, 86, 86, - 3350, 3353, 3346, 3347, 3348, 86, 3353, 86, 86, 86, - 3353, 3353, 3353, 3353, 3353, 3353, 3353, 3353, 3353, 3353, - 3353, 3353, 3353, 3353, 3349, 3353, 3353, 3350, 47, 47, - 47, 47, 47, 47, 47, 52, 52, 52, 52, 52, - 52, 52, 57, 57, 57, 57, 57, 57, 57, 63, - 63, 63, 63, 63, 63, 63, 68, 68, 68, 68, - 68, 68, 68, 74, 74, 74, 74, 74, 74, 74, - 80, 80, 80, 80, 80, 80, 80, 89, 89, 3353, - - 89, 89, 89, 89, 160, 160, 3353, 3353, 3353, 160, - 160, 162, 162, 3353, 3353, 162, 3353, 162, 164, 3353, - 3353, 3353, 3353, 3353, 164, 167, 167, 3353, 3353, 3353, - 167, 167, 169, 3353, 3353, 3353, 3353, 3353, 169, 171, - 171, 3353, 171, 171, 171, 171, 174, 3353, 3353, 3353, - 3353, 3353, 174, 177, 177, 3353, 3353, 3353, 177, 177, - 90, 90, 3353, 90, 90, 90, 90, 17, 3353, 3353, - 3353, 3353, 3353, 3353, 3353, 3353, 3353, 3353, 3353, 3353, - 3353, 3353, 3353, 3353, 3353, 3353, 3353, 3353, 3353, 3353, - 3353, 3353, 3353, 3353, 3353, 3353, 3353, 3353, 3353, 3353, - - 3353, 3353, 3353, 3353, 3353, 3353, 3353, 3353, 3353, 3353, - 3353, 3353, 3353, 3353, 3353, 3353, 3353, 3353, 3353, 3353, - 3353, 3353, 3353, 3353, 3353, 3353, 3353, 3353, 3353, 3353, - 3353, 3353, 3353, 3353 + 436, 446, 86, 438, 437, 86, 430, 447, 3483, 439, + 445, 448, 444, 3483, 86, 441, 3483, 455, 456, 86, + 440, 3483, 443, 442, 3483, 457, 86, 86, 463, 462, + 469, 86, 3483, 86, 447, 86, 467, 3483, 448, 444, + 449, 468, 86, 450, 455, 456, 464, 86, 451, 452, + 453, 454, 457, 86, 86, 463, 462, 469, 86, 465, + + 466, 86, 470, 3483, 458, 3483, 459, 449, 86, 478, + 450, 471, 476, 464, 472, 451, 452, 453, 454, 460, + 473, 86, 461, 479, 86, 477, 465, 466, 86, 86, + 86, 458, 86, 459, 474, 475, 86, 480, 471, 476, + 481, 472, 482, 86, 86, 86, 460, 473, 483, 461, + 479, 485, 477, 484, 86, 3483, 488, 493, 486, 86, + 487, 474, 475, 86, 480, 86, 86, 481, 86, 482, + 86, 489, 86, 490, 492, 483, 494, 495, 485, 86, + 484, 86, 491, 496, 493, 486, 507, 487, 86, 497, + 498, 3483, 499, 500, 505, 3483, 506, 86, 489, 86, + + 490, 492, 3483, 508, 495, 86, 86, 550, 86, 491, + 496, 501, 86, 563, 86, 509, 497, 498, 86, 499, + 500, 505, 86, 506, 502, 522, 523, 503, 525, 504, + 86, 526, 86, 527, 530, 86, 541, 86, 501, 86, + 86, 542, 509, 86, 524, 86, 86, 86, 528, 540, + 86, 502, 522, 523, 503, 525, 504, 510, 526, 511, + 527, 530, 546, 3483, 529, 512, 539, 86, 86, 513, + 86, 524, 86, 545, 514, 528, 540, 515, 86, 170, + 3483, 543, 547, 86, 510, 548, 511, 549, 544, 546, + 568, 529, 512, 539, 86, 86, 513, 551, 86, 552, + + 545, 514, 86, 86, 515, 516, 86, 517, 543, 547, + 554, 558, 548, 615, 549, 544, 553, 556, 86, 555, + 518, 559, 86, 519, 551, 520, 552, 521, 86, 86, + 3483, 86, 516, 560, 517, 557, 561, 562, 558, 86, + 86, 3483, 86, 553, 556, 86, 555, 518, 559, 86, + 519, 564, 520, 3483, 521, 531, 532, 567, 86, 601, + 560, 566, 557, 561, 562, 533, 534, 535, 536, 537, + 86, 569, 538, 86, 565, 570, 86, 86, 564, 3483, + 86, 86, 531, 532, 567, 571, 86, 3483, 566, 572, + 573, 86, 533, 534, 535, 536, 537, 574, 569, 538, + + 575, 565, 570, 576, 86, 582, 577, 86, 583, 578, + 587, 86, 571, 585, 86, 588, 3483, 586, 86, 86, + 579, 580, 86, 584, 574, 86, 86, 575, 86, 606, + 576, 86, 582, 577, 86, 583, 578, 587, 581, 86, + 585, 590, 588, 589, 586, 86, 602, 579, 580, 603, + 584, 608, 86, 3483, 86, 591, 592, 604, 609, 605, + 607, 86, 3483, 738, 86, 581, 86, 593, 590, 594, + 589, 86, 86, 602, 86, 610, 603, 86, 608, 3483, + 86, 86, 591, 592, 604, 609, 605, 607, 612, 611, + 86, 613, 3483, 614, 593, 86, 594, 595, 617, 86, + + 616, 3483, 610, 618, 3483, 596, 597, 86, 620, 598, + 599, 86, 86, 600, 619, 612, 611, 86, 613, 86, + 614, 623, 86, 624, 595, 617, 621, 616, 622, 86, + 618, 86, 596, 597, 86, 620, 598, 599, 86, 625, + 600, 627, 628, 86, 630, 86, 86, 626, 623, 86, + 624, 629, 631, 621, 633, 622, 86, 634, 632, 86, + 86, 635, 3483, 638, 636, 86, 625, 637, 627, 628, + 639, 630, 86, 86, 626, 86, 86, 86, 629, 631, + 86, 633, 640, 642, 634, 632, 86, 86, 635, 86, + 638, 636, 641, 643, 637, 644, 645, 639, 86, 646, + + 647, 86, 86, 648, 650, 649, 86, 651, 86, 640, + 642, 86, 86, 86, 86, 86, 652, 653, 86, 641, + 643, 654, 644, 645, 655, 656, 646, 647, 657, 86, + 648, 650, 649, 660, 651, 658, 663, 661, 659, 86, + 666, 86, 665, 652, 664, 3483, 662, 86, 654, 86, + 86, 86, 656, 669, 86, 657, 86, 86, 86, 672, + 660, 668, 658, 667, 661, 659, 86, 673, 86, 665, + 675, 664, 86, 662, 86, 86, 670, 671, 3483, 674, + 669, 86, 86, 86, 676, 677, 672, 678, 668, 86, + 667, 86, 86, 86, 673, 86, 688, 675, 687, 691, + + 3483, 86, 86, 670, 671, 86, 674, 86, 690, 689, + 692, 676, 677, 3483, 678, 679, 693, 3483, 3483, 3483, + 680, 86, 681, 688, 698, 687, 691, 86, 682, 694, + 683, 86, 86, 684, 685, 690, 689, 692, 697, 3483, + 686, 86, 679, 693, 695, 701, 86, 680, 696, 681, + 86, 698, 86, 3483, 706, 682, 694, 683, 702, 699, + 684, 685, 700, 86, 704, 697, 86, 686, 703, 705, + 86, 695, 701, 707, 3483, 696, 86, 86, 86, 709, + 86, 706, 710, 3483, 86, 708, 699, 711, 713, 700, + 86, 704, 86, 715, 716, 703, 705, 3483, 712, 714, + + 707, 718, 86, 86, 726, 86, 709, 3483, 722, 710, + 86, 86, 708, 86, 711, 713, 719, 717, 721, 86, + 715, 716, 86, 86, 720, 712, 714, 724, 718, 86, + 86, 723, 86, 725, 86, 722, 86, 727, 729, 732, + 733, 728, 730, 719, 717, 721, 86, 731, 86, 86, + 86, 720, 86, 86, 724, 86, 170, 734, 723, 86, + 725, 735, 737, 86, 727, 729, 732, 733, 728, 730, + 736, 86, 739, 86, 731, 740, 741, 3483, 742, 743, + 745, 86, 744, 3483, 734, 751, 86, 747, 735, 737, + 86, 746, 86, 86, 752, 86, 86, 736, 755, 753, + + 756, 757, 740, 86, 86, 742, 743, 745, 86, 744, + 748, 86, 751, 86, 747, 754, 758, 749, 746, 759, + 750, 760, 768, 766, 764, 86, 86, 86, 86, 86, + 761, 765, 763, 86, 770, 762, 769, 748, 86, 86, + 767, 86, 754, 86, 749, 86, 86, 750, 86, 768, + 766, 764, 773, 86, 774, 86, 86, 772, 765, 763, + 86, 770, 86, 769, 771, 86, 775, 767, 86, 776, + 779, 777, 778, 86, 780, 86, 781, 3483, 785, 773, + 86, 782, 783, 86, 772, 787, 86, 86, 86, 86, + 3483, 771, 86, 775, 86, 795, 776, 779, 777, 778, + + 86, 780, 784, 781, 86, 785, 786, 3483, 782, 783, + 86, 789, 788, 86, 798, 3483, 794, 86, 790, 796, + 797, 86, 795, 791, 86, 86, 792, 793, 86, 784, + 799, 86, 801, 786, 86, 800, 86, 802, 789, 788, + 803, 798, 86, 794, 86, 790, 796, 797, 86, 804, + 791, 3483, 86, 792, 793, 805, 3483, 799, 86, 801, + 808, 807, 800, 809, 810, 811, 812, 803, 816, 86, + 3483, 3483, 3483, 86, 86, 86, 804, 806, 86, 814, + 813, 817, 805, 86, 86, 86, 86, 808, 807, 815, + 809, 810, 811, 812, 86, 86, 86, 818, 822, 86, + + 820, 86, 821, 819, 806, 86, 814, 813, 817, 86, + 823, 86, 824, 86, 825, 3483, 815, 826, 827, 834, + 86, 828, 829, 830, 818, 822, 3483, 820, 833, 821, + 819, 832, 86, 86, 831, 835, 86, 836, 86, 824, + 837, 825, 86, 839, 86, 86, 86, 86, 828, 829, + 830, 86, 838, 86, 86, 833, 3483, 86, 832, 842, + 843, 831, 835, 840, 86, 86, 844, 837, 841, 86, + 839, 847, 849, 86, 86, 848, 3483, 851, 850, 838, + 845, 846, 856, 86, 86, 852, 842, 843, 86, 853, + 86, 854, 860, 844, 3483, 86, 862, 861, 857, 849, + + 86, 864, 848, 86, 851, 850, 855, 845, 846, 86, + 858, 86, 852, 86, 86, 86, 853, 863, 854, 86, + 859, 865, 86, 862, 86, 857, 86, 866, 864, 86, + 867, 868, 86, 855, 869, 871, 872, 858, 870, 86, + 86, 3483, 86, 86, 863, 3483, 86, 859, 865, 873, + 3483, 874, 86, 881, 866, 875, 882, 867, 868, 876, + 879, 869, 871, 86, 877, 870, 878, 86, 86, 86, + 3483, 86, 86, 86, 86, 86, 873, 880, 874, 883, + 884, 3483, 875, 882, 886, 86, 876, 879, 885, 86, + 86, 877, 86, 878, 887, 86, 86, 888, 890, 889, + + 3483, 891, 86, 896, 880, 897, 883, 884, 86, 86, + 86, 886, 895, 892, 893, 885, 86, 901, 3483, 894, + 86, 887, 86, 899, 888, 890, 889, 86, 891, 898, + 896, 86, 897, 86, 86, 900, 86, 903, 902, 895, + 892, 893, 904, 86, 901, 908, 894, 905, 907, 906, + 899, 86, 86, 86, 3483, 86, 898, 909, 910, 86, + 911, 86, 900, 86, 903, 902, 912, 86, 86, 904, + 913, 914, 908, 916, 905, 907, 906, 86, 915, 86, + 918, 917, 86, 919, 909, 910, 86, 911, 86, 920, + 921, 86, 3483, 912, 924, 86, 86, 913, 914, 86, + + 916, 922, 928, 927, 935, 915, 923, 918, 917, 86, + 925, 170, 86, 926, 86, 86, 920, 921, 931, 86, + 932, 924, 86, 929, 86, 933, 86, 934, 922, 86, + 927, 930, 936, 923, 937, 86, 86, 925, 938, 86, + 926, 941, 86, 86, 939, 86, 86, 932, 942, 86, + 929, 940, 933, 86, 934, 944, 943, 86, 930, 936, + 86, 937, 946, 3483, 86, 938, 945, 86, 86, 86, + 3483, 939, 954, 86, 3483, 942, 86, 3483, 940, 3483, + 955, 957, 944, 943, 86, 3483, 3483, 3483, 956, 946, + 86, 959, 3483, 945, 947, 958, 3483, 948, 967, 954, + + 3483, 949, 86, 961, 950, 86, 86, 955, 957, 86, + 962, 951, 952, 964, 953, 956, 86, 963, 959, 86, + 968, 947, 958, 960, 948, 967, 86, 977, 949, 86, + 961, 950, 966, 965, 86, 3483, 86, 962, 951, 952, + 964, 953, 86, 86, 963, 86, 976, 979, 980, 86, + 960, 3483, 86, 86, 977, 981, 86, 978, 86, 966, + 965, 969, 970, 86, 971, 3483, 3483, 972, 984, 982, + 3483, 86, 973, 976, 979, 980, 986, 3483, 974, 975, + 989, 988, 981, 86, 978, 983, 1015, 86, 969, 970, + 86, 971, 86, 985, 972, 984, 982, 987, 86, 973, + + 993, 86, 992, 986, 86, 974, 975, 989, 988, 86, + 990, 994, 983, 995, 997, 991, 3483, 996, 86, 1000, + 985, 998, 86, 86, 987, 999, 86, 993, 1001, 992, + 1005, 1003, 1021, 1004, 1002, 86, 86, 86, 994, 86, + 995, 997, 86, 86, 996, 86, 86, 86, 998, 86, + 1007, 1006, 999, 86, 1008, 1001, 86, 1005, 1003, 86, + 1004, 1002, 1009, 1010, 86, 1011, 1012, 1013, 1014, 86, + 1017, 1023, 3483, 86, 86, 86, 86, 1007, 1006, 1016, + 86, 1008, 86, 1018, 1025, 1020, 1024, 1026, 1019, 1009, + 1010, 86, 1011, 1012, 1013, 1014, 1022, 86, 1027, 1028, + + 1029, 86, 1030, 86, 86, 1031, 1016, 86, 86, 1033, + 3483, 86, 1020, 1024, 1026, 86, 86, 1034, 86, 86, + 1038, 1032, 1039, 1022, 86, 1027, 1028, 86, 1036, 86, + 86, 86, 1031, 1035, 1040, 1037, 1033, 86, 1041, 86, + 86, 1042, 86, 86, 1034, 1044, 3483, 86, 1032, 1039, + 1043, 1045, 1047, 86, 1046, 1036, 1049, 86, 86, 3483, + 1035, 1040, 1037, 86, 1048, 86, 1050, 1053, 1052, 86, + 86, 1051, 1044, 86, 86, 1054, 3483, 1043, 1045, 1047, + 86, 1046, 86, 1049, 86, 86, 1057, 1055, 86, 86, + 1079, 1048, 1056, 1050, 1053, 1052, 1058, 1059, 1051, 1060, + + 1061, 1062, 1054, 86, 1065, 86, 1063, 1066, 86, 1067, + 86, 3483, 86, 1057, 1064, 86, 1068, 86, 3483, 86, + 3483, 3483, 86, 1058, 1059, 1070, 1060, 1061, 1062, 86, + 86, 1065, 86, 1063, 86, 1071, 1067, 1074, 86, 1069, + 1073, 1064, 86, 1068, 1072, 86, 1075, 86, 1077, 86, + 86, 1076, 1070, 1078, 1080, 86, 3483, 86, 1084, 3483, + 1087, 86, 1071, 1083, 1074, 1085, 1069, 1073, 1081, 1082, + 1088, 1072, 86, 1075, 86, 1077, 86, 86, 1076, 86, + 1078, 1080, 86, 86, 86, 1084, 1086, 1087, 1091, 1093, + 1083, 1090, 1085, 1089, 1098, 1081, 1082, 86, 86, 86, + + 1092, 86, 1094, 1096, 1099, 1095, 86, 86, 86, 86, + 86, 86, 1097, 1086, 1101, 1091, 1093, 1103, 1090, 86, + 1089, 1100, 1102, 1104, 86, 1105, 86, 1092, 3483, 1094, + 1096, 1106, 1095, 1107, 86, 86, 86, 1108, 1113, 1097, + 1110, 86, 1112, 1114, 1103, 1109, 86, 1111, 1100, 1102, + 1116, 1117, 86, 86, 86, 86, 1115, 86, 1106, 86, + 1107, 1118, 86, 1120, 1108, 86, 3483, 1110, 86, 1112, + 86, 3483, 1109, 1121, 1111, 86, 1122, 1116, 1117, 1119, + 86, 1123, 86, 1115, 1126, 1128, 86, 1129, 1132, 1127, + 86, 1130, 3483, 86, 1124, 86, 1125, 86, 86, 1131, + + 1121, 1134, 1133, 1122, 86, 86, 1119, 1136, 1123, 86, + 86, 1137, 1128, 1146, 1129, 1132, 170, 86, 1130, 1135, + 86, 1124, 86, 1125, 86, 86, 1131, 1139, 1134, 1133, + 1138, 3483, 1147, 86, 1136, 1148, 1149, 86, 1137, 86, + 1146, 1150, 1151, 86, 3483, 1175, 1135, 86, 1154, 1173, + 3483, 1156, 1207, 3483, 1139, 86, 1157, 1138, 1140, 1147, + 1141, 1152, 1148, 86, 1142, 86, 1143, 1153, 1150, 1151, + 86, 1144, 86, 86, 1158, 1154, 1145, 1155, 1179, 86, + 86, 86, 86, 86, 1159, 1140, 86, 1141, 1152, 3483, + 86, 1142, 86, 1143, 1153, 1160, 1162, 86, 1144, 1163, + + 1165, 1158, 1166, 1145, 1155, 1179, 1167, 1161, 86, 1164, + 1168, 1159, 1169, 1170, 1171, 86, 86, 1174, 86, 86, + 1172, 86, 1160, 1162, 86, 86, 1163, 1165, 1177, 1166, + 1188, 86, 1189, 1167, 1161, 86, 1164, 1168, 1178, 1169, + 1170, 1171, 86, 86, 1180, 86, 1193, 1172, 1190, 86, + 3483, 1191, 3483, 86, 86, 1192, 1197, 1188, 3483, 1189, + 86, 86, 1198, 3483, 86, 1178, 86, 1194, 86, 1195, + 86, 1180, 1181, 1193, 1196, 1190, 1200, 1182, 1191, 1183, + 86, 86, 1192, 1197, 1199, 1184, 86, 86, 1201, 1198, + 1185, 1186, 1202, 1203, 1194, 86, 1195, 1187, 86, 1181, + + 1205, 1196, 86, 1204, 1182, 1208, 1183, 86, 86, 86, + 86, 1199, 1184, 1206, 86, 1201, 1209, 1185, 1186, 1202, + 1203, 1210, 86, 86, 1187, 1211, 3483, 1205, 86, 1212, + 1204, 1214, 1208, 1213, 1215, 1216, 1217, 86, 1221, 3483, + 1206, 1218, 3483, 1209, 86, 86, 1219, 1222, 3483, 86, + 1220, 3483, 1211, 86, 1224, 86, 1212, 86, 1214, 86, + 1213, 86, 1216, 1217, 86, 86, 86, 1223, 1218, 1226, + 86, 1225, 1227, 1219, 1222, 86, 86, 1220, 86, 86, + 1228, 1224, 86, 1229, 1230, 1231, 1233, 1232, 3483, 1234, + 1235, 3483, 1247, 3483, 1223, 86, 1226, 86, 1225, 1227, + + 86, 86, 86, 86, 1237, 1238, 86, 1228, 1236, 1239, + 1229, 1230, 1231, 86, 1232, 86, 1234, 1235, 86, 1240, + 1242, 1241, 86, 1243, 86, 1245, 86, 1244, 86, 1246, + 3483, 1237, 1238, 86, 3483, 1236, 1239, 1250, 3483, 1248, + 3483, 1249, 86, 86, 1263, 86, 1240, 1242, 1241, 86, + 1243, 86, 1245, 86, 1244, 86, 1246, 86, 1251, 1256, + 1252, 1257, 1259, 1260, 1250, 1253, 1248, 1254, 1249, 86, + 1255, 1258, 86, 86, 86, 1262, 86, 1261, 86, 1265, + 3483, 1269, 3483, 86, 3483, 1251, 1256, 86, 1257, 1259, + 1260, 86, 86, 86, 1254, 1266, 1264, 1255, 1258, 1267, + + 1268, 1274, 1262, 86, 1261, 86, 1270, 86, 1269, 1271, + 1272, 86, 86, 86, 1273, 1277, 1275, 1276, 1281, 86, + 1282, 86, 1266, 1264, 1278, 86, 1267, 1268, 1274, 1279, + 86, 86, 86, 1270, 1280, 1283, 1271, 1272, 86, 86, + 86, 1273, 1277, 1275, 1276, 86, 1285, 86, 1284, 1287, + 86, 1278, 1286, 86, 1291, 86, 1279, 86, 86, 1288, + 1290, 1280, 1283, 1292, 1289, 1293, 1294, 86, 86, 1296, + 86, 86, 1295, 1285, 1298, 1284, 1287, 3483, 86, 1286, + 1297, 1291, 1299, 1300, 86, 1302, 1288, 1290, 86, 1301, + 3483, 1289, 86, 1294, 86, 86, 86, 86, 1303, 1295, + + 1304, 86, 86, 1305, 86, 1306, 86, 1297, 1311, 1299, + 1300, 1308, 1309, 1307, 1314, 1316, 1301, 86, 1310, 86, + 86, 86, 86, 86, 86, 1303, 1312, 86, 1313, 86, + 1305, 1317, 1306, 1320, 1318, 1311, 86, 86, 1308, 1309, + 1307, 1314, 86, 1315, 1319, 1310, 86, 86, 86, 1321, + 1324, 86, 1322, 1312, 1323, 1313, 1327, 86, 1326, 86, + 86, 1318, 1331, 86, 1328, 86, 86, 86, 1332, 86, + 1315, 1319, 86, 1329, 86, 86, 1321, 1324, 1330, 1322, + 1333, 1323, 1334, 1327, 1337, 1326, 86, 86, 1336, 86, + 1335, 1328, 1339, 1338, 1340, 1332, 86, 170, 1341, 1342, + + 1329, 86, 86, 1343, 86, 1330, 86, 1333, 86, 1334, + 1344, 1337, 86, 1345, 86, 1336, 1346, 1335, 3483, 1339, + 1338, 1340, 1347, 1348, 86, 86, 1342, 1352, 1349, 1351, + 3483, 1350, 3483, 3483, 1355, 86, 1357, 1354, 86, 86, + 1345, 86, 86, 1346, 86, 86, 86, 86, 1361, 1347, + 1348, 86, 1353, 1358, 1352, 1349, 1351, 86, 1350, 1356, + 86, 1355, 1359, 86, 1354, 1360, 86, 86, 3483, 86, + 1367, 86, 1368, 1363, 1362, 1361, 1370, 86, 3483, 1353, + 1358, 86, 1364, 1369, 1365, 3483, 1356, 1366, 1371, 1359, + 1377, 1372, 1360, 86, 1374, 86, 1373, 1367, 86, 1368, + + 1363, 1362, 86, 86, 86, 86, 1376, 1375, 86, 1364, + 1369, 1365, 86, 1379, 1366, 1371, 86, 1377, 1372, 1378, + 86, 1374, 1380, 1373, 86, 1381, 1382, 86, 86, 1383, + 1384, 3483, 1385, 1376, 1375, 3483, 1386, 86, 86, 1388, + 1379, 1387, 86, 3483, 86, 3483, 1378, 1389, 86, 1380, + 1391, 1390, 1381, 1382, 86, 1392, 1383, 86, 86, 1385, + 1394, 86, 86, 1386, 1393, 1396, 1388, 86, 1387, 86, + 86, 1395, 86, 1397, 1389, 86, 1398, 1391, 1390, 1403, + 1399, 1400, 1392, 86, 86, 86, 86, 1394, 86, 1401, + 86, 1393, 1396, 1402, 1404, 1405, 1406, 1407, 1395, 3483, + + 1397, 86, 86, 1398, 1408, 86, 1412, 1399, 1400, 86, + 86, 86, 86, 1409, 86, 1413, 1401, 1410, 86, 1414, + 1402, 1404, 1405, 1406, 1407, 86, 86, 1411, 86, 86, + 1415, 1408, 1417, 1412, 1418, 3483, 1416, 1422, 1421, 1420, + 1409, 3483, 1419, 1427, 1410, 86, 1414, 86, 86, 86, + 86, 1423, 86, 86, 1411, 1426, 1424, 86, 1428, 1417, + 86, 1418, 86, 1416, 1422, 1421, 1420, 1425, 86, 1419, + 1427, 1437, 1438, 1436, 1440, 86, 1442, 3483, 3483, 1439, + 1452, 3483, 1426, 86, 86, 1428, 3483, 86, 1443, 86, + 3483, 1441, 1444, 3483, 1425, 1429, 86, 1445, 1437, 1430, + + 1436, 1440, 1431, 1432, 86, 86, 1439, 1433, 86, 86, + 86, 1447, 86, 1434, 86, 1443, 1458, 1435, 1441, 1444, + 1450, 86, 1429, 86, 1445, 1446, 1430, 86, 1453, 1431, + 1432, 86, 1451, 1448, 1433, 1449, 1454, 86, 1447, 1455, + 1434, 86, 1457, 86, 1435, 1456, 86, 1450, 86, 1459, + 1461, 86, 1446, 1460, 3483, 1453, 1467, 86, 86, 1451, + 1448, 86, 1449, 1454, 3483, 1473, 1455, 3483, 1469, 1457, + 3483, 1468, 1456, 86, 1472, 86, 1475, 1461, 86, 3483, + 1460, 86, 1462, 1467, 86, 86, 1476, 1463, 86, 1464, + 86, 1465, 1473, 1466, 86, 1469, 1470, 1471, 1468, 1474, + + 86, 1472, 1477, 1475, 86, 1479, 1481, 1478, 1482, 1462, + 1480, 86, 1483, 1476, 1463, 86, 1464, 1487, 1465, 1484, + 1466, 86, 3483, 86, 1488, 86, 1474, 86, 86, 1486, + 86, 3483, 1479, 1481, 86, 1482, 1485, 1480, 1489, 1483, + 1490, 1492, 86, 1493, 86, 3483, 1484, 1491, 1498, 86, + 86, 1488, 1494, 86, 86, 1495, 1486, 86, 1496, 1497, + 86, 86, 1500, 1485, 86, 1489, 1499, 1490, 1492, 86, + 1493, 1501, 86, 1502, 1491, 86, 1504, 1503, 86, 1494, + 1506, 86, 1495, 1505, 86, 1496, 1497, 1507, 1508, 86, + 1509, 1510, 1513, 1499, 86, 3483, 86, 86, 1501, 86, + + 1502, 86, 1511, 1504, 1503, 1512, 1516, 86, 86, 1518, + 1505, 86, 1515, 86, 1507, 86, 86, 1509, 1510, 86, + 1514, 1517, 86, 1519, 1520, 1522, 1524, 86, 86, 1511, + 86, 1521, 1512, 1516, 86, 1523, 1526, 1530, 86, 1515, + 3483, 86, 86, 1525, 1527, 86, 3483, 1514, 1517, 86, + 1519, 1520, 1522, 1524, 1528, 1529, 86, 1531, 1521, 86, + 1532, 86, 1523, 1526, 1530, 86, 86, 1533, 1536, 1534, + 1525, 1527, 1535, 86, 1538, 1539, 1537, 86, 86, 86, + 1542, 1528, 1529, 1540, 1531, 3483, 86, 1532, 86, 86, + 86, 1541, 1544, 86, 1533, 1536, 1534, 1543, 1545, 1535, + + 86, 1546, 1547, 1537, 1548, 86, 86, 86, 1549, 86, + 1540, 1551, 86, 86, 86, 86, 1550, 86, 1541, 1544, + 1552, 1554, 1555, 170, 1543, 1545, 86, 86, 86, 1547, + 1553, 1548, 3483, 86, 86, 1549, 1557, 1556, 1551, 1558, + 1562, 3483, 1560, 1550, 1561, 1559, 1563, 1552, 1565, 86, + 3483, 86, 86, 86, 86, 86, 1564, 1553, 86, 86, + 1567, 1570, 86, 1566, 1556, 86, 1558, 1562, 86, 1560, + 86, 1561, 1559, 1563, 86, 1565, 1568, 1569, 1571, 1572, + 1577, 1573, 86, 1564, 1576, 86, 1574, 1567, 86, 86, + 1566, 1575, 3483, 86, 1578, 1586, 1579, 1585, 86, 86, + + 1580, 86, 1588, 1568, 1569, 1571, 1572, 1577, 1573, 86, + 1589, 1576, 86, 86, 1581, 86, 1583, 1582, 86, 1584, + 86, 1578, 1586, 1579, 1585, 1591, 86, 1580, 1593, 1587, + 1592, 1590, 1609, 86, 86, 3483, 86, 1589, 86, 1594, + 86, 1581, 86, 1583, 1582, 1595, 1584, 86, 1596, 1597, + 1598, 1600, 1602, 1599, 86, 1593, 1587, 86, 1590, 86, + 86, 1601, 1606, 3483, 86, 86, 1594, 1605, 86, 3483, + 86, 86, 1595, 86, 1603, 1596, 1597, 1598, 1600, 1602, + 1599, 1604, 1607, 86, 1608, 86, 1612, 1610, 1601, 1606, + 86, 86, 86, 86, 1605, 1611, 1615, 1616, 1613, 86, + + 1614, 1603, 86, 86, 86, 3483, 1617, 1618, 1604, 1607, + 86, 1608, 86, 1612, 1610, 1622, 1623, 1621, 1624, 86, + 1626, 1619, 1611, 1615, 1616, 1613, 86, 1614, 86, 86, + 86, 1620, 1625, 1617, 1618, 86, 86, 86, 1627, 86, + 1628, 86, 1622, 1623, 1621, 1624, 86, 1626, 1619, 1629, + 3483, 1630, 1631, 1632, 1633, 1634, 1636, 1637, 1620, 1625, + 1638, 86, 86, 1635, 1641, 86, 3483, 1639, 3483, 1640, + 86, 3483, 86, 1646, 86, 1642, 1629, 86, 1630, 86, + 1632, 1633, 1634, 1643, 1645, 86, 86, 1648, 86, 86, + 1635, 86, 86, 86, 1639, 86, 1640, 1644, 86, 86, + + 1646, 86, 1642, 1647, 3483, 1649, 86, 86, 1651, 1650, + 1643, 1645, 1652, 1653, 1648, 86, 86, 1654, 1655, 1660, + 1668, 3483, 1659, 1656, 1644, 86, 86, 86, 1657, 86, + 1647, 86, 1649, 1658, 86, 1651, 1650, 1664, 1663, 1652, + 1653, 1666, 3483, 1661, 1654, 86, 1660, 1662, 86, 1659, + 86, 86, 86, 1665, 1667, 86, 86, 1669, 1672, 86, + 86, 86, 1670, 86, 1664, 1663, 1671, 86, 1666, 86, + 1661, 1674, 1675, 1682, 1662, 1673, 1681, 3483, 1676, 86, + 1665, 1667, 86, 86, 1669, 86, 86, 1677, 1678, 1670, + 86, 1679, 86, 1671, 1680, 86, 86, 1683, 1674, 86, + + 1682, 1684, 1673, 1681, 86, 1676, 1688, 86, 1685, 1686, + 1689, 1687, 1690, 1692, 1677, 1678, 86, 86, 1679, 1691, + 1705, 1680, 1698, 86, 1683, 86, 86, 86, 1684, 1693, + 1694, 86, 1699, 86, 86, 1685, 1686, 86, 1687, 1690, + 1692, 1695, 86, 1700, 86, 1696, 1691, 86, 1703, 1698, + 1702, 1704, 86, 1701, 86, 86, 1693, 1694, 1697, 1699, + 86, 86, 1706, 3483, 1708, 1707, 86, 1709, 1695, 1713, + 1700, 1716, 1696, 86, 86, 86, 1710, 1702, 1704, 86, + 1701, 1711, 1715, 1719, 1712, 1697, 86, 86, 86, 1706, + 86, 1708, 1707, 86, 1709, 1714, 1713, 1717, 86, 86, + + 1720, 1718, 86, 1710, 1721, 86, 86, 86, 1711, 3483, + 1719, 1712, 1722, 1723, 86, 1725, 1730, 1724, 1726, 86, + 1727, 3483, 1714, 86, 1717, 1728, 86, 1720, 1718, 86, + 1731, 86, 1729, 3483, 1733, 1781, 86, 3483, 86, 1722, + 86, 86, 86, 1730, 1724, 1726, 1732, 1727, 86, 86, + 1734, 3483, 1728, 86, 1737, 1736, 1738, 1731, 1735, 1729, + 86, 1733, 86, 86, 86, 1739, 1740, 86, 1742, 86, + 1741, 1744, 1743, 1732, 86, 1745, 86, 1734, 86, 86, + 86, 1737, 1736, 1738, 86, 1735, 1748, 1746, 1750, 3483, + 3483, 86, 1739, 1740, 1747, 1742, 1751, 1741, 1744, 1743, + + 86, 86, 1745, 86, 1749, 1752, 3483, 1753, 86, 1756, + 1755, 1760, 86, 1748, 1746, 86, 86, 1754, 86, 86, + 1757, 1747, 86, 1751, 1759, 86, 1761, 1758, 1762, 1764, + 1763, 1749, 1752, 86, 1753, 86, 1756, 1755, 86, 1765, + 170, 3483, 86, 86, 1754, 1766, 86, 1757, 86, 1769, + 86, 1759, 86, 1761, 1758, 1762, 1764, 1763, 86, 1767, + 1768, 1770, 86, 86, 1771, 3483, 1765, 86, 1773, 1775, + 1772, 1774, 1766, 1778, 3483, 86, 1769, 1779, 86, 1777, + 86, 1776, 1782, 1780, 1783, 1785, 1767, 1768, 1770, 86, + 86, 1771, 86, 1787, 1784, 1773, 86, 1772, 1774, 86, + + 1778, 86, 86, 1786, 1779, 86, 1777, 86, 1776, 1782, + 1780, 86, 86, 1788, 86, 1789, 86, 1790, 86, 1791, + 1787, 1784, 1793, 1792, 1795, 1794, 3483, 1796, 1803, 1797, + 1786, 86, 1798, 3483, 1799, 86, 86, 86, 86, 1807, + 1788, 86, 1789, 86, 1790, 86, 1791, 86, 86, 1793, + 1792, 1795, 1794, 86, 1796, 1800, 1797, 86, 1801, 1798, + 86, 1799, 1804, 1811, 1805, 1808, 1807, 1809, 1812, 86, + 1802, 1810, 1813, 1817, 1814, 3483, 1815, 3483, 3483, 86, + 1806, 3483, 1800, 1816, 86, 1801, 1818, 86, 86, 1804, + 86, 1805, 1808, 1824, 1809, 86, 86, 1802, 1810, 1823, + + 86, 1814, 86, 1815, 86, 86, 1819, 1806, 86, 86, + 1816, 1821, 1820, 1818, 1825, 1822, 1827, 1830, 1826, 86, + 86, 86, 86, 86, 1828, 86, 1823, 1829, 86, 1833, + 1831, 3483, 1832, 1819, 1836, 1834, 86, 1837, 1821, 1820, + 86, 86, 1822, 86, 86, 1826, 86, 86, 86, 86, + 86, 1828, 86, 1835, 1829, 1838, 1833, 1831, 1839, 1832, + 86, 1836, 1834, 1840, 1837, 86, 1841, 86, 86, 1842, + 1843, 1844, 1845, 1846, 1848, 1850, 1849, 1851, 86, 3483, + 1835, 1847, 1838, 86, 86, 1839, 86, 86, 86, 86, + 1840, 86, 1852, 1841, 86, 86, 1842, 1843, 1844, 1845, + + 1846, 1853, 1850, 1849, 1851, 86, 86, 86, 1847, 1854, + 1855, 1856, 1857, 3483, 1858, 1862, 1860, 86, 1859, 1852, + 1861, 3483, 1864, 86, 86, 3483, 1863, 86, 1853, 86, + 86, 1865, 1866, 86, 86, 1867, 86, 1855, 1856, 1857, + 86, 1858, 1862, 1860, 86, 1859, 1868, 1861, 1872, 1864, + 86, 86, 1871, 1863, 86, 1869, 1873, 86, 1865, 1866, + 1870, 1874, 1867, 1875, 1878, 1876, 3483, 86, 1880, 1877, + 1879, 3483, 86, 1868, 86, 1872, 86, 1881, 86, 1871, + 1883, 1882, 1869, 86, 86, 1886, 1884, 1870, 86, 1885, + 1875, 86, 1876, 86, 86, 1880, 1877, 1879, 1887, 86, + + 86, 1890, 86, 86, 1881, 86, 86, 1883, 1882, 1892, + 1891, 1888, 1886, 1884, 1889, 3483, 1885, 1893, 1894, 86, + 1896, 1895, 1898, 1897, 86, 1887, 3483, 1899, 1890, 86, + 86, 1900, 86, 86, 86, 1904, 86, 1901, 1888, 1906, + 3483, 1889, 86, 1907, 1893, 1894, 1903, 1896, 1895, 1902, + 1897, 86, 86, 86, 86, 86, 1905, 86, 1900, 3483, + 1908, 86, 1904, 3483, 1901, 86, 1906, 86, 1913, 1912, + 1907, 1915, 1910, 1903, 1909, 1911, 1902, 86, 1914, 1918, + 86, 1922, 1919, 1905, 86, 1921, 86, 1908, 1916, 1924, + 86, 86, 86, 1917, 86, 1913, 1912, 1925, 1915, 1910, + + 1926, 1909, 1911, 1920, 1927, 1914, 1918, 86, 86, 1919, + 1923, 1928, 1921, 86, 1929, 1931, 86, 86, 1930, 86, + 86, 1932, 86, 1936, 1933, 86, 3483, 1926, 86, 86, + 1920, 1927, 3483, 1934, 1941, 86, 1938, 1923, 86, 1935, + 1937, 1929, 1931, 86, 86, 1930, 1939, 1942, 1943, 1940, + 1945, 1933, 1944, 86, 86, 86, 86, 86, 1946, 86, + 1934, 1941, 86, 1938, 86, 86, 1935, 1937, 86, 1947, + 86, 86, 1948, 1939, 1942, 1943, 1940, 1945, 1950, 1944, + 1951, 1952, 86, 3483, 1953, 1946, 1957, 1954, 1955, 1958, + 1956, 1959, 1962, 1949, 86, 86, 1947, 86, 86, 86, + + 1960, 86, 1963, 86, 1966, 86, 3483, 1961, 1952, 1965, + 86, 86, 86, 86, 1954, 1955, 1958, 1956, 86, 1962, + 1949, 1964, 1968, 86, 1969, 1970, 86, 1960, 86, 86, + 1967, 1966, 86, 1976, 1961, 1971, 1965, 86, 1972, 86, + 1973, 1975, 1974, 86, 86, 86, 86, 1977, 1964, 1968, + 1981, 1969, 1970, 1978, 86, 1979, 170, 1967, 86, 1982, + 1976, 86, 1971, 1980, 1983, 1972, 86, 1973, 1975, 1974, + 86, 86, 86, 1984, 86, 1986, 1988, 86, 1985, 1989, + 1978, 1997, 1979, 86, 86, 1987, 1982, 1990, 86, 1991, + 1980, 1983, 86, 86, 86, 1992, 86, 1993, 1994, 1996, + + 1984, 1995, 1986, 1998, 1999, 1985, 1989, 2000, 86, 2001, + 86, 2002, 1987, 86, 1990, 2003, 1991, 86, 86, 86, + 86, 86, 86, 86, 1993, 86, 1996, 2006, 1995, 2007, + 86, 1999, 86, 86, 2000, 2004, 2001, 2005, 2002, 2008, + 2009, 2010, 2003, 2011, 86, 2012, 86, 2019, 2020, 86, + 3483, 86, 2014, 86, 2006, 86, 2007, 86, 2013, 86, + 2017, 2018, 2004, 86, 2005, 86, 2008, 2009, 2010, 2015, + 2011, 2021, 2012, 86, 86, 2022, 2016, 86, 2023, 2014, + 86, 2024, 86, 86, 2026, 2013, 86, 2017, 2018, 2029, + 2025, 86, 86, 2027, 2030, 2028, 2015, 86, 2021, 2031, + + 2032, 2033, 2022, 2016, 2034, 2023, 86, 86, 2024, 86, + 2037, 2026, 2035, 2036, 2040, 86, 2029, 2025, 86, 86, + 2027, 86, 2028, 2038, 2039, 2041, 86, 2032, 86, 2043, + 86, 2034, 2044, 2042, 3483, 2047, 2049, 86, 86, 2035, + 2036, 2040, 86, 2045, 2046, 86, 86, 2050, 2048, 2057, + 2038, 2053, 2051, 2078, 86, 86, 86, 86, 86, 2044, + 2042, 86, 86, 2049, 86, 2054, 2052, 2056, 86, 2055, + 2045, 2046, 86, 86, 86, 2048, 2065, 3483, 2053, 2051, + 86, 86, 2063, 2058, 2059, 2060, 3483, 86, 2069, 86, + 2061, 86, 2054, 2052, 2056, 86, 2055, 2062, 86, 2064, + + 2066, 86, 2070, 2071, 86, 2072, 86, 86, 86, 2063, + 2058, 2059, 2060, 2067, 86, 2069, 2074, 2061, 2068, 2073, + 2075, 86, 2079, 86, 2062, 2080, 2064, 2066, 86, 2070, + 2071, 86, 2072, 2076, 2082, 2077, 2081, 2084, 86, 86, + 86, 86, 2083, 86, 2086, 86, 2073, 2075, 86, 2079, + 2085, 86, 2080, 2087, 2088, 86, 2089, 86, 2091, 2090, + 2076, 2082, 2077, 2081, 86, 86, 2093, 2092, 86, 2083, + 2094, 86, 86, 2095, 86, 2096, 86, 2085, 86, 2102, + 2087, 2088, 2099, 2089, 2103, 86, 2090, 2097, 2098, 86, + 86, 2100, 86, 86, 2092, 86, 2101, 2094, 2110, 2105, + + 2095, 86, 2096, 2104, 2106, 86, 2102, 86, 86, 2099, + 86, 2109, 2107, 2108, 2097, 2098, 86, 2112, 2100, 86, + 2111, 86, 2113, 2101, 2114, 86, 2105, 2119, 2116, 86, + 2104, 2115, 86, 2118, 86, 86, 86, 86, 2120, 2107, + 2108, 2117, 86, 86, 2112, 2121, 86, 2111, 2124, 2113, + 86, 2114, 86, 86, 2119, 2116, 2122, 2123, 2115, 2126, + 2118, 2129, 2127, 86, 2125, 2128, 86, 86, 2117, 86, + 86, 86, 2130, 2131, 2132, 2124, 2135, 86, 2134, 2133, + 86, 2148, 86, 2122, 2123, 86, 2126, 86, 86, 2127, + 2136, 2125, 2128, 2137, 2141, 2138, 3483, 86, 2143, 2130, + + 2131, 2132, 86, 2135, 86, 2134, 2133, 2139, 86, 2142, + 2145, 86, 2140, 86, 2153, 86, 2144, 2136, 86, 2146, + 86, 86, 2138, 86, 86, 2143, 86, 2151, 2147, 2149, + 2150, 2152, 86, 2154, 2139, 86, 2142, 2145, 86, 2140, + 2155, 86, 86, 2144, 2156, 86, 2146, 2160, 2157, 86, + 2161, 2164, 2165, 2158, 2151, 2147, 2149, 2150, 2152, 86, + 2154, 2159, 86, 86, 86, 2162, 2168, 2155, 86, 2167, + 2163, 2156, 2166, 86, 86, 2157, 2169, 86, 2171, 2170, + 2158, 86, 2178, 86, 86, 2172, 2175, 2173, 2159, 2177, + 2174, 86, 86, 2168, 86, 2191, 2167, 86, 2176, 2166, + + 86, 86, 2179, 86, 2180, 2171, 2170, 2182, 86, 86, + 86, 86, 2172, 86, 2173, 2181, 2184, 2174, 86, 2185, + 2183, 86, 86, 3483, 86, 2176, 2186, 86, 2187, 2179, + 2188, 2180, 2189, 2190, 2182, 86, 2193, 170, 3483, 3483, + 86, 86, 2181, 2184, 2192, 2194, 2185, 2183, 2196, 2195, + 86, 3483, 2199, 2186, 86, 2187, 2197, 86, 86, 86, + 2190, 3483, 2198, 2193, 2202, 86, 86, 86, 2203, 2200, + 86, 2192, 2194, 2201, 2204, 2196, 2195, 86, 86, 2199, + 86, 2205, 2206, 2197, 86, 2208, 86, 2207, 86, 2198, + 2209, 2202, 86, 2211, 3483, 86, 2200, 86, 2210, 2212, + + 2201, 2204, 86, 86, 86, 2213, 2215, 86, 2205, 2206, + 2216, 86, 86, 2214, 2207, 2217, 86, 2209, 2218, 86, + 2211, 2219, 2222, 3483, 2225, 2210, 2212, 86, 86, 3483, + 2220, 86, 2213, 86, 86, 86, 2223, 2216, 86, 2224, + 2214, 2221, 2217, 2226, 2227, 2218, 86, 2228, 2219, 2222, + 86, 2225, 2231, 86, 86, 2229, 86, 2220, 2230, 86, + 2232, 86, 2233, 2223, 2234, 2236, 2224, 2237, 2221, 2235, + 2226, 2227, 86, 86, 2228, 86, 2238, 86, 86, 86, + 2239, 86, 2229, 2240, 86, 2230, 86, 2232, 2241, 2233, + 2242, 2234, 2236, 2243, 2244, 2247, 2235, 86, 2245, 86, + + 2246, 2248, 3483, 2238, 86, 2249, 86, 2239, 86, 2250, + 2240, 2253, 86, 2254, 2251, 2241, 86, 86, 86, 86, + 2243, 86, 2247, 2252, 86, 2245, 3483, 2246, 2255, 86, + 86, 86, 2249, 86, 86, 2258, 2250, 86, 2253, 2256, + 2254, 2251, 2257, 2259, 2260, 86, 2262, 86, 2261, 2264, + 2252, 2267, 3483, 2266, 86, 2255, 86, 86, 86, 2263, + 86, 2265, 2258, 2268, 3483, 86, 2256, 86, 86, 2257, + 2259, 2260, 86, 2262, 2269, 2261, 2264, 2271, 86, 2270, + 2266, 86, 2272, 2273, 2275, 3483, 2263, 2274, 2265, 86, + 2268, 2276, 2281, 86, 2284, 2277, 2282, 3483, 2278, 86, + + 3483, 2269, 2280, 86, 2271, 86, 2270, 86, 2279, 2272, + 2273, 2275, 86, 86, 2274, 86, 86, 86, 2276, 2281, + 86, 86, 2277, 2282, 2283, 2278, 86, 2285, 2286, 2280, + 2287, 2289, 86, 2288, 86, 2279, 2290, 2291, 2293, 2294, + 2292, 86, 2295, 3483, 2299, 3483, 86, 86, 2296, 2300, + 2301, 2283, 86, 86, 2285, 2286, 2298, 86, 2289, 86, + 2288, 86, 86, 2290, 2291, 2293, 2294, 2292, 2297, 86, + 86, 86, 2302, 2303, 86, 2296, 86, 2301, 2304, 2306, + 86, 2305, 86, 2298, 2308, 2307, 86, 2309, 2310, 3483, + 2314, 86, 86, 2311, 3483, 2297, 3483, 2316, 3483, 2302, + + 2303, 2317, 86, 2312, 2315, 86, 2306, 86, 2305, 86, + 2319, 2313, 2307, 86, 2309, 2310, 86, 86, 2318, 86, + 2311, 2323, 86, 86, 2316, 2320, 2321, 86, 2317, 2322, + 2312, 2315, 86, 2324, 86, 2325, 86, 2319, 2313, 86, + 2326, 2328, 2327, 2329, 86, 2318, 86, 2330, 2323, 2331, + 2332, 2333, 2320, 2321, 2334, 2335, 2322, 86, 86, 86, + 2324, 86, 86, 2336, 3483, 86, 2337, 86, 2328, 2327, + 2329, 86, 86, 86, 2330, 86, 2331, 2332, 2333, 2338, + 2339, 2334, 2335, 2340, 2341, 86, 2342, 2343, 86, 2344, + 86, 86, 2346, 2337, 2349, 2347, 2348, 86, 86, 86, + + 2345, 2353, 3483, 2352, 86, 86, 2338, 2339, 2367, 86, + 2340, 2341, 86, 2342, 2343, 86, 2344, 86, 86, 2346, + 2350, 2349, 2347, 2348, 86, 2354, 2355, 2345, 2353, 2356, + 2352, 86, 2357, 2351, 2358, 86, 2359, 86, 2360, 2361, + 86, 86, 2364, 2362, 2363, 2371, 2372, 2350, 86, 2366, + 86, 86, 2354, 2355, 86, 2376, 2356, 86, 2365, 2357, + 2351, 86, 2373, 2359, 86, 86, 2361, 86, 2368, 2364, + 2362, 2363, 86, 170, 2369, 2374, 2366, 86, 86, 2370, + 2375, 3483, 86, 2377, 3483, 2365, 86, 86, 2381, 2373, + 2382, 2384, 2386, 2380, 86, 2368, 2385, 2378, 2383, 2388, + + 86, 2390, 2374, 2387, 2426, 2389, 86, 2375, 2379, 86, + 2377, 86, 3483, 86, 86, 86, 86, 2382, 2384, 2386, + 2380, 2391, 2393, 3483, 2378, 2383, 86, 86, 86, 86, + 2387, 2392, 2389, 86, 2394, 2379, 86, 2395, 86, 86, + 2396, 86, 2397, 2398, 86, 86, 86, 2400, 2391, 2393, + 2399, 2403, 2401, 2402, 2404, 86, 86, 2405, 2392, 86, + 86, 2394, 86, 86, 2395, 2406, 2416, 2396, 2408, 2397, + 2398, 2407, 86, 86, 2400, 2409, 86, 2399, 2403, 2401, + 2402, 2404, 2410, 86, 86, 2411, 2412, 2414, 86, 2413, + 86, 86, 2406, 86, 86, 2408, 2415, 3483, 2407, 2417, + + 86, 86, 2409, 2421, 2420, 86, 86, 2418, 86, 2410, + 2428, 86, 2411, 2412, 2414, 86, 2413, 2419, 86, 2422, + 2424, 2427, 2423, 2415, 86, 86, 2417, 86, 86, 2429, + 2421, 2420, 2425, 86, 2418, 86, 2430, 2428, 86, 2431, + 2433, 2435, 86, 2432, 2419, 2437, 2422, 2424, 2427, 2423, + 86, 2434, 3483, 2439, 2440, 2436, 2429, 86, 86, 2425, + 2438, 2441, 2442, 2430, 86, 86, 2431, 86, 2435, 86, + 2432, 2443, 2437, 86, 86, 2445, 2444, 2448, 2434, 86, + 2439, 86, 2436, 86, 2449, 2450, 86, 2438, 2441, 86, + 86, 2446, 2451, 2452, 2447, 2454, 2455, 2456, 2443, 2453, + + 86, 86, 2445, 2444, 86, 2457, 86, 86, 2458, 86, + 86, 86, 2450, 86, 86, 2460, 2459, 2461, 2446, 2451, + 2452, 2447, 2454, 86, 86, 86, 2453, 2462, 2463, 86, + 2464, 2467, 2457, 2465, 2466, 86, 2471, 2468, 2473, 2469, + 2470, 86, 86, 2459, 2461, 2472, 86, 86, 2475, 86, + 86, 2479, 86, 86, 2462, 86, 2476, 86, 2467, 2474, + 2465, 2466, 86, 86, 2468, 86, 2469, 2470, 86, 86, + 2477, 2480, 2472, 2484, 2482, 2475, 2481, 2483, 86, 86, + 86, 86, 2485, 2476, 2486, 2478, 2474, 2489, 86, 86, + 2487, 86, 2490, 2488, 86, 2495, 86, 2477, 2480, 86, + + 2484, 2482, 2492, 2481, 2483, 86, 2493, 2491, 2497, 86, + 86, 2486, 2478, 2494, 2489, 86, 2496, 2487, 86, 86, + 2488, 2499, 86, 86, 86, 86, 2498, 2500, 86, 2492, + 86, 2501, 86, 2493, 2491, 2497, 86, 2502, 2503, 86, + 2494, 2504, 2508, 2496, 2509, 2505, 3483, 3483, 2499, 3483, + 3483, 2510, 3483, 2498, 2500, 2511, 86, 3483, 2501, 86, + 2506, 2513, 2507, 86, 2502, 2503, 86, 2520, 2504, 86, + 2514, 2509, 2505, 86, 86, 86, 86, 86, 2510, 2512, + 2515, 86, 2511, 2516, 86, 3483, 2517, 2506, 2513, 2507, + 2518, 2519, 2521, 2523, 2522, 2524, 3483, 2514, 2529, 86, + + 86, 2525, 86, 86, 2526, 86, 2512, 2515, 86, 2527, + 2516, 86, 86, 2517, 2530, 2528, 2531, 2518, 2519, 2532, + 2523, 2522, 86, 86, 86, 2529, 86, 86, 2525, 86, + 2533, 2526, 86, 2537, 86, 2535, 2527, 86, 2534, 2536, + 3483, 2530, 2528, 2531, 3483, 2538, 2532, 2539, 86, 2541, + 2540, 86, 86, 2542, 86, 2543, 86, 2533, 3483, 2550, + 2537, 2545, 2547, 2544, 3483, 2534, 2546, 86, 86, 3483, + 86, 86, 2538, 2552, 2539, 86, 2541, 2540, 3483, 86, + 2551, 86, 2543, 2553, 170, 86, 2550, 2554, 2545, 2547, + 2544, 86, 86, 2546, 2548, 86, 2549, 2555, 2556, 2557, + + 86, 86, 2558, 2559, 2562, 86, 2560, 2551, 2561, 86, + 2553, 86, 86, 2563, 2554, 86, 2564, 86, 2565, 86, + 2566, 2548, 2571, 2549, 2555, 2556, 2557, 86, 86, 2558, + 2559, 2562, 2567, 2560, 2568, 2561, 2569, 2570, 2572, 2578, + 86, 3483, 86, 2564, 86, 86, 2573, 2566, 2574, 86, + 2576, 86, 2577, 2581, 86, 86, 2575, 2579, 86, 2567, + 2580, 2582, 2583, 86, 2570, 2572, 86, 2589, 86, 86, + 86, 86, 86, 2573, 2584, 2574, 86, 2576, 86, 2577, + 2581, 2585, 86, 2575, 2579, 86, 2586, 2580, 2582, 86, + 2587, 2588, 2590, 2591, 86, 2592, 86, 86, 2593, 86, + + 2595, 2584, 86, 2594, 86, 86, 86, 2597, 2585, 2598, + 2599, 3483, 2600, 2586, 86, 86, 86, 2587, 2588, 2590, + 2591, 2596, 2592, 86, 2601, 2593, 2606, 2595, 86, 86, + 2594, 86, 2602, 86, 2597, 2603, 2604, 2599, 86, 2600, + 86, 86, 2607, 86, 2605, 2608, 2609, 2610, 2596, 2613, + 86, 2601, 3483, 86, 2615, 2611, 86, 86, 86, 2602, + 2612, 2620, 2603, 2604, 2614, 2616, 3483, 86, 86, 2607, + 2618, 2605, 2608, 2609, 86, 2619, 2613, 86, 2622, 86, + 86, 2615, 2611, 2617, 86, 86, 2621, 2612, 2623, 86, + 2624, 2614, 2616, 86, 2625, 2626, 86, 2618, 86, 3483, + + 2627, 86, 2619, 86, 2628, 86, 86, 2631, 86, 2633, + 2617, 86, 2634, 2621, 2630, 2623, 2632, 86, 2629, 86, + 86, 2625, 2626, 2635, 2636, 2638, 86, 2627, 3483, 86, + 86, 2628, 2639, 2637, 2631, 3483, 86, 2641, 86, 86, + 2640, 2630, 2642, 2632, 86, 2629, 2644, 2643, 86, 2646, + 86, 2636, 2638, 2645, 86, 86, 2647, 86, 2648, 2639, + 2637, 86, 86, 2649, 2641, 86, 2652, 2640, 2650, 2642, + 86, 86, 2653, 86, 2643, 86, 2651, 2654, 2655, 2656, + 2645, 86, 3483, 2647, 86, 2648, 2658, 2659, 86, 2657, + 86, 3483, 86, 2652, 2664, 2650, 2660, 2661, 86, 2653, + + 86, 86, 2662, 2651, 86, 2655, 2656, 86, 86, 86, + 86, 2663, 86, 2658, 2659, 2665, 2657, 86, 2666, 2667, + 2668, 2664, 86, 2660, 2661, 2669, 2670, 2672, 2671, 2662, + 3483, 2674, 2677, 86, 2673, 2676, 86, 2675, 2663, 86, + 86, 2679, 2665, 86, 3483, 2666, 86, 86, 86, 2681, + 86, 2678, 86, 86, 2672, 2671, 86, 86, 2674, 2677, + 86, 2673, 2676, 86, 2675, 2680, 86, 2682, 2679, 2683, + 2684, 86, 2685, 2686, 3483, 2687, 2681, 86, 2678, 2690, + 2689, 2688, 2691, 2694, 2692, 2695, 86, 2696, 3483, 86, + 86, 86, 2680, 3483, 86, 86, 2683, 86, 2693, 86, + + 2686, 86, 2687, 86, 86, 86, 2690, 2689, 2688, 2691, + 86, 2692, 2695, 2698, 86, 2697, 86, 2699, 2700, 2701, + 86, 86, 2702, 2703, 2704, 2693, 2705, 86, 3483, 2706, + 2710, 86, 86, 2711, 3483, 86, 3483, 86, 2712, 170, + 2698, 2714, 2697, 2707, 2699, 2700, 2701, 86, 86, 2702, + 2703, 2704, 86, 2705, 2708, 86, 2706, 2710, 2709, 2713, + 2711, 2715, 86, 86, 2716, 2712, 86, 86, 2714, 2717, + 2707, 2718, 86, 2719, 3483, 2720, 2722, 2724, 2721, 3483, + 3483, 2708, 2723, 86, 2726, 2709, 2713, 86, 2715, 86, + 86, 86, 86, 86, 3483, 2731, 86, 86, 2718, 86, + + 2719, 86, 2720, 2722, 2724, 2721, 2725, 2727, 2728, 2723, + 2729, 2726, 86, 86, 2730, 86, 2732, 2733, 2734, 2736, + 86, 86, 2731, 86, 2735, 2737, 86, 86, 86, 2739, + 2740, 2738, 2742, 2725, 2727, 2728, 86, 2729, 86, 2743, + 2744, 2730, 2741, 2732, 2733, 2734, 86, 86, 86, 86, + 86, 2735, 2737, 2745, 2747, 2748, 2739, 86, 2738, 86, + 86, 2749, 2746, 86, 86, 2751, 2743, 2744, 2750, 2741, + 2752, 2753, 86, 86, 86, 2756, 86, 2754, 2755, 2757, + 2745, 2747, 2748, 2758, 86, 86, 2759, 86, 2749, 2746, + 2760, 3483, 2751, 2762, 2763, 2750, 86, 86, 86, 86, + + 2761, 86, 2756, 2764, 2754, 2755, 86, 86, 2765, 2766, + 86, 2767, 86, 2769, 2768, 86, 86, 2760, 86, 2770, + 2762, 2763, 2771, 2772, 2773, 86, 2774, 2761, 2775, 3483, + 2764, 86, 2777, 86, 86, 2765, 2766, 2782, 2767, 86, + 86, 2768, 86, 86, 86, 2776, 2770, 2778, 2783, 86, + 2772, 2773, 86, 2774, 86, 2775, 2779, 2780, 2784, 2777, + 2781, 86, 2785, 86, 2782, 86, 2786, 86, 2788, 86, + 86, 86, 2776, 2789, 2778, 86, 2787, 2792, 2790, 2791, + 86, 3483, 3483, 2779, 2780, 2784, 2794, 2781, 2797, 2785, + 86, 2801, 86, 86, 2793, 2788, 86, 2798, 86, 2799, + + 2789, 2803, 86, 2787, 86, 2790, 2791, 2795, 86, 2796, + 2800, 2802, 86, 2794, 86, 86, 86, 86, 86, 86, + 2804, 2793, 2805, 2809, 2798, 2808, 2799, 2810, 86, 2807, + 2806, 2812, 86, 86, 2795, 3483, 2796, 2800, 2802, 2818, + 86, 86, 86, 2811, 86, 2813, 2814, 2804, 86, 2805, + 86, 2815, 2808, 86, 2810, 2820, 2807, 2806, 86, 86, + 86, 2816, 2817, 2821, 2819, 2822, 86, 86, 2824, 86, + 2811, 86, 2813, 2814, 2823, 2825, 3483, 2827, 2815, 86, + 86, 86, 2820, 3483, 2826, 86, 2829, 86, 2816, 2817, + 86, 2819, 2822, 2831, 2828, 2824, 86, 86, 2830, 2834, + + 2832, 2823, 2825, 86, 2827, 86, 2833, 2835, 2836, 2837, + 86, 2826, 86, 2829, 2838, 86, 2840, 86, 86, 2839, + 2831, 2828, 86, 2841, 2843, 2830, 86, 2832, 2842, 3483, + 86, 2844, 86, 2833, 86, 2836, 2837, 86, 86, 86, + 2845, 170, 2846, 2840, 2848, 2849, 2839, 2850, 2847, 2851, + 2841, 2855, 2857, 86, 86, 2842, 86, 2852, 2844, 2853, + 2856, 86, 2858, 2859, 2854, 86, 86, 2845, 2865, 2846, + 86, 86, 86, 86, 2850, 2847, 86, 2860, 2855, 2857, + 2861, 86, 86, 2862, 2852, 2866, 86, 2856, 2868, 2863, + 2859, 86, 2867, 2869, 86, 86, 2864, 2871, 86, 86, + + 86, 3483, 86, 86, 2860, 2870, 2873, 2861, 86, 2874, + 2862, 2872, 2877, 86, 86, 2868, 2863, 86, 2879, 2867, + 2869, 86, 2878, 2864, 2871, 2875, 86, 86, 86, 2876, + 86, 86, 2870, 2873, 86, 2880, 2874, 2881, 2872, 2877, + 86, 2882, 2883, 86, 86, 2879, 2884, 3483, 2888, 2878, + 86, 2886, 2875, 86, 2891, 2885, 2876, 2887, 86, 86, + 2889, 2890, 2880, 86, 2881, 86, 2893, 86, 2882, 86, + 2898, 2892, 86, 2884, 86, 86, 2897, 2894, 2886, 2895, + 86, 2891, 2885, 86, 2887, 86, 2900, 2889, 2890, 2896, + 2899, 86, 86, 86, 2901, 2904, 86, 86, 2892, 86, + + 2902, 2903, 2905, 2897, 2894, 2907, 2895, 2909, 2906, 86, + 2908, 3483, 3483, 2911, 2910, 2912, 2896, 2899, 86, 2913, + 2916, 86, 86, 86, 86, 2914, 86, 2902, 86, 2905, + 86, 86, 2907, 86, 2915, 2906, 86, 2908, 86, 86, + 2911, 2910, 2912, 86, 2917, 2918, 2913, 86, 2920, 2921, + 2919, 86, 2914, 2922, 2924, 2930, 2923, 2925, 2928, 2927, + 86, 2915, 2926, 3483, 2929, 86, 2931, 2935, 2932, 86, + 86, 86, 86, 86, 86, 2920, 86, 2919, 86, 2936, + 2922, 2924, 86, 2923, 2933, 2928, 2927, 2934, 86, 86, + 86, 2929, 86, 86, 86, 2932, 2937, 2938, 86, 2939, + + 2940, 86, 2942, 86, 2941, 2943, 2936, 2945, 2944, 2946, + 2947, 2933, 2949, 2948, 2934, 2957, 86, 86, 2953, 86, + 86, 2950, 86, 2937, 86, 86, 2939, 86, 2951, 86, + 2956, 2941, 2943, 2952, 2945, 2944, 86, 86, 2959, 2954, + 2948, 86, 2955, 86, 86, 2953, 86, 86, 2950, 86, + 2958, 86, 86, 2960, 2961, 2962, 3483, 2956, 2966, 2963, + 86, 86, 2964, 2965, 86, 2959, 2954, 3483, 2971, 2955, + 2969, 2973, 3483, 3483, 86, 86, 86, 2958, 2967, 2968, + 86, 2961, 2962, 86, 86, 2966, 2963, 86, 86, 2964, + 2965, 2970, 86, 2975, 2972, 2971, 2974, 2969, 86, 2977, + + 86, 2976, 2978, 2979, 2985, 2967, 2968, 86, 2980, 86, + 86, 2982, 86, 2981, 3483, 2986, 2983, 86, 2970, 2984, + 2975, 2972, 86, 2974, 2987, 2990, 2977, 86, 2976, 2978, + 2979, 86, 2988, 3483, 2989, 2991, 86, 2992, 2993, 86, + 86, 86, 2986, 86, 86, 2995, 2984, 2996, 2997, 2999, + 86, 2987, 2990, 2994, 3483, 86, 86, 86, 86, 2988, + 86, 2989, 2991, 2998, 2992, 2993, 86, 86, 3001, 3002, + 86, 3000, 2995, 3003, 2996, 2997, 2999, 3004, 86, 3005, + 2994, 86, 3006, 3007, 3009, 3008, 86, 3010, 3015, 3483, + 2998, 3483, 3483, 3016, 3483, 86, 86, 86, 3000, 3011, + + 3003, 3012, 86, 3013, 3004, 86, 86, 86, 3019, 3006, + 86, 86, 3008, 3014, 3010, 86, 86, 86, 3017, 86, + 3016, 86, 86, 3018, 86, 3020, 3011, 3021, 3012, 3023, + 3013, 86, 3022, 3024, 3025, 3019, 86, 86, 3027, 3028, + 3014, 3026, 3029, 86, 3030, 3017, 86, 3032, 3483, 3031, + 3018, 86, 3020, 3483, 3033, 86, 3023, 86, 86, 86, + 3024, 3025, 3034, 86, 3036, 86, 86, 3037, 3026, 3029, + 3039, 3030, 86, 3035, 86, 86, 3031, 86, 3040, 3042, + 3038, 3033, 3041, 3483, 3044, 86, 86, 86, 86, 3034, + 3043, 3036, 3046, 86, 3037, 3045, 3483, 3051, 3052, 3053, + + 3035, 86, 86, 3048, 3047, 3040, 3042, 3038, 3058, 3041, + 86, 3044, 86, 86, 86, 3054, 86, 3043, 86, 3046, + 3049, 3055, 3045, 3050, 86, 86, 86, 3056, 86, 3057, + 3048, 3047, 3483, 86, 3061, 86, 3059, 3060, 3063, 3064, + 86, 3067, 3054, 3062, 3483, 86, 86, 3049, 3055, 3065, + 3050, 86, 86, 86, 3056, 3068, 3057, 86, 86, 86, + 3066, 86, 3069, 3059, 3060, 3063, 3064, 3070, 3075, 86, + 3062, 86, 3073, 86, 3071, 3072, 3065, 3074, 3078, 3076, + 86, 3077, 3068, 3483, 3483, 86, 3079, 3066, 86, 86, + 86, 86, 3081, 3080, 3070, 3075, 86, 86, 86, 3073, + + 86, 3071, 3072, 3082, 3074, 86, 3076, 86, 3077, 3084, + 3085, 3083, 3086, 3079, 3088, 86, 3087, 86, 3090, 3081, + 3080, 86, 86, 86, 3089, 3091, 86, 86, 3092, 86, + 3082, 3094, 3095, 3097, 86, 3100, 3084, 3085, 3083, 3086, + 86, 3088, 86, 3087, 3096, 3090, 3093, 3102, 3103, 3106, + 86, 3089, 3091, 3098, 86, 86, 3099, 86, 86, 86, + 86, 3101, 3100, 3104, 86, 3109, 3105, 86, 3108, 86, + 86, 3096, 86, 3093, 3102, 86, 86, 3112, 3107, 3111, + 3098, 86, 86, 3099, 86, 3110, 3114, 86, 3101, 3113, + 3104, 86, 3109, 3105, 3116, 3108, 86, 3115, 86, 86, + + 3117, 3118, 3119, 3120, 86, 3107, 3111, 3121, 3125, 3123, + 86, 3126, 3110, 3124, 86, 86, 3113, 3128, 86, 86, + 3130, 3116, 3137, 3138, 3115, 86, 3122, 86, 86, 3119, + 3120, 86, 86, 3127, 86, 3125, 3123, 3131, 3129, 3132, + 3124, 86, 3134, 86, 3128, 86, 3133, 86, 3136, 86, + 86, 3143, 3135, 3122, 86, 86, 3139, 3140, 3146, 3483, + 3127, 3149, 3483, 86, 3131, 3129, 3132, 86, 86, 3134, + 86, 3142, 3141, 3133, 3144, 3136, 3145, 3150, 86, 3135, + 86, 86, 3151, 3139, 86, 3147, 3148, 3154, 86, 86, + 86, 86, 86, 86, 3153, 86, 86, 3155, 3142, 3141, + + 3152, 3144, 86, 3145, 3150, 86, 3156, 3157, 86, 3151, + 3158, 3159, 3147, 3148, 86, 3161, 3163, 86, 3160, 3162, + 3164, 3153, 3165, 3166, 3155, 86, 3170, 3152, 86, 3169, + 3167, 3168, 86, 3156, 3157, 3171, 3483, 86, 86, 3178, + 86, 86, 3161, 86, 86, 3160, 3162, 86, 86, 86, + 86, 3172, 3184, 3170, 3177, 3173, 3175, 3167, 3168, 86, + 86, 86, 86, 3174, 86, 3176, 86, 3180, 86, 3182, + 86, 3179, 86, 3181, 3185, 86, 86, 3183, 3172, 86, + 86, 3177, 3173, 3175, 3186, 3188, 86, 3189, 3191, 3195, + 3174, 3190, 3176, 86, 3180, 86, 3182, 86, 3179, 3187, + + 3181, 86, 3192, 3193, 3183, 3197, 86, 3194, 3196, 86, + 3198, 3199, 3188, 3200, 3189, 86, 86, 3201, 3190, 3483, + 86, 86, 3483, 86, 86, 86, 3187, 3483, 3204, 86, + 3193, 3205, 3197, 86, 3194, 3196, 86, 86, 3199, 86, + 3200, 3202, 3203, 3206, 3201, 3208, 86, 3207, 86, 86, + 86, 3211, 3209, 86, 3210, 3204, 3212, 3215, 3205, 86, + 86, 86, 3219, 86, 86, 3216, 86, 86, 3202, 3203, + 3206, 3217, 3208, 3218, 3207, 3213, 3214, 3220, 3211, 3209, + 86, 3210, 3221, 3212, 3215, 86, 3222, 86, 3224, 86, + 3225, 3223, 3216, 86, 86, 3227, 3226, 3230, 3217, 86, + + 3218, 3483, 3213, 3214, 3220, 86, 3228, 3231, 3229, 3221, + 86, 3232, 3233, 3222, 3236, 86, 86, 86, 3223, 86, + 3234, 3235, 86, 3226, 86, 3237, 3238, 3483, 86, 3239, + 3241, 3240, 3242, 3228, 86, 3229, 3243, 3244, 3247, 3245, + 86, 86, 3248, 3483, 3246, 86, 86, 3251, 86, 86, + 86, 86, 86, 86, 86, 3249, 3239, 3241, 3240, 86, + 86, 3252, 86, 3243, 3244, 3247, 3245, 86, 3250, 86, + 86, 3246, 3253, 3254, 3251, 3256, 3257, 3255, 3258, 3268, + 3259, 3260, 3249, 3261, 86, 86, 86, 3263, 3252, 3262, + 86, 3276, 3269, 3266, 86, 3250, 86, 86, 3267, 3253, + + 3254, 86, 3256, 86, 3255, 3258, 86, 3259, 86, 86, + 86, 86, 3264, 3272, 3263, 3265, 3262, 3270, 3271, 3269, + 3274, 3273, 3275, 86, 86, 86, 3278, 3279, 86, 86, + 86, 3277, 3282, 3281, 3280, 86, 3283, 3285, 3284, 3264, + 3272, 3286, 3265, 86, 3270, 3271, 86, 3274, 3273, 86, + 3287, 3288, 86, 86, 86, 86, 86, 3289, 3277, 86, + 3281, 3280, 3290, 86, 86, 3284, 3291, 3292, 86, 3293, + 86, 3295, 3294, 3296, 3298, 3299, 3301, 86, 86, 3300, + 3297, 86, 3305, 3306, 86, 3302, 3308, 86, 3483, 86, + 86, 86, 3310, 86, 86, 86, 3293, 86, 86, 3294, + + 3296, 3298, 86, 86, 3303, 3304, 3300, 3297, 86, 3305, + 86, 3307, 3302, 86, 3312, 3309, 86, 3313, 86, 3310, + 86, 3311, 86, 86, 86, 3314, 86, 3315, 3317, 3318, + 3316, 3303, 3304, 3321, 3483, 3320, 3319, 86, 3307, 3324, + 86, 3312, 3309, 86, 3313, 86, 86, 3322, 3311, 86, + 86, 86, 3314, 3323, 86, 3317, 3318, 3316, 3327, 86, + 3321, 3326, 3320, 3319, 3328, 86, 3324, 3325, 86, 3329, + 3330, 3331, 3333, 3332, 3322, 3483, 86, 86, 86, 3334, + 3323, 3483, 86, 86, 3483, 3327, 3335, 3339, 3326, 3483, + 86, 3328, 3336, 86, 3325, 3338, 86, 86, 86, 3333, + + 3332, 3340, 86, 3337, 3341, 86, 3334, 86, 3342, 86, + 3343, 86, 3344, 3335, 3339, 3347, 86, 86, 3345, 3336, + 86, 3346, 3338, 3350, 86, 3349, 86, 86, 3340, 3348, + 3337, 3341, 86, 3351, 86, 3342, 3353, 3343, 86, 3344, + 3352, 86, 3347, 86, 3354, 3345, 86, 3355, 3346, 3357, + 3350, 3356, 3349, 3359, 86, 86, 3348, 3358, 86, 3360, + 3351, 3361, 86, 3353, 86, 3362, 3363, 3352, 3364, 3483, + 3367, 86, 3366, 86, 3355, 3365, 3357, 86, 3356, 86, + 86, 3368, 3369, 86, 3358, 3370, 3360, 86, 86, 3371, + 3372, 86, 3362, 86, 86, 86, 3375, 3367, 3373, 3366, + + 3374, 86, 3365, 86, 86, 3376, 3377, 3378, 3368, 3369, + 3379, 86, 3370, 86, 3380, 86, 3371, 3382, 86, 3383, + 3381, 3384, 86, 3375, 3385, 3373, 86, 3374, 86, 3386, + 86, 86, 86, 3377, 86, 3387, 3389, 86, 3390, 3391, + 3395, 3380, 3388, 3483, 86, 3392, 3383, 3381, 3384, 3393, + 86, 86, 86, 3394, 86, 86, 3386, 86, 3396, 86, + 3399, 3400, 3387, 3483, 3404, 3397, 3391, 86, 86, 3388, + 86, 86, 3392, 86, 3398, 86, 3393, 3402, 86, 3401, + 3394, 86, 3403, 3405, 86, 86, 86, 3399, 3400, 3407, + 86, 3404, 3397, 3408, 3406, 3409, 3410, 86, 3411, 86, + + 3412, 3398, 86, 86, 3402, 3413, 3401, 86, 86, 3403, + 3405, 86, 3414, 3415, 3416, 86, 3407, 3421, 3483, 3483, + 3408, 3406, 86, 3410, 3417, 3411, 3418, 3412, 3419, 3420, + 3422, 3483, 86, 3424, 86, 3426, 3423, 86, 3425, 3414, + 86, 3416, 3483, 86, 3427, 86, 86, 3430, 86, 86, + 86, 3417, 3483, 3418, 3433, 3419, 3420, 86, 86, 3428, + 86, 86, 3426, 3423, 86, 3425, 3429, 86, 3431, 3432, + 3434, 3427, 3435, 3483, 86, 3436, 86, 3438, 3437, 86, + 86, 3433, 3441, 86, 3439, 86, 3428, 3440, 3442, 3443, + 86, 3445, 86, 3429, 3483, 3431, 3432, 86, 3447, 3435, + + 86, 86, 3436, 86, 3438, 3437, 3444, 86, 86, 3441, + 86, 3439, 3446, 3449, 3440, 3442, 3443, 86, 3445, 3448, + 86, 3450, 3451, 3452, 86, 3447, 3455, 3454, 3458, 3453, + 86, 3483, 3461, 3444, 3460, 86, 86, 3456, 3457, 3446, + 3449, 86, 86, 3483, 3459, 86, 3448, 3463, 3450, 3451, + 86, 86, 86, 86, 3454, 3458, 3453, 86, 86, 86, + 3462, 3460, 3464, 3468, 3456, 3457, 86, 3465, 86, 86, + 3466, 3459, 3467, 3469, 3463, 86, 3471, 3470, 86, 3472, + 3474, 86, 3475, 3477, 86, 86, 3483, 3462, 3473, 3464, + 86, 3476, 3478, 3479, 3465, 3481, 3482, 3466, 86, 3467, + + 3469, 86, 86, 3471, 3470, 86, 86, 86, 86, 86, + 3477, 86, 3483, 3480, 86, 3473, 3483, 3483, 3476, 3478, + 3479, 86, 86, 86, 3483, 3483, 3483, 3483, 3483, 3483, + 3483, 3483, 3483, 3483, 3483, 3483, 3483, 3483, 3483, 3483, + 3480, 47, 47, 47, 47, 47, 47, 47, 52, 52, + 52, 52, 52, 52, 52, 57, 57, 57, 57, 57, + 57, 57, 63, 63, 63, 63, 63, 63, 63, 68, + 68, 68, 68, 68, 68, 68, 74, 74, 74, 74, + 74, 74, 74, 80, 80, 80, 80, 80, 80, 80, + 89, 89, 3483, 89, 89, 89, 89, 160, 160, 3483, + + 3483, 3483, 160, 160, 162, 162, 3483, 3483, 162, 3483, + 162, 164, 3483, 3483, 3483, 3483, 3483, 164, 167, 167, + 3483, 3483, 3483, 167, 167, 169, 3483, 3483, 3483, 3483, + 3483, 169, 171, 171, 3483, 171, 171, 171, 171, 174, + 3483, 3483, 3483, 3483, 3483, 174, 177, 177, 3483, 3483, + 3483, 177, 177, 90, 90, 3483, 90, 90, 90, 90, + 17, 3483, 3483, 3483, 3483, 3483, 3483, 3483, 3483, 3483, + 3483, 3483, 3483, 3483, 3483, 3483, 3483, 3483, 3483, 3483, + 3483, 3483, 3483, 3483, 3483, 3483, 3483, 3483, 3483, 3483, + 3483, 3483, 3483, 3483, 3483, 3483, 3483, 3483, 3483, 3483, + + 3483, 3483, 3483, 3483, 3483, 3483, 3483, 3483, 3483, 3483, + 3483, 3483, 3483, 3483, 3483, 3483, 3483, 3483, 3483, 3483, + 3483, 3483, 3483, 3483, 3483, 3483, 3483 } ; -static const flex_int16_t yy_chk[9635] = +static const flex_int16_t yy_chk[10028] = { 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, @@ -2606,13 +2693,13 @@ static const flex_int16_t yy_chk[9635] = 7, 7, 7, 33, 7, 8, 8, 8, 8, 32, 8, 9, 9, 9, 10, 10, 10, 19, 51, 51, - 1090, 19, 3361, 3, 32, 33, 4, 67, 67, 5, - 33, 6, 2735, 13, 13, 13, 13, 7, 13, 14, + 1115, 19, 3491, 3, 32, 33, 4, 67, 67, 5, + 33, 6, 2838, 13, 13, 13, 13, 7, 13, 14, 14, 14, 14, 8, 14, 15, 15, 15, 9, 25, - 1090, 10, 11, 11, 11, 11, 11, 11, 12, 12, + 1115, 10, 11, 11, 11, 11, 11, 11, 12, 12, 12, 12, 12, 12, 16, 16, 16, 34, 28, 84, 84, 13, 11, 45, 293, 25, 25, 14, 12, 34, - 39, 23, 15, 23, 23, 45, 23, 1099, 28, 177, + 39, 23, 15, 23, 23, 45, 23, 1127, 28, 177, 11, 28, 23, 39, 34, 28, 12, 176, 87, 11, 45, 16, 87, 293, 37, 12, 30, 39, 29, 56, 37, 174, 56, 72, 30, 28, 26, 169, 100, 23, @@ -2636,12 +2723,12 @@ static const flex_int16_t yy_chk[9635] = 38, 43, 73, 38, 73, 73, 95, 73, 111, 97, 38, 43, 38, 38, 104, 43, 43, 38, 95, 104, 79, 38, 79, 79, 58, 79, 111, 38, 219, 86, - 38, 86, 86, 97, 86, 222, 97, 38, 40, 944, + 38, 86, 86, 97, 86, 222, 97, 38, 40, 963, 86, 104, 40, 89, 96, 89, 89, 112, 89, 98, 57, 96, 40, 40, 89, 40, 112, 103, 103, 106, 105, 52, 98, 47, 40, 40, 103, 222, 105, 40, - 944, 96, 18, 98, 112, 137, 98, 106, 17, 40, + 963, 96, 18, 98, 112, 137, 98, 106, 17, 40, 40, 89, 40, 41, 103, 103, 41, 105, 102, 98, 107, 106, 109, 41, 102, 108, 102, 41, 41, 109, 224, 137, 137, 107, 106, 41, 113, 0, 108, 102, @@ -2722,939 +2809,982 @@ static const flex_int16_t yy_chk[9635] = 321, 317, 317, 322, 316, 325, 324, 318, 326, 320, 318, 327, 322, 320, 319, 324, 312, 328, 0, 321, 326, 329, 325, 0, 323, 323, 0, 331, 332, 325, - 322, 0, 325, 324, 0, 333, 329, 332, 0, 335, - 0, 328, 336, 327, 328, 331, 338, 338, 329, 325, - 330, 341, 0, 330, 331, 332, 336, 333, 330, 330, - 330, 330, 333, 335, 337, 334, 335, 334, 330, 336, - - 339, 338, 340, 338, 338, 339, 0, 330, 341, 337, - 330, 347, 0, 334, 348, 330, 330, 330, 330, 334, - 342, 337, 334, 342, 334, 343, 340, 345, 346, 340, - 342, 349, 339, 344, 344, 371, 348, 343, 347, 350, - 334, 348, 352, 344, 351, 345, 346, 342, 353, 357, - 342, 354, 343, 362, 345, 346, 351, 349, 349, 354, - 344, 344, 371, 353, 352, 350, 350, 355, 356, 352, - 361, 351, 369, 0, 355, 353, 0, 358, 354, 358, - 356, 357, 360, 363, 365, 362, 365, 366, 358, 360, - 364, 411, 361, 370, 355, 356, 364, 361, 369, 369, - - 366, 368, 411, 358, 358, 363, 358, 0, 365, 360, - 363, 365, 364, 365, 366, 358, 367, 364, 411, 368, - 372, 373, 379, 364, 377, 370, 375, 373, 368, 367, - 393, 373, 367, 375, 367, 379, 377, 0, 378, 373, - 367, 0, 372, 367, 382, 373, 376, 372, 373, 379, - 378, 377, 381, 375, 373, 0, 367, 382, 373, 367, - 0, 367, 393, 384, 376, 378, 373, 374, 381, 374, - 376, 382, 386, 376, 385, 384, 381, 386, 387, 381, - 388, 402, 374, 0, 391, 374, 388, 374, 390, 374, - 384, 376, 385, 374, 374, 381, 374, 396, 389, 387, - - 390, 385, 391, 402, 386, 387, 389, 388, 402, 374, - 396, 391, 374, 392, 374, 390, 374, 383, 383, 394, - 394, 392, 0, 397, 396, 389, 395, 383, 404, 383, - 383, 383, 397, 395, 383, 0, 399, 401, 409, 403, - 392, 400, 383, 399, 383, 383, 394, 398, 400, 401, - 405, 403, 407, 395, 383, 397, 383, 383, 383, 397, - 404, 383, 408, 399, 401, 398, 403, 407, 400, 398, - 409, 406, 412, 430, 398, 408, 405, 405, 406, 407, - 410, 414, 410, 413, 413, 0, 415, 417, 414, 408, - 416, 418, 398, 0, 412, 422, 420, 415, 406, 412, - - 417, 416, 419, 419, 425, 430, 0, 410, 414, 421, - 0, 0, 413, 415, 417, 425, 418, 416, 418, 420, - 419, 422, 422, 420, 421, 423, 424, 419, 426, 419, - 419, 425, 421, 423, 0, 427, 421, 426, 424, 431, - 434, 432, 433, 428, 435, 444, 0, 419, 427, 0, - 0, 421, 423, 424, 428, 426, 428, 431, 434, 437, - 0, 428, 427, 432, 438, 433, 431, 434, 432, 433, - 428, 436, 444, 440, 443, 439, 435, 436, 441, 0, - 437, 428, 442, 428, 429, 441, 437, 438, 443, 446, - 445, 438, 429, 429, 448, 440, 429, 429, 436, 439, - - 440, 443, 439, 446, 447, 441, 429, 452, 442, 442, - 449, 429, 445, 450, 453, 451, 446, 445, 0, 429, - 429, 451, 459, 429, 429, 450, 448, 454, 455, 452, - 447, 447, 456, 449, 452, 454, 453, 449, 457, 456, - 450, 453, 451, 455, 460, 458, 459, 457, 461, 459, - 462, 463, 464, 454, 454, 455, 465, 0, 464, 456, - 458, 466, 454, 461, 468, 457, 466, 460, 470, 472, - 471, 460, 458, 463, 470, 461, 462, 462, 463, 464, - 473, 474, 465, 465, 476, 475, 473, 472, 466, 471, - 468, 468, 475, 481, 482, 470, 472, 471, 480, 476, - - 478, 479, 478, 474, 483, 480, 481, 473, 474, 478, - 479, 476, 475, 484, 485, 488, 487, 486, 491, 487, - 481, 489, 483, 0, 0, 480, 482, 478, 479, 478, - 486, 483, 493, 492, 489, 487, 485, 490, 494, 488, - 492, 485, 488, 487, 486, 484, 487, 496, 489, 490, - 491, 498, 495, 497, 499, 501, 493, 498, 497, 493, - 492, 494, 500, 502, 490, 495, 0, 501, 504, 496, - 494, 510, 503, 505, 496, 541, 504, 499, 498, 495, - 497, 499, 501, 503, 500, 502, 508, 505, 494, 500, - 502, 509, 0, 508, 510, 504, 511, 515, 510, 503, - - 505, 506, 513, 509, 511, 0, 506, 541, 506, 515, - 512, 0, 0, 508, 506, 0, 506, 516, 509, 506, - 506, 512, 518, 511, 515, 513, 506, 506, 506, 513, - 514, 522, 519, 506, 514, 506, 0, 512, 520, 516, - 518, 506, 519, 506, 516, 517, 506, 506, 517, 518, - 520, 521, 514, 506, 525, 522, 517, 514, 522, 523, - 524, 514, 521, 523, 519, 520, 526, 524, 526, 519, - 527, 528, 517, 529, 531, 517, 534, 530, 521, 532, - 525, 525, 531, 528, 532, 533, 523, 524, 529, 530, - 536, 535, 537, 526, 534, 542, 527, 527, 528, 535, - - 529, 531, 536, 534, 530, 539, 532, 533, 540, 543, - 542, 547, 533, 537, 545, 549, 544, 536, 535, 537, - 547, 543, 542, 539, 544, 546, 548, 545, 0, 549, - 550, 540, 539, 553, 0, 540, 543, 546, 547, 552, - 554, 545, 549, 544, 551, 556, 555, 551, 557, 548, - 0, 0, 546, 548, 558, 550, 559, 550, 552, 0, - 553, 555, 560, 557, 561, 565, 552, 567, 562, 559, - 565, 551, 554, 555, 560, 557, 568, 556, 558, 569, - 563, 558, 564, 559, 572, 566, 561, 563, 570, 560, - 563, 561, 562, 564, 567, 562, 571, 565, 563, 566, - - 573, 576, 574, 568, 575, 573, 580, 563, 574, 564, - 578, 569, 566, 577, 563, 570, 572, 563, 578, 575, - 579, 581, 582, 571, 585, 576, 582, 584, 576, 574, - 580, 575, 573, 580, 583, 577, 586, 578, 588, 579, - 577, 590, 583, 581, 587, 589, 0, 579, 581, 582, - 584, 592, 591, 587, 584, 593, 585, 592, 589, 586, - 588, 583, 594, 586, 591, 588, 596, 590, 590, 595, - 597, 587, 589, 594, 598, 599, 595, 593, 592, 591, - 599, 600, 593, 599, 599, 0, 601, 598, 0, 594, - 600, 602, 597, 603, 604, 605, 595, 597, 596, 599, - - 602, 598, 599, 607, 603, 609, 606, 599, 600, 610, - 599, 599, 601, 601, 611, 607, 604, 605, 602, 606, - 603, 604, 605, 612, 614, 613, 0, 610, 616, 618, - 607, 615, 0, 606, 617, 620, 610, 609, 611, 616, - 619, 611, 622, 617, 628, 612, 612, 613, 614, 618, - 612, 614, 613, 615, 619, 616, 618, 620, 615, 621, - 623, 617, 620, 624, 625, 626, 621, 619, 629, 622, - 627, 624, 612, 637, 630, 625, 628, 633, 623, 631, - 631, 637, 632, 626, 634, 627, 621, 623, 636, 629, - 624, 625, 626, 634, 635, 629, 638, 627, 630, 633, - - 637, 630, 639, 640, 633, 643, 632, 635, 631, 632, - 636, 634, 641, 644, 642, 636, 642, 645, 644, 646, - 648, 635, 656, 0, 639, 0, 0, 643, 638, 639, - 649, 645, 643, 646, 647, 640, 641, 650, 649, 641, - 651, 642, 653, 652, 645, 644, 646, 0, 647, 647, - 652, 654, 648, 660, 656, 650, 647, 649, 655, 657, - 659, 647, 651, 662, 650, 659, 664, 651, 653, 653, - 652, 654, 0, 655, 657, 647, 647, 658, 654, 660, - 660, 661, 655, 661, 721, 655, 657, 658, 662, 663, - 662, 664, 659, 664, 665, 669, 666, 663, 667, 658, - - 655, 668, 669, 665, 658, 666, 670, 667, 661, 668, - 671, 721, 672, 679, 658, 673, 663, 674, 0, 677, - 0, 665, 669, 666, 676, 667, 675, 673, 668, 674, - 672, 678, 676, 671, 677, 675, 680, 671, 670, 672, - 681, 684, 673, 678, 674, 679, 677, 690, 682, 680, - 685, 676, 683, 675, 686, 681, 682, 687, 678, 685, - 683, 688, 688, 680, 684, 686, 687, 681, 684, 690, - 688, 692, 689, 691, 690, 682, 696, 685, 693, 683, - 689, 686, 694, 695, 687, 698, 691, 728, 688, 688, - 734, 695, 696, 697, 701, 694, 700, 692, 692, 689, - - 691, 693, 699, 696, 700, 693, 697, 698, 701, 694, - 695, 702, 698, 699, 703, 704, 707, 705, 706, 728, - 697, 701, 734, 700, 710, 707, 708, 0, 0, 699, - 709, 702, 711, 713, 712, 704, 703, 710, 702, 705, - 706, 703, 704, 707, 705, 706, 708, 714, 709, 712, - 711, 710, 715, 708, 716, 713, 718, 709, 717, 711, - 713, 712, 722, 720, 719, 723, 725, 716, 718, 720, - 722, 714, 724, 729, 714, 715, 717, 719, 727, 715, - 729, 716, 736, 718, 725, 717, 727, 730, 722, 722, - 720, 719, 723, 725, 724, 733, 731, 722, 735, 724, - - 729, 732, 736, 732, 733, 727, 737, 0, 742, 736, - 730, 731, 739, 749, 730, 737, 738, 735, 738, 739, - 742, 745, 733, 731, 0, 735, 753, 0, 732, 0, - 0, 745, 748, 737, 749, 742, 751, 753, 752, 739, - 749, 0, 0, 738, 740, 754, 758, 740, 745, 755, - 748, 740, 0, 753, 740, 758, 752, 751, 756, 748, - 761, 740, 740, 751, 740, 752, 757, 759, 754, 740, - 760, 740, 754, 758, 740, 755, 755, 760, 740, 766, - 759, 740, 757, 763, 756, 756, 765, 783, 740, 740, - 764, 740, 761, 757, 759, 765, 764, 760, 762, 762, - - 767, 762, 766, 767, 762, 763, 766, 768, 773, 762, - 763, 769, 770, 765, 783, 762, 762, 764, 0, 772, - 770, 772, 776, 768, 762, 762, 762, 767, 762, 771, - 768, 762, 773, 769, 768, 773, 762, 775, 769, 770, - 774, 771, 762, 762, 778, 774, 772, 777, 776, 776, - 768, 779, 781, 780, 785, 0, 771, 775, 784, 777, - 782, 787, 786, 0, 775, 789, 778, 0, 791, 785, - 786, 778, 774, 789, 777, 780, 781, 779, 779, 781, - 780, 785, 782, 784, 787, 784, 788, 782, 787, 786, - 790, 792, 789, 788, 791, 791, 794, 793, 795, 796, - - 797, 798, 800, 792, 804, 797, 801, 795, 799, 790, - 793, 801, 803, 788, 796, 805, 807, 790, 792, 806, - 0, 0, 794, 794, 793, 795, 796, 797, 808, 800, - 799, 810, 809, 798, 803, 799, 804, 811, 801, 803, - 812, 806, 813, 815, 0, 814, 806, 805, 807, 818, - 810, 816, 808, 809, 814, 808, 820, 817, 810, 809, - 818, 813, 821, 822, 811, 815, 817, 812, 823, 813, - 815, 816, 814, 819, 824, 827, 818, 825, 816, 0, - 821, 819, 822, 820, 817, 825, 830, 828, 829, 821, - 822, 829, 831, 827, 832, 823, 834, 835, 833, 835, - - 819, 839, 827, 837, 825, 828, 824, 838, 830, 834, - 831, 836, 838, 830, 828, 829, 847, 837, 832, 831, - 833, 832, 840, 834, 835, 833, 842, 839, 839, 836, - 837, 848, 841, 843, 840, 850, 843, 844, 836, 838, - 841, 847, 845, 847, 842, 849, 844, 854, 851, 840, - 845, 849, 854, 842, 851, 856, 852, 850, 848, 841, - 843, 853, 850, 852, 844, 0, 845, 858, 853, 845, - 859, 855, 849, 856, 854, 851, 857, 845, 855, 859, - 857, 860, 856, 852, 861, 863, 862, 864, 853, 860, - 858, 869, 865, 867, 858, 864, 866, 859, 855, 868, - - 863, 0, 870, 857, 862, 865, 867, 871, 860, 870, - 0, 873, 863, 862, 864, 872, 861, 866, 869, 865, - 867, 868, 872, 866, 874, 871, 868, 875, 876, 870, - 873, 874, 875, 877, 871, 878, 876, 879, 873, 880, - 877, 881, 872, 882, 884, 886, 885, 0, 891, 892, - 883, 874, 880, 887, 875, 876, 882, 883, 890, 0, - 877, 887, 889, 893, 890, 0, 880, 878, 886, 879, - 882, 888, 886, 881, 891, 891, 884, 883, 885, 888, - 887, 892, 894, 895, 889, 890, 888, 893, 896, 889, - 893, 894, 897, 0, 898, 899, 900, 895, 888, 897, - - 901, 902, 903, 905, 899, 901, 888, 904, 905, 894, - 895, 0, 910, 902, 907, 910, 920, 906, 900, 897, - 896, 898, 899, 900, 906, 903, 913, 908, 902, 903, - 905, 914, 901, 904, 904, 908, 907, 911, 914, 910, - 913, 907, 915, 920, 906, 0, 0, 917, 915, 0, - 911, 0, 918, 913, 908, 919, 0, 921, 914, 921, - 0, 0, 922, 0, 911, 923, 0, 919, 924, 915, - 916, 925, 916, 917, 917, 918, 916, 923, 916, 918, - 0, 924, 919, 916, 921, 922, 927, 926, 916, 922, - 928, 927, 923, 925, 916, 924, 929, 916, 925, 916, - - 926, 930, 0, 916, 931, 916, 0, 933, 928, 929, - 916, 932, 935, 930, 926, 916, 931, 928, 927, 934, - 936, 932, 933, 929, 930, 935, 936, 938, 930, 937, - 939, 931, 941, 932, 933, 942, 940, 945, 932, 935, - 930, 934, 937, 943, 946, 938, 934, 936, 932, 946, - 948, 939, 947, 0, 938, 952, 937, 939, 940, 948, - 947, 950, 951, 940, 941, 954, 0, 942, 952, 945, - 943, 946, 961, 955, 0, 953, 950, 948, 0, 947, - 949, 0, 952, 957, 951, 949, 0, 949, 950, 951, - 953, 954, 954, 949, 956, 955, 957, 960, 949, 949, - - 955, 958, 953, 959, 961, 949, 949, 949, 960, 958, - 957, 959, 949, 956, 949, 962, 963, 967, 964, 971, - 949, 956, 965, 968, 960, 949, 949, 964, 958, 966, - 959, 963, 949, 965, 969, 972, 974, 962, 966, 973, - 975, 969, 962, 963, 967, 964, 968, 973, 976, 965, - 968, 971, 977, 983, 975, 980, 966, 978, 974, 972, - 981, 969, 972, 974, 982, 978, 973, 975, 984, 985, - 986, 0, 991, 980, 977, 982, 987, 985, 981, 977, - 976, 988, 980, 987, 978, 983, 984, 981, 992, 990, - 991, 982, 986, 989, 988, 984, 985, 986, 993, 991, - - 989, 994, 995, 987, 990, 999, 992, 0, 988, 0, - 997, 994, 1011, 1002, 1001, 992, 990, 1000, 999, 993, - 989, 997, 1001, 1004, 1000, 993, 1002, 1003, 994, 1005, - 1006, 1009, 999, 1012, 995, 1004, 1003, 997, 1011, 1011, - 1002, 1001, 1010, 1013, 1000, 0, 1020, 1014, 1015, 1020, - 1004, 1005, 1006, 1009, 1003, 1017, 1005, 1006, 1009, 1014, - 1010, 1013, 1015, 1018, 1021, 1012, 1017, 1022, 1018, 1010, - 1013, 1023, 1020, 1020, 1014, 1015, 1020, 1025, 1023, 1024, - 1022, 1027, 1017, 1026, 1028, 1029, 1025, 1030, 1021, 0, - 1024, 1021, 1029, 1027, 1022, 1018, 1032, 1026, 1023, 1031, - - 1033, 1035, 1037, 1036, 1025, 0, 1024, 1043, 1027, 1036, - 1026, 1031, 1029, 1033, 1038, 1040, 1028, 1041, 1032, 1030, - 1039, 1042, 1043, 1032, 1037, 1035, 1031, 1033, 1035, 1037, - 1036, 1039, 1045, 1040, 1043, 1046, 1038, 1047, 1048, 1041, - 1049, 1038, 1040, 1042, 1041, 1050, 1046, 1039, 1042, 1052, - 1057, 1051, 1054, 1045, 1053, 1058, 1059, 1055, 1047, 1045, - 1051, 1054, 1046, 1050, 1047, 1055, 1060, 1049, 1056, 1058, - 1048, 1064, 1050, 1052, 1057, 1056, 1052, 1057, 1051, 1054, - 1053, 1053, 1058, 1061, 1055, 1062, 1063, 1066, 1059, 1068, - 1067, 1070, 0, 1069, 0, 1056, 1066, 1067, 1060, 1075, - - 1073, 1071, 0, 1064, 1072, 1061, 1076, 1062, 1063, 1073, - 1061, 0, 1062, 1063, 1066, 1069, 1074, 1067, 1070, 1071, - 1069, 1068, 1072, 1075, 1074, 1077, 1075, 1073, 1071, 1078, - 1076, 1072, 1080, 1076, 1081, 1079, 1082, 1083, 1084, 1086, - 0, 1077, 1081, 1074, 1079, 1085, 1087, 1080, 1089, 1091, - 1084, 1078, 1077, 1092, 1087, 0, 1078, 1088, 1091, 1080, - 1097, 1081, 1079, 1089, 0, 1084, 1086, 1085, 1082, 1083, - 1088, 1092, 1085, 1087, 1093, 1089, 1091, 1094, 1096, 1094, - 1092, 1098, 1093, 1100, 1088, 1101, 1096, 1097, 1098, 1103, - 1105, 1102, 1106, 1107, 1108, 1104, 1100, 1101, 0, 1106, - - 0, 1093, 1110, 1109, 1094, 1096, 1102, 1111, 1098, 1112, - 1100, 1103, 1101, 1104, 1109, 1113, 1103, 1105, 1102, 1106, - 1114, 1115, 1104, 1116, 1110, 1107, 1108, 1119, 1113, 1110, - 1109, 1112, 1111, 1114, 1111, 1116, 1112, 1117, 1118, 1119, - 1122, 1120, 1113, 1115, 1123, 1117, 1124, 1114, 1115, 1120, - 1116, 1125, 1127, 1126, 1119, 1124, 0, 1123, 1118, 1127, - 1131, 1128, 1130, 1125, 1117, 1118, 1133, 1122, 1120, 1132, - 1128, 1123, 1128, 1124, 1126, 1128, 1136, 1135, 1125, 1127, - 1126, 1134, 0, 1128, 1137, 1130, 1131, 1131, 1128, 1130, - 1135, 1132, 1137, 1133, 1139, 1140, 1132, 1128, 1138, 1128, - - 1136, 1134, 1128, 1136, 1135, 1141, 1143, 1138, 1134, 1142, - 1144, 1137, 1139, 1141, 1145, 1148, 1149, 1140, 1146, 0, - 0, 1139, 1140, 1144, 1142, 1138, 1146, 1150, 1143, 1152, - 1145, 0, 1141, 1143, 1153, 1154, 1142, 1144, 1149, 1151, - 1155, 1145, 1148, 1149, 1160, 1146, 1151, 1156, 1158, 1150, - 1157, 1152, 1155, 1154, 1150, 1161, 1152, 1153, 1157, 1156, - 1159, 1153, 1154, 1158, 1160, 1162, 1151, 1155, 1165, 1166, - 1161, 1160, 1159, 1162, 1156, 1158, 1164, 1157, 1163, 1167, - 1169, 1166, 1161, 1168, 1163, 1164, 1167, 1159, 1170, 1165, - 1168, 1171, 1162, 1172, 1173, 1165, 1166, 1176, 1169, 1171, - - 1170, 1175, 1173, 1164, 1176, 1163, 1167, 1169, 1172, 1174, - 1168, 1174, 1178, 1175, 1179, 1170, 1180, 0, 1171, 1181, - 1172, 1173, 1183, 1182, 1176, 1184, 1179, 1185, 1175, 1180, - 1182, 1187, 1186, 1183, 1190, 1188, 1174, 1186, 1181, 1187, - 1195, 1179, 1185, 1180, 1178, 1189, 1181, 1184, 1188, 1183, - 1182, 1192, 1184, 0, 1185, 1194, 1193, 1196, 1187, 1189, - 1190, 1190, 1188, 1224, 1186, 1192, 1195, 1195, 0, 1198, - 1197, 1199, 1189, 1191, 1193, 1224, 1201, 1191, 1192, 1196, - 1191, 1191, 0, 1193, 1196, 1191, 1202, 1194, 1197, 1200, - 1224, 1191, 1202, 1199, 1203, 1191, 1206, 1197, 1199, 1191, - - 1191, 1198, 1201, 1201, 1191, 1206, 1207, 1191, 1191, 1209, - 0, 1200, 1191, 1202, 1210, 1204, 1200, 1204, 1191, 1205, - 1203, 1203, 1191, 1206, 1207, 1208, 1205, 1210, 1211, 1212, - 1213, 1209, 1208, 1207, 0, 0, 1209, 1211, 1214, 1204, - 1215, 1210, 1204, 1218, 1204, 1219, 1205, 1217, 0, 1220, - 1220, 0, 1208, 0, 0, 1211, 1218, 1225, 1223, 0, - 1214, 1212, 1213, 1215, 1221, 1214, 1225, 1215, 1216, 1217, - 1218, 1219, 1219, 1216, 1217, 1216, 1226, 1216, 1220, 1216, - 1221, 1223, 1227, 1228, 1225, 1223, 1216, 1227, 1229, 1230, - 1232, 1221, 1231, 1229, 1226, 1216, 1235, 1236, 1237, 1233, - - 1216, 1228, 1216, 1226, 1216, 1231, 1216, 1233, 1232, 1235, - 1228, 1230, 1234, 1238, 1227, 1229, 1230, 1232, 1239, 1231, - 1234, 1240, 1241, 1235, 1237, 1237, 1233, 1243, 1242, 1236, - 1246, 1239, 1238, 1244, 1245, 1241, 1245, 1247, 1248, 1234, - 1238, 1249, 1244, 1240, 1250, 1239, 1242, 1243, 1240, 1241, - 1248, 1252, 1246, 0, 1243, 1242, 1255, 1246, 1253, 1254, - 1244, 1245, 1256, 1257, 1247, 1248, 1258, 1254, 1249, 1250, - 1257, 1250, 1259, 1260, 1255, 1252, 1261, 1263, 1252, 1268, - 1253, 1262, 1261, 1255, 1264, 1253, 1254, 1262, 1265, 1256, - 1257, 1264, 1267, 1258, 1266, 1260, 1270, 1268, 1259, 1259, - - 1260, 1266, 1269, 1261, 1263, 1270, 1268, 1272, 1262, 1277, - 1273, 1264, 1265, 1274, 1267, 1265, 1276, 1275, 1284, 1267, - 1278, 1266, 1273, 1270, 1279, 1288, 1281, 1269, 1277, 1269, - 1275, 1272, 1280, 1282, 1272, 1274, 1277, 1273, 1276, 1284, - 1274, 1283, 1278, 1276, 1275, 1284, 1285, 1278, 1279, 1286, - 1283, 1279, 1281, 1281, 1280, 1282, 1289, 1288, 1290, 1280, - 1282, 1291, 1293, 1286, 1292, 1294, 1285, 1295, 1283, 1301, - 1293, 1296, 1298, 1285, 0, 1302, 1286, 1305, 1296, 1299, - 1290, 1294, 1292, 1300, 1298, 1290, 1299, 1300, 1289, 1293, - 1303, 1292, 1294, 1291, 1295, 0, 1307, 1308, 1296, 1298, - - 1310, 1301, 1306, 1307, 1308, 1309, 1299, 1302, 1306, 1305, - 1300, 1303, 1311, 1310, 1312, 1306, 1316, 1303, 1313, 1317, - 1309, 1311, 1315, 1307, 1308, 1313, 1314, 1310, 1314, 1306, - 1318, 1315, 1309, 1319, 1318, 1306, 1321, 1322, 1316, 1311, - 1312, 1312, 1322, 1316, 1321, 1313, 1317, 1323, 1324, 1315, - 1327, 1325, 1326, 1314, 1330, 1319, 1323, 1318, 1331, 1335, - 1319, 1328, 1327, 1321, 1328, 1326, 1324, 1332, 1329, 1322, - 1325, 1329, 1330, 1328, 1323, 1324, 1334, 1327, 1325, 1326, - 1332, 1330, 1335, 1331, 1336, 1331, 1335, 1337, 1328, 1338, - 1329, 1328, 1337, 1341, 1332, 1329, 1340, 1338, 1329, 1342, - - 1336, 1339, 1339, 1343, 0, 1340, 1344, 1345, 1334, 1348, - 1346, 1336, 1343, 1344, 1355, 1341, 1338, 1346, 1349, 1337, - 1341, 1342, 1348, 1340, 1351, 1352, 1342, 1349, 1339, 1345, - 1343, 1350, 1353, 1344, 1345, 1354, 1348, 1346, 1356, 1357, - 1350, 1353, 1358, 1354, 1359, 1349, 1355, 1357, 1352, 1360, - 1351, 1351, 1352, 1356, 1363, 1358, 1359, 1362, 1350, 1353, - 1361, 1360, 1354, 1364, 1365, 1356, 1357, 1367, 1361, 1358, - 1366, 1359, 1371, 1365, 1363, 1370, 1360, 1368, 1369, 1362, - 1372, 1363, 1370, 1373, 1362, 1364, 1375, 1361, 1366, 1368, - 1364, 1365, 1377, 1367, 1367, 1374, 1369, 1366, 1371, 1371, - - 1376, 1378, 1370, 1377, 1368, 1369, 1380, 1378, 1374, 1379, - 1381, 1382, 1372, 1375, 1383, 1373, 0, 0, 1384, 1377, - 1386, 1376, 1374, 1387, 1389, 1392, 1391, 1376, 1378, 0, - 1388, 1379, 1394, 1389, 1390, 1393, 1379, 1392, 1380, 1391, - 1383, 1383, 1381, 1382, 1384, 1384, 1387, 1386, 1388, 1390, - 1387, 1389, 1392, 1391, 1396, 1393, 1395, 1388, 1394, 1394, - 1397, 1390, 1393, 1395, 1398, 1400, 1399, 1401, 1402, 1411, - 1400, 1404, 1401, 1396, 1399, 1402, 1403, 1398, 1405, 1404, - 0, 1396, 1397, 1395, 1408, 1407, 1405, 1397, 1406, 1409, - 1414, 1398, 1408, 1399, 0, 1402, 1409, 1400, 1404, 1401, - - 1410, 1411, 1403, 1403, 1412, 1405, 1406, 1407, 1416, 1410, - 1415, 1408, 1407, 1413, 1413, 1406, 1409, 1417, 1415, 1425, - 1418, 1422, 1414, 0, 1419, 1420, 1412, 1410, 1418, 1416, - 1421, 1412, 1419, 1420, 1422, 1416, 1423, 1415, 1421, 1430, - 1413, 1424, 1423, 1426, 1429, 1425, 1425, 1418, 1422, 1417, - 1427, 1419, 1420, 1424, 1428, 1431, 1432, 1421, 1427, 1429, - 1434, 1433, 1428, 1423, 0, 1436, 1430, 1426, 1424, 1437, - 1426, 1429, 1435, 1437, 1434, 1440, 1439, 1427, 1432, 1436, - 1444, 1428, 1431, 1432, 1433, 1439, 1437, 1434, 1433, 1441, - 1435, 1442, 1436, 1443, 1437, 1445, 1437, 1440, 1442, 1435, - - 1437, 1441, 1440, 1439, 1443, 1446, 1449, 1444, 1450, 1447, - 0, 1448, 1457, 1437, 0, 1456, 1441, 1445, 1442, 1451, - 1443, 1447, 1445, 1452, 0, 1448, 1454, 1455, 1449, 1463, - 1452, 1450, 1453, 1449, 1455, 1450, 1447, 1446, 1448, 1457, - 1459, 1453, 1451, 1462, 1454, 1461, 1451, 1456, 1464, 1459, - 1452, 1461, 1467, 1454, 1455, 1463, 1463, 1465, 1469, 1453, - 1470, 0, 1471, 1472, 1465, 1462, 0, 1459, 1474, 1475, - 1462, 1477, 1461, 1471, 1472, 1476, 1475, 1479, 1480, 1467, - 1464, 1481, 1469, 1479, 1465, 1469, 1480, 1470, 1478, 1471, - 1472, 1483, 1474, 1476, 1482, 1474, 1475, 1477, 1477, 1488, - - 1478, 1484, 1476, 1481, 1479, 1480, 1488, 1482, 1481, 1489, - 1486, 1485, 1487, 1493, 1487, 1478, 1490, 1483, 1483, 1484, - 1485, 1482, 1486, 1491, 1492, 1493, 1488, 1494, 1484, 1490, - 1495, 1504, 1491, 1497, 1496, 1489, 1489, 1486, 1485, 1487, - 1493, 1496, 1498, 1490, 1500, 1505, 1492, 1498, 1499, 1507, - 1491, 1492, 1502, 1495, 1494, 1501, 1505, 1495, 1504, 1497, - 1497, 1496, 1507, 1501, 1499, 1508, 1508, 1500, 1506, 1498, - 1509, 1500, 1505, 1508, 1502, 1499, 1507, 1506, 1510, 1502, - 1510, 1511, 1501, 1509, 1512, 1515, 1516, 1513, 1517, 1514, - 0, 1518, 1508, 1508, 1513, 1506, 1514, 1509, 1518, 1519, - - 1520, 1521, 1522, 1523, 1516, 1510, 1512, 1511, 1511, 1522, - 1517, 1512, 1515, 1516, 1513, 1517, 1514, 1525, 1518, 1526, - 1527, 1528, 1520, 1530, 1519, 1532, 1519, 1520, 1527, 1522, - 1525, 1531, 1535, 1521, 1531, 1523, 1533, 1536, 0, 1538, - 1534, 1535, 1528, 1543, 1525, 1530, 1526, 1527, 1528, 1536, - 1530, 1532, 1532, 1534, 1537, 1540, 1545, 1544, 1531, 1535, - 1539, 1541, 1533, 1533, 1536, 1538, 1538, 1534, 1541, 1539, - 1540, 1542, 1545, 1547, 1542, 1543, 1551, 1552, 1537, 1544, - 1545, 1537, 1540, 1545, 1544, 1548, 1542, 1539, 1541, 1554, - 1549, 1547, 1549, 1553, 1550, 1542, 1555, 1558, 1542, 1545, - - 1547, 1542, 1556, 1551, 1557, 1560, 1559, 1548, 1562, 1552, - 1564, 1554, 1548, 1542, 1560, 1562, 1554, 1549, 1550, 1558, - 1559, 1550, 1555, 1555, 1558, 1553, 1561, 1563, 1556, 1556, - 1565, 1567, 1560, 1559, 1561, 1562, 1557, 1566, 1569, 1568, - 1570, 0, 1564, 1568, 1575, 1573, 1571, 1572, 1574, 1578, - 0, 1563, 1573, 1561, 1563, 1574, 1572, 1575, 1578, 1566, - 1569, 1580, 1565, 1567, 1566, 1569, 1568, 1570, 1571, 1576, - 1577, 1575, 1573, 1571, 1572, 1574, 1578, 1579, 1581, 1579, - 1584, 1582, 1576, 1577, 1580, 1585, 1587, 1586, 1580, 1582, - 1594, 0, 1588, 3053, 3053, 1584, 1576, 1577, 1589, 1588, - - 1585, 1586, 1591, 1581, 1579, 1581, 1590, 1584, 1582, 1589, - 1592, 1597, 1585, 1590, 1586, 1591, 1592, 1594, 1587, 1588, - 1595, 1596, 3053, 1598, 1599, 1589, 1597, 1595, 1600, 1591, - 1602, 1601, 1604, 1590, 1601, 1603, 1599, 1592, 1597, 1602, - 1605, 1600, 0, 1596, 1604, 1607, 1612, 1595, 1596, 1598, - 1598, 1599, 1629, 1603, 1613, 1600, 1607, 1602, 1601, 1604, - 1605, 1606, 1603, 1609, 1606, 1614, 1618, 1605, 1609, 1611, - 1612, 1611, 1607, 1612, 1615, 1609, 1616, 1621, 1617, 1606, - 1619, 1613, 0, 0, 1629, 1616, 1622, 1630, 1606, 1615, - 1609, 1606, 1614, 1618, 1619, 1609, 1611, 1625, 1620, 1621, - - 1624, 1615, 1617, 1616, 1621, 1617, 1620, 1619, 1622, 1623, - 1626, 1624, 1628, 1622, 1630, 1625, 1627, 1623, 1626, 1627, - 1633, 1631, 1634, 1637, 1625, 1620, 1632, 1624, 1631, 1633, - 1628, 1635, 0, 1636, 1627, 1634, 1623, 1626, 1636, 1628, - 1632, 1638, 1635, 1627, 1643, 1637, 1627, 1633, 1631, 1634, - 1637, 1642, 1641, 1632, 1641, 1644, 1638, 1645, 1635, 1646, - 1642, 0, 1647, 1649, 1650, 1636, 1644, 0, 1638, 1648, - 1643, 1643, 1648, 1650, 1651, 1645, 1647, 0, 1642, 1641, - 1651, 1646, 1644, 1652, 1645, 1649, 1646, 1648, 1647, 1647, - 1649, 1650, 1652, 1653, 1655, 1657, 1648, 1656, 1653, 1648, - - 1657, 1651, 1659, 1647, 1658, 1660, 1661, 1655, 1662, 1656, - 1652, 0, 1665, 0, 1660, 1663, 1664, 1670, 1666, 1673, - 1668, 1655, 1657, 1669, 1656, 1653, 1658, 1668, 0, 1664, - 0, 1658, 1660, 1661, 1659, 1672, 1669, 1663, 1671, 1666, - 1662, 1672, 1663, 1664, 1665, 1666, 1677, 1668, 1675, 1670, - 1669, 1673, 1671, 1678, 1677, 1679, 1681, 1682, 1680, 1672, - 1685, 1678, 1672, 1686, 1683, 1671, 1684, 1675, 1672, 1687, - 1681, 1682, 1688, 1677, 1679, 1675, 1680, 1683, 1689, 1684, - 1678, 1685, 1679, 1681, 1682, 1680, 1688, 1685, 1691, 1690, - 1692, 1683, 1693, 1684, 1695, 1686, 1690, 1691, 1692, 1688, - - 1694, 1687, 1696, 1698, 1700, 1689, 1701, 1696, 1685, 1697, - 1703, 1702, 1698, 1701, 1694, 1691, 1690, 1692, 1704, 1693, - 1697, 1705, 1711, 1706, 1707, 0, 1695, 1694, 1707, 1696, - 1698, 1700, 1703, 1701, 1702, 1710, 1697, 1703, 1702, 1709, - 1704, 1706, 1713, 1705, 1712, 1704, 1715, 1710, 1705, 1711, - 1706, 1707, 1712, 1714, 1709, 1716, 1717, 1713, 1722, 1718, - 1719, 1714, 1710, 1723, 1721, 1722, 1709, 1726, 1716, 1713, - 1725, 1712, 1721, 1715, 1718, 1719, 1717, 1724, 1727, 1725, - 1714, 1733, 1716, 1717, 1728, 1722, 1718, 1719, 1726, 1729, - 1731, 1721, 1724, 1734, 1726, 1723, 1732, 1725, 1737, 1736, - - 1735, 1739, 1738, 0, 1724, 1727, 1739, 1754, 1728, 1738, - 1740, 1728, 1731, 1733, 1732, 1735, 1729, 1731, 1742, 1740, - 1734, 1741, 1737, 1732, 1736, 1737, 1736, 1735, 1739, 1738, - 1741, 1743, 1744, 1747, 1745, 1746, 1749, 1740, 1748, 1754, - 1742, 1753, 1752, 1749, 1751, 1742, 1755, 1746, 1741, 1745, - 1744, 1748, 1755, 1743, 1752, 1747, 1748, 1750, 1743, 1744, - 1747, 1745, 1746, 1749, 1750, 1748, 1751, 1757, 1753, 1752, - 1759, 1751, 1758, 1755, 1763, 1757, 1760, 1761, 1748, 1750, - 1758, 1759, 1764, 1760, 1750, 1762, 1765, 1762, 1766, 1767, - 1769, 1750, 1768, 1771, 1757, 1766, 1769, 1759, 1762, 1758, - - 1763, 1763, 1761, 1760, 1761, 1770, 1772, 1773, 1776, 1764, - 1774, 1770, 1762, 1765, 1762, 1766, 1767, 1769, 1768, 1768, - 1771, 1777, 1778, 1779, 1781, 1779, 1784, 1790, 1780, 1772, - 1777, 1782, 1770, 1772, 1774, 1783, 1786, 1774, 1782, 1773, - 1776, 1788, 1786, 1787, 1785, 0, 0, 1789, 1777, 0, - 1779, 1781, 1780, 1784, 1778, 1780, 1785, 1783, 1782, 1790, - 1795, 0, 1783, 1786, 1802, 1787, 1792, 1788, 1788, 1789, - 1787, 1785, 1793, 1792, 1789, 1791, 1791, 1791, 1794, 1796, - 1802, 1793, 1791, 1798, 1799, 1794, 1796, 1801, 1798, 1800, - 1791, 1802, 1795, 1792, 1804, 1803, 1808, 1799, 1810, 1793, - - 1805, 1800, 1791, 1791, 1791, 1794, 1796, 1803, 0, 1791, - 1806, 1799, 1801, 1807, 1801, 1798, 1800, 1806, 1805, 1807, - 1809, 1809, 1803, 1808, 1810, 1810, 1804, 1805, 1811, 1812, - 0, 1813, 1814, 1818, 1812, 1811, 1815, 1806, 1824, 1819, - 1807, 1819, 1823, 1815, 1820, 1825, 1822, 1809, 1823, 1831, - 1829, 1830, 1830, 1827, 1828, 1811, 1812, 1813, 1813, 1814, - 1818, 1826, 1820, 1815, 1822, 1827, 1819, 1826, 1829, 1823, - 1824, 1820, 1825, 1822, 1828, 1831, 1831, 1829, 1830, 1833, - 1827, 1828, 1832, 1832, 1836, 1835, 1837, 1839, 1826, 0, - 1833, 1838, 1843, 1837, 1842, 1840, 1844, 0, 0, 1846, - - 0, 1847, 1842, 1845, 0, 0, 1833, 1835, 1847, 1832, - 1850, 1838, 1835, 1837, 1849, 1854, 1836, 1846, 1838, 1839, - 1840, 1842, 1840, 1844, 1843, 1845, 1846, 1848, 1847, 1849, - 1845, 1851, 1852, 1852, 1850, 1848, 1853, 1850, 1855, 1856, - 1851, 1849, 1860, 0, 1857, 1858, 1856, 1854, 1861, 1860, - 1863, 1862, 1864, 1861, 1848, 1865, 1857, 1867, 1851, 1852, - 1864, 1858, 1853, 1853, 1868, 1867, 1856, 1865, 1858, 1860, - 1855, 1857, 1858, 1862, 1869, 1861, 1870, 1863, 1862, 1864, - 1871, 1872, 1865, 1873, 1867, 1875, 1876, 1868, 1858, 1874, - 0, 1868, 1876, 1879, 1874, 1880, 1877, 1870, 1871, 1882, - - 1869, 1869, 1880, 1870, 1896, 1874, 1873, 1871, 1872, 1877, - 1873, 1878, 1875, 1876, 1883, 1879, 1874, 1881, 1884, 1878, - 1879, 1874, 1880, 1877, 1881, 1885, 1883, 1886, 1887, 1889, - 1890, 1882, 1891, 1892, 1894, 1890, 1896, 1895, 1878, 1891, - 1884, 1883, 1895, 1898, 1881, 1884, 1890, 1889, 0, 1899, - 1899, 1887, 1885, 1886, 1886, 1887, 1889, 1890, 1900, 1891, - 1892, 1894, 1890, 1901, 1902, 1905, 1904, 1906, 1907, 1895, - 1907, 1908, 1909, 1910, 0, 1898, 1899, 1909, 1901, 1911, - 1900, 1904, 1906, 1912, 1920, 1900, 1916, 1914, 1905, 1915, - 1901, 1918, 1905, 1904, 1906, 1907, 1902, 1915, 1912, 1909, - - 1919, 1911, 1914, 1908, 1921, 1910, 1911, 1924, 1916, 1923, - 1912, 1920, 1922, 1916, 1914, 1918, 1915, 1926, 1918, 1922, - 1925, 1929, 1927, 0, 1933, 0, 1919, 1919, 1924, 1931, - 1932, 1921, 1937, 1938, 1924, 0, 0, 1935, 1926, 1922, - 1927, 1923, 1925, 1929, 1926, 1932, 1936, 1925, 1929, 1927, - 1933, 1933, 1935, 1931, 1937, 1940, 1931, 1932, 1939, 1937, - 1938, 1936, 1941, 1942, 1935, 1943, 1946, 1944, 1945, 1949, - 1947, 1950, 1951, 1936, 1944, 1946, 1939, 1940, 1947, 1948, - 1952, 1951, 1940, 0, 1941, 1939, 1945, 1942, 1954, 1941, - 1942, 1949, 1943, 1946, 1944, 1945, 1949, 1947, 1952, 1951, - - 1953, 1954, 1948, 1950, 0, 1956, 1948, 1952, 1957, 1953, - 1958, 1959, 0, 1960, 0, 1954, 1956, 1957, 1959, 1962, - 1963, 1968, 1964, 1961, 0, 1971, 1963, 1953, 1958, 1976, - 1970, 1956, 1956, 1974, 1962, 1957, 1971, 1958, 1959, 1960, - 1960, 1961, 1965, 1956, 1964, 1974, 1962, 1963, 1968, 1964, - 1961, 1972, 1971, 1975, 1970, 1977, 1965, 1970, 1978, 1980, - 1974, 1976, 1972, 1979, 1981, 1977, 1975, 1983, 1986, 1965, - 1984, 1987, 1986, 1988, 0, 1992, 1990, 0, 1972, 1989, - 1975, 1990, 1977, 1981, 1978, 1978, 1980, 0, 1979, 1993, - 1979, 1981, 1987, 1991, 1983, 1986, 1984, 1984, 1987, 1989, - - 1991, 1992, 1992, 1990, 1994, 1988, 1989, 1993, 1995, 1996, - 1994, 1998, 2003, 1997, 1999, 1999, 1993, 2000, 2004, 2003, - 1991, 2001, 2004, 1995, 1996, 1997, 1998, 2006, 2005, 2000, - 0, 1994, 0, 2009, 2001, 1995, 1996, 2007, 1998, 2003, - 1997, 1999, 2001, 2005, 2000, 2004, 2007, 2010, 2001, 2008, - 2013, 2011, 2019, 2015, 2006, 2005, 2008, 2009, 2011, 2014, - 2009, 2001, 2015, 2016, 2007, 2022, 2021, 2017, 2029, 2010, - 2019, 2024, 2013, 2023, 2010, 2021, 2008, 2013, 2011, 2019, - 2015, 2025, 2027, 2022, 2014, 2016, 2014, 2017, 2023, 2025, - 2016, 2028, 2022, 2021, 2017, 2029, 2024, 2031, 2024, 2033, - - 2023, 2030, 2030, 2037, 2028, 2032, 0, 2027, 2025, 2027, - 2036, 2034, 2038, 2035, 2046, 2039, 2040, 2036, 2028, 2031, - 2041, 2033, 2035, 2047, 2031, 2041, 2033, 2042, 2030, 2039, - 2032, 2040, 2032, 2034, 2038, 2037, 2044, 2036, 2034, 2038, - 2035, 2046, 2039, 2040, 2044, 2045, 2042, 2048, 2049, 2047, - 2047, 2050, 2041, 2052, 2042, 2049, 0, 2051, 2045, 2048, - 2053, 2055, 2054, 2044, 2057, 0, 2058, 2056, 2059, 2053, - 2054, 0, 2045, 0, 2048, 2049, 2060, 0, 2052, 2051, - 2052, 2054, 2056, 2050, 2051, 2064, 2059, 2053, 2055, 2054, - 2057, 2057, 2058, 2058, 2056, 2059, 2061, 2054, 2060, 2063, - - 2065, 2067, 2063, 2060, 2066, 2061, 2065, 2068, 0, 2066, - 2064, 0, 2064, 2072, 0, 2069, 2067, 2063, 2071, 2073, - 2078, 0, 0, 2061, 2075, 2068, 2063, 2065, 2067, 2063, - 2069, 2077, 2076, 2071, 2068, 2072, 2066, 2081, 2075, 2076, - 2072, 2073, 2069, 2079, 2080, 2071, 2073, 2078, 2081, 2077, - 2082, 2075, 2079, 2080, 2083, 2087, 2088, 2085, 2077, 2076, - 2086, 2090, 2087, 2082, 2081, 2095, 2083, 2089, 2101, 2096, - 2079, 2080, 2085, 2096, 0, 2086, 0, 2082, 2088, 2090, - 2093, 2083, 2087, 2088, 2085, 2097, 2095, 2086, 2090, 2089, - 2098, 2100, 2095, 2093, 2089, 2101, 2096, 2097, 2099, 2098, - - 2099, 2093, 2103, 2102, 2105, 2104, 2106, 2093, 2107, 2100, - 2108, 2109, 2097, 2104, 2110, 2108, 2109, 2098, 2100, 2111, - 2093, 2102, 2107, 2112, 2124, 2099, 2113, 2105, 2106, 2103, - 2102, 2105, 2104, 2106, 2114, 2107, 2117, 2108, 2129, 0, - 2118, 2114, 2119, 2109, 2120, 2113, 2110, 2112, 2121, 2122, - 2112, 2111, 2126, 2113, 2118, 2125, 2124, 2127, 2128, 2123, - 2119, 2114, 0, 2117, 2122, 2118, 2118, 2118, 2123, 2119, - 2129, 2120, 2131, 2133, 2121, 2121, 2122, 2125, 2126, 2126, - 2128, 2118, 2125, 2132, 2127, 2128, 2123, 2134, 0, 2136, - 2132, 2136, 2118, 2137, 2134, 2131, 2133, 2138, 0, 2131, - - 2133, 2138, 2141, 2140, 2144, 2139, 2143, 2142, 2146, 2148, - 2132, 2141, 0, 2143, 2134, 2137, 2136, 2139, 2142, 2147, - 2137, 2148, 2145, 2149, 2138, 2140, 2144, 2145, 2152, 2141, - 2140, 2144, 2139, 2143, 2142, 2146, 2148, 2150, 2150, 2151, - 2154, 2157, 2147, 2152, 2153, 2149, 2147, 2155, 2151, 2145, - 2149, 2156, 2153, 2159, 2162, 2152, 2163, 2160, 2162, 2163, - 2156, 2155, 2154, 2169, 2150, 2160, 2151, 2154, 2157, 2161, - 2165, 2153, 2159, 2166, 2155, 2169, 2165, 2161, 2156, 2164, - 2159, 2162, 2172, 2163, 2160, 2167, 2173, 2164, 2166, 2171, - 2169, 2167, 2174, 2175, 0, 2172, 2161, 2165, 2177, 2176, - - 2166, 2178, 2182, 2171, 2181, 2179, 2164, 2173, 2183, 2172, - 2180, 2184, 2167, 2173, 2187, 2178, 2171, 2174, 2179, 2174, - 2175, 2176, 2177, 2189, 2180, 2177, 2176, 2185, 2178, 2182, - 2181, 2181, 2179, 2183, 2186, 2183, 2190, 2180, 2184, 2185, - 2187, 2187, 2188, 2191, 2193, 2188, 2194, 2196, 2186, 2195, - 2189, 2197, 2198, 2194, 2185, 2200, 2195, 2202, 2204, 2199, - 2188, 2186, 2196, 2190, 2205, 2191, 2193, 2199, 2201, 2188, - 2191, 2193, 2188, 2194, 2196, 2203, 2195, 2201, 2197, 2198, - 2204, 2206, 2200, 2207, 2202, 2204, 2199, 2203, 2208, 2210, - 2209, 2205, 2212, 2213, 2215, 2201, 2207, 2210, 2219, 2214, - - 2216, 2217, 2203, 2209, 2220, 2218, 2208, 2214, 2206, 2216, - 2207, 0, 2223, 2219, 2212, 2208, 2210, 2209, 0, 2212, - 2213, 2215, 2217, 2222, 2219, 2219, 2214, 2216, 2217, 2218, - 2221, 2220, 2218, 2225, 2226, 2222, 2227, 2223, 2221, 2223, - 2219, 2229, 2226, 2230, 2231, 2225, 2232, 2230, 2229, 2233, - 2222, 2234, 2235, 2236, 2237, 2239, 2231, 2221, 0, 2234, - 2225, 2226, 2242, 2227, 2251, 2236, 2237, 2241, 2229, 2232, - 2230, 2231, 2246, 2232, 2235, 2242, 2233, 2240, 2234, 2235, - 2236, 2237, 2239, 2243, 2240, 2247, 2244, 2241, 0, 2242, - 2245, 2245, 2243, 2248, 2241, 2244, 2251, 2253, 2246, 2246, - - 2252, 2259, 2259, 2247, 2240, 2264, 2249, 2254, 2256, 2255, - 2243, 2255, 2247, 2244, 2263, 2252, 2258, 2245, 2248, 2253, - 2248, 2249, 2256, 2249, 2253, 2257, 2263, 2252, 2259, 2254, - 2249, 2257, 2261, 2249, 2254, 2256, 2255, 2264, 2258, 2262, - 2265, 2263, 2266, 2258, 0, 2269, 2265, 2269, 2249, 2267, - 2249, 2268, 2257, 2271, 2261, 2270, 2277, 2272, 0, 2261, - 0, 2262, 2278, 2273, 2279, 2274, 2262, 2265, 2275, 2270, - 2285, 2267, 2269, 2268, 2266, 2272, 2267, 2271, 2268, 2283, - 2271, 2273, 2270, 2274, 2272, 2276, 2275, 2279, 2277, 2281, - 2273, 2279, 2274, 2284, 2278, 2275, 2281, 2283, 2276, 2286, - - 2287, 2288, 2285, 2288, 2290, 2292, 2283, 2286, 2288, 2296, - 2291, 2293, 2276, 0, 0, 2290, 2281, 2294, 2297, 2284, - 2284, 2291, 2287, 2293, 2296, 2286, 2286, 2287, 2288, 2297, - 2288, 2290, 2292, 2299, 2286, 2294, 2296, 2291, 2293, 2298, - 2301, 2302, 2303, 2304, 2294, 2297, 2305, 2308, 2299, 2303, - 2306, 2298, 2311, 2310, 2309, 2312, 2314, 0, 2304, 2315, - 2299, 2313, 2321, 2302, 2301, 2316, 2298, 2301, 2302, 2303, - 2304, 0, 2315, 2305, 2308, 2310, 2306, 2306, 2309, 2313, - 2310, 2309, 2317, 2314, 2311, 2318, 2315, 2312, 2313, 2320, - 2322, 2316, 2316, 2319, 2321, 0, 2323, 2317, 2318, 2325, - - 2326, 2319, 2327, 2322, 0, 2333, 2328, 2329, 0, 2317, - 0, 0, 2318, 2330, 2331, 2320, 2320, 2322, 2323, 2332, - 2319, 2331, 2325, 2323, 2326, 2329, 2325, 2326, 2328, 2327, - 2334, 2330, 2333, 2328, 2329, 2339, 2336, 2340, 2337, 2342, - 2330, 2331, 2332, 2338, 2334, 2337, 2332, 2341, 2339, 2343, - 2338, 2344, 0, 2354, 2341, 0, 2368, 2334, 2336, 2345, - 2340, 2342, 2339, 2336, 2340, 2337, 2342, 2346, 2345, 2347, - 2338, 2348, 2344, 2349, 2341, 2346, 2351, 2347, 2344, 2349, - 2353, 2343, 2355, 2356, 2352, 2354, 2345, 2358, 2368, 2361, - 0, 2351, 2370, 2348, 2346, 2352, 2347, 2362, 2348, 2360, - - 2349, 2355, 2353, 2351, 2364, 2358, 2367, 2353, 2356, 2355, - 2356, 2352, 2360, 2369, 2358, 2361, 2361, 2363, 2363, 2370, - 2371, 2362, 2374, 2376, 2362, 2379, 2360, 2386, 2369, 2367, - 2364, 2364, 2376, 2367, 2382, 2378, 2379, 2384, 2371, 2388, - 2369, 2383, 2383, 2385, 2363, 2390, 2391, 2371, 2378, 2374, - 2376, 2400, 2379, 2394, 2386, 2393, 2382, 2397, 2392, 2384, - 2393, 2382, 2378, 2396, 2384, 2385, 2388, 2403, 2383, 2392, - 2385, 2396, 2391, 2391, 2398, 2394, 2399, 2390, 2400, 2402, - 2394, 2397, 2393, 2404, 2397, 2392, 2405, 2407, 2408, 2398, - 2396, 2399, 2404, 2412, 2409, 2410, 2413, 2402, 2405, 2403, - - 0, 2398, 2409, 2399, 2410, 2414, 2402, 2415, 2416, 2417, - 2404, 2419, 2408, 2405, 2407, 2408, 2415, 2418, 2421, 2412, - 2412, 2409, 2410, 2413, 2419, 2422, 2416, 2414, 2420, 2425, - 2423, 2417, 2414, 2421, 2415, 2416, 2417, 2423, 2419, 2424, - 2426, 2420, 2418, 2427, 2418, 2421, 2424, 2422, 2428, 2429, - 2430, 2425, 2422, 2431, 0, 2420, 2425, 2423, 2433, 2432, - 0, 2434, 2431, 2435, 2436, 2430, 2424, 2426, 2439, 2441, - 2427, 2442, 2438, 0, 0, 2428, 2429, 2430, 2435, 2436, - 2431, 2432, 2437, 2438, 2433, 2433, 2432, 2434, 2434, 2437, - 2435, 2436, 2440, 2444, 2443, 2439, 2441, 2445, 2442, 2438, - - 2440, 2446, 2451, 2448, 2447, 2449, 2450, 0, 2444, 2437, - 2443, 2447, 2449, 2450, 2453, 2453, 2446, 2445, 2452, 2440, - 2444, 2443, 2459, 2455, 2445, 2448, 2457, 2454, 2446, 2451, - 2448, 2447, 2449, 2450, 2454, 2456, 2452, 2455, 2456, 2457, - 2458, 2453, 2460, 2464, 2461, 2452, 2462, 2466, 2459, 2459, - 2455, 2466, 2464, 2457, 2454, 2458, 2461, 2467, 2462, 2465, - 2460, 2469, 2456, 2468, 2465, 2470, 2471, 2458, 2472, 2460, - 2464, 2461, 2473, 2462, 2466, 2475, 2468, 2477, 2479, 2481, - 2478, 2467, 0, 2469, 2467, 0, 2465, 2470, 2469, 2478, - 2468, 2481, 2470, 2471, 2479, 2472, 2487, 2489, 2473, 2473, - - 2480, 2475, 2475, 2477, 2477, 2479, 2481, 2478, 2480, 2483, - 2484, 2486, 2485, 2488, 2487, 2493, 2483, 2485, 2486, 2484, - 2488, 2490, 2489, 2487, 2489, 2491, 2492, 2480, 2490, 2495, - 2496, 2499, 2498, 2501, 2491, 2492, 2483, 2484, 2486, 2485, - 2488, 2493, 2493, 2496, 2497, 2502, 2503, 2505, 2490, 2497, - 2498, 2501, 2491, 2492, 2504, 2503, 2495, 2496, 2499, 2498, - 2501, 2507, 2511, 2504, 2506, 2512, 2508, 2505, 2509, 2510, - 2507, 2497, 2502, 2503, 2505, 2508, 2506, 2510, 2513, 2509, - 2515, 2504, 2516, 2517, 2518, 2513, 2520, 2527, 2507, 2511, - 2514, 2506, 2512, 2508, 2519, 2509, 2510, 2523, 2520, 2514, - - 2521, 2515, 2522, 2519, 2524, 2513, 2526, 2515, 2521, 2516, - 2517, 2524, 2527, 2520, 2527, 2522, 2518, 2514, 2525, 2523, - 2528, 2519, 2530, 2529, 2523, 2525, 2532, 2521, 2526, 2522, - 2535, 2524, 2537, 2526, 2532, 0, 2534, 2536, 2535, 2537, - 2538, 0, 2545, 0, 2539, 2525, 2544, 2528, 2529, 2530, - 2529, 2539, 2536, 2532, 2534, 2548, 2547, 2535, 2540, 2537, - 2546, 2543, 2538, 2534, 2536, 2547, 2540, 2538, 2543, 2545, - 2544, 2539, 2546, 2544, 2549, 2551, 2554, 2550, 2555, 2553, - 2556, 2558, 2548, 2547, 2561, 2540, 0, 2546, 2543, 2550, - 2549, 2553, 2565, 2558, 2556, 2564, 2566, 2563, 2551, 2554, - - 2568, 2549, 2551, 2554, 2550, 2555, 2553, 2556, 2558, 2559, - 2560, 2561, 2563, 2564, 2570, 2565, 2559, 2560, 2567, 2565, - 2569, 2574, 2564, 2566, 2563, 2572, 2567, 2568, 2571, 0, - 2579, 2573, 2570, 2581, 0, 2584, 2559, 2560, 2573, 2571, - 2572, 2570, 2569, 2585, 2580, 2567, 2586, 2569, 2574, 2580, - 2582, 2583, 2572, 2584, 2587, 2571, 2579, 2579, 2573, 2589, - 2581, 2585, 2584, 2592, 2582, 2583, 2587, 2593, 2596, 2594, - 2585, 2580, 2597, 2586, 2598, 2595, 2601, 2582, 2583, 2599, - 2597, 2587, 2594, 2602, 2605, 2592, 2589, 2596, 2601, 2593, - 2592, 2603, 2598, 2606, 2593, 2596, 2594, 2595, 2599, 2597, - - 2604, 2598, 2595, 2601, 2607, 2602, 2599, 2609, 2608, 2615, - 2602, 2605, 2604, 2603, 2610, 2611, 2612, 2613, 2603, 2614, - 2606, 2615, 2617, 2610, 2611, 2616, 2618, 2604, 2608, 2609, - 2622, 2607, 2623, 2624, 2609, 2608, 2615, 2621, 2624, 2613, - 2625, 2610, 2611, 2628, 2613, 2614, 2614, 2616, 2612, 2617, - 2626, 2621, 2616, 2618, 0, 2627, 2623, 2622, 2629, 2623, - 2631, 2630, 2625, 2634, 2621, 2624, 2635, 2625, 2627, 2634, - 2633, 2636, 2626, 2637, 2632, 2628, 0, 2626, 2631, 2638, - 2641, 2629, 2627, 2630, 2640, 2629, 2632, 2631, 2630, 2633, - 2634, 2642, 2646, 2644, 2638, 2637, 2648, 2633, 2635, 2647, - - 2637, 2632, 2641, 2636, 2640, 2648, 2638, 2641, 2644, 2650, - 2649, 2640, 2651, 2653, 2646, 2642, 2652, 2657, 2642, 2646, - 2644, 2647, 0, 2648, 2649, 2656, 2647, 2650, 2662, 2658, - 2651, 2653, 2664, 2661, 2656, 2662, 2650, 2649, 2663, 2651, - 2653, 2661, 2652, 2652, 2665, 2666, 2663, 2669, 2667, 2657, - 2658, 2668, 2656, 2666, 2670, 2662, 2658, 2672, 2676, 2664, - 2661, 2674, 2670, 2668, 2665, 2663, 2667, 2675, 2674, 2672, - 2678, 2665, 2666, 2679, 2669, 2667, 2680, 2677, 2668, 2677, - 2681, 2670, 2682, 2688, 2672, 2676, 2686, 0, 2674, 2683, - 2675, 2690, 2685, 2689, 2675, 0, 2694, 2695, 2696, 2691, - - 2686, 2682, 2678, 2697, 2677, 2679, 2695, 2681, 2680, 2682, - 2685, 2683, 2691, 2686, 2690, 2688, 2683, 2689, 2690, 2685, - 2689, 2692, 2694, 2694, 2695, 2696, 2691, 2699, 2700, 2703, - 2697, 2701, 2705, 2692, 2707, 2706, 2708, 2709, 2711, 2705, - 2712, 2708, 2714, 2715, 0, 2711, 2717, 2716, 2692, 2707, - 2722, 2700, 2709, 2701, 2699, 2700, 2703, 2706, 2701, 2705, - 2717, 2707, 2706, 2719, 2709, 2711, 2712, 2712, 2708, 2714, - 2715, 2716, 2719, 2717, 2716, 2721, 2724, 2722, 2723, 2725, - 2726, 2727, 2721, 2728, 2729, 2730, 2731, 2741, 2736, 2732, - 2719, 2725, 2728, 2736, 2737, 2727, 0, 2729, 2737, 2742, - - 2743, 2742, 2721, 2724, 2723, 2723, 2725, 2726, 2727, 2740, - 2728, 2729, 2732, 2731, 2744, 2738, 2732, 2730, 2739, 2741, - 2736, 2737, 2738, 2743, 2747, 2739, 2742, 2743, 2749, 2750, - 2740, 2752, 0, 2752, 2754, 2753, 2740, 2758, 2755, 2755, - 2760, 2744, 2738, 2757, 2758, 2739, 2747, 2749, 2755, 2756, - 2759, 2747, 2757, 2750, 0, 2749, 2750, 0, 2752, 2753, - 2754, 2754, 2753, 2759, 2758, 2755, 2755, 2760, 2761, 0, - 2757, 2756, 2762, 2763, 2764, 2765, 2756, 2759, 2766, 2767, - 2762, 2761, 2764, 2766, 2767, 2768, 2763, 2769, 0, 2770, - 0, 2771, 0, 2768, 2765, 2761, 2762, 2772, 2774, 2762, - - 2763, 2764, 2765, 2773, 2775, 2778, 2776, 2762, 0, 2774, - 2766, 2767, 2768, 2776, 2769, 2770, 2770, 2771, 2771, 2777, - 2777, 2780, 2781, 2772, 2772, 2774, 2775, 2778, 2779, 2773, - 2773, 2775, 2778, 2776, 2782, 2783, 2779, 2785, 2786, 2787, - 2781, 2782, 2783, 2780, 2788, 2790, 2777, 2791, 2780, 2781, - 2792, 2793, 2795, 2788, 2801, 2779, 0, 2796, 2797, 0, - 2800, 2782, 2783, 2787, 2785, 2786, 2787, 2791, 2798, 2800, - 2802, 2788, 2790, 2793, 2791, 2796, 2797, 2792, 2793, 2795, - 2803, 2801, 2804, 2805, 2796, 2797, 2798, 2800, 2806, 2807, - 2804, 2808, 2815, 2802, 2807, 2798, 2809, 2802, 2803, 2805, - - 2806, 2810, 2817, 2814, 2818, 2808, 2819, 2803, 2819, 2804, - 2805, 2820, 2822, 2830, 2809, 2806, 2823, 2818, 2808, 2815, - 2820, 2807, 2824, 2809, 2810, 2814, 2828, 2844, 2810, 2817, - 2814, 2818, 2832, 2819, 2823, 2836, 2837, 2824, 2820, 2822, - 2827, 2829, 2827, 2823, 2828, 2830, 2834, 2832, 2829, 2824, - 2838, 2839, 2834, 2828, 2844, 0, 2845, 2836, 2837, 2832, - 2841, 2846, 2836, 2837, 2850, 2848, 2847, 2827, 2829, 2839, - 2852, 2842, 2848, 2834, 2842, 0, 2838, 2838, 2839, 2855, - 0, 2849, 2841, 2845, 2847, 2853, 2850, 2841, 2846, 2849, - 2856, 2850, 2848, 2847, 2854, 2857, 2859, 2842, 2842, 2856, - - 2861, 2842, 2852, 2858, 2860, 0, 2855, 2853, 2849, 2858, - 2857, 2863, 2853, 2860, 2865, 0, 2854, 2856, 2859, 2868, - 2866, 2854, 2857, 2859, 2862, 2869, 2862, 2867, 2870, 2875, - 2858, 2860, 2861, 2869, 2879, 2908, 2871, 2865, 2863, 2877, - 2870, 2865, 2866, 2873, 2878, 2868, 2868, 2866, 2871, 2867, - 2873, 2862, 2869, 2877, 2867, 2870, 2875, 2879, 2878, 2880, - 2882, 2879, 2881, 2871, 2883, 0, 2877, 2908, 2882, 2885, - 2873, 2878, 2884, 2881, 2886, 2887, 2889, 2880, 2888, 2888, - 2890, 2893, 2894, 2883, 2887, 2898, 2880, 2882, 2890, 2881, - 0, 2883, 2886, 2903, 2884, 2885, 2885, 2905, 2896, 2884, - - 2900, 2886, 2887, 2889, 2896, 2888, 2901, 2890, 2893, 2894, - 2902, 2900, 2898, 2907, 2909, 2903, 2906, 2901, 2909, 2912, - 2903, 2902, 2910, 2906, 2905, 2896, 2913, 2900, 2914, 2915, - 2910, 2907, 2919, 2901, 2923, 2918, 2914, 2902, 2920, 2913, - 2907, 2909, 2918, 2906, 2924, 2912, 2912, 2922, 2926, 2910, - 2925, 2928, 2922, 2913, 2927, 2914, 2915, 2925, 2930, 2929, - 2920, 2923, 2918, 0, 2919, 2920, 2929, 2926, 2931, 2928, - 2927, 2924, 2932, 2933, 2922, 2926, 2931, 2925, 2928, 2934, - 2933, 2927, 2936, 2935, 2941, 2942, 2929, 2932, 2940, 2943, - 2930, 2941, 2945, 0, 2926, 2931, 2944, 2952, 2949, 2932, - - 2933, 0, 0, 2940, 2946, 2948, 2934, 2935, 2936, 2936, - 2935, 2941, 2950, 2946, 2951, 2940, 2943, 2942, 2953, 2953, - 2944, 2954, 2951, 2944, 2945, 2949, 2959, 2948, 2953, 2952, - 2960, 2946, 2948, 2957, 2950, 2956, 2958, 2965, 2958, 2950, - 2959, 2951, 2957, 2961, 2962, 2953, 2953, 2963, 2954, 2966, - 2956, 2961, 2970, 2959, 2968, 2962, 2967, 2960, 2969, 2971, - 2957, 2972, 2956, 2958, 2965, 2963, 2975, 2968, 2973, 2976, - 2961, 2962, 2974, 2974, 2963, 2978, 2966, 2986, 2967, 2970, - 2969, 2968, 2973, 2967, 2981, 2969, 2971, 2988, 2972, 2983, - 2997, 2976, 2981, 2994, 2983, 2973, 2976, 2991, 2975, 2974, - - 2984, 2985, 2978, 2986, 2986, 2984, 2985, 2989, 2989, 2990, - 2991, 2981, 2992, 2993, 2988, 2995, 2983, 2990, 2998, 2992, - 2994, 2999, 2997, 3003, 2991, 2998, 3005, 2984, 2985, 2999, - 3000, 2993, 3006, 3007, 2989, 3008, 2990, 3011, 0, 2992, - 2993, 3009, 2995, 3010, 3012, 2998, 3007, 3016, 2999, 0, - 3003, 3014, 3000, 3005, 3006, 0, 3009, 3000, 3014, 3006, - 3007, 3017, 3010, 3018, 3011, 3015, 3012, 3008, 3009, 3016, - 3010, 3012, 3015, 3021, 3016, 3020, 3017, 3028, 3014, 3022, - 3023, 3021, 3025, 3028, 3018, 3026, 3022, 3023, 3017, 3029, - 3018, 3025, 3015, 3031, 3020, 3033, 3026, 3034, 3027, 3027, - - 3021, 3041, 3020, 3032, 3028, 3037, 3022, 3023, 3027, 3025, - 3032, 3029, 3026, 3042, 3036, 3031, 3029, 3038, 0, 3034, - 3031, 3036, 3043, 3047, 3034, 3027, 3027, 3033, 3041, 3037, - 3032, 3038, 3037, 3048, 3049, 3050, 3052, 3054, 3054, 0, - 3042, 3036, 3049, 3058, 3038, 3043, 3055, 3055, 0, 3043, - 3047, 3056, 3060, 3059, 0, 3048, 3062, 3065, 3061, 3068, - 3048, 3049, 3050, 3052, 3065, 3058, 3054, 3061, 3067, 3062, - 3058, 3059, 3072, 3073, 3056, 3055, 3074, 3080, 3056, 3060, - 3059, 3066, 3077, 3062, 3065, 3061, 3068, 3071, 3066, 3071, - 3067, 3077, 3072, 3075, 3074, 3067, 3073, 3078, 3081, 3072, - - 3073, 3079, 0, 3074, 3080, 3075, 3082, 3083, 3066, 3077, - 3086, 3088, 3085, 3084, 3071, 3078, 3084, 3085, 3082, 3087, - 3075, 3087, 3093, 3088, 3078, 3081, 3089, 3079, 3079, 3083, - 3090, 3084, 3089, 3082, 3083, 3094, 3091, 3092, 3088, 3095, - 3084, 3096, 3086, 3084, 3085, 3092, 3087, 3097, 3099, 3093, - 3098, 3102, 3090, 3089, 3104, 3105, 3108, 3090, 3091, 3109, - 3095, 3110, 3098, 3091, 3092, 3111, 3095, 3094, 3096, 3112, - 3099, 3113, 3114, 3105, 3097, 3099, 3115, 3098, 3102, 3116, - 3116, 3104, 3105, 3108, 3118, 3119, 3109, 3120, 3110, 3121, - 3122, 3125, 3111, 3124, 3127, 3126, 3112, 3122, 3113, 3114, - - 3128, 3124, 3118, 3115, 3121, 3120, 3116, 3126, 3127, 3129, - 3131, 3118, 3119, 3130, 3120, 3128, 3121, 3122, 3125, 3134, - 3124, 3127, 3126, 3135, 3138, 3130, 3137, 3128, 3134, 3136, - 3136, 3140, 3141, 3138, 3144, 3129, 3129, 3131, 3143, 3145, - 3130, 3142, 3144, 0, 3149, 0, 3134, 3135, 3145, 3152, - 3135, 3138, 3137, 3137, 3142, 3140, 3136, 3148, 3140, 3146, - 3143, 3144, 3149, 3153, 3141, 3143, 3145, 3165, 3142, 3166, - 3146, 3149, 3152, 3156, 3156, 3153, 3152, 3168, 3148, 3169, - 3170, 3171, 3175, 3173, 3148, 3174, 3146, 3173, 3176, 3165, - 3153, 3168, 3181, 3166, 3165, 3176, 3166, 3179, 3177, 0, - - 3156, 3179, 3180, 3174, 3168, 3175, 3169, 3170, 3171, 3175, - 3173, 3177, 3174, 3182, 3181, 3176, 3183, 3185, 3180, 3181, - 3184, 3192, 3186, 3187, 3179, 3177, 3188, 3190, 3183, 3180, - 3186, 3185, 3187, 3189, 3191, 3189, 3192, 3188, 3182, 3190, - 3182, 3193, 3195, 3183, 3185, 3194, 3184, 3184, 3192, 3186, - 3187, 3194, 3191, 3188, 3190, 3196, 3198, 3202, 3197, 3203, - 3189, 3191, 3204, 3193, 3195, 3197, 3203, 3206, 3193, 3195, - 3202, 3207, 3194, 3205, 3208, 3209, 0, 3217, 3198, 3210, - 3212, 3211, 3196, 3198, 3202, 3197, 3203, 3210, 3211, 3204, - 3213, 3205, 3214, 3215, 3206, 3215, 3220, 3207, 3207, 3216, - - 3205, 3208, 3209, 3218, 3212, 3221, 3210, 3212, 3211, 3217, - 3219, 3216, 3213, 3223, 3214, 3222, 3218, 3213, 3220, 3214, - 3215, 3225, 3222, 3220, 3226, 3219, 3216, 3227, 3228, 3230, - 3218, 3235, 3221, 3236, 3232, 3227, 3226, 3219, 3237, 3238, - 3223, 3230, 3222, 3232, 3239, 3240, 3244, 3238, 3225, 0, - 0, 3226, 3245, 3242, 3227, 3228, 3230, 3237, 3235, 3236, - 3236, 3232, 3241, 3243, 3247, 3237, 3238, 3242, 3244, 3253, - 3254, 3243, 3250, 3244, 3251, 3241, 3239, 3240, 3250, 3245, - 3242, 3251, 3253, 3257, 3259, 3256, 3258, 3261, 3260, 3241, - 3243, 3247, 3256, 3254, 3258, 3261, 3253, 3254, 3259, 3250, - - 3262, 3251, 3260, 3263, 3264, 3257, 3270, 3271, 3268, 3267, - 3257, 3259, 3256, 3258, 3261, 3260, 3267, 3268, 3269, 3272, - 3273, 3274, 3262, 0, 3278, 3263, 3269, 3262, 3275, 3271, - 3263, 3264, 3276, 3270, 3271, 3268, 3267, 3280, 3281, 3282, - 3284, 3277, 3286, 3274, 3285, 3269, 3273, 3273, 3274, 3277, - 3275, 3272, 3285, 3287, 3276, 3275, 3278, 3289, 3291, 3276, - 3281, 3287, 3286, 3284, 3280, 3281, 3282, 3284, 3277, 3286, - 3288, 3285, 3291, 3290, 0, 3293, 3295, 3297, 3288, 3300, - 3287, 3290, 3301, 3298, 3299, 3291, 0, 3296, 0, 3289, - 3296, 3298, 3299, 3300, 3302, 3305, 3305, 3288, 3303, 3297, - - 3290, 3293, 3293, 3295, 3297, 3296, 3300, 3306, 3301, 3301, - 3298, 3299, 3303, 3308, 3296, 3307, 3302, 3296, 3309, 3310, - 0, 3302, 3305, 3307, 3312, 3303, 3313, 3311, 3314, 0, - 3316, 3315, 3312, 3306, 3306, 3323, 0, 3320, 0, 3308, - 3308, 3310, 3307, 3317, 3309, 3309, 3310, 3311, 3318, 3326, - 3314, 3312, 3319, 3313, 3311, 3314, 3315, 3316, 3315, 3320, - 3319, 3321, 3323, 3317, 3320, 3324, 3328, 3327, 3318, 3321, - 3317, 3326, 3329, 3324, 3328, 3318, 3326, 3330, 3332, 3319, - 3329, 3335, 3333, 3334, 3336, 3339, 3337, 3340, 3321, 3327, - 3333, 3334, 3324, 3328, 3327, 3341, 3343, 3346, 0, 3329, - - 3349, 0, 3350, 3330, 3330, 3332, 3337, 3335, 3335, 3333, - 3334, 3336, 3339, 3337, 3340, 3341, 0, 3347, 3343, 3346, - 3348, 0, 3341, 3343, 3346, 3347, 0, 3349, 3348, 3350, + 322, 0, 325, 324, 0, 333, 329, 332, 336, 335, + 340, 328, 0, 327, 328, 331, 339, 0, 329, 325, + 330, 339, 336, 330, 331, 332, 337, 333, 330, 330, + 330, 330, 333, 335, 340, 336, 335, 340, 330, 338, + + 338, 337, 341, 0, 334, 0, 334, 330, 339, 347, + 330, 342, 345, 337, 342, 330, 330, 330, 330, 334, + 343, 342, 334, 348, 338, 346, 338, 338, 334, 341, + 345, 334, 343, 334, 344, 344, 347, 349, 342, 345, + 350, 342, 351, 346, 344, 348, 334, 343, 352, 334, + 348, 354, 346, 353, 351, 0, 357, 361, 355, 354, + 356, 344, 344, 349, 349, 355, 350, 350, 353, 351, + 352, 358, 356, 358, 360, 352, 362, 363, 354, 361, + 353, 360, 358, 364, 361, 355, 370, 356, 357, 364, + 365, 0, 365, 366, 368, 0, 369, 358, 358, 363, + + 358, 360, 0, 371, 363, 364, 366, 393, 362, 358, + 364, 367, 368, 404, 365, 372, 364, 365, 370, 365, + 366, 368, 369, 369, 367, 375, 376, 367, 377, 367, + 371, 378, 375, 379, 382, 367, 386, 372, 367, 393, + 377, 386, 372, 378, 376, 404, 379, 382, 381, 385, + 376, 367, 375, 376, 367, 377, 367, 373, 378, 373, + 379, 382, 389, 0, 381, 373, 384, 385, 386, 373, + 389, 376, 381, 388, 373, 381, 385, 373, 384, 388, + 0, 387, 390, 373, 373, 391, 373, 392, 387, 389, + 409, 381, 373, 384, 390, 392, 373, 394, 394, 395, + + 388, 373, 387, 391, 373, 374, 395, 374, 387, 390, + 397, 399, 391, 444, 392, 387, 396, 398, 399, 397, + 374, 400, 409, 374, 394, 374, 395, 374, 400, 396, + 0, 374, 374, 401, 374, 398, 402, 403, 399, 398, + 444, 0, 397, 396, 398, 401, 397, 374, 400, 403, + 374, 405, 374, 0, 374, 383, 383, 408, 402, 430, + 401, 407, 398, 402, 403, 383, 383, 383, 383, 383, + 408, 410, 383, 410, 406, 411, 407, 405, 405, 0, + 383, 406, 383, 383, 408, 412, 411, 0, 407, 413, + 413, 430, 383, 383, 383, 383, 383, 414, 410, 383, + + 415, 406, 411, 416, 414, 420, 417, 412, 421, 418, + 424, 415, 412, 422, 416, 425, 0, 423, 413, 417, + 419, 419, 424, 421, 414, 423, 425, 415, 420, 435, + 416, 421, 420, 417, 418, 421, 418, 424, 419, 422, + 422, 427, 425, 426, 423, 419, 431, 419, 419, 432, + 421, 437, 426, 0, 427, 428, 428, 433, 438, 434, + 436, 435, 0, 558, 431, 419, 436, 428, 427, 428, + 426, 432, 437, 431, 428, 439, 432, 434, 437, 0, + 433, 438, 428, 428, 433, 438, 434, 436, 441, 440, + 558, 442, 0, 443, 428, 441, 428, 429, 446, 439, + + 445, 0, 439, 447, 0, 429, 429, 443, 449, 429, + 429, 440, 446, 429, 448, 441, 440, 442, 442, 429, + 443, 452, 445, 453, 429, 446, 450, 445, 451, 447, + 447, 449, 429, 429, 451, 449, 429, 429, 450, 454, + 429, 455, 456, 452, 458, 453, 448, 454, 452, 456, + 453, 457, 459, 450, 461, 451, 455, 462, 460, 458, + 457, 463, 0, 466, 464, 454, 454, 465, 455, 456, + 467, 458, 462, 465, 454, 467, 459, 461, 457, 459, + 460, 461, 469, 472, 462, 460, 464, 463, 463, 466, + 466, 464, 471, 473, 465, 474, 475, 467, 471, 476, + + 477, 474, 472, 479, 480, 479, 476, 481, 469, 469, + 472, 473, 479, 480, 481, 477, 482, 483, 475, 471, + 473, 484, 474, 475, 485, 486, 476, 477, 487, 482, + 479, 480, 479, 489, 481, 488, 492, 490, 488, 484, + 495, 487, 494, 482, 493, 0, 491, 486, 484, 483, + 490, 493, 486, 497, 488, 487, 485, 489, 491, 500, + 489, 496, 488, 495, 490, 488, 494, 501, 492, 494, + 503, 493, 495, 491, 496, 497, 498, 499, 0, 502, + 497, 498, 500, 499, 504, 505, 500, 506, 496, 501, + 495, 502, 503, 505, 501, 504, 510, 503, 509, 513, + + 0, 506, 510, 498, 499, 509, 502, 513, 512, 511, + 514, 504, 505, 0, 506, 507, 515, 0, 0, 0, + 507, 511, 507, 510, 519, 509, 513, 515, 507, 516, + 507, 512, 514, 507, 507, 512, 511, 514, 518, 0, + 507, 507, 507, 515, 517, 521, 519, 507, 517, 507, + 518, 519, 516, 0, 525, 507, 516, 507, 522, 520, + 507, 507, 520, 521, 523, 518, 517, 507, 522, 524, + 520, 517, 521, 526, 0, 517, 523, 526, 525, 528, + 524, 525, 529, 0, 529, 527, 520, 530, 532, 520, + 522, 523, 527, 534, 535, 522, 524, 0, 531, 533, + + 526, 537, 535, 532, 546, 528, 528, 0, 541, 529, + 531, 533, 527, 530, 530, 532, 538, 536, 540, 534, + 534, 535, 536, 537, 539, 531, 533, 544, 537, 541, + 540, 543, 539, 545, 538, 541, 546, 547, 549, 552, + 553, 548, 550, 538, 536, 540, 549, 551, 552, 543, + 544, 539, 547, 548, 544, 550, 545, 554, 543, 551, + 545, 555, 557, 553, 547, 549, 552, 553, 548, 550, + 556, 554, 559, 556, 551, 560, 561, 0, 562, 563, + 565, 557, 564, 0, 554, 569, 555, 567, 555, 557, + 560, 566, 565, 562, 570, 564, 569, 556, 572, 570, + + 573, 574, 560, 563, 559, 562, 563, 565, 561, 564, + 568, 567, 569, 566, 567, 571, 575, 568, 566, 576, + 568, 577, 584, 582, 580, 572, 570, 573, 568, 571, + 578, 581, 579, 574, 586, 578, 585, 568, 579, 580, + 583, 584, 571, 575, 568, 582, 576, 568, 583, 584, + 582, 580, 589, 577, 590, 581, 586, 588, 581, 579, + 585, 586, 578, 585, 587, 588, 591, 583, 587, 592, + 595, 593, 594, 591, 596, 589, 597, 0, 601, 589, + 593, 598, 599, 595, 588, 603, 590, 598, 597, 601, + 0, 587, 592, 591, 594, 608, 592, 595, 593, 594, + + 596, 596, 600, 597, 599, 601, 602, 0, 598, 599, + 600, 605, 604, 602, 611, 0, 607, 603, 606, 609, + 610, 608, 608, 606, 605, 607, 606, 606, 609, 600, + 612, 610, 614, 602, 604, 613, 611, 616, 605, 604, + 617, 611, 606, 607, 614, 606, 609, 610, 613, 618, + 606, 0, 612, 606, 606, 619, 0, 612, 617, 614, + 621, 620, 613, 622, 623, 624, 625, 617, 629, 616, + 0, 0, 0, 618, 624, 623, 618, 619, 619, 627, + 626, 630, 619, 620, 621, 622, 625, 621, 620, 628, + 622, 623, 624, 625, 626, 629, 628, 631, 635, 630, + + 633, 627, 634, 632, 619, 631, 627, 626, 630, 632, + 636, 633, 637, 635, 638, 0, 628, 639, 639, 646, + 634, 640, 641, 642, 631, 635, 0, 633, 645, 634, + 632, 644, 642, 637, 643, 647, 645, 648, 638, 637, + 649, 638, 636, 651, 641, 640, 639, 643, 640, 641, + 642, 646, 650, 644, 650, 645, 0, 647, 644, 653, + 654, 643, 647, 652, 649, 651, 655, 649, 652, 648, + 651, 656, 658, 653, 654, 657, 0, 660, 659, 650, + 655, 655, 664, 657, 660, 661, 653, 654, 655, 662, + 658, 663, 667, 655, 0, 652, 668, 667, 665, 658, + + 659, 670, 657, 656, 660, 659, 663, 655, 655, 662, + 666, 661, 661, 665, 664, 663, 662, 669, 663, 669, + 666, 671, 668, 668, 667, 665, 670, 672, 670, 671, + 673, 674, 666, 663, 675, 677, 678, 666, 676, 673, + 674, 0, 677, 675, 669, 0, 676, 666, 671, 679, + 0, 680, 672, 687, 672, 681, 688, 673, 674, 682, + 685, 675, 677, 688, 683, 676, 684, 681, 678, 680, + 0, 682, 679, 683, 684, 685, 679, 686, 680, 689, + 690, 0, 681, 688, 692, 687, 682, 685, 691, 686, + 692, 683, 689, 684, 693, 690, 691, 694, 696, 695, + + 0, 697, 693, 701, 686, 702, 689, 690, 695, 696, + 697, 692, 700, 698, 698, 691, 701, 706, 0, 699, + 694, 693, 698, 704, 694, 696, 695, 699, 697, 703, + 701, 702, 702, 706, 700, 705, 704, 708, 707, 700, + 698, 698, 709, 705, 706, 713, 699, 710, 712, 711, + 704, 707, 703, 709, 0, 710, 703, 714, 715, 708, + 716, 715, 705, 711, 708, 707, 717, 713, 712, 709, + 718, 719, 713, 721, 710, 712, 711, 714, 720, 718, + 723, 722, 716, 724, 714, 715, 721, 716, 717, 725, + 726, 719, 0, 717, 729, 723, 720, 718, 719, 722, + + 721, 727, 733, 732, 740, 720, 728, 723, 722, 732, + 730, 725, 729, 731, 726, 724, 725, 726, 735, 728, + 736, 729, 730, 734, 727, 737, 731, 739, 727, 733, + 732, 734, 741, 728, 742, 739, 740, 730, 743, 741, + 731, 746, 736, 737, 744, 735, 744, 736, 747, 734, + 734, 745, 737, 743, 739, 749, 748, 742, 734, 741, + 745, 742, 751, 0, 749, 743, 750, 747, 750, 751, + 0, 744, 754, 746, 0, 747, 748, 0, 745, 0, + 757, 761, 749, 748, 754, 0, 0, 0, 760, 751, + 757, 764, 0, 750, 752, 763, 0, 752, 772, 754, + + 0, 752, 761, 766, 752, 772, 760, 757, 761, 764, + 767, 752, 752, 769, 752, 760, 763, 768, 764, 752, + 773, 752, 763, 765, 752, 772, 766, 776, 752, 769, + 766, 752, 771, 770, 765, 0, 767, 767, 752, 752, + 769, 752, 770, 768, 768, 771, 775, 778, 779, 776, + 765, 0, 773, 775, 776, 780, 778, 777, 780, 771, + 770, 774, 774, 777, 774, 0, 0, 774, 782, 781, + 0, 779, 774, 775, 778, 779, 784, 0, 774, 774, + 787, 786, 780, 786, 777, 781, 812, 774, 774, 774, + 782, 774, 781, 783, 774, 782, 781, 785, 784, 774, + + 790, 783, 789, 784, 787, 774, 774, 787, 786, 785, + 788, 791, 781, 792, 794, 788, 0, 793, 812, 797, + 783, 795, 789, 791, 785, 796, 790, 790, 798, 789, + 802, 800, 818, 801, 799, 792, 794, 802, 791, 800, + 792, 794, 788, 793, 793, 795, 797, 796, 795, 799, + 804, 803, 796, 798, 805, 798, 801, 802, 800, 803, + 801, 799, 806, 807, 818, 808, 809, 810, 811, 804, + 814, 820, 0, 811, 806, 809, 807, 804, 803, 813, + 805, 805, 810, 815, 822, 817, 821, 823, 815, 806, + 807, 808, 808, 809, 810, 811, 819, 814, 824, 825, + + 826, 813, 827, 820, 819, 828, 813, 817, 821, 830, + 0, 823, 817, 821, 823, 815, 822, 831, 825, 824, + 835, 829, 836, 819, 828, 824, 825, 826, 833, 827, + 829, 830, 828, 832, 837, 834, 830, 831, 838, 833, + 836, 839, 832, 834, 831, 842, 0, 835, 829, 836, + 840, 843, 845, 837, 844, 833, 847, 844, 840, 0, + 832, 837, 834, 842, 846, 838, 848, 851, 850, 843, + 850, 849, 842, 839, 845, 852, 0, 840, 843, 845, + 847, 844, 846, 847, 849, 851, 854, 853, 848, 852, + 876, 846, 853, 848, 851, 850, 855, 856, 849, 857, + + 858, 859, 852, 858, 862, 856, 860, 863, 855, 864, + 859, 0, 854, 854, 860, 864, 865, 857, 0, 853, + 0, 0, 876, 855, 856, 867, 857, 858, 859, 862, + 860, 862, 867, 860, 863, 868, 864, 871, 865, 866, + 870, 860, 868, 865, 869, 866, 872, 870, 874, 869, + 872, 873, 867, 875, 877, 871, 0, 874, 881, 0, + 884, 875, 868, 880, 871, 882, 866, 870, 878, 879, + 885, 869, 877, 872, 873, 874, 880, 879, 873, 881, + 875, 877, 884, 878, 882, 881, 883, 884, 888, 890, + 880, 887, 882, 886, 895, 878, 879, 885, 887, 883, + + 889, 886, 891, 893, 896, 892, 888, 889, 890, 891, + 892, 893, 894, 883, 898, 888, 890, 900, 887, 894, + 886, 897, 899, 901, 900, 902, 895, 889, 0, 891, + 893, 903, 892, 904, 897, 899, 896, 905, 909, 894, + 906, 904, 908, 910, 900, 905, 898, 907, 897, 899, + 912, 913, 905, 907, 903, 901, 911, 902, 903, 912, + 904, 914, 906, 916, 905, 913, 0, 906, 908, 908, + 909, 0, 905, 917, 907, 910, 918, 912, 913, 915, + 911, 919, 917, 911, 920, 921, 915, 922, 925, 920, + 916, 923, 0, 914, 919, 925, 919, 921, 918, 924, + + 917, 927, 926, 918, 924, 919, 915, 930, 919, 927, + 922, 932, 921, 936, 922, 925, 920, 923, 923, 929, + 930, 919, 929, 919, 926, 932, 924, 934, 927, 926, + 933, 0, 937, 934, 930, 938, 939, 933, 932, 936, + 936, 940, 941, 940, 0, 962, 929, 938, 944, 960, + 0, 946, 988, 0, 934, 937, 946, 933, 935, 937, + 935, 942, 938, 939, 935, 941, 935, 943, 940, 941, + 944, 935, 962, 942, 947, 944, 935, 945, 966, 988, + 943, 960, 935, 946, 948, 935, 966, 935, 942, 0, + 945, 935, 947, 935, 943, 949, 950, 948, 935, 951, + + 952, 947, 953, 935, 945, 966, 954, 949, 950, 951, + 955, 948, 956, 957, 958, 952, 955, 961, 949, 954, + 959, 951, 949, 950, 953, 956, 951, 952, 964, 953, + 969, 957, 970, 954, 949, 958, 951, 955, 965, 956, + 957, 958, 959, 965, 967, 969, 974, 959, 971, 961, + 0, 972, 0, 967, 970, 973, 978, 969, 0, 970, + 964, 971, 979, 0, 978, 965, 972, 975, 974, 976, + 979, 967, 968, 974, 977, 971, 981, 968, 972, 968, + 976, 973, 973, 978, 980, 968, 975, 977, 982, 979, + 968, 968, 983, 984, 975, 980, 976, 968, 968, 968, + + 986, 977, 984, 985, 968, 989, 968, 983, 981, 986, + 982, 980, 968, 987, 985, 982, 990, 968, 968, 983, + 984, 992, 987, 990, 968, 993, 0, 986, 989, 994, + 985, 996, 989, 995, 997, 998, 999, 994, 1004, 0, + 987, 1001, 0, 990, 999, 996, 1002, 1005, 0, 993, + 1003, 0, 993, 992, 1007, 995, 994, 998, 996, 1001, + 995, 1003, 998, 999, 1002, 1005, 997, 1006, 1001, 1009, + 1004, 1008, 1010, 1002, 1005, 1006, 1007, 1003, 1008, 1010, + 1011, 1007, 1009, 1012, 1013, 1014, 1016, 1015, 0, 1018, + 1020, 0, 1034, 0, 1006, 1011, 1009, 1015, 1008, 1010, + + 1018, 1012, 1013, 1020, 1022, 1023, 1014, 1011, 1021, 1024, + 1012, 1013, 1014, 1023, 1015, 1021, 1018, 1020, 1016, 1025, + 1027, 1026, 1024, 1028, 1034, 1032, 1022, 1031, 1025, 1033, + 0, 1022, 1023, 1026, 0, 1021, 1024, 1037, 0, 1035, + 0, 1036, 1027, 1032, 1050, 1028, 1025, 1027, 1026, 1031, + 1028, 1037, 1032, 1036, 1031, 1033, 1033, 1035, 1039, 1043, + 1040, 1044, 1046, 1047, 1037, 1040, 1035, 1042, 1036, 1039, + 1042, 1045, 1047, 1046, 1044, 1049, 1050, 1048, 1045, 1052, + 0, 1057, 0, 1043, 0, 1039, 1043, 1049, 1044, 1046, + 1047, 1048, 1040, 1042, 1042, 1053, 1051, 1042, 1045, 1054, + + 1055, 1062, 1049, 1051, 1048, 1057, 1058, 1053, 1057, 1059, + 1060, 1052, 1058, 1055, 1061, 1065, 1063, 1064, 1070, 1062, + 1071, 1054, 1053, 1051, 1067, 1061, 1054, 1055, 1062, 1068, + 1065, 1059, 1060, 1058, 1069, 1072, 1059, 1060, 1063, 1064, + 1068, 1061, 1065, 1063, 1064, 1067, 1074, 1071, 1073, 1076, + 1070, 1067, 1075, 1072, 1080, 1069, 1068, 1073, 1076, 1077, + 1079, 1069, 1072, 1081, 1078, 1082, 1083, 1077, 1080, 1085, + 1074, 1078, 1084, 1074, 1087, 1073, 1076, 0, 1075, 1075, + 1086, 1080, 1089, 1090, 1079, 1092, 1077, 1079, 1083, 1091, + 0, 1078, 1090, 1083, 1084, 1081, 1091, 1082, 1093, 1084, + + 1094, 1085, 1086, 1095, 1089, 1096, 1087, 1086, 1101, 1089, + 1090, 1098, 1099, 1097, 1104, 1106, 1091, 1092, 1100, 1098, + 1093, 1095, 1097, 1096, 1101, 1093, 1102, 1094, 1103, 1104, + 1095, 1107, 1096, 1110, 1108, 1101, 1099, 1103, 1098, 1099, + 1097, 1104, 1100, 1105, 1109, 1100, 1108, 1106, 1102, 1111, + 1114, 1105, 1112, 1102, 1113, 1103, 1117, 1111, 1116, 1114, + 1110, 1108, 1122, 1107, 1118, 1112, 1109, 1116, 1123, 1113, + 1105, 1109, 1118, 1119, 1117, 1119, 1111, 1114, 1121, 1112, + 1124, 1113, 1125, 1117, 1129, 1116, 1121, 1123, 1128, 1122, + 1126, 1118, 1131, 1130, 1132, 1123, 1129, 1126, 1133, 1134, + + 1119, 1128, 1124, 1135, 1125, 1121, 1134, 1124, 1130, 1125, + 1136, 1129, 1132, 1137, 1131, 1128, 1138, 1126, 0, 1131, + 1130, 1132, 1139, 1140, 1137, 1133, 1134, 1144, 1141, 1143, + 0, 1142, 0, 0, 1147, 1135, 1150, 1146, 1138, 1144, + 1137, 1141, 1136, 1138, 1142, 1140, 1147, 1139, 1154, 1139, + 1140, 1143, 1145, 1151, 1144, 1141, 1143, 1146, 1142, 1148, + 1145, 1147, 1152, 1150, 1146, 1153, 1151, 1148, 0, 1154, + 1158, 1152, 1159, 1156, 1155, 1154, 1161, 1153, 0, 1145, + 1151, 1155, 1156, 1160, 1156, 0, 1148, 1156, 1162, 1152, + 1168, 1163, 1153, 1158, 1165, 1156, 1164, 1158, 1159, 1159, + + 1156, 1155, 1165, 1161, 1163, 1160, 1167, 1166, 1162, 1156, + 1160, 1156, 1168, 1170, 1156, 1162, 1166, 1168, 1163, 1169, + 1164, 1165, 1171, 1164, 1167, 1172, 1173, 1169, 1170, 1174, + 1176, 0, 1177, 1167, 1166, 0, 1178, 1174, 1172, 1180, + 1170, 1179, 1173, 0, 1171, 0, 1169, 1181, 1179, 1171, + 1183, 1182, 1172, 1173, 1177, 1184, 1174, 1176, 1178, 1177, + 1186, 1180, 1183, 1178, 1185, 1188, 1180, 1184, 1179, 1182, + 1181, 1187, 1185, 1189, 1181, 1186, 1190, 1183, 1182, 1195, + 1191, 1192, 1184, 1187, 1190, 1188, 1191, 1186, 1189, 1193, + 1192, 1185, 1188, 1194, 1196, 1197, 1198, 1199, 1187, 0, + + 1189, 1196, 1197, 1190, 1200, 1194, 1204, 1191, 1192, 1199, + 1193, 1195, 1200, 1201, 1198, 1205, 1193, 1202, 1204, 1206, + 1194, 1196, 1197, 1198, 1199, 1202, 1206, 1203, 1201, 1203, + 1208, 1200, 1210, 1204, 1211, 0, 1209, 1215, 1214, 1213, + 1201, 0, 1212, 1219, 1202, 1210, 1206, 1205, 1209, 1212, + 1213, 1216, 1215, 1211, 1203, 1218, 1216, 1219, 1220, 1210, + 1214, 1211, 1208, 1209, 1215, 1214, 1213, 1217, 1218, 1212, + 1219, 1223, 1224, 1222, 1226, 1217, 1228, 0, 0, 1225, + 1237, 0, 1218, 1216, 1220, 1220, 0, 1222, 1229, 1223, + 0, 1227, 1230, 0, 1217, 1221, 1226, 1231, 1223, 1221, + + 1222, 1226, 1221, 1221, 1224, 1225, 1225, 1221, 1228, 1227, + 1229, 1233, 1237, 1221, 1230, 1229, 1243, 1221, 1227, 1230, + 1235, 1221, 1221, 1231, 1231, 1232, 1221, 1235, 1238, 1221, + 1221, 1232, 1236, 1234, 1221, 1234, 1239, 1233, 1233, 1240, + 1221, 1236, 1242, 1239, 1221, 1241, 1238, 1235, 1243, 1244, + 1246, 1242, 1232, 1245, 0, 1238, 1248, 1234, 1241, 1236, + 1234, 1240, 1234, 1239, 0, 1254, 1240, 0, 1250, 1242, + 0, 1249, 1241, 1246, 1252, 1245, 1256, 1246, 1248, 0, + 1245, 1244, 1247, 1248, 1249, 1256, 1257, 1247, 1254, 1247, + 1252, 1247, 1254, 1247, 1250, 1250, 1251, 1251, 1249, 1255, + + 1247, 1252, 1258, 1256, 1257, 1259, 1261, 1258, 1262, 1247, + 1260, 1255, 1263, 1257, 1247, 1260, 1247, 1267, 1247, 1264, + 1247, 1262, 0, 1259, 1268, 1251, 1255, 1264, 1261, 1266, + 1263, 0, 1259, 1261, 1258, 1262, 1265, 1260, 1269, 1263, + 1270, 1272, 1266, 1273, 1265, 0, 1264, 1271, 1278, 1267, + 1268, 1268, 1274, 1270, 1272, 1275, 1266, 1269, 1276, 1277, + 1276, 1273, 1280, 1265, 1275, 1269, 1279, 1270, 1272, 1271, + 1273, 1281, 1274, 1283, 1271, 1278, 1285, 1284, 1279, 1274, + 1287, 1277, 1275, 1286, 1285, 1276, 1277, 1288, 1289, 1280, + 1290, 1291, 1294, 1279, 1288, 0, 1281, 1283, 1281, 1284, + + 1283, 1286, 1292, 1285, 1284, 1293, 1297, 1287, 1292, 1299, + 1286, 1293, 1296, 1291, 1288, 1289, 1290, 1290, 1291, 1294, + 1295, 1298, 1296, 1300, 1301, 1303, 1306, 1295, 1298, 1292, + 1297, 1302, 1293, 1297, 1303, 1305, 1308, 1312, 1306, 1296, + 0, 1299, 1301, 1307, 1309, 1300, 0, 1295, 1298, 1308, + 1300, 1301, 1303, 1306, 1310, 1311, 1302, 1313, 1302, 1305, + 1314, 1312, 1305, 1308, 1312, 1307, 1309, 1315, 1318, 1316, + 1307, 1309, 1317, 1310, 1321, 1322, 1319, 1311, 1316, 1313, + 1325, 1310, 1311, 1323, 1313, 0, 1314, 1314, 1318, 1315, + 1319, 1324, 1327, 1317, 1315, 1318, 1316, 1326, 1328, 1317, + + 1327, 1329, 1330, 1319, 1332, 1323, 1321, 1322, 1333, 1330, + 1323, 1335, 1325, 1324, 1328, 1326, 1334, 1333, 1324, 1327, + 1336, 1338, 1339, 1335, 1326, 1328, 1332, 1336, 1329, 1330, + 1337, 1332, 0, 1334, 1337, 1333, 1342, 1340, 1335, 1343, + 1346, 0, 1344, 1334, 1345, 1343, 1347, 1336, 1349, 1344, + 0, 1345, 1343, 1338, 1339, 1346, 1348, 1337, 1340, 1347, + 1351, 1354, 1351, 1350, 1340, 1348, 1343, 1346, 1342, 1344, + 1350, 1345, 1343, 1347, 1349, 1349, 1352, 1353, 1355, 1356, + 1361, 1358, 1355, 1348, 1360, 1352, 1359, 1351, 1354, 1358, + 1350, 1359, 0, 1360, 1362, 1368, 1363, 1367, 1361, 1353, + + 1364, 1356, 1371, 1352, 1353, 1355, 1356, 1361, 1358, 1363, + 1372, 1360, 1364, 1362, 1365, 1367, 1366, 1365, 1359, 1366, + 1368, 1362, 1368, 1363, 1367, 1374, 1365, 1364, 1375, 1369, + 1374, 1373, 1392, 1372, 1371, 0, 1375, 1372, 1366, 1376, + 1376, 1365, 1369, 1366, 1365, 1377, 1366, 1373, 1378, 1379, + 1380, 1382, 1385, 1381, 1377, 1375, 1369, 1374, 1373, 1380, + 1381, 1383, 1389, 0, 1392, 1385, 1376, 1388, 1383, 0, + 1378, 1379, 1377, 1382, 1386, 1378, 1379, 1380, 1382, 1385, + 1381, 1387, 1390, 1386, 1391, 1389, 1395, 1393, 1383, 1389, + 1387, 1390, 1391, 1388, 1388, 1394, 1398, 1399, 1396, 1395, + + 1397, 1386, 1393, 1394, 1398, 0, 1400, 1401, 1387, 1390, + 1396, 1391, 1397, 1395, 1393, 1405, 1406, 1404, 1407, 1399, + 1409, 1402, 1394, 1398, 1399, 1396, 1400, 1397, 1406, 1401, + 1402, 1403, 1408, 1400, 1401, 1404, 1407, 1403, 1410, 1408, + 1411, 1405, 1405, 1406, 1404, 1407, 1409, 1409, 1402, 1412, + 0, 1413, 1414, 1415, 1416, 1417, 1419, 1420, 1403, 1408, + 1421, 1417, 1412, 1418, 1425, 1416, 0, 1422, 0, 1423, + 1410, 0, 1411, 1430, 1415, 1426, 1412, 1413, 1413, 1414, + 1415, 1416, 1417, 1427, 1429, 1418, 1430, 1432, 1419, 1420, + 1418, 1425, 1421, 1422, 1422, 1423, 1423, 1428, 1426, 1429, + + 1430, 1427, 1426, 1431, 0, 1433, 1428, 1432, 1435, 1434, + 1427, 1429, 1436, 1437, 1432, 1431, 1434, 1438, 1439, 1442, + 1450, 0, 1441, 1439, 1428, 1438, 1437, 1435, 1440, 1441, + 1431, 1433, 1433, 1440, 1436, 1435, 1434, 1446, 1445, 1436, + 1437, 1448, 0, 1443, 1438, 1442, 1442, 1444, 1448, 1441, + 1439, 1443, 1450, 1447, 1449, 1444, 1445, 1451, 1454, 1446, + 1440, 1447, 1452, 1449, 1446, 1445, 1453, 1453, 1448, 1452, + 1443, 1456, 1457, 1464, 1444, 1455, 1463, 0, 1458, 1451, + 1447, 1449, 1463, 1455, 1451, 1464, 1458, 1459, 1460, 1452, + 1454, 1461, 1456, 1453, 1462, 1459, 1460, 1465, 1456, 1461, + + 1464, 1466, 1455, 1463, 1457, 1458, 1470, 1462, 1467, 1468, + 1471, 1469, 1472, 1474, 1459, 1460, 1467, 1468, 1461, 1473, + 1486, 1462, 1479, 1465, 1465, 1466, 1469, 1474, 1466, 1475, + 1476, 1479, 1480, 1470, 1472, 1467, 1468, 1471, 1469, 1472, + 1474, 1477, 1473, 1481, 1476, 1477, 1473, 1475, 1484, 1479, + 1483, 1485, 1486, 1482, 1480, 1481, 1475, 1476, 1477, 1480, + 1482, 1483, 1487, 0, 1489, 1488, 1477, 1490, 1477, 1494, + 1481, 1497, 1477, 1485, 1487, 1484, 1491, 1483, 1485, 1488, + 1482, 1492, 1496, 1502, 1493, 1477, 1489, 1494, 1492, 1487, + 1490, 1489, 1488, 1493, 1490, 1495, 1494, 1499, 1497, 1491, + + 1503, 1501, 1495, 1491, 1504, 1502, 1499, 1501, 1492, 0, + 1502, 1493, 1505, 1507, 1496, 1510, 1516, 1509, 1511, 1505, + 1512, 0, 1495, 1516, 1499, 1514, 1503, 1503, 1501, 1511, + 1517, 1512, 1515, 0, 1519, 1567, 1504, 0, 1515, 1505, + 1507, 1509, 1510, 1516, 1509, 1511, 1518, 1512, 1517, 1514, + 1520, 0, 1514, 1518, 1523, 1522, 1524, 1517, 1521, 1515, + 1519, 1519, 1520, 1522, 1521, 1525, 1526, 1567, 1528, 1524, + 1527, 1530, 1529, 1518, 1529, 1531, 1523, 1520, 1530, 1527, + 1528, 1523, 1522, 1524, 1526, 1521, 1534, 1532, 1536, 0, + 0, 1525, 1525, 1526, 1533, 1528, 1537, 1527, 1530, 1529, + + 1532, 1531, 1531, 1533, 1535, 1538, 0, 1539, 1534, 1542, + 1541, 1547, 1538, 1534, 1532, 1536, 1535, 1540, 1541, 1537, + 1543, 1533, 1540, 1537, 1545, 1542, 1548, 1544, 1549, 1551, + 1550, 1535, 1538, 1539, 1539, 1544, 1542, 1541, 1547, 1552, + 1551, 0, 1549, 1543, 1540, 1553, 1545, 1543, 1552, 1555, + 1548, 1545, 1550, 1548, 1544, 1549, 1551, 1550, 1553, 1554, + 1554, 1556, 1555, 1556, 1557, 0, 1552, 1554, 1559, 1561, + 1558, 1560, 1553, 1564, 0, 1559, 1555, 1565, 1560, 1563, + 1564, 1562, 1568, 1566, 1569, 1572, 1554, 1554, 1556, 1568, + 1557, 1557, 1558, 1574, 1571, 1559, 1561, 1558, 1560, 1562, + + 1564, 1563, 1565, 1573, 1565, 1566, 1563, 1571, 1562, 1568, + 1566, 1573, 1572, 1576, 1574, 1577, 1569, 1578, 1577, 1579, + 1574, 1571, 1581, 1580, 1583, 1582, 0, 1584, 1589, 1585, + 1573, 1581, 1586, 0, 1587, 1576, 1580, 1582, 1585, 1593, + 1576, 1587, 1577, 1578, 1578, 1579, 1579, 1586, 1583, 1581, + 1580, 1583, 1582, 1584, 1584, 1588, 1585, 1593, 1588, 1586, + 1589, 1587, 1590, 1597, 1591, 1594, 1593, 1595, 1598, 1595, + 1588, 1596, 1599, 1603, 1600, 0, 1601, 0, 0, 1588, + 1591, 0, 1588, 1602, 1590, 1588, 1604, 1594, 1591, 1590, + 1597, 1591, 1594, 1610, 1595, 1596, 1600, 1588, 1596, 1609, + + 1598, 1600, 1601, 1601, 1599, 1603, 1605, 1591, 1604, 1602, + 1602, 1607, 1606, 1604, 1611, 1608, 1613, 1616, 1612, 1607, + 1605, 1606, 1608, 1609, 1614, 1610, 1609, 1615, 1614, 1619, + 1617, 0, 1618, 1605, 1622, 1620, 1619, 1623, 1607, 1606, + 1612, 1618, 1608, 1620, 1616, 1612, 1611, 1622, 1613, 1615, + 1623, 1614, 1617, 1621, 1615, 1624, 1619, 1617, 1625, 1618, + 1621, 1622, 1620, 1626, 1623, 1626, 1627, 1625, 1624, 1628, + 1629, 1630, 1632, 1633, 1635, 1637, 1636, 1638, 1629, 0, + 1621, 1634, 1624, 1636, 1638, 1625, 1637, 1632, 1633, 1627, + 1626, 1630, 1639, 1627, 1628, 1634, 1628, 1629, 1630, 1632, + + 1633, 1640, 1637, 1636, 1638, 1639, 1635, 1640, 1634, 1642, + 1643, 1644, 1645, 0, 1646, 1650, 1648, 1643, 1647, 1639, + 1649, 0, 1652, 1649, 1650, 0, 1651, 1645, 1640, 1648, + 1647, 1653, 1654, 1644, 1652, 1654, 1642, 1643, 1644, 1645, + 1646, 1646, 1650, 1648, 1651, 1647, 1655, 1649, 1660, 1652, + 1654, 1653, 1659, 1651, 1659, 1657, 1661, 1655, 1653, 1654, + 1657, 1662, 1654, 1663, 1666, 1664, 0, 1657, 1668, 1665, + 1667, 0, 1660, 1655, 1664, 1660, 1668, 1669, 1663, 1659, + 1671, 1670, 1657, 1661, 1667, 1674, 1672, 1657, 1662, 1673, + 1663, 1666, 1664, 1665, 1672, 1668, 1665, 1667, 1675, 1669, + + 1673, 1677, 1671, 1674, 1669, 1670, 1675, 1671, 1670, 1679, + 1678, 1676, 1674, 1672, 1676, 0, 1673, 1680, 1681, 1677, + 1683, 1682, 1685, 1684, 1680, 1675, 0, 1685, 1677, 1676, + 1682, 1686, 1681, 1683, 1684, 1692, 1679, 1687, 1676, 1694, + 0, 1676, 1678, 1695, 1680, 1681, 1691, 1683, 1682, 1690, + 1684, 1690, 1687, 1686, 1685, 1691, 1693, 1694, 1686, 0, + 1696, 1692, 1692, 0, 1687, 1695, 1694, 1693, 1699, 1698, + 1695, 1701, 1697, 1691, 1696, 1697, 1690, 1699, 1700, 1704, + 1701, 1708, 1705, 1693, 1700, 1707, 1696, 1696, 1702, 1710, + 1697, 1698, 1704, 1702, 1705, 1699, 1698, 1711, 1701, 1697, + + 1712, 1696, 1697, 1706, 1713, 1700, 1704, 1707, 1706, 1705, + 1709, 1714, 1707, 1708, 1715, 1718, 1710, 1713, 1717, 1709, + 1702, 1719, 1712, 1722, 1720, 1717, 0, 1712, 1718, 1711, + 1706, 1713, 0, 1721, 1729, 1715, 1726, 1709, 1720, 1721, + 1724, 1715, 1718, 1714, 1726, 1717, 1727, 1730, 1731, 1728, + 1733, 1720, 1732, 1719, 1727, 1722, 1729, 1721, 1734, 1724, + 1721, 1729, 1731, 1726, 1733, 1730, 1721, 1724, 1728, 1735, + 1732, 1734, 1736, 1727, 1730, 1731, 1728, 1733, 1737, 1732, + 1738, 1739, 1735, 0, 1740, 1734, 1744, 1741, 1742, 1745, + 1743, 1746, 1749, 1736, 1741, 1739, 1735, 1742, 1743, 1736, + + 1747, 1749, 1751, 1745, 1754, 1747, 0, 1748, 1739, 1753, + 1737, 1740, 1738, 1744, 1741, 1742, 1745, 1743, 1748, 1749, + 1736, 1752, 1756, 1746, 1757, 1758, 1754, 1747, 1752, 1751, + 1755, 1754, 1753, 1765, 1748, 1759, 1753, 1755, 1761, 1759, + 1762, 1764, 1763, 1758, 1756, 1765, 1757, 1766, 1752, 1756, + 1770, 1757, 1758, 1767, 1761, 1768, 1764, 1755, 1762, 1771, + 1765, 1767, 1759, 1769, 1772, 1761, 1763, 1762, 1764, 1763, + 1768, 1769, 1771, 1773, 1766, 1776, 1778, 1770, 1774, 1779, + 1767, 1788, 1768, 1776, 1772, 1777, 1771, 1780, 1773, 1781, + 1769, 1772, 1777, 1774, 1779, 1782, 1780, 1783, 1784, 1787, + + 1773, 1786, 1776, 1789, 1790, 1774, 1779, 1791, 1778, 1792, + 1781, 1793, 1777, 1788, 1780, 1794, 1781, 1787, 1793, 1790, + 1794, 1783, 1782, 1786, 1783, 1784, 1787, 1797, 1786, 1798, + 1789, 1790, 1791, 1792, 1791, 1795, 1792, 1796, 1793, 1799, + 1800, 1801, 1794, 1802, 1795, 1803, 1796, 1808, 1809, 1797, + 0, 1798, 1804, 1801, 1797, 1800, 1798, 1799, 1803, 1804, + 1806, 1807, 1795, 1803, 1796, 1802, 1799, 1800, 1801, 1805, + 1802, 1810, 1803, 1807, 1808, 1812, 1805, 1810, 1813, 1804, + 1809, 1814, 1806, 1812, 1816, 1803, 1813, 1806, 1807, 1818, + 1815, 1805, 1814, 1817, 1819, 1817, 1805, 1815, 1810, 1820, + + 1821, 1822, 1812, 1805, 1823, 1813, 1817, 1821, 1814, 1816, + 1826, 1816, 1824, 1825, 1829, 1818, 1818, 1815, 1824, 1825, + 1817, 1819, 1817, 1827, 1828, 1831, 1820, 1821, 1822, 1833, + 1823, 1823, 1834, 1832, 0, 1837, 1839, 1826, 1829, 1824, + 1825, 1829, 1832, 1835, 1836, 1835, 1827, 1840, 1838, 1847, + 1827, 1843, 1841, 1865, 1834, 1838, 1828, 1831, 1839, 1834, + 1832, 1833, 1837, 1839, 1841, 1844, 1842, 1846, 1836, 1845, + 1835, 1836, 1842, 1843, 1840, 1838, 1852, 0, 1843, 1841, + 1865, 1847, 1850, 1848, 1848, 1848, 0, 1844, 1856, 1846, + 1848, 1850, 1844, 1842, 1846, 1845, 1845, 1849, 1848, 1851, + + 1853, 1856, 1857, 1858, 1849, 1859, 1851, 1853, 1852, 1850, + 1848, 1848, 1848, 1855, 1857, 1856, 1861, 1848, 1855, 1860, + 1862, 1859, 1866, 1866, 1849, 1867, 1851, 1853, 1858, 1857, + 1858, 1860, 1859, 1863, 1869, 1864, 1868, 1871, 1862, 1869, + 1863, 1864, 1870, 1868, 1875, 1855, 1860, 1862, 1861, 1866, + 1872, 1867, 1867, 1876, 1877, 1876, 1879, 1872, 1881, 1880, + 1863, 1869, 1864, 1868, 1871, 1880, 1883, 1882, 1870, 1870, + 1884, 1875, 1877, 1885, 1879, 1886, 1884, 1872, 1882, 1893, + 1876, 1877, 1889, 1879, 1894, 1885, 1880, 1887, 1888, 1888, + 1881, 1890, 1890, 1883, 1882, 1886, 1891, 1884, 1902, 1896, + + 1885, 1893, 1886, 1895, 1897, 1887, 1893, 1891, 1889, 1889, + 1895, 1901, 1898, 1900, 1887, 1888, 1894, 1904, 1890, 1896, + 1903, 1900, 1905, 1891, 1906, 1902, 1896, 1911, 1908, 1905, + 1895, 1907, 1906, 1910, 1910, 1904, 1897, 1898, 1912, 1898, + 1900, 1909, 1903, 1901, 1904, 1913, 1907, 1903, 1916, 1905, + 1909, 1906, 1908, 1911, 1911, 1908, 1914, 1915, 1907, 1918, + 1910, 1921, 1919, 1914, 1916, 1920, 1918, 1919, 1909, 1915, + 1912, 1916, 1922, 1923, 1925, 1916, 1928, 1913, 1927, 1926, + 1922, 1940, 1925, 1914, 1915, 1923, 1918, 1920, 1921, 1919, + 1929, 1916, 1920, 1930, 1933, 1931, 0, 1928, 1935, 1922, + + 1923, 1925, 1926, 1928, 1927, 1927, 1926, 1932, 1929, 1934, + 1937, 1935, 1932, 1940, 1945, 1934, 1936, 1929, 1931, 1938, + 1930, 1933, 1931, 1932, 1936, 1935, 1938, 1943, 1939, 1941, + 1942, 1944, 1937, 1946, 1932, 1939, 1934, 1937, 1941, 1932, + 1947, 1945, 1942, 1936, 1949, 1944, 1938, 1952, 1950, 1943, + 1954, 1956, 1958, 1950, 1943, 1939, 1941, 1942, 1944, 1946, + 1946, 1951, 1949, 1947, 1950, 1955, 1961, 1947, 1951, 1960, + 1955, 1949, 1959, 1959, 1952, 1950, 1962, 1954, 1965, 1964, + 1950, 1961, 1972, 1956, 1958, 1966, 1969, 1967, 1951, 1971, + 1968, 1960, 1968, 1961, 1964, 1987, 1960, 1955, 1970, 1959, + + 1966, 1965, 1973, 1970, 1974, 1965, 1964, 1976, 1962, 1972, + 1973, 1974, 1966, 1967, 1967, 1975, 1979, 1968, 1969, 1980, + 1978, 1971, 1976, 0, 1979, 1970, 1982, 1987, 1983, 1973, + 1984, 1974, 1985, 1986, 1976, 1978, 1989, 1975, 0, 0, + 1986, 1980, 1975, 1979, 1988, 1990, 1980, 1978, 1993, 1991, + 1982, 0, 1997, 1982, 1983, 1983, 1995, 1984, 1989, 1985, + 1986, 0, 1996, 1989, 2001, 1988, 1990, 1991, 2002, 1999, + 1993, 1988, 1990, 2000, 2003, 1993, 1991, 1996, 1997, 1997, + 1995, 2004, 2005, 1995, 1999, 2007, 2001, 2006, 2000, 1996, + 2008, 2001, 2003, 2010, 0, 2002, 1999, 2008, 2009, 2011, + + 2000, 2003, 2010, 2004, 2005, 2012, 2014, 2011, 2004, 2005, + 2015, 2006, 2007, 2013, 2006, 2016, 2009, 2008, 2017, 2015, + 2010, 2018, 2021, 0, 2024, 2009, 2011, 2017, 2012, 0, + 2020, 2021, 2012, 2016, 2018, 2013, 2022, 2015, 2014, 2023, + 2013, 2020, 2016, 2025, 2026, 2017, 2023, 2027, 2018, 2021, + 2024, 2024, 2032, 2027, 2022, 2028, 2020, 2020, 2029, 2026, + 2034, 2025, 2035, 2022, 2036, 2039, 2023, 2040, 2020, 2038, + 2025, 2026, 2029, 2035, 2027, 2036, 2041, 2028, 2039, 2032, + 2042, 2038, 2028, 2043, 2034, 2029, 2041, 2034, 2044, 2035, + 2045, 2036, 2039, 2046, 2048, 2052, 2038, 2044, 2049, 2040, + + 2051, 2053, 0, 2041, 2051, 2054, 2042, 2042, 2043, 2055, + 2043, 2058, 2046, 2059, 2056, 2044, 2052, 2045, 2054, 2056, + 2046, 2048, 2052, 2057, 2049, 2049, 0, 2051, 2060, 2055, + 2057, 2059, 2054, 2053, 2060, 2063, 2055, 2058, 2058, 2061, + 2059, 2056, 2062, 2064, 2065, 2065, 2067, 2063, 2066, 2069, + 2057, 2072, 0, 2071, 2061, 2060, 2069, 2062, 2064, 2067, + 2066, 2070, 2063, 2073, 0, 2070, 2061, 2067, 2071, 2062, + 2064, 2065, 2073, 2067, 2074, 2066, 2069, 2076, 2072, 2075, + 2071, 2074, 2077, 2079, 2081, 0, 2067, 2080, 2070, 2077, + 2073, 2082, 2089, 2081, 2092, 2083, 2090, 0, 2085, 2076, + + 0, 2074, 2088, 2075, 2076, 2079, 2075, 2089, 2087, 2077, + 2079, 2081, 2080, 2082, 2080, 2083, 2085, 2087, 2082, 2089, + 2088, 2090, 2083, 2090, 2091, 2085, 2092, 2094, 2095, 2088, + 2096, 2098, 2091, 2097, 2097, 2087, 2099, 2100, 2102, 2103, + 2101, 2095, 2104, 0, 2108, 0, 2103, 2102, 2105, 2108, + 2109, 2091, 2094, 2098, 2094, 2095, 2107, 2096, 2098, 2100, + 2097, 2099, 2101, 2099, 2100, 2102, 2103, 2101, 2106, 2109, + 2105, 2107, 2111, 2112, 2104, 2105, 2108, 2109, 2113, 2115, + 2111, 2114, 2106, 2107, 2117, 2116, 2112, 2118, 2119, 0, + 2122, 2115, 2116, 2120, 0, 2106, 0, 2124, 0, 2111, + + 2112, 2125, 2120, 2121, 2123, 2113, 2115, 2114, 2114, 2118, + 2127, 2121, 2116, 2119, 2118, 2119, 2117, 2122, 2126, 2123, + 2120, 2131, 2121, 2124, 2124, 2128, 2130, 2125, 2125, 2130, + 2121, 2123, 2127, 2132, 2128, 2133, 2126, 2127, 2121, 2132, + 2133, 2135, 2134, 2136, 2130, 2126, 2131, 2138, 2131, 2139, + 2140, 2142, 2128, 2130, 2143, 2144, 2130, 2134, 2136, 2135, + 2132, 2143, 2138, 2145, 0, 2142, 2146, 2133, 2135, 2134, + 2136, 2139, 2140, 2144, 2138, 2146, 2139, 2140, 2142, 2147, + 2148, 2143, 2144, 2149, 2150, 2149, 2151, 2152, 2147, 2154, + 2145, 2148, 2156, 2146, 2159, 2157, 2158, 2150, 2151, 2156, + + 2155, 2165, 0, 2164, 2154, 2165, 2147, 2148, 2180, 2152, + 2149, 2150, 2159, 2151, 2152, 2155, 2154, 2157, 2158, 2156, + 2162, 2159, 2157, 2158, 2164, 2166, 2167, 2155, 2165, 2168, + 2164, 2168, 2169, 2162, 2170, 2167, 2171, 2166, 2172, 2173, + 2180, 2162, 2176, 2174, 2175, 2183, 2184, 2162, 2173, 2179, + 2169, 2174, 2166, 2167, 2171, 2190, 2168, 2179, 2177, 2169, + 2162, 2170, 2185, 2171, 2176, 2172, 2173, 2175, 2181, 2176, + 2174, 2175, 2177, 2181, 2182, 2186, 2179, 2183, 2184, 2182, + 2187, 0, 2190, 2191, 0, 2177, 2185, 2187, 2193, 2185, + 2194, 2196, 2198, 2192, 2186, 2181, 2197, 2191, 2195, 2200, + + 2196, 2202, 2186, 2199, 2241, 2201, 2182, 2187, 2191, 2191, + 2191, 2192, 0, 2195, 2198, 2193, 2194, 2194, 2196, 2198, + 2192, 2204, 2206, 0, 2191, 2195, 2200, 2201, 2197, 2199, + 2199, 2205, 2201, 2202, 2207, 2191, 2241, 2209, 2205, 2209, + 2210, 2207, 2211, 2212, 2204, 2206, 2211, 2214, 2204, 2206, + 2213, 2217, 2215, 2216, 2218, 2212, 2214, 2219, 2205, 2218, + 2216, 2207, 2210, 2215, 2209, 2220, 2230, 2210, 2222, 2211, + 2212, 2221, 2213, 2217, 2214, 2223, 2223, 2213, 2217, 2215, + 2216, 2218, 2224, 2221, 2219, 2225, 2226, 2228, 2220, 2227, + 2222, 2224, 2220, 2230, 2226, 2222, 2229, 0, 2221, 2232, + + 2225, 2228, 2223, 2236, 2235, 2229, 2236, 2233, 2235, 2224, + 2245, 2227, 2225, 2226, 2228, 2233, 2227, 2234, 2232, 2237, + 2239, 2243, 2238, 2229, 2245, 2234, 2232, 2237, 2238, 2246, + 2236, 2235, 2240, 2243, 2233, 2239, 2247, 2245, 2240, 2248, + 2250, 2252, 2246, 2249, 2234, 2254, 2237, 2239, 2243, 2238, + 2249, 2251, 0, 2256, 2257, 2253, 2246, 2247, 2254, 2240, + 2255, 2258, 2259, 2247, 2248, 2252, 2248, 2250, 2252, 2253, + 2249, 2260, 2254, 2251, 2255, 2262, 2261, 2264, 2251, 2256, + 2256, 2257, 2253, 2260, 2265, 2266, 2258, 2255, 2258, 2259, + 2261, 2263, 2268, 2269, 2263, 2271, 2272, 2273, 2260, 2270, + + 2269, 2262, 2262, 2261, 2264, 2274, 2270, 2266, 2275, 2263, + 2271, 2265, 2266, 2274, 2268, 2277, 2276, 2278, 2263, 2268, + 2269, 2263, 2271, 2272, 2273, 2276, 2270, 2279, 2280, 2278, + 2281, 2284, 2274, 2282, 2283, 2275, 2289, 2285, 2291, 2286, + 2288, 2284, 2277, 2276, 2278, 2290, 2282, 2286, 2293, 2279, + 2285, 2296, 2283, 2290, 2279, 2280, 2294, 2281, 2284, 2292, + 2282, 2283, 2288, 2289, 2285, 2291, 2286, 2288, 2292, 2293, + 2295, 2297, 2290, 2302, 2299, 2293, 2298, 2301, 2296, 2297, + 2294, 2302, 2303, 2294, 2305, 2295, 2292, 2308, 2298, 2301, + 2306, 2305, 2309, 2307, 2306, 2315, 2295, 2295, 2297, 2299, + + 2302, 2299, 2311, 2298, 2301, 2307, 2312, 2310, 2317, 2303, + 2308, 2305, 2295, 2313, 2308, 2310, 2316, 2306, 2312, 2309, + 2307, 2319, 2315, 2316, 2311, 2313, 2318, 2320, 2317, 2311, + 2319, 2321, 2321, 2312, 2310, 2317, 2320, 2322, 2323, 2318, + 2313, 2324, 2327, 2316, 2328, 2325, 0, 0, 2319, 0, + 0, 2329, 0, 2318, 2320, 2330, 2323, 0, 2321, 2328, + 2325, 2332, 2325, 2322, 2322, 2323, 2324, 2340, 2324, 2325, + 2333, 2328, 2325, 2329, 2327, 2332, 2333, 2330, 2329, 2331, + 2334, 2331, 2330, 2335, 2335, 0, 2337, 2325, 2332, 2325, + 2338, 2339, 2341, 2343, 2342, 2344, 0, 2333, 2349, 2340, + + 2342, 2345, 2334, 2339, 2346, 2343, 2331, 2334, 2337, 2347, + 2335, 2347, 2338, 2337, 2350, 2348, 2351, 2338, 2339, 2352, + 2343, 2342, 2349, 2345, 2341, 2349, 2346, 2344, 2345, 2348, + 2353, 2346, 2350, 2357, 2351, 2355, 2347, 2352, 2354, 2356, + 0, 2350, 2348, 2351, 0, 2359, 2352, 2361, 2353, 2363, + 2362, 2354, 2359, 2364, 2361, 2365, 2357, 2353, 0, 2371, + 2357, 2366, 2368, 2365, 0, 2354, 2367, 2355, 2362, 0, + 2371, 2356, 2359, 2373, 2361, 2363, 2363, 2362, 0, 2366, + 2372, 2365, 2365, 2374, 2368, 2364, 2371, 2375, 2366, 2368, + 2365, 2372, 2367, 2367, 2369, 2374, 2369, 2377, 2378, 2379, + + 2373, 2369, 2380, 2382, 2385, 2375, 2383, 2372, 2384, 2378, + 2374, 2379, 2377, 2386, 2375, 2384, 2387, 2380, 2389, 2385, + 2390, 2369, 2395, 2369, 2377, 2378, 2379, 2382, 2383, 2380, + 2382, 2385, 2391, 2383, 2392, 2384, 2393, 2394, 2396, 2402, + 2386, 0, 2387, 2387, 2390, 2389, 2397, 2390, 2398, 2395, + 2400, 2396, 2401, 2406, 2391, 2394, 2399, 2403, 2400, 2391, + 2404, 2407, 2408, 2398, 2394, 2396, 2392, 2414, 2393, 2399, + 2403, 2402, 2397, 2397, 2409, 2398, 2406, 2400, 2401, 2401, + 2406, 2410, 2404, 2399, 2403, 2407, 2411, 2404, 2407, 2408, + 2412, 2413, 2415, 2417, 2414, 2418, 2409, 2412, 2419, 2410, + + 2421, 2409, 2418, 2420, 2411, 2419, 2415, 2423, 2410, 2424, + 2425, 0, 2426, 2411, 2413, 2417, 2420, 2412, 2413, 2415, + 2417, 2422, 2418, 2421, 2427, 2419, 2432, 2421, 2422, 2423, + 2420, 2425, 2428, 2427, 2423, 2429, 2430, 2425, 2426, 2426, + 2428, 2424, 2434, 2429, 2431, 2435, 2436, 2437, 2422, 2441, + 2431, 2427, 0, 2432, 2444, 2438, 2435, 2434, 2430, 2428, + 2439, 2451, 2429, 2430, 2443, 2445, 0, 2441, 2436, 2434, + 2447, 2431, 2435, 2436, 2438, 2450, 2441, 2443, 2453, 2437, + 2444, 2444, 2438, 2446, 2446, 2439, 2452, 2439, 2454, 2445, + 2457, 2443, 2445, 2451, 2459, 2461, 2447, 2447, 2450, 0, + + 2462, 2452, 2450, 2459, 2465, 2453, 2454, 2468, 2461, 2470, + 2446, 2462, 2472, 2452, 2467, 2454, 2469, 2457, 2466, 2466, + 2467, 2459, 2461, 2474, 2475, 2477, 2465, 2462, 0, 2468, + 2477, 2465, 2478, 2476, 2468, 0, 2470, 2481, 2469, 2472, + 2480, 2467, 2482, 2469, 2476, 2466, 2484, 2483, 2480, 2487, + 2475, 2475, 2477, 2486, 2478, 2474, 2488, 2482, 2489, 2478, + 2476, 2481, 2483, 2491, 2481, 2488, 2494, 2480, 2492, 2482, + 2489, 2486, 2496, 2484, 2483, 2494, 2493, 2497, 2498, 2499, + 2486, 2487, 0, 2488, 2493, 2489, 2501, 2502, 2499, 2500, + 2491, 0, 2492, 2494, 2507, 2492, 2503, 2504, 2496, 2496, + + 2498, 2507, 2505, 2493, 2497, 2498, 2499, 2500, 2501, 2503, + 2504, 2506, 2502, 2501, 2502, 2508, 2500, 2505, 2509, 2510, + 2511, 2507, 2508, 2503, 2504, 2512, 2513, 2515, 2514, 2505, + 0, 2517, 2520, 2506, 2516, 2519, 2515, 2518, 2506, 2520, + 2509, 2522, 2508, 2514, 0, 2509, 2510, 2511, 2522, 2524, + 2519, 2521, 2512, 2513, 2515, 2514, 2516, 2517, 2517, 2520, + 2524, 2516, 2519, 2518, 2518, 2523, 2521, 2525, 2522, 2526, + 2527, 2523, 2528, 2529, 0, 2530, 2524, 2526, 2521, 2533, + 2532, 2531, 2534, 2537, 2535, 2538, 2533, 2539, 0, 2529, + 2530, 2535, 2523, 0, 2525, 2532, 2526, 2527, 2536, 2528, + + 2529, 2531, 2530, 2538, 2534, 2536, 2533, 2532, 2531, 2534, + 2537, 2535, 2538, 2541, 2539, 2540, 2540, 2542, 2543, 2544, + 2541, 2543, 2545, 2546, 2547, 2536, 2548, 2545, 0, 2549, + 2554, 2542, 2544, 2555, 0, 2554, 0, 2555, 2556, 2547, + 2541, 2558, 2540, 2550, 2542, 2543, 2544, 2549, 2546, 2545, + 2546, 2547, 2548, 2548, 2551, 2550, 2549, 2554, 2553, 2557, + 2555, 2559, 2556, 2558, 2560, 2556, 2551, 2553, 2558, 2561, + 2550, 2562, 2557, 2564, 0, 2566, 2568, 2570, 2567, 0, + 0, 2551, 2569, 2559, 2573, 2553, 2557, 2567, 2559, 2570, + 2569, 2560, 2568, 2573, 0, 2578, 2561, 2562, 2562, 2564, + + 2564, 2566, 2566, 2568, 2570, 2567, 2572, 2574, 2575, 2569, + 2576, 2573, 2574, 2572, 2577, 2575, 2579, 2580, 2581, 2584, + 2578, 2577, 2578, 2579, 2582, 2585, 2580, 2581, 2576, 2587, + 2588, 2586, 2591, 2572, 2574, 2575, 2586, 2576, 2585, 2592, + 2593, 2577, 2590, 2579, 2580, 2581, 2584, 2587, 2592, 2593, + 2582, 2582, 2585, 2594, 2596, 2597, 2587, 2588, 2586, 2591, + 2590, 2598, 2595, 2596, 2597, 2600, 2592, 2593, 2599, 2590, + 2601, 2602, 2598, 2594, 2595, 2605, 2599, 2603, 2604, 2607, + 2594, 2596, 2597, 2608, 2603, 2600, 2609, 2604, 2598, 2595, + 2610, 0, 2600, 2612, 2613, 2599, 2605, 2601, 2602, 2610, + + 2611, 2612, 2605, 2614, 2603, 2604, 2607, 2613, 2615, 2616, + 2608, 2617, 2611, 2619, 2618, 2615, 2616, 2610, 2609, 2620, + 2612, 2613, 2621, 2623, 2625, 2614, 2626, 2611, 2627, 0, + 2614, 2623, 2629, 2617, 2626, 2615, 2616, 2636, 2617, 2618, + 2619, 2618, 2625, 2627, 2620, 2628, 2620, 2630, 2637, 2621, + 2623, 2625, 2628, 2626, 2629, 2627, 2631, 2632, 2638, 2629, + 2635, 2636, 2639, 2631, 2636, 2632, 2640, 2635, 2642, 2630, + 2638, 2639, 2628, 2643, 2630, 2637, 2641, 2647, 2645, 2646, + 2642, 0, 0, 2631, 2632, 2638, 2650, 2635, 2653, 2639, + 2645, 2658, 2641, 2640, 2648, 2642, 2643, 2655, 2650, 2656, + + 2643, 2660, 2646, 2641, 2647, 2645, 2646, 2651, 2648, 2652, + 2657, 2659, 2655, 2650, 2651, 2653, 2652, 2656, 2658, 2659, + 2661, 2648, 2662, 2666, 2655, 2665, 2656, 2671, 2660, 2664, + 2663, 2673, 2665, 2657, 2651, 0, 2652, 2657, 2659, 2679, + 2662, 2663, 2661, 2672, 2664, 2674, 2675, 2661, 2672, 2662, + 2666, 2676, 2665, 2671, 2671, 2681, 2664, 2663, 2673, 2674, + 2675, 2677, 2678, 2683, 2680, 2686, 2679, 2681, 2688, 2676, + 2672, 2680, 2674, 2675, 2687, 2689, 0, 2691, 2676, 2677, + 2678, 2688, 2681, 0, 2690, 2691, 2693, 2686, 2677, 2678, + 2683, 2680, 2686, 2697, 2692, 2688, 2687, 2689, 2695, 2700, + + 2698, 2687, 2689, 2690, 2691, 2693, 2699, 2701, 2702, 2703, + 2695, 2690, 2692, 2693, 2704, 2697, 2706, 2703, 2699, 2705, + 2697, 2692, 2698, 2707, 2709, 2695, 2700, 2698, 2708, 0, + 2702, 2710, 2707, 2699, 2701, 2702, 2703, 2708, 2706, 2705, + 2711, 2704, 2712, 2706, 2714, 2715, 2705, 2718, 2713, 2719, + 2707, 2722, 2724, 2710, 2712, 2708, 2709, 2720, 2710, 2721, + 2723, 2718, 2725, 2726, 2721, 2724, 2711, 2711, 2732, 2712, + 2713, 2714, 2715, 2722, 2718, 2713, 2719, 2727, 2722, 2724, + 2728, 2720, 2723, 2729, 2720, 2733, 2726, 2723, 2735, 2730, + 2726, 2721, 2734, 2737, 2725, 2729, 2731, 2739, 2728, 2727, + + 2732, 0, 2731, 2735, 2727, 2738, 2743, 2728, 2730, 2744, + 2729, 2741, 2747, 2737, 2734, 2735, 2730, 2733, 2749, 2734, + 2737, 2739, 2748, 2731, 2739, 2745, 2741, 2738, 2743, 2746, + 2747, 2744, 2738, 2743, 2745, 2750, 2744, 2751, 2741, 2747, + 2748, 2754, 2755, 2746, 2749, 2749, 2756, 0, 2762, 2748, + 2754, 2760, 2745, 2750, 2765, 2759, 2746, 2761, 2760, 2751, + 2763, 2764, 2750, 2759, 2751, 2761, 2767, 2756, 2754, 2764, + 2774, 2766, 2765, 2756, 2755, 2762, 2773, 2768, 2760, 2770, + 2763, 2765, 2759, 2766, 2761, 2768, 2776, 2763, 2764, 2772, + 2775, 2770, 2775, 2767, 2777, 2780, 2772, 2774, 2766, 2773, + + 2778, 2779, 2781, 2773, 2768, 2784, 2770, 2787, 2782, 2778, + 2785, 0, 0, 2789, 2788, 2790, 2772, 2775, 2776, 2791, + 2795, 2781, 2780, 2784, 2785, 2793, 2777, 2778, 2790, 2781, + 2782, 2791, 2784, 2779, 2794, 2782, 2789, 2785, 2788, 2787, + 2789, 2788, 2790, 2794, 2796, 2798, 2791, 2795, 2800, 2802, + 2799, 2793, 2793, 2804, 2806, 2813, 2805, 2807, 2810, 2808, + 2804, 2794, 2807, 0, 2811, 2810, 2814, 2819, 2815, 2806, + 2800, 2796, 2798, 2799, 2808, 2800, 2802, 2799, 2805, 2820, + 2804, 2806, 2813, 2805, 2816, 2810, 2808, 2817, 2820, 2807, + 2811, 2811, 2815, 2814, 2819, 2815, 2822, 2823, 2816, 2824, + + 2825, 2817, 2827, 2822, 2826, 2828, 2820, 2830, 2829, 2831, + 2832, 2816, 2836, 2833, 2817, 2844, 2826, 2829, 2840, 2828, + 2830, 2837, 2840, 2822, 2823, 2824, 2824, 2825, 2839, 2827, + 2843, 2826, 2828, 2839, 2830, 2829, 2833, 2832, 2846, 2841, + 2833, 2831, 2842, 2837, 2836, 2840, 2841, 2844, 2837, 2842, + 2845, 2843, 2845, 2847, 2850, 2852, 0, 2843, 2857, 2853, + 2839, 2846, 2855, 2856, 2855, 2846, 2841, 0, 2861, 2842, + 2859, 2863, 0, 0, 2852, 2861, 2850, 2845, 2858, 2858, + 2847, 2850, 2852, 2853, 2857, 2857, 2853, 2856, 2858, 2855, + 2856, 2860, 2859, 2865, 2862, 2861, 2864, 2859, 2863, 2866, + + 2860, 2865, 2867, 2868, 2872, 2858, 2858, 2862, 2869, 2864, + 2867, 2870, 2866, 2869, 0, 2873, 2870, 2865, 2860, 2871, + 2865, 2862, 2868, 2864, 2874, 2877, 2866, 2871, 2865, 2867, + 2868, 2872, 2875, 0, 2876, 2878, 2877, 2879, 2880, 2880, + 2869, 2873, 2873, 2870, 2879, 2882, 2871, 2883, 2884, 2886, + 2874, 2874, 2877, 2881, 0, 2883, 2886, 2878, 2875, 2875, + 2876, 2876, 2878, 2885, 2879, 2880, 2881, 2882, 2889, 2890, + 2884, 2887, 2882, 2891, 2883, 2884, 2886, 2892, 2887, 2894, + 2881, 2885, 2895, 2896, 2899, 2897, 2892, 2900, 2906, 0, + 2885, 0, 0, 2907, 0, 2889, 2890, 2891, 2887, 2901, + + 2891, 2902, 2895, 2903, 2892, 2900, 2894, 2897, 2910, 2895, + 2896, 2899, 2897, 2905, 2900, 2906, 2907, 2901, 2908, 2902, + 2907, 2903, 2905, 2909, 2910, 2911, 2901, 2912, 2902, 2913, + 2903, 2909, 2912, 2914, 2915, 2910, 2908, 2911, 2920, 2922, + 2905, 2919, 2923, 2913, 2924, 2908, 2924, 2927, 0, 2925, + 2909, 2914, 2911, 0, 2928, 2923, 2913, 2915, 2925, 2912, + 2914, 2915, 2929, 2919, 2933, 2920, 2922, 2934, 2919, 2923, + 2937, 2924, 2928, 2932, 2927, 2932, 2925, 2929, 2939, 2943, + 2936, 2928, 2941, 0, 2945, 2934, 2933, 2936, 2941, 2929, + 2944, 2933, 2948, 2939, 2934, 2946, 0, 2953, 2954, 2955, + + 2932, 2943, 2937, 2950, 2949, 2939, 2943, 2936, 2961, 2941, + 2945, 2945, 2944, 2946, 2948, 2956, 2950, 2944, 2949, 2948, + 2951, 2957, 2946, 2951, 2953, 2954, 2955, 2958, 2957, 2959, + 2950, 2949, 0, 2956, 2964, 2958, 2962, 2963, 2966, 2967, + 2961, 2970, 2956, 2965, 0, 2967, 2951, 2951, 2957, 2968, + 2951, 2959, 2965, 2966, 2958, 2971, 2959, 2971, 2962, 2963, + 2969, 2964, 2972, 2962, 2963, 2966, 2967, 2974, 2979, 2969, + 2965, 2968, 2977, 2970, 2975, 2976, 2968, 2978, 2984, 2980, + 2979, 2982, 2971, 0, 0, 2978, 2986, 2969, 2982, 2972, + 2974, 2980, 2988, 2987, 2974, 2979, 2975, 2976, 2977, 2977, + + 2986, 2975, 2976, 2989, 2978, 2984, 2980, 2987, 2982, 2991, + 2992, 2990, 2993, 2986, 2995, 2988, 2994, 2991, 2997, 2988, + 2987, 2989, 2990, 2994, 2996, 2998, 2998, 2997, 2999, 2992, + 2989, 3003, 3004, 3008, 2993, 3012, 2991, 2992, 2990, 2993, + 2995, 2995, 2996, 2994, 3006, 2997, 3000, 3014, 3016, 3019, + 3006, 2996, 2998, 3010, 3000, 2999, 3011, 3012, 3003, 3004, + 3008, 3013, 3012, 3017, 3010, 3023, 3018, 3011, 3021, 3014, + 3017, 3006, 3013, 3000, 3014, 3016, 3021, 3026, 3020, 3025, + 3010, 3019, 3020, 3011, 3018, 3024, 3030, 3025, 3013, 3029, + 3017, 3023, 3023, 3018, 3033, 3021, 3029, 3031, 3024, 3033, + + 3034, 3035, 3036, 3037, 3026, 3020, 3025, 3038, 3041, 3039, + 3037, 3042, 3024, 3040, 3036, 3041, 3029, 3044, 3030, 3031, + 3046, 3033, 3056, 3057, 3031, 3039, 3038, 3034, 3035, 3036, + 3037, 3040, 3044, 3043, 3038, 3041, 3039, 3047, 3045, 3048, + 3040, 3043, 3050, 3042, 3044, 3045, 3049, 3046, 3055, 3047, + 3057, 3063, 3054, 3038, 3056, 3055, 3058, 3059, 3066, 0, + 3043, 3068, 0, 3048, 3047, 3045, 3048, 3054, 3050, 3050, + 3049, 3062, 3060, 3049, 3064, 3055, 3065, 3070, 3063, 3054, + 3058, 3060, 3071, 3058, 3065, 3067, 3067, 3074, 3068, 3059, + 3066, 3071, 3070, 3062, 3073, 3067, 3064, 3075, 3062, 3060, + + 3072, 3064, 3072, 3065, 3070, 3075, 3076, 3077, 3073, 3071, + 3079, 3080, 3067, 3067, 3074, 3082, 3084, 3076, 3081, 3083, + 3085, 3073, 3086, 3087, 3075, 3077, 3091, 3072, 3082, 3090, + 3088, 3089, 3089, 3076, 3077, 3093, 0, 3079, 3080, 3104, + 3081, 3083, 3082, 3084, 3088, 3081, 3083, 3085, 3091, 3086, + 3087, 3096, 3110, 3091, 3102, 3098, 3100, 3088, 3089, 3096, + 3098, 3090, 3093, 3099, 3100, 3101, 3104, 3106, 3099, 3108, + 3101, 3105, 3105, 3107, 3111, 3106, 3108, 3109, 3096, 3110, + 3102, 3102, 3098, 3100, 3113, 3115, 3107, 3116, 3120, 3125, + 3099, 3119, 3101, 3115, 3106, 3109, 3108, 3119, 3105, 3114, + + 3107, 3111, 3122, 3123, 3109, 3127, 3114, 3124, 3126, 3116, + 3128, 3129, 3115, 3131, 3116, 3120, 3113, 3132, 3119, 0, + 3124, 3125, 0, 3126, 3127, 3123, 3114, 0, 3135, 3122, + 3123, 3136, 3127, 3129, 3124, 3126, 3131, 3128, 3129, 3132, + 3131, 3133, 3134, 3137, 3132, 3140, 3136, 3139, 3133, 3134, + 3135, 3144, 3141, 3140, 3142, 3135, 3145, 3147, 3136, 3141, + 3144, 3142, 3152, 3147, 3137, 3148, 3139, 3145, 3133, 3134, + 3137, 3150, 3140, 3151, 3139, 3146, 3146, 3153, 3144, 3141, + 3151, 3142, 3155, 3145, 3147, 3146, 3156, 3148, 3160, 3155, + 3161, 3157, 3148, 3150, 3152, 3167, 3162, 3170, 3150, 3153, + + 3151, 0, 3146, 3146, 3153, 3157, 3168, 3172, 3169, 3155, + 3156, 3173, 3173, 3156, 3175, 3160, 3169, 3161, 3157, 3162, + 3174, 3174, 3167, 3162, 3170, 3176, 3176, 0, 3168, 3177, + 3180, 3179, 3181, 3168, 3172, 3169, 3182, 3183, 3188, 3186, + 3173, 3175, 3189, 0, 3187, 3182, 3186, 3194, 3180, 3174, + 3183, 3187, 3177, 3179, 3176, 3190, 3177, 3180, 3179, 3181, + 3188, 3195, 3190, 3182, 3183, 3188, 3186, 3194, 3193, 3189, + 3193, 3187, 3196, 3197, 3194, 3200, 3201, 3199, 3202, 3210, + 3203, 3204, 3190, 3205, 3195, 3197, 3199, 3207, 3195, 3206, + 3196, 3218, 3211, 3209, 3211, 3193, 3202, 3200, 3209, 3196, + + 3197, 3206, 3200, 3201, 3199, 3202, 3203, 3203, 3204, 3207, + 3205, 3210, 3208, 3214, 3207, 3208, 3206, 3212, 3213, 3211, + 3216, 3215, 3217, 3218, 3213, 3209, 3220, 3221, 3216, 3212, + 3208, 3219, 3226, 3223, 3222, 3214, 3228, 3232, 3229, 3208, + 3214, 3233, 3208, 3215, 3212, 3213, 3222, 3216, 3215, 3217, + 3234, 3235, 3219, 3220, 3221, 3223, 3229, 3237, 3219, 3226, + 3223, 3222, 3238, 3228, 3232, 3229, 3239, 3240, 3233, 3241, + 3241, 3244, 3243, 3245, 3247, 3249, 3251, 3234, 3235, 3250, + 3246, 3247, 3255, 3256, 3237, 3252, 3259, 3250, 0, 3238, + 3243, 3245, 3263, 3239, 3240, 3246, 3241, 3252, 3244, 3243, + + 3245, 3247, 3249, 3251, 3253, 3254, 3250, 3246, 3255, 3255, + 3256, 3258, 3252, 3259, 3265, 3262, 3263, 3266, 3253, 3263, + 3254, 3264, 3264, 3258, 3262, 3268, 3266, 3269, 3271, 3272, + 3270, 3253, 3254, 3276, 0, 3274, 3273, 3272, 3258, 3281, + 3265, 3265, 3262, 3270, 3266, 3273, 3274, 3277, 3264, 3268, + 3271, 3281, 3268, 3280, 3276, 3271, 3272, 3270, 3294, 3269, + 3276, 3293, 3274, 3273, 3296, 3277, 3281, 3284, 3284, 3297, + 3298, 3300, 3303, 3302, 3277, 0, 3280, 3302, 3296, 3304, + 3280, 0, 3294, 3293, 0, 3294, 3305, 3311, 3293, 0, + 3303, 3296, 3307, 3305, 3284, 3310, 3297, 3298, 3300, 3303, + + 3302, 3312, 3304, 3309, 3313, 3307, 3304, 3309, 3314, 3311, + 3315, 3310, 3316, 3305, 3311, 3319, 3313, 3319, 3317, 3307, + 3316, 3318, 3310, 3322, 3315, 3321, 3312, 3317, 3312, 3320, + 3309, 3313, 3318, 3323, 3314, 3314, 3325, 3315, 3322, 3316, + 3324, 3320, 3319, 3321, 3326, 3317, 3324, 3327, 3318, 3332, + 3322, 3328, 3321, 3334, 3327, 3323, 3320, 3333, 3325, 3335, + 3323, 3336, 3332, 3325, 3333, 3337, 3338, 3324, 3339, 0, + 3342, 3326, 3341, 3328, 3327, 3340, 3332, 3335, 3328, 3341, + 3334, 3343, 3344, 3340, 3333, 3345, 3335, 3345, 3336, 3346, + 3347, 3337, 3337, 3338, 3342, 3339, 3350, 3342, 3348, 3341, + + 3349, 3346, 3340, 3343, 3344, 3351, 3352, 3353, 3343, 3344, + 3355, 3348, 3345, 3352, 3356, 3349, 3346, 3358, 3350, 3360, + 3357, 3362, 3347, 3350, 3365, 3348, 3356, 3349, 3357, 3366, + 3362, 3360, 3351, 3352, 3353, 3367, 3369, 3355, 3370, 3371, + 3375, 3356, 3368, 0, 3358, 3372, 3360, 3357, 3362, 3373, + 3368, 3365, 3371, 3374, 3367, 3366, 3366, 3373, 3377, 3372, + 3383, 3384, 3367, 0, 3389, 3380, 3371, 3375, 3369, 3368, + 3370, 3380, 3372, 3383, 3381, 3374, 3373, 3387, 3389, 3386, + 3374, 3381, 3388, 3390, 3384, 3377, 3386, 3383, 3384, 3392, + 3388, 3389, 3380, 3393, 3391, 3394, 3397, 3390, 3398, 3387, + + 3399, 3381, 3391, 3397, 3387, 3400, 3386, 3398, 3399, 3388, + 3390, 3392, 3401, 3402, 3403, 3393, 3392, 3408, 0, 0, + 3393, 3391, 3394, 3397, 3404, 3398, 3405, 3399, 3406, 3407, + 3410, 0, 3400, 3412, 3401, 3415, 3411, 3407, 3414, 3401, + 3403, 3403, 0, 3415, 3416, 3402, 3404, 3419, 3405, 3408, + 3406, 3404, 0, 3405, 3423, 3406, 3407, 3410, 3411, 3417, + 3412, 3414, 3415, 3411, 3416, 3414, 3418, 3417, 3420, 3421, + 3425, 3416, 3426, 0, 3418, 3426, 3420, 3428, 3427, 3419, + 3423, 3423, 3431, 3421, 3429, 3428, 3417, 3430, 3432, 3433, + 3426, 3436, 3429, 3418, 0, 3420, 3421, 3425, 3438, 3426, + + 3427, 3430, 3426, 3433, 3428, 3427, 3435, 3435, 3431, 3431, + 3432, 3429, 3437, 3440, 3430, 3432, 3433, 3436, 3436, 3439, + 3437, 3441, 3442, 3443, 3438, 3438, 3446, 3445, 3449, 3444, + 3442, 0, 3453, 3435, 3451, 3440, 3449, 3447, 3448, 3437, + 3440, 3441, 3451, 0, 3450, 3439, 3439, 3456, 3441, 3442, + 3443, 3444, 3445, 3446, 3445, 3449, 3444, 3447, 3448, 3453, + 3454, 3451, 3457, 3462, 3447, 3448, 3450, 3458, 3454, 3456, + 3459, 3450, 3460, 3463, 3456, 3458, 3465, 3464, 3459, 3466, + 3469, 3463, 3470, 3473, 3457, 3464, 0, 3454, 3467, 3457, + 3462, 3471, 3476, 3477, 3458, 3479, 3480, 3459, 3460, 3460, + + 3463, 3477, 3465, 3465, 3464, 3473, 3466, 3469, 3467, 3470, + 3473, 3471, 0, 3478, 3476, 3467, 0, 0, 3471, 3476, + 3477, 3478, 3479, 3480, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 3347, 0, 0, 3348, 3354, 3354, - 3354, 3354, 3354, 3354, 3354, 3355, 3355, 3355, 3355, 3355, - 3355, 3355, 3356, 3356, 3356, 3356, 3356, 3356, 3356, 3357, - 3357, 3357, 3357, 3357, 3357, 3357, 3358, 3358, 3358, 3358, - 3358, 3358, 3358, 3359, 3359, 3359, 3359, 3359, 3359, 3359, - 3360, 3360, 3360, 3360, 3360, 3360, 3360, 3362, 3362, 0, + 3478, 3484, 3484, 3484, 3484, 3484, 3484, 3484, 3485, 3485, + 3485, 3485, 3485, 3485, 3485, 3486, 3486, 3486, 3486, 3486, + 3486, 3486, 3487, 3487, 3487, 3487, 3487, 3487, 3487, 3488, + 3488, 3488, 3488, 3488, 3488, 3488, 3489, 3489, 3489, 3489, + 3489, 3489, 3489, 3490, 3490, 3490, 3490, 3490, 3490, 3490, + 3492, 3492, 0, 3492, 3492, 3492, 3492, 3493, 3493, 0, - 3362, 3362, 3362, 3362, 3363, 3363, 0, 0, 0, 3363, - 3363, 3364, 3364, 0, 0, 3364, 0, 3364, 3365, 0, - 0, 0, 0, 0, 3365, 3366, 3366, 0, 0, 0, - 3366, 3366, 3367, 0, 0, 0, 0, 0, 3367, 3368, - 3368, 0, 3368, 3368, 3368, 3368, 3369, 0, 0, 0, - 0, 0, 3369, 3370, 3370, 0, 0, 0, 3370, 3370, - 3371, 3371, 0, 3371, 3371, 3371, 3371, 3353, 3353, 3353, - 3353, 3353, 3353, 3353, 3353, 3353, 3353, 3353, 3353, 3353, - 3353, 3353, 3353, 3353, 3353, 3353, 3353, 3353, 3353, 3353, - 3353, 3353, 3353, 3353, 3353, 3353, 3353, 3353, 3353, 3353, + 0, 0, 3493, 3493, 3494, 3494, 0, 0, 3494, 0, + 3494, 3495, 0, 0, 0, 0, 0, 3495, 3496, 3496, + 0, 0, 0, 3496, 3496, 3497, 0, 0, 0, 0, + 0, 3497, 3498, 3498, 0, 3498, 3498, 3498, 3498, 3499, + 0, 0, 0, 0, 0, 3499, 3500, 3500, 0, 0, + 0, 3500, 3500, 3501, 3501, 0, 3501, 3501, 3501, 3501, + 3483, 3483, 3483, 3483, 3483, 3483, 3483, 3483, 3483, 3483, + 3483, 3483, 3483, 3483, 3483, 3483, 3483, 3483, 3483, 3483, + 3483, 3483, 3483, 3483, 3483, 3483, 3483, 3483, 3483, 3483, + 3483, 3483, 3483, 3483, 3483, 3483, 3483, 3483, 3483, 3483, - 3353, 3353, 3353, 3353, 3353, 3353, 3353, 3353, 3353, 3353, - 3353, 3353, 3353, 3353, 3353, 3353, 3353, 3353, 3353, 3353, - 3353, 3353, 3353, 3353, 3353, 3353, 3353, 3353, 3353, 3353, - 3353, 3353, 3353, 3353 + 3483, 3483, 3483, 3483, 3483, 3483, 3483, 3483, 3483, 3483, + 3483, 3483, 3483, 3483, 3483, 3483, 3483, 3483, 3483, 3483, + 3483, 3483, 3483, 3483, 3483, 3483, 3483 } ; static yy_state_type yy_last_accepting_state; @@ -3860,7 +3990,7 @@ static void config_end_include(void) } #endif -#line 3861 "" +#line 3991 "" #define YY_NO_INPUT 1 #line 191 "util/configlexer.lex" #ifndef YY_NO_UNPUT @@ -3869,9 +3999,9 @@ static void config_end_include(void) #ifndef YY_NO_INPUT #define YY_NO_INPUT 1 #endif -#line 3870 "" +#line 4000 "" -#line 3872 "" +#line 4002 "" #define INITIAL 0 #define quotedstring 1 @@ -4095,7 +4225,7 @@ YY_DECL { #line 211 "util/configlexer.lex" -#line 4096 "" +#line 4226 "" while ( /*CONSTCOND*/1 ) /* loops until end-of-file is reached */ { @@ -4128,13 +4258,13 @@ YY_DECL while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { yy_current_state = (int) yy_def[yy_current_state]; - if ( yy_current_state >= 3354 ) + if ( yy_current_state >= 3484 ) yy_c = yy_meta[yy_c]; } yy_current_state = yy_nxt[yy_base[yy_current_state] + yy_c]; ++yy_cp; } - while ( yy_base[yy_current_state] != 9568 ); + while ( yy_base[yy_current_state] != 9961 ); yy_find_action: yy_act = yy_accept[yy_current_state]; @@ -4279,82 +4409,82 @@ YY_RULE_SETUP case 24: YY_RULE_SETUP #line 238 "util/configlexer.lex" -{ YDVAR(1, VAR_EDNS_TCP_KEEPALIVE) } +{ YDVAR(1, VAR_MAX_REUSE_TCP_QUERIES) } YY_BREAK case 25: YY_RULE_SETUP #line 239 "util/configlexer.lex" -{ YDVAR(1, VAR_EDNS_TCP_KEEPALIVE_TIMEOUT) } +{ YDVAR(1, VAR_TCP_REUSE_TIMEOUT) } YY_BREAK case 26: YY_RULE_SETUP #line 240 "util/configlexer.lex" -{ YDVAR(1, VAR_SSL_UPSTREAM) } +{ YDVAR(1, VAR_TCP_AUTH_QUERY_TIMEOUT) } YY_BREAK case 27: YY_RULE_SETUP #line 241 "util/configlexer.lex" -{ YDVAR(1, VAR_SSL_UPSTREAM) } +{ YDVAR(1, VAR_EDNS_TCP_KEEPALIVE) } YY_BREAK case 28: YY_RULE_SETUP #line 242 "util/configlexer.lex" -{ YDVAR(1, VAR_SSL_SERVICE_KEY) } +{ YDVAR(1, VAR_EDNS_TCP_KEEPALIVE_TIMEOUT) } YY_BREAK case 29: YY_RULE_SETUP #line 243 "util/configlexer.lex" -{ YDVAR(1, VAR_SSL_SERVICE_KEY) } +{ YDVAR(1, VAR_SSL_UPSTREAM) } YY_BREAK case 30: YY_RULE_SETUP #line 244 "util/configlexer.lex" -{ YDVAR(1, VAR_SSL_SERVICE_PEM) } +{ YDVAR(1, VAR_SSL_UPSTREAM) } YY_BREAK case 31: YY_RULE_SETUP #line 245 "util/configlexer.lex" -{ YDVAR(1, VAR_SSL_SERVICE_PEM) } +{ YDVAR(1, VAR_SSL_SERVICE_KEY) } YY_BREAK case 32: YY_RULE_SETUP #line 246 "util/configlexer.lex" -{ YDVAR(1, VAR_SSL_PORT) } +{ YDVAR(1, VAR_SSL_SERVICE_KEY) } YY_BREAK case 33: YY_RULE_SETUP #line 247 "util/configlexer.lex" -{ YDVAR(1, VAR_SSL_PORT) } +{ YDVAR(1, VAR_SSL_SERVICE_PEM) } YY_BREAK case 34: YY_RULE_SETUP #line 248 "util/configlexer.lex" -{ YDVAR(1, VAR_TLS_CERT_BUNDLE) } +{ YDVAR(1, VAR_SSL_SERVICE_PEM) } YY_BREAK case 35: YY_RULE_SETUP #line 249 "util/configlexer.lex" -{ YDVAR(1, VAR_TLS_CERT_BUNDLE) } +{ YDVAR(1, VAR_SSL_PORT) } YY_BREAK case 36: YY_RULE_SETUP #line 250 "util/configlexer.lex" -{ YDVAR(1, VAR_TLS_WIN_CERT) } +{ YDVAR(1, VAR_SSL_PORT) } YY_BREAK case 37: YY_RULE_SETUP #line 251 "util/configlexer.lex" -{ YDVAR(1, VAR_TLS_ADDITIONAL_PORT) } +{ YDVAR(1, VAR_TLS_CERT_BUNDLE) } YY_BREAK case 38: YY_RULE_SETUP #line 252 "util/configlexer.lex" -{ YDVAR(1, VAR_TLS_ADDITIONAL_PORT) } +{ YDVAR(1, VAR_TLS_CERT_BUNDLE) } YY_BREAK case 39: YY_RULE_SETUP #line 253 "util/configlexer.lex" -{ YDVAR(1, VAR_TLS_ADDITIONAL_PORT) } +{ YDVAR(1, VAR_TLS_WIN_CERT) } YY_BREAK case 40: YY_RULE_SETUP @@ -4364,1419 +4494,1464 @@ YY_RULE_SETUP case 41: YY_RULE_SETUP #line 255 "util/configlexer.lex" -{ YDVAR(1, VAR_TLS_SESSION_TICKET_KEYS) } +{ YDVAR(1, VAR_TLS_ADDITIONAL_PORT) } YY_BREAK case 42: YY_RULE_SETUP #line 256 "util/configlexer.lex" -{ YDVAR(1, VAR_TLS_CIPHERS) } +{ YDVAR(1, VAR_TLS_ADDITIONAL_PORT) } YY_BREAK case 43: YY_RULE_SETUP #line 257 "util/configlexer.lex" -{ YDVAR(1, VAR_TLS_CIPHERSUITES) } +{ YDVAR(1, VAR_TLS_ADDITIONAL_PORT) } YY_BREAK case 44: YY_RULE_SETUP #line 258 "util/configlexer.lex" -{ YDVAR(1, VAR_TLS_USE_SNI) } +{ YDVAR(1, VAR_TLS_SESSION_TICKET_KEYS) } YY_BREAK case 45: YY_RULE_SETUP #line 259 "util/configlexer.lex" -{ YDVAR(1, VAR_HTTPS_PORT) } +{ YDVAR(1, VAR_TLS_CIPHERS) } YY_BREAK case 46: YY_RULE_SETUP #line 260 "util/configlexer.lex" -{ YDVAR(1, VAR_HTTP_ENDPOINT) } +{ YDVAR(1, VAR_TLS_CIPHERSUITES) } YY_BREAK case 47: YY_RULE_SETUP #line 261 "util/configlexer.lex" -{ YDVAR(1, VAR_HTTP_MAX_STREAMS) } +{ YDVAR(1, VAR_TLS_USE_SNI) } YY_BREAK case 48: YY_RULE_SETUP #line 262 "util/configlexer.lex" -{ YDVAR(1, VAR_HTTP_QUERY_BUFFER_SIZE) } +{ YDVAR(1, VAR_HTTPS_PORT) } YY_BREAK case 49: YY_RULE_SETUP #line 263 "util/configlexer.lex" -{ YDVAR(1, VAR_HTTP_RESPONSE_BUFFER_SIZE) } +{ YDVAR(1, VAR_HTTP_ENDPOINT) } YY_BREAK case 50: YY_RULE_SETUP #line 264 "util/configlexer.lex" -{ YDVAR(1, VAR_HTTP_NODELAY) } +{ YDVAR(1, VAR_HTTP_MAX_STREAMS) } YY_BREAK case 51: YY_RULE_SETUP #line 265 "util/configlexer.lex" -{ YDVAR(1, VAR_HTTP_NOTLS_DOWNSTREAM) } +{ YDVAR(1, VAR_HTTP_QUERY_BUFFER_SIZE) } YY_BREAK case 52: YY_RULE_SETUP #line 266 "util/configlexer.lex" -{ YDVAR(1, VAR_USE_SYSTEMD) } +{ YDVAR(1, VAR_HTTP_RESPONSE_BUFFER_SIZE) } YY_BREAK case 53: YY_RULE_SETUP #line 267 "util/configlexer.lex" -{ YDVAR(1, VAR_DO_DAEMONIZE) } +{ YDVAR(1, VAR_HTTP_NODELAY) } YY_BREAK case 54: YY_RULE_SETUP #line 268 "util/configlexer.lex" -{ YDVAR(1, VAR_INTERFACE) } +{ YDVAR(1, VAR_HTTP_NOTLS_DOWNSTREAM) } YY_BREAK case 55: YY_RULE_SETUP #line 269 "util/configlexer.lex" -{ YDVAR(1, VAR_INTERFACE) } +{ YDVAR(1, VAR_USE_SYSTEMD) } YY_BREAK case 56: YY_RULE_SETUP #line 270 "util/configlexer.lex" -{ YDVAR(1, VAR_OUTGOING_INTERFACE) } +{ YDVAR(1, VAR_DO_DAEMONIZE) } YY_BREAK case 57: YY_RULE_SETUP #line 271 "util/configlexer.lex" -{ YDVAR(1, VAR_INTERFACE_AUTOMATIC) } +{ YDVAR(1, VAR_INTERFACE) } YY_BREAK case 58: YY_RULE_SETUP #line 272 "util/configlexer.lex" -{ YDVAR(1, VAR_SO_RCVBUF) } +{ YDVAR(1, VAR_INTERFACE) } YY_BREAK case 59: YY_RULE_SETUP #line 273 "util/configlexer.lex" -{ YDVAR(1, VAR_SO_SNDBUF) } +{ YDVAR(1, VAR_OUTGOING_INTERFACE) } YY_BREAK case 60: YY_RULE_SETUP #line 274 "util/configlexer.lex" -{ YDVAR(1, VAR_SO_REUSEPORT) } +{ YDVAR(1, VAR_INTERFACE_AUTOMATIC) } YY_BREAK case 61: YY_RULE_SETUP #line 275 "util/configlexer.lex" -{ YDVAR(1, VAR_IP_TRANSPARENT) } +{ YDVAR(1, VAR_SO_RCVBUF) } YY_BREAK case 62: YY_RULE_SETUP #line 276 "util/configlexer.lex" -{ YDVAR(1, VAR_IP_FREEBIND) } +{ YDVAR(1, VAR_SO_SNDBUF) } YY_BREAK case 63: YY_RULE_SETUP #line 277 "util/configlexer.lex" -{ YDVAR(1, VAR_IP_DSCP) } +{ YDVAR(1, VAR_SO_REUSEPORT) } YY_BREAK case 64: YY_RULE_SETUP #line 278 "util/configlexer.lex" -{ YDVAR(1, VAR_CHROOT) } +{ YDVAR(1, VAR_IP_TRANSPARENT) } YY_BREAK case 65: YY_RULE_SETUP #line 279 "util/configlexer.lex" -{ YDVAR(1, VAR_USERNAME) } +{ YDVAR(1, VAR_IP_FREEBIND) } YY_BREAK case 66: YY_RULE_SETUP #line 280 "util/configlexer.lex" -{ YDVAR(1, VAR_DIRECTORY) } +{ YDVAR(1, VAR_IP_DSCP) } YY_BREAK case 67: YY_RULE_SETUP #line 281 "util/configlexer.lex" -{ YDVAR(1, VAR_LOGFILE) } +{ YDVAR(1, VAR_CHROOT) } YY_BREAK case 68: YY_RULE_SETUP #line 282 "util/configlexer.lex" -{ YDVAR(1, VAR_PIDFILE) } +{ YDVAR(1, VAR_USERNAME) } YY_BREAK case 69: YY_RULE_SETUP #line 283 "util/configlexer.lex" -{ YDVAR(1, VAR_ROOT_HINTS) } +{ YDVAR(1, VAR_DIRECTORY) } YY_BREAK case 70: YY_RULE_SETUP #line 284 "util/configlexer.lex" -{ YDVAR(1, VAR_STREAM_WAIT_SIZE) } +{ YDVAR(1, VAR_LOGFILE) } YY_BREAK case 71: YY_RULE_SETUP #line 285 "util/configlexer.lex" -{ YDVAR(1, VAR_EDNS_BUFFER_SIZE) } +{ YDVAR(1, VAR_PIDFILE) } YY_BREAK case 72: YY_RULE_SETUP #line 286 "util/configlexer.lex" -{ YDVAR(1, VAR_MSG_BUFFER_SIZE) } +{ YDVAR(1, VAR_ROOT_HINTS) } YY_BREAK case 73: YY_RULE_SETUP #line 287 "util/configlexer.lex" -{ YDVAR(1, VAR_MSG_CACHE_SIZE) } +{ YDVAR(1, VAR_STREAM_WAIT_SIZE) } YY_BREAK case 74: YY_RULE_SETUP #line 288 "util/configlexer.lex" -{ YDVAR(1, VAR_MSG_CACHE_SLABS) } +{ YDVAR(1, VAR_EDNS_BUFFER_SIZE) } YY_BREAK case 75: YY_RULE_SETUP #line 289 "util/configlexer.lex" -{ YDVAR(1, VAR_RRSET_CACHE_SIZE) } +{ YDVAR(1, VAR_MSG_BUFFER_SIZE) } YY_BREAK case 76: YY_RULE_SETUP #line 290 "util/configlexer.lex" -{ YDVAR(1, VAR_RRSET_CACHE_SLABS) } +{ YDVAR(1, VAR_MSG_CACHE_SIZE) } YY_BREAK case 77: YY_RULE_SETUP #line 291 "util/configlexer.lex" -{ YDVAR(1, VAR_CACHE_MAX_TTL) } +{ YDVAR(1, VAR_MSG_CACHE_SLABS) } YY_BREAK case 78: YY_RULE_SETUP #line 292 "util/configlexer.lex" -{ YDVAR(1, VAR_CACHE_MAX_NEGATIVE_TTL) } +{ YDVAR(1, VAR_RRSET_CACHE_SIZE) } YY_BREAK case 79: YY_RULE_SETUP #line 293 "util/configlexer.lex" -{ YDVAR(1, VAR_CACHE_MIN_TTL) } +{ YDVAR(1, VAR_RRSET_CACHE_SLABS) } YY_BREAK case 80: YY_RULE_SETUP #line 294 "util/configlexer.lex" -{ YDVAR(1, VAR_INFRA_HOST_TTL) } +{ YDVAR(1, VAR_CACHE_MAX_TTL) } YY_BREAK case 81: YY_RULE_SETUP #line 295 "util/configlexer.lex" -{ YDVAR(1, VAR_INFRA_LAME_TTL) } +{ YDVAR(1, VAR_CACHE_MAX_NEGATIVE_TTL) } YY_BREAK case 82: YY_RULE_SETUP #line 296 "util/configlexer.lex" -{ YDVAR(1, VAR_INFRA_CACHE_SLABS) } +{ YDVAR(1, VAR_CACHE_MIN_TTL) } YY_BREAK case 83: YY_RULE_SETUP #line 297 "util/configlexer.lex" -{ YDVAR(1, VAR_INFRA_CACHE_NUMHOSTS) } +{ YDVAR(1, VAR_INFRA_HOST_TTL) } YY_BREAK case 84: YY_RULE_SETUP #line 298 "util/configlexer.lex" -{ YDVAR(1, VAR_INFRA_CACHE_LAME_SIZE) } +{ YDVAR(1, VAR_INFRA_LAME_TTL) } YY_BREAK case 85: YY_RULE_SETUP #line 299 "util/configlexer.lex" -{ YDVAR(1, VAR_INFRA_CACHE_MIN_RTT) } +{ YDVAR(1, VAR_INFRA_CACHE_SLABS) } YY_BREAK case 86: YY_RULE_SETUP #line 300 "util/configlexer.lex" -{ YDVAR(1, VAR_INFRA_KEEP_PROBING) } +{ YDVAR(1, VAR_INFRA_CACHE_NUMHOSTS) } YY_BREAK case 87: YY_RULE_SETUP #line 301 "util/configlexer.lex" -{ YDVAR(1, VAR_NUM_QUERIES_PER_THREAD) } +{ YDVAR(1, VAR_INFRA_CACHE_LAME_SIZE) } YY_BREAK case 88: YY_RULE_SETUP #line 302 "util/configlexer.lex" -{ YDVAR(1, VAR_JOSTLE_TIMEOUT) } +{ YDVAR(1, VAR_INFRA_CACHE_MIN_RTT) } YY_BREAK case 89: YY_RULE_SETUP #line 303 "util/configlexer.lex" -{ YDVAR(1, VAR_DELAY_CLOSE) } +{ YDVAR(1, VAR_INFRA_KEEP_PROBING) } YY_BREAK case 90: YY_RULE_SETUP #line 304 "util/configlexer.lex" -{ YDVAR(1, VAR_UDP_CONNECT) } +{ YDVAR(1, VAR_NUM_QUERIES_PER_THREAD) } YY_BREAK case 91: YY_RULE_SETUP #line 305 "util/configlexer.lex" -{ YDVAR(1, VAR_TARGET_FETCH_POLICY) } +{ YDVAR(1, VAR_JOSTLE_TIMEOUT) } YY_BREAK case 92: YY_RULE_SETUP #line 306 "util/configlexer.lex" -{ YDVAR(1, VAR_HARDEN_SHORT_BUFSIZE) } +{ YDVAR(1, VAR_DELAY_CLOSE) } YY_BREAK case 93: YY_RULE_SETUP #line 307 "util/configlexer.lex" -{ YDVAR(1, VAR_HARDEN_LARGE_QUERIES) } +{ YDVAR(1, VAR_UDP_CONNECT) } YY_BREAK case 94: YY_RULE_SETUP #line 308 "util/configlexer.lex" -{ YDVAR(1, VAR_HARDEN_GLUE) } +{ YDVAR(1, VAR_TARGET_FETCH_POLICY) } YY_BREAK case 95: YY_RULE_SETUP #line 309 "util/configlexer.lex" -{ YDVAR(1, VAR_HARDEN_DNSSEC_STRIPPED) } +{ YDVAR(1, VAR_HARDEN_SHORT_BUFSIZE) } YY_BREAK case 96: YY_RULE_SETUP #line 310 "util/configlexer.lex" -{ YDVAR(1, VAR_HARDEN_BELOW_NXDOMAIN) } +{ YDVAR(1, VAR_HARDEN_LARGE_QUERIES) } YY_BREAK case 97: YY_RULE_SETUP #line 311 "util/configlexer.lex" -{ YDVAR(1, VAR_HARDEN_REFERRAL_PATH) } +{ YDVAR(1, VAR_HARDEN_GLUE) } YY_BREAK case 98: YY_RULE_SETUP #line 312 "util/configlexer.lex" -{ YDVAR(1, VAR_HARDEN_ALGO_DOWNGRADE) } +{ YDVAR(1, VAR_HARDEN_DNSSEC_STRIPPED) } YY_BREAK case 99: YY_RULE_SETUP #line 313 "util/configlexer.lex" -{ YDVAR(1, VAR_USE_CAPS_FOR_ID) } +{ YDVAR(1, VAR_HARDEN_BELOW_NXDOMAIN) } YY_BREAK case 100: YY_RULE_SETUP #line 314 "util/configlexer.lex" -{ YDVAR(1, VAR_CAPS_WHITELIST) } +{ YDVAR(1, VAR_HARDEN_REFERRAL_PATH) } YY_BREAK case 101: YY_RULE_SETUP #line 315 "util/configlexer.lex" -{ YDVAR(1, VAR_CAPS_WHITELIST) } +{ YDVAR(1, VAR_HARDEN_ALGO_DOWNGRADE) } YY_BREAK case 102: YY_RULE_SETUP #line 316 "util/configlexer.lex" -{ YDVAR(1, VAR_UNWANTED_REPLY_THRESHOLD) } +{ YDVAR(1, VAR_USE_CAPS_FOR_ID) } YY_BREAK case 103: YY_RULE_SETUP #line 317 "util/configlexer.lex" -{ YDVAR(1, VAR_PRIVATE_ADDRESS) } +{ YDVAR(1, VAR_CAPS_WHITELIST) } YY_BREAK case 104: YY_RULE_SETUP #line 318 "util/configlexer.lex" -{ YDVAR(1, VAR_PRIVATE_DOMAIN) } +{ YDVAR(1, VAR_CAPS_WHITELIST) } YY_BREAK case 105: YY_RULE_SETUP #line 319 "util/configlexer.lex" -{ YDVAR(1, VAR_PREFETCH_KEY) } +{ YDVAR(1, VAR_UNWANTED_REPLY_THRESHOLD) } YY_BREAK case 106: YY_RULE_SETUP #line 320 "util/configlexer.lex" -{ YDVAR(1, VAR_PREFETCH) } +{ YDVAR(1, VAR_PRIVATE_ADDRESS) } YY_BREAK case 107: YY_RULE_SETUP #line 321 "util/configlexer.lex" -{ YDVAR(1, VAR_DENY_ANY) } +{ YDVAR(1, VAR_PRIVATE_DOMAIN) } YY_BREAK case 108: YY_RULE_SETUP #line 322 "util/configlexer.lex" -{ YDVAR(0, VAR_STUB_ZONE) } +{ YDVAR(1, VAR_PREFETCH_KEY) } YY_BREAK case 109: YY_RULE_SETUP #line 323 "util/configlexer.lex" -{ YDVAR(1, VAR_NAME) } +{ YDVAR(1, VAR_PREFETCH) } YY_BREAK case 110: YY_RULE_SETUP #line 324 "util/configlexer.lex" -{ YDVAR(1, VAR_STUB_ADDR) } +{ YDVAR(1, VAR_DENY_ANY) } YY_BREAK case 111: YY_RULE_SETUP #line 325 "util/configlexer.lex" -{ YDVAR(1, VAR_STUB_HOST) } +{ YDVAR(0, VAR_STUB_ZONE) } YY_BREAK case 112: YY_RULE_SETUP #line 326 "util/configlexer.lex" -{ YDVAR(1, VAR_STUB_PRIME) } +{ YDVAR(1, VAR_NAME) } YY_BREAK case 113: YY_RULE_SETUP #line 327 "util/configlexer.lex" -{ YDVAR(1, VAR_STUB_FIRST) } +{ YDVAR(1, VAR_STUB_ADDR) } YY_BREAK case 114: YY_RULE_SETUP #line 328 "util/configlexer.lex" -{ YDVAR(1, VAR_STUB_NO_CACHE) } +{ YDVAR(1, VAR_STUB_HOST) } YY_BREAK case 115: YY_RULE_SETUP #line 329 "util/configlexer.lex" -{ YDVAR(1, VAR_STUB_SSL_UPSTREAM) } +{ YDVAR(1, VAR_STUB_PRIME) } YY_BREAK case 116: YY_RULE_SETUP #line 330 "util/configlexer.lex" -{ YDVAR(1, VAR_STUB_SSL_UPSTREAM) } +{ YDVAR(1, VAR_STUB_FIRST) } YY_BREAK case 117: YY_RULE_SETUP #line 331 "util/configlexer.lex" -{ YDVAR(0, VAR_FORWARD_ZONE) } +{ YDVAR(1, VAR_STUB_NO_CACHE) } YY_BREAK case 118: YY_RULE_SETUP #line 332 "util/configlexer.lex" -{ YDVAR(1, VAR_FORWARD_ADDR) } +{ YDVAR(1, VAR_STUB_SSL_UPSTREAM) } YY_BREAK case 119: YY_RULE_SETUP #line 333 "util/configlexer.lex" -{ YDVAR(1, VAR_FORWARD_HOST) } +{ YDVAR(1, VAR_STUB_SSL_UPSTREAM) } YY_BREAK case 120: YY_RULE_SETUP #line 334 "util/configlexer.lex" -{ YDVAR(1, VAR_FORWARD_FIRST) } +{ YDVAR(0, VAR_FORWARD_ZONE) } YY_BREAK case 121: YY_RULE_SETUP #line 335 "util/configlexer.lex" -{ YDVAR(1, VAR_FORWARD_NO_CACHE) } +{ YDVAR(1, VAR_FORWARD_ADDR) } YY_BREAK case 122: YY_RULE_SETUP #line 336 "util/configlexer.lex" -{ YDVAR(1, VAR_FORWARD_SSL_UPSTREAM) } +{ YDVAR(1, VAR_FORWARD_HOST) } YY_BREAK case 123: YY_RULE_SETUP #line 337 "util/configlexer.lex" -{ YDVAR(1, VAR_FORWARD_SSL_UPSTREAM) } +{ YDVAR(1, VAR_FORWARD_FIRST) } YY_BREAK case 124: YY_RULE_SETUP #line 338 "util/configlexer.lex" -{ YDVAR(0, VAR_AUTH_ZONE) } +{ YDVAR(1, VAR_FORWARD_NO_CACHE) } YY_BREAK case 125: YY_RULE_SETUP #line 339 "util/configlexer.lex" -{ YDVAR(0, VAR_RPZ) } +{ YDVAR(1, VAR_FORWARD_SSL_UPSTREAM) } YY_BREAK case 126: YY_RULE_SETUP #line 340 "util/configlexer.lex" -{ YDVAR(1, VAR_TAGS) } +{ YDVAR(1, VAR_FORWARD_SSL_UPSTREAM) } YY_BREAK case 127: YY_RULE_SETUP #line 341 "util/configlexer.lex" -{ YDVAR(1, VAR_RPZ_ACTION_OVERRIDE) } +{ YDVAR(0, VAR_AUTH_ZONE) } YY_BREAK case 128: YY_RULE_SETUP #line 342 "util/configlexer.lex" -{ YDVAR(1, VAR_RPZ_CNAME_OVERRIDE) } +{ YDVAR(0, VAR_RPZ) } YY_BREAK case 129: YY_RULE_SETUP #line 343 "util/configlexer.lex" -{ YDVAR(1, VAR_RPZ_LOG) } +{ YDVAR(1, VAR_TAGS) } YY_BREAK case 130: YY_RULE_SETUP #line 344 "util/configlexer.lex" -{ YDVAR(1, VAR_RPZ_LOG_NAME) } +{ YDVAR(1, VAR_RPZ_ACTION_OVERRIDE) } YY_BREAK case 131: YY_RULE_SETUP #line 345 "util/configlexer.lex" -{ YDVAR(1, VAR_ZONEFILE) } +{ YDVAR(1, VAR_RPZ_CNAME_OVERRIDE) } YY_BREAK case 132: YY_RULE_SETUP #line 346 "util/configlexer.lex" -{ YDVAR(1, VAR_MASTER) } +{ YDVAR(1, VAR_RPZ_LOG) } YY_BREAK case 133: YY_RULE_SETUP #line 347 "util/configlexer.lex" -{ YDVAR(1, VAR_MASTER) } +{ YDVAR(1, VAR_RPZ_LOG_NAME) } YY_BREAK case 134: YY_RULE_SETUP #line 348 "util/configlexer.lex" -{ YDVAR(1, VAR_URL) } +{ YDVAR(1, VAR_ZONEFILE) } YY_BREAK case 135: YY_RULE_SETUP #line 349 "util/configlexer.lex" -{ YDVAR(1, VAR_ALLOW_NOTIFY) } +{ YDVAR(1, VAR_MASTER) } YY_BREAK case 136: YY_RULE_SETUP #line 350 "util/configlexer.lex" -{ YDVAR(1, VAR_FOR_DOWNSTREAM) } +{ YDVAR(1, VAR_MASTER) } YY_BREAK case 137: YY_RULE_SETUP #line 351 "util/configlexer.lex" -{ YDVAR(1, VAR_FOR_UPSTREAM) } +{ YDVAR(1, VAR_URL) } YY_BREAK case 138: YY_RULE_SETUP #line 352 "util/configlexer.lex" -{ YDVAR(1, VAR_FALLBACK_ENABLED) } +{ YDVAR(1, VAR_ALLOW_NOTIFY) } YY_BREAK case 139: YY_RULE_SETUP #line 353 "util/configlexer.lex" -{ YDVAR(0, VAR_VIEW) } +{ YDVAR(1, VAR_FOR_DOWNSTREAM) } YY_BREAK case 140: YY_RULE_SETUP #line 354 "util/configlexer.lex" -{ YDVAR(1, VAR_VIEW_FIRST) } +{ YDVAR(1, VAR_FOR_UPSTREAM) } YY_BREAK case 141: YY_RULE_SETUP #line 355 "util/configlexer.lex" -{ YDVAR(1, VAR_DO_NOT_QUERY_ADDRESS) } +{ YDVAR(1, VAR_FALLBACK_ENABLED) } YY_BREAK case 142: YY_RULE_SETUP #line 356 "util/configlexer.lex" -{ YDVAR(1, VAR_DO_NOT_QUERY_LOCALHOST) } +{ YDVAR(0, VAR_VIEW) } YY_BREAK case 143: YY_RULE_SETUP #line 357 "util/configlexer.lex" -{ YDVAR(2, VAR_ACCESS_CONTROL) } +{ YDVAR(1, VAR_VIEW_FIRST) } YY_BREAK case 144: YY_RULE_SETUP #line 358 "util/configlexer.lex" -{ YDVAR(1, VAR_SEND_CLIENT_SUBNET) } +{ YDVAR(1, VAR_DO_NOT_QUERY_ADDRESS) } YY_BREAK case 145: YY_RULE_SETUP #line 359 "util/configlexer.lex" -{ YDVAR(1, VAR_CLIENT_SUBNET_ZONE) } +{ YDVAR(1, VAR_DO_NOT_QUERY_LOCALHOST) } YY_BREAK case 146: YY_RULE_SETUP #line 360 "util/configlexer.lex" -{ YDVAR(1, VAR_CLIENT_SUBNET_ALWAYS_FORWARD) } +{ YDVAR(2, VAR_ACCESS_CONTROL) } YY_BREAK case 147: YY_RULE_SETUP #line 361 "util/configlexer.lex" -{ YDVAR(1, VAR_CLIENT_SUBNET_OPCODE) } +{ YDVAR(1, VAR_SEND_CLIENT_SUBNET) } YY_BREAK case 148: YY_RULE_SETUP #line 362 "util/configlexer.lex" -{ YDVAR(1, VAR_MAX_CLIENT_SUBNET_IPV4) } +{ YDVAR(1, VAR_CLIENT_SUBNET_ZONE) } YY_BREAK case 149: YY_RULE_SETUP #line 363 "util/configlexer.lex" -{ YDVAR(1, VAR_MAX_CLIENT_SUBNET_IPV6) } +{ YDVAR(1, VAR_CLIENT_SUBNET_ALWAYS_FORWARD) } YY_BREAK case 150: YY_RULE_SETUP #line 364 "util/configlexer.lex" -{ YDVAR(1, VAR_MIN_CLIENT_SUBNET_IPV4) } +{ YDVAR(1, VAR_CLIENT_SUBNET_OPCODE) } YY_BREAK case 151: YY_RULE_SETUP #line 365 "util/configlexer.lex" -{ YDVAR(1, VAR_MIN_CLIENT_SUBNET_IPV6) } +{ YDVAR(1, VAR_MAX_CLIENT_SUBNET_IPV4) } YY_BREAK case 152: YY_RULE_SETUP #line 366 "util/configlexer.lex" -{ YDVAR(1, VAR_MAX_ECS_TREE_SIZE_IPV4) } +{ YDVAR(1, VAR_MAX_CLIENT_SUBNET_IPV6) } YY_BREAK case 153: YY_RULE_SETUP #line 367 "util/configlexer.lex" -{ YDVAR(1, VAR_MAX_ECS_TREE_SIZE_IPV6) } +{ YDVAR(1, VAR_MIN_CLIENT_SUBNET_IPV4) } YY_BREAK case 154: YY_RULE_SETUP #line 368 "util/configlexer.lex" -{ YDVAR(1, VAR_HIDE_IDENTITY) } +{ YDVAR(1, VAR_MIN_CLIENT_SUBNET_IPV6) } YY_BREAK case 155: YY_RULE_SETUP #line 369 "util/configlexer.lex" -{ YDVAR(1, VAR_HIDE_VERSION) } +{ YDVAR(1, VAR_MAX_ECS_TREE_SIZE_IPV4) } YY_BREAK case 156: YY_RULE_SETUP #line 370 "util/configlexer.lex" -{ YDVAR(1, VAR_HIDE_TRUSTANCHOR) } +{ YDVAR(1, VAR_MAX_ECS_TREE_SIZE_IPV6) } YY_BREAK case 157: YY_RULE_SETUP #line 371 "util/configlexer.lex" -{ YDVAR(1, VAR_IDENTITY) } +{ YDVAR(1, VAR_HIDE_IDENTITY) } YY_BREAK case 158: YY_RULE_SETUP #line 372 "util/configlexer.lex" -{ YDVAR(1, VAR_VERSION) } +{ YDVAR(1, VAR_HIDE_VERSION) } YY_BREAK case 159: YY_RULE_SETUP #line 373 "util/configlexer.lex" -{ YDVAR(1, VAR_MODULE_CONF) } +{ YDVAR(1, VAR_HIDE_TRUSTANCHOR) } YY_BREAK case 160: YY_RULE_SETUP #line 374 "util/configlexer.lex" -{ YDVAR(1, VAR_DLV_ANCHOR) } +{ YDVAR(1, VAR_HIDE_HTTP_USER_AGENT) } YY_BREAK case 161: YY_RULE_SETUP #line 375 "util/configlexer.lex" -{ YDVAR(1, VAR_DLV_ANCHOR_FILE) } +{ YDVAR(1, VAR_IDENTITY) } YY_BREAK case 162: YY_RULE_SETUP #line 376 "util/configlexer.lex" -{ YDVAR(1, VAR_TRUST_ANCHOR_FILE) } +{ YDVAR(1, VAR_VERSION) } YY_BREAK case 163: YY_RULE_SETUP #line 377 "util/configlexer.lex" -{ YDVAR(1, VAR_AUTO_TRUST_ANCHOR_FILE) } +{ YDVAR(1, VAR_HTTP_USER_AGENT) } YY_BREAK case 164: YY_RULE_SETUP #line 378 "util/configlexer.lex" -{ YDVAR(1, VAR_TRUSTED_KEYS_FILE) } +{ YDVAR(1, VAR_MODULE_CONF) } YY_BREAK case 165: YY_RULE_SETUP #line 379 "util/configlexer.lex" -{ YDVAR(1, VAR_TRUST_ANCHOR) } +{ YDVAR(1, VAR_DLV_ANCHOR) } YY_BREAK case 166: YY_RULE_SETUP #line 380 "util/configlexer.lex" -{ YDVAR(1, VAR_TRUST_ANCHOR_SIGNALING) } +{ YDVAR(1, VAR_DLV_ANCHOR_FILE) } YY_BREAK case 167: YY_RULE_SETUP #line 381 "util/configlexer.lex" -{ YDVAR(1, VAR_ROOT_KEY_SENTINEL) } +{ YDVAR(1, VAR_TRUST_ANCHOR_FILE) } YY_BREAK case 168: YY_RULE_SETUP #line 382 "util/configlexer.lex" -{ YDVAR(1, VAR_VAL_OVERRIDE_DATE) } +{ YDVAR(1, VAR_AUTO_TRUST_ANCHOR_FILE) } YY_BREAK case 169: YY_RULE_SETUP #line 383 "util/configlexer.lex" -{ YDVAR(1, VAR_VAL_SIG_SKEW_MIN) } +{ YDVAR(1, VAR_TRUSTED_KEYS_FILE) } YY_BREAK case 170: YY_RULE_SETUP #line 384 "util/configlexer.lex" -{ YDVAR(1, VAR_VAL_SIG_SKEW_MAX) } +{ YDVAR(1, VAR_TRUST_ANCHOR) } YY_BREAK case 171: YY_RULE_SETUP #line 385 "util/configlexer.lex" -{ YDVAR(1, VAR_BOGUS_TTL) } +{ YDVAR(1, VAR_TRUST_ANCHOR_SIGNALING) } YY_BREAK case 172: YY_RULE_SETUP #line 386 "util/configlexer.lex" -{ YDVAR(1, VAR_VAL_CLEAN_ADDITIONAL) } +{ YDVAR(1, VAR_ROOT_KEY_SENTINEL) } YY_BREAK case 173: YY_RULE_SETUP #line 387 "util/configlexer.lex" -{ YDVAR(1, VAR_VAL_PERMISSIVE_MODE) } +{ YDVAR(1, VAR_VAL_OVERRIDE_DATE) } YY_BREAK case 174: YY_RULE_SETUP #line 388 "util/configlexer.lex" -{ YDVAR(1, VAR_AGGRESSIVE_NSEC) } +{ YDVAR(1, VAR_VAL_SIG_SKEW_MIN) } YY_BREAK case 175: YY_RULE_SETUP #line 389 "util/configlexer.lex" -{ YDVAR(1, VAR_IGNORE_CD_FLAG) } +{ YDVAR(1, VAR_VAL_SIG_SKEW_MAX) } YY_BREAK case 176: YY_RULE_SETUP #line 390 "util/configlexer.lex" -{ YDVAR(1, VAR_SERVE_EXPIRED) } +{ YDVAR(1, VAR_VAL_MAX_RESTART) } YY_BREAK case 177: YY_RULE_SETUP #line 391 "util/configlexer.lex" -{ YDVAR(1, VAR_SERVE_EXPIRED_TTL) } +{ YDVAR(1, VAR_BOGUS_TTL) } YY_BREAK case 178: YY_RULE_SETUP #line 392 "util/configlexer.lex" -{ YDVAR(1, VAR_SERVE_EXPIRED_TTL_RESET) } +{ YDVAR(1, VAR_VAL_CLEAN_ADDITIONAL) } YY_BREAK case 179: YY_RULE_SETUP #line 393 "util/configlexer.lex" -{ YDVAR(1, VAR_SERVE_EXPIRED_REPLY_TTL) } +{ YDVAR(1, VAR_VAL_PERMISSIVE_MODE) } YY_BREAK case 180: YY_RULE_SETUP #line 394 "util/configlexer.lex" -{ YDVAR(1, VAR_SERVE_EXPIRED_CLIENT_TIMEOUT) } +{ YDVAR(1, VAR_AGGRESSIVE_NSEC) } YY_BREAK case 181: YY_RULE_SETUP #line 395 "util/configlexer.lex" -{ YDVAR(1, VAR_SERVE_ORIGINAL_TTL) } +{ YDVAR(1, VAR_IGNORE_CD_FLAG) } YY_BREAK case 182: YY_RULE_SETUP #line 396 "util/configlexer.lex" -{ YDVAR(1, VAR_FAKE_DSA) } +{ YDVAR(1, VAR_SERVE_EXPIRED) } YY_BREAK case 183: YY_RULE_SETUP #line 397 "util/configlexer.lex" -{ YDVAR(1, VAR_FAKE_SHA1) } +{ YDVAR(1, VAR_SERVE_EXPIRED_TTL) } YY_BREAK case 184: YY_RULE_SETUP #line 398 "util/configlexer.lex" -{ YDVAR(1, VAR_VAL_LOG_LEVEL) } +{ YDVAR(1, VAR_SERVE_EXPIRED_TTL_RESET) } YY_BREAK case 185: YY_RULE_SETUP #line 399 "util/configlexer.lex" -{ YDVAR(1, VAR_KEY_CACHE_SIZE) } +{ YDVAR(1, VAR_SERVE_EXPIRED_REPLY_TTL) } YY_BREAK case 186: YY_RULE_SETUP #line 400 "util/configlexer.lex" -{ YDVAR(1, VAR_KEY_CACHE_SLABS) } +{ YDVAR(1, VAR_SERVE_EXPIRED_CLIENT_TIMEOUT) } YY_BREAK case 187: YY_RULE_SETUP #line 401 "util/configlexer.lex" -{ YDVAR(1, VAR_NEG_CACHE_SIZE) } +{ YDVAR(1, VAR_SERVE_ORIGINAL_TTL) } YY_BREAK case 188: YY_RULE_SETUP #line 402 "util/configlexer.lex" -{ - YDVAR(1, VAR_VAL_NSEC3_KEYSIZE_ITERATIONS) } +{ YDVAR(1, VAR_FAKE_DSA) } YY_BREAK case 189: YY_RULE_SETUP -#line 404 "util/configlexer.lex" -{ YDVAR(1, VAR_ADD_HOLDDOWN) } +#line 403 "util/configlexer.lex" +{ YDVAR(1, VAR_FAKE_SHA1) } YY_BREAK case 190: YY_RULE_SETUP -#line 405 "util/configlexer.lex" -{ YDVAR(1, VAR_DEL_HOLDDOWN) } +#line 404 "util/configlexer.lex" +{ YDVAR(1, VAR_VAL_LOG_LEVEL) } YY_BREAK case 191: YY_RULE_SETUP -#line 406 "util/configlexer.lex" -{ YDVAR(1, VAR_KEEP_MISSING) } +#line 405 "util/configlexer.lex" +{ YDVAR(1, VAR_KEY_CACHE_SIZE) } YY_BREAK case 192: YY_RULE_SETUP -#line 407 "util/configlexer.lex" -{ YDVAR(1, VAR_PERMIT_SMALL_HOLDDOWN) } +#line 406 "util/configlexer.lex" +{ YDVAR(1, VAR_KEY_CACHE_SLABS) } YY_BREAK case 193: YY_RULE_SETUP -#line 408 "util/configlexer.lex" -{ YDVAR(1, VAR_USE_SYSLOG) } +#line 407 "util/configlexer.lex" +{ YDVAR(1, VAR_NEG_CACHE_SIZE) } YY_BREAK case 194: YY_RULE_SETUP -#line 409 "util/configlexer.lex" -{ YDVAR(1, VAR_LOG_IDENTITY) } +#line 408 "util/configlexer.lex" +{ + YDVAR(1, VAR_VAL_NSEC3_KEYSIZE_ITERATIONS) } YY_BREAK case 195: YY_RULE_SETUP #line 410 "util/configlexer.lex" -{ YDVAR(1, VAR_LOG_TIME_ASCII) } +{ YDVAR(1, VAR_ZONEMD_PERMISSIVE_MODE) } YY_BREAK case 196: YY_RULE_SETUP #line 411 "util/configlexer.lex" -{ YDVAR(1, VAR_LOG_QUERIES) } +{ YDVAR(1, VAR_ZONEMD_CHECK) } YY_BREAK case 197: YY_RULE_SETUP #line 412 "util/configlexer.lex" -{ YDVAR(1, VAR_LOG_REPLIES) } +{ YDVAR(1, VAR_ZONEMD_REJECT_ABSENCE) } YY_BREAK case 198: YY_RULE_SETUP #line 413 "util/configlexer.lex" -{ YDVAR(1, VAR_LOG_TAG_QUERYREPLY) } +{ YDVAR(1, VAR_ADD_HOLDDOWN) } YY_BREAK case 199: YY_RULE_SETUP #line 414 "util/configlexer.lex" -{ YDVAR(1, VAR_LOG_LOCAL_ACTIONS) } +{ YDVAR(1, VAR_DEL_HOLDDOWN) } YY_BREAK case 200: YY_RULE_SETUP #line 415 "util/configlexer.lex" -{ YDVAR(1, VAR_LOG_SERVFAIL) } +{ YDVAR(1, VAR_KEEP_MISSING) } YY_BREAK case 201: YY_RULE_SETUP #line 416 "util/configlexer.lex" -{ YDVAR(2, VAR_LOCAL_ZONE) } +{ YDVAR(1, VAR_PERMIT_SMALL_HOLDDOWN) } YY_BREAK case 202: YY_RULE_SETUP #line 417 "util/configlexer.lex" -{ YDVAR(1, VAR_LOCAL_DATA) } +{ YDVAR(1, VAR_USE_SYSLOG) } YY_BREAK case 203: YY_RULE_SETUP #line 418 "util/configlexer.lex" -{ YDVAR(1, VAR_LOCAL_DATA_PTR) } +{ YDVAR(1, VAR_LOG_IDENTITY) } YY_BREAK case 204: YY_RULE_SETUP #line 419 "util/configlexer.lex" -{ YDVAR(1, VAR_UNBLOCK_LAN_ZONES) } +{ YDVAR(1, VAR_LOG_TIME_ASCII) } YY_BREAK case 205: YY_RULE_SETUP #line 420 "util/configlexer.lex" -{ YDVAR(1, VAR_INSECURE_LAN_ZONES) } +{ YDVAR(1, VAR_LOG_QUERIES) } YY_BREAK case 206: YY_RULE_SETUP #line 421 "util/configlexer.lex" -{ YDVAR(1, VAR_STATISTICS_INTERVAL) } +{ YDVAR(1, VAR_LOG_REPLIES) } YY_BREAK case 207: YY_RULE_SETUP #line 422 "util/configlexer.lex" -{ YDVAR(1, VAR_STATISTICS_CUMULATIVE) } +{ YDVAR(1, VAR_LOG_TAG_QUERYREPLY) } YY_BREAK case 208: YY_RULE_SETUP #line 423 "util/configlexer.lex" -{ YDVAR(1, VAR_EXTENDED_STATISTICS) } +{ YDVAR(1, VAR_LOG_LOCAL_ACTIONS) } YY_BREAK case 209: YY_RULE_SETUP #line 424 "util/configlexer.lex" -{ YDVAR(1, VAR_SHM_ENABLE) } +{ YDVAR(1, VAR_LOG_SERVFAIL) } YY_BREAK case 210: YY_RULE_SETUP #line 425 "util/configlexer.lex" -{ YDVAR(1, VAR_SHM_KEY) } +{ YDVAR(2, VAR_LOCAL_ZONE) } YY_BREAK case 211: YY_RULE_SETUP #line 426 "util/configlexer.lex" -{ YDVAR(0, VAR_REMOTE_CONTROL) } +{ YDVAR(1, VAR_LOCAL_DATA) } YY_BREAK case 212: YY_RULE_SETUP #line 427 "util/configlexer.lex" -{ YDVAR(1, VAR_CONTROL_ENABLE) } +{ YDVAR(1, VAR_LOCAL_DATA_PTR) } YY_BREAK case 213: YY_RULE_SETUP #line 428 "util/configlexer.lex" -{ YDVAR(1, VAR_CONTROL_INTERFACE) } +{ YDVAR(1, VAR_UNBLOCK_LAN_ZONES) } YY_BREAK case 214: YY_RULE_SETUP #line 429 "util/configlexer.lex" -{ YDVAR(1, VAR_CONTROL_PORT) } +{ YDVAR(1, VAR_INSECURE_LAN_ZONES) } YY_BREAK case 215: YY_RULE_SETUP #line 430 "util/configlexer.lex" -{ YDVAR(1, VAR_CONTROL_USE_CERT) } +{ YDVAR(1, VAR_STATISTICS_INTERVAL) } YY_BREAK case 216: YY_RULE_SETUP #line 431 "util/configlexer.lex" -{ YDVAR(1, VAR_SERVER_KEY_FILE) } +{ YDVAR(1, VAR_STATISTICS_CUMULATIVE) } YY_BREAK case 217: YY_RULE_SETUP #line 432 "util/configlexer.lex" -{ YDVAR(1, VAR_SERVER_CERT_FILE) } +{ YDVAR(1, VAR_EXTENDED_STATISTICS) } YY_BREAK case 218: YY_RULE_SETUP #line 433 "util/configlexer.lex" -{ YDVAR(1, VAR_CONTROL_KEY_FILE) } +{ YDVAR(1, VAR_SHM_ENABLE) } YY_BREAK case 219: YY_RULE_SETUP #line 434 "util/configlexer.lex" -{ YDVAR(1, VAR_CONTROL_CERT_FILE) } +{ YDVAR(1, VAR_SHM_KEY) } YY_BREAK case 220: YY_RULE_SETUP #line 435 "util/configlexer.lex" -{ YDVAR(1, VAR_PYTHON_SCRIPT) } +{ YDVAR(0, VAR_REMOTE_CONTROL) } YY_BREAK case 221: YY_RULE_SETUP #line 436 "util/configlexer.lex" -{ YDVAR(0, VAR_PYTHON) } +{ YDVAR(1, VAR_CONTROL_ENABLE) } YY_BREAK case 222: YY_RULE_SETUP #line 437 "util/configlexer.lex" -{ YDVAR(1, VAR_DYNLIB_FILE) } +{ YDVAR(1, VAR_CONTROL_INTERFACE) } YY_BREAK case 223: YY_RULE_SETUP #line 438 "util/configlexer.lex" -{ YDVAR(0, VAR_DYNLIB) } +{ YDVAR(1, VAR_CONTROL_PORT) } YY_BREAK case 224: YY_RULE_SETUP #line 439 "util/configlexer.lex" -{ YDVAR(1, VAR_DOMAIN_INSECURE) } +{ YDVAR(1, VAR_CONTROL_USE_CERT) } YY_BREAK case 225: YY_RULE_SETUP #line 440 "util/configlexer.lex" -{ YDVAR(1, VAR_MINIMAL_RESPONSES) } +{ YDVAR(1, VAR_SERVER_KEY_FILE) } YY_BREAK case 226: YY_RULE_SETUP #line 441 "util/configlexer.lex" -{ YDVAR(1, VAR_RRSET_ROUNDROBIN) } +{ YDVAR(1, VAR_SERVER_CERT_FILE) } YY_BREAK case 227: YY_RULE_SETUP #line 442 "util/configlexer.lex" -{ YDVAR(1, VAR_UNKNOWN_SERVER_TIME_LIMIT) } +{ YDVAR(1, VAR_CONTROL_KEY_FILE) } YY_BREAK case 228: YY_RULE_SETUP #line 443 "util/configlexer.lex" -{ YDVAR(1, VAR_MAX_UDP_SIZE) } +{ YDVAR(1, VAR_CONTROL_CERT_FILE) } YY_BREAK case 229: YY_RULE_SETUP #line 444 "util/configlexer.lex" -{ YDVAR(1, VAR_DNS64_PREFIX) } +{ YDVAR(1, VAR_PYTHON_SCRIPT) } YY_BREAK case 230: YY_RULE_SETUP #line 445 "util/configlexer.lex" -{ YDVAR(1, VAR_DNS64_SYNTHALL) } +{ YDVAR(0, VAR_PYTHON) } YY_BREAK case 231: YY_RULE_SETUP #line 446 "util/configlexer.lex" -{ YDVAR(1, VAR_DNS64_IGNORE_AAAA) } +{ YDVAR(1, VAR_DYNLIB_FILE) } YY_BREAK case 232: YY_RULE_SETUP #line 447 "util/configlexer.lex" -{ YDVAR(1, VAR_DEFINE_TAG) } +{ YDVAR(0, VAR_DYNLIB) } YY_BREAK case 233: YY_RULE_SETUP #line 448 "util/configlexer.lex" -{ YDVAR(2, VAR_LOCAL_ZONE_TAG) } +{ YDVAR(1, VAR_DOMAIN_INSECURE) } YY_BREAK case 234: YY_RULE_SETUP #line 449 "util/configlexer.lex" -{ YDVAR(2, VAR_ACCESS_CONTROL_TAG) } +{ YDVAR(1, VAR_MINIMAL_RESPONSES) } YY_BREAK case 235: YY_RULE_SETUP #line 450 "util/configlexer.lex" -{ YDVAR(3, VAR_ACCESS_CONTROL_TAG_ACTION) } +{ YDVAR(1, VAR_RRSET_ROUNDROBIN) } YY_BREAK case 236: YY_RULE_SETUP #line 451 "util/configlexer.lex" -{ YDVAR(3, VAR_ACCESS_CONTROL_TAG_DATA) } +{ YDVAR(1, VAR_UNKNOWN_SERVER_TIME_LIMIT) } YY_BREAK case 237: YY_RULE_SETUP #line 452 "util/configlexer.lex" -{ YDVAR(2, VAR_ACCESS_CONTROL_VIEW) } +{ YDVAR(1, VAR_MAX_UDP_SIZE) } YY_BREAK case 238: YY_RULE_SETUP #line 453 "util/configlexer.lex" -{ YDVAR(3, VAR_LOCAL_ZONE_OVERRIDE) } +{ YDVAR(1, VAR_DNS64_PREFIX) } YY_BREAK case 239: YY_RULE_SETUP #line 454 "util/configlexer.lex" -{ YDVAR(0, VAR_DNSTAP) } +{ YDVAR(1, VAR_DNS64_SYNTHALL) } YY_BREAK case 240: YY_RULE_SETUP #line 455 "util/configlexer.lex" -{ YDVAR(1, VAR_DNSTAP_ENABLE) } +{ YDVAR(1, VAR_DNS64_IGNORE_AAAA) } YY_BREAK case 241: YY_RULE_SETUP #line 456 "util/configlexer.lex" -{ YDVAR(1, VAR_DNSTAP_BIDIRECTIONAL) } +{ YDVAR(1, VAR_DEFINE_TAG) } YY_BREAK case 242: YY_RULE_SETUP #line 457 "util/configlexer.lex" -{ YDVAR(1, VAR_DNSTAP_SOCKET_PATH) } +{ YDVAR(2, VAR_LOCAL_ZONE_TAG) } YY_BREAK case 243: YY_RULE_SETUP #line 458 "util/configlexer.lex" -{ YDVAR(1, VAR_DNSTAP_IP) } +{ YDVAR(2, VAR_ACCESS_CONTROL_TAG) } YY_BREAK case 244: YY_RULE_SETUP #line 459 "util/configlexer.lex" -{ YDVAR(1, VAR_DNSTAP_TLS) } +{ YDVAR(3, VAR_ACCESS_CONTROL_TAG_ACTION) } YY_BREAK case 245: YY_RULE_SETUP #line 460 "util/configlexer.lex" -{ YDVAR(1, VAR_DNSTAP_TLS_SERVER_NAME) } +{ YDVAR(3, VAR_ACCESS_CONTROL_TAG_DATA) } YY_BREAK case 246: YY_RULE_SETUP #line 461 "util/configlexer.lex" -{ YDVAR(1, VAR_DNSTAP_TLS_CERT_BUNDLE) } +{ YDVAR(2, VAR_ACCESS_CONTROL_VIEW) } YY_BREAK case 247: YY_RULE_SETUP #line 462 "util/configlexer.lex" -{ - YDVAR(1, VAR_DNSTAP_TLS_CLIENT_KEY_FILE) } +{ YDVAR(3, VAR_LOCAL_ZONE_OVERRIDE) } YY_BREAK case 248: YY_RULE_SETUP -#line 464 "util/configlexer.lex" -{ - YDVAR(1, VAR_DNSTAP_TLS_CLIENT_CERT_FILE) } +#line 463 "util/configlexer.lex" +{ YDVAR(0, VAR_DNSTAP) } YY_BREAK case 249: YY_RULE_SETUP -#line 466 "util/configlexer.lex" -{ YDVAR(1, VAR_DNSTAP_SEND_IDENTITY) } +#line 464 "util/configlexer.lex" +{ YDVAR(1, VAR_DNSTAP_ENABLE) } YY_BREAK case 250: YY_RULE_SETUP -#line 467 "util/configlexer.lex" -{ YDVAR(1, VAR_DNSTAP_SEND_VERSION) } +#line 465 "util/configlexer.lex" +{ YDVAR(1, VAR_DNSTAP_BIDIRECTIONAL) } YY_BREAK case 251: YY_RULE_SETUP -#line 468 "util/configlexer.lex" -{ YDVAR(1, VAR_DNSTAP_IDENTITY) } +#line 466 "util/configlexer.lex" +{ YDVAR(1, VAR_DNSTAP_SOCKET_PATH) } YY_BREAK case 252: YY_RULE_SETUP -#line 469 "util/configlexer.lex" -{ YDVAR(1, VAR_DNSTAP_VERSION) } +#line 467 "util/configlexer.lex" +{ YDVAR(1, VAR_DNSTAP_IP) } YY_BREAK case 253: YY_RULE_SETUP -#line 470 "util/configlexer.lex" -{ - YDVAR(1, VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES) } +#line 468 "util/configlexer.lex" +{ YDVAR(1, VAR_DNSTAP_TLS) } YY_BREAK case 254: YY_RULE_SETUP -#line 472 "util/configlexer.lex" -{ - YDVAR(1, VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES) } +#line 469 "util/configlexer.lex" +{ YDVAR(1, VAR_DNSTAP_TLS_SERVER_NAME) } YY_BREAK case 255: YY_RULE_SETUP -#line 474 "util/configlexer.lex" -{ - YDVAR(1, VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES) } +#line 470 "util/configlexer.lex" +{ YDVAR(1, VAR_DNSTAP_TLS_CERT_BUNDLE) } YY_BREAK case 256: YY_RULE_SETUP -#line 476 "util/configlexer.lex" +#line 471 "util/configlexer.lex" { - YDVAR(1, VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES) } + YDVAR(1, VAR_DNSTAP_TLS_CLIENT_KEY_FILE) } YY_BREAK case 257: YY_RULE_SETUP -#line 478 "util/configlexer.lex" +#line 473 "util/configlexer.lex" { - YDVAR(1, VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES) } + YDVAR(1, VAR_DNSTAP_TLS_CLIENT_CERT_FILE) } YY_BREAK case 258: YY_RULE_SETUP -#line 480 "util/configlexer.lex" -{ - YDVAR(1, VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES) } +#line 475 "util/configlexer.lex" +{ YDVAR(1, VAR_DNSTAP_SEND_IDENTITY) } YY_BREAK case 259: YY_RULE_SETUP -#line 482 "util/configlexer.lex" -{ YDVAR(1, VAR_DISABLE_DNSSEC_LAME_CHECK) } +#line 476 "util/configlexer.lex" +{ YDVAR(1, VAR_DNSTAP_SEND_VERSION) } YY_BREAK case 260: YY_RULE_SETUP -#line 483 "util/configlexer.lex" -{ YDVAR(1, VAR_IP_RATELIMIT) } +#line 477 "util/configlexer.lex" +{ YDVAR(1, VAR_DNSTAP_IDENTITY) } YY_BREAK case 261: YY_RULE_SETUP -#line 484 "util/configlexer.lex" -{ YDVAR(1, VAR_RATELIMIT) } +#line 478 "util/configlexer.lex" +{ YDVAR(1, VAR_DNSTAP_VERSION) } YY_BREAK case 262: YY_RULE_SETUP -#line 485 "util/configlexer.lex" -{ YDVAR(1, VAR_IP_RATELIMIT_SLABS) } +#line 479 "util/configlexer.lex" +{ + YDVAR(1, VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES) } YY_BREAK case 263: YY_RULE_SETUP -#line 486 "util/configlexer.lex" -{ YDVAR(1, VAR_RATELIMIT_SLABS) } +#line 481 "util/configlexer.lex" +{ + YDVAR(1, VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES) } YY_BREAK case 264: YY_RULE_SETUP -#line 487 "util/configlexer.lex" -{ YDVAR(1, VAR_IP_RATELIMIT_SIZE) } +#line 483 "util/configlexer.lex" +{ + YDVAR(1, VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES) } YY_BREAK case 265: YY_RULE_SETUP -#line 488 "util/configlexer.lex" -{ YDVAR(1, VAR_RATELIMIT_SIZE) } +#line 485 "util/configlexer.lex" +{ + YDVAR(1, VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES) } YY_BREAK case 266: YY_RULE_SETUP -#line 489 "util/configlexer.lex" -{ YDVAR(2, VAR_RATELIMIT_FOR_DOMAIN) } +#line 487 "util/configlexer.lex" +{ + YDVAR(1, VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES) } YY_BREAK case 267: YY_RULE_SETUP -#line 490 "util/configlexer.lex" -{ YDVAR(2, VAR_RATELIMIT_BELOW_DOMAIN) } +#line 489 "util/configlexer.lex" +{ + YDVAR(1, VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES) } YY_BREAK case 268: YY_RULE_SETUP #line 491 "util/configlexer.lex" -{ YDVAR(1, VAR_IP_RATELIMIT_FACTOR) } +{ YDVAR(1, VAR_DISABLE_DNSSEC_LAME_CHECK) } YY_BREAK case 269: YY_RULE_SETUP #line 492 "util/configlexer.lex" -{ YDVAR(1, VAR_RATELIMIT_FACTOR) } +{ YDVAR(1, VAR_IP_RATELIMIT) } YY_BREAK case 270: YY_RULE_SETUP #line 493 "util/configlexer.lex" -{ YDVAR(1, VAR_LOW_RTT) } +{ YDVAR(1, VAR_RATELIMIT) } YY_BREAK case 271: YY_RULE_SETUP #line 494 "util/configlexer.lex" -{ YDVAR(1, VAR_FAST_SERVER_NUM) } +{ YDVAR(1, VAR_IP_RATELIMIT_SLABS) } YY_BREAK case 272: YY_RULE_SETUP #line 495 "util/configlexer.lex" -{ YDVAR(1, VAR_FAST_SERVER_PERMIL) } +{ YDVAR(1, VAR_RATELIMIT_SLABS) } YY_BREAK case 273: YY_RULE_SETUP #line 496 "util/configlexer.lex" -{ YDVAR(1, VAR_FAST_SERVER_PERMIL) } +{ YDVAR(1, VAR_IP_RATELIMIT_SIZE) } YY_BREAK case 274: YY_RULE_SETUP #line 497 "util/configlexer.lex" -{ YDVAR(1, VAR_FAST_SERVER_PERMIL) } +{ YDVAR(1, VAR_RATELIMIT_SIZE) } YY_BREAK case 275: YY_RULE_SETUP #line 498 "util/configlexer.lex" -{ YDVAR(2, VAR_RESPONSE_IP_TAG) } +{ YDVAR(2, VAR_RATELIMIT_FOR_DOMAIN) } YY_BREAK case 276: YY_RULE_SETUP #line 499 "util/configlexer.lex" -{ YDVAR(2, VAR_RESPONSE_IP) } +{ YDVAR(2, VAR_RATELIMIT_BELOW_DOMAIN) } YY_BREAK case 277: YY_RULE_SETUP #line 500 "util/configlexer.lex" -{ YDVAR(2, VAR_RESPONSE_IP_DATA) } +{ YDVAR(1, VAR_IP_RATELIMIT_FACTOR) } YY_BREAK case 278: YY_RULE_SETUP #line 501 "util/configlexer.lex" -{ YDVAR(0, VAR_DNSCRYPT) } +{ YDVAR(1, VAR_RATELIMIT_FACTOR) } YY_BREAK case 279: YY_RULE_SETUP #line 502 "util/configlexer.lex" -{ YDVAR(1, VAR_DNSCRYPT_ENABLE) } +{ YDVAR(1, VAR_LOW_RTT) } YY_BREAK case 280: YY_RULE_SETUP #line 503 "util/configlexer.lex" -{ YDVAR(1, VAR_DNSCRYPT_PORT) } +{ YDVAR(1, VAR_FAST_SERVER_NUM) } YY_BREAK case 281: YY_RULE_SETUP #line 504 "util/configlexer.lex" -{ YDVAR(1, VAR_DNSCRYPT_PROVIDER) } +{ YDVAR(1, VAR_FAST_SERVER_PERMIL) } YY_BREAK case 282: YY_RULE_SETUP #line 505 "util/configlexer.lex" -{ YDVAR(1, VAR_DNSCRYPT_SECRET_KEY) } +{ YDVAR(1, VAR_FAST_SERVER_PERMIL) } YY_BREAK case 283: YY_RULE_SETUP #line 506 "util/configlexer.lex" -{ YDVAR(1, VAR_DNSCRYPT_PROVIDER_CERT) } +{ YDVAR(1, VAR_FAST_SERVER_PERMIL) } YY_BREAK case 284: YY_RULE_SETUP #line 507 "util/configlexer.lex" -{ YDVAR(1, VAR_DNSCRYPT_PROVIDER_CERT_ROTATED) } +{ YDVAR(2, VAR_RESPONSE_IP_TAG) } YY_BREAK case 285: YY_RULE_SETUP #line 508 "util/configlexer.lex" -{ - YDVAR(1, VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE) } +{ YDVAR(2, VAR_RESPONSE_IP) } YY_BREAK case 286: YY_RULE_SETUP -#line 510 "util/configlexer.lex" -{ - YDVAR(1, VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS) } +#line 509 "util/configlexer.lex" +{ YDVAR(2, VAR_RESPONSE_IP_DATA) } YY_BREAK case 287: YY_RULE_SETUP -#line 512 "util/configlexer.lex" -{ YDVAR(1, VAR_DNSCRYPT_NONCE_CACHE_SIZE) } +#line 510 "util/configlexer.lex" +{ YDVAR(0, VAR_DNSCRYPT) } YY_BREAK case 288: YY_RULE_SETUP -#line 513 "util/configlexer.lex" -{ YDVAR(1, VAR_DNSCRYPT_NONCE_CACHE_SLABS) } +#line 511 "util/configlexer.lex" +{ YDVAR(1, VAR_DNSCRYPT_ENABLE) } YY_BREAK case 289: YY_RULE_SETUP -#line 514 "util/configlexer.lex" -{ YDVAR(1, VAR_PAD_RESPONSES) } +#line 512 "util/configlexer.lex" +{ YDVAR(1, VAR_DNSCRYPT_PORT) } YY_BREAK case 290: YY_RULE_SETUP -#line 515 "util/configlexer.lex" -{ YDVAR(1, VAR_PAD_RESPONSES_BLOCK_SIZE) } +#line 513 "util/configlexer.lex" +{ YDVAR(1, VAR_DNSCRYPT_PROVIDER) } YY_BREAK case 291: YY_RULE_SETUP -#line 516 "util/configlexer.lex" -{ YDVAR(1, VAR_PAD_QUERIES) } +#line 514 "util/configlexer.lex" +{ YDVAR(1, VAR_DNSCRYPT_SECRET_KEY) } YY_BREAK case 292: YY_RULE_SETUP -#line 517 "util/configlexer.lex" -{ YDVAR(1, VAR_PAD_QUERIES_BLOCK_SIZE) } +#line 515 "util/configlexer.lex" +{ YDVAR(1, VAR_DNSCRYPT_PROVIDER_CERT) } YY_BREAK case 293: YY_RULE_SETUP -#line 518 "util/configlexer.lex" -{ YDVAR(1, VAR_IPSECMOD_ENABLED) } +#line 516 "util/configlexer.lex" +{ YDVAR(1, VAR_DNSCRYPT_PROVIDER_CERT_ROTATED) } YY_BREAK case 294: YY_RULE_SETUP -#line 519 "util/configlexer.lex" -{ YDVAR(1, VAR_IPSECMOD_IGNORE_BOGUS) } +#line 517 "util/configlexer.lex" +{ + YDVAR(1, VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE) } YY_BREAK case 295: YY_RULE_SETUP -#line 520 "util/configlexer.lex" -{ YDVAR(1, VAR_IPSECMOD_HOOK) } +#line 519 "util/configlexer.lex" +{ + YDVAR(1, VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS) } YY_BREAK case 296: YY_RULE_SETUP #line 521 "util/configlexer.lex" -{ YDVAR(1, VAR_IPSECMOD_MAX_TTL) } +{ YDVAR(1, VAR_DNSCRYPT_NONCE_CACHE_SIZE) } YY_BREAK case 297: YY_RULE_SETUP #line 522 "util/configlexer.lex" -{ YDVAR(1, VAR_IPSECMOD_WHITELIST) } +{ YDVAR(1, VAR_DNSCRYPT_NONCE_CACHE_SLABS) } YY_BREAK case 298: YY_RULE_SETUP #line 523 "util/configlexer.lex" -{ YDVAR(1, VAR_IPSECMOD_WHITELIST) } +{ YDVAR(1, VAR_PAD_RESPONSES) } YY_BREAK case 299: YY_RULE_SETUP #line 524 "util/configlexer.lex" -{ YDVAR(1, VAR_IPSECMOD_STRICT) } +{ YDVAR(1, VAR_PAD_RESPONSES_BLOCK_SIZE) } YY_BREAK case 300: YY_RULE_SETUP #line 525 "util/configlexer.lex" -{ YDVAR(0, VAR_CACHEDB) } +{ YDVAR(1, VAR_PAD_QUERIES) } YY_BREAK case 301: YY_RULE_SETUP #line 526 "util/configlexer.lex" -{ YDVAR(1, VAR_CACHEDB_BACKEND) } +{ YDVAR(1, VAR_PAD_QUERIES_BLOCK_SIZE) } YY_BREAK case 302: YY_RULE_SETUP #line 527 "util/configlexer.lex" -{ YDVAR(1, VAR_CACHEDB_SECRETSEED) } +{ YDVAR(1, VAR_IPSECMOD_ENABLED) } YY_BREAK case 303: YY_RULE_SETUP #line 528 "util/configlexer.lex" -{ YDVAR(1, VAR_CACHEDB_REDISHOST) } +{ YDVAR(1, VAR_IPSECMOD_IGNORE_BOGUS) } YY_BREAK case 304: YY_RULE_SETUP #line 529 "util/configlexer.lex" -{ YDVAR(1, VAR_CACHEDB_REDISPORT) } +{ YDVAR(1, VAR_IPSECMOD_HOOK) } YY_BREAK case 305: YY_RULE_SETUP #line 530 "util/configlexer.lex" -{ YDVAR(1, VAR_CACHEDB_REDISTIMEOUT) } +{ YDVAR(1, VAR_IPSECMOD_MAX_TTL) } YY_BREAK case 306: YY_RULE_SETUP #line 531 "util/configlexer.lex" -{ YDVAR(1, VAR_CACHEDB_REDISEXPIRERECORDS) } +{ YDVAR(1, VAR_IPSECMOD_WHITELIST) } YY_BREAK case 307: YY_RULE_SETUP #line 532 "util/configlexer.lex" -{ YDVAR(0, VAR_IPSET) } +{ YDVAR(1, VAR_IPSECMOD_WHITELIST) } YY_BREAK case 308: YY_RULE_SETUP #line 533 "util/configlexer.lex" -{ YDVAR(1, VAR_IPSET_NAME_V4) } +{ YDVAR(1, VAR_IPSECMOD_STRICT) } YY_BREAK case 309: YY_RULE_SETUP #line 534 "util/configlexer.lex" -{ YDVAR(1, VAR_IPSET_NAME_V6) } +{ YDVAR(0, VAR_CACHEDB) } YY_BREAK case 310: YY_RULE_SETUP #line 535 "util/configlexer.lex" -{ YDVAR(1, VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM) } +{ YDVAR(1, VAR_CACHEDB_BACKEND) } YY_BREAK case 311: YY_RULE_SETUP #line 536 "util/configlexer.lex" -{ YDVAR(2, VAR_TCP_CONNECTION_LIMIT) } +{ YDVAR(1, VAR_CACHEDB_SECRETSEED) } YY_BREAK case 312: YY_RULE_SETUP #line 537 "util/configlexer.lex" -{ YDVAR(2, VAR_EDNS_CLIENT_STRING) } +{ YDVAR(1, VAR_CACHEDB_REDISHOST) } YY_BREAK case 313: YY_RULE_SETUP #line 538 "util/configlexer.lex" -{ YDVAR(1, VAR_EDNS_CLIENT_STRING_OPCODE) } +{ YDVAR(1, VAR_CACHEDB_REDISPORT) } YY_BREAK case 314: YY_RULE_SETUP #line 539 "util/configlexer.lex" -{ YDVAR(1, VAR_NSID ) } +{ YDVAR(1, VAR_CACHEDB_REDISTIMEOUT) } YY_BREAK case 315: -/* rule 315 can match eol */ YY_RULE_SETUP #line 540 "util/configlexer.lex" +{ YDVAR(1, VAR_CACHEDB_REDISEXPIRERECORDS) } + YY_BREAK +case 316: +YY_RULE_SETUP +#line 541 "util/configlexer.lex" +{ YDVAR(0, VAR_IPSET) } + YY_BREAK +case 317: +YY_RULE_SETUP +#line 542 "util/configlexer.lex" +{ YDVAR(1, VAR_IPSET_NAME_V4) } + YY_BREAK +case 318: +YY_RULE_SETUP +#line 543 "util/configlexer.lex" +{ YDVAR(1, VAR_IPSET_NAME_V6) } + YY_BREAK +case 319: +YY_RULE_SETUP +#line 544 "util/configlexer.lex" +{ YDVAR(1, VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM) } + YY_BREAK +case 320: +YY_RULE_SETUP +#line 545 "util/configlexer.lex" +{ YDVAR(2, VAR_TCP_CONNECTION_LIMIT) } + YY_BREAK +case 321: +YY_RULE_SETUP +#line 546 "util/configlexer.lex" +{ YDVAR(2, VAR_EDNS_CLIENT_STRING) } + YY_BREAK +case 322: +YY_RULE_SETUP +#line 547 "util/configlexer.lex" +{ YDVAR(1, VAR_EDNS_CLIENT_STRING_OPCODE) } + YY_BREAK +case 323: +YY_RULE_SETUP +#line 548 "util/configlexer.lex" +{ YDVAR(1, VAR_NSID ) } + YY_BREAK +case 324: +/* rule 324 can match eol */ +YY_RULE_SETUP +#line 549 "util/configlexer.lex" { LEXOUT(("NL\n")); cfg_parser->line++; } YY_BREAK /* Quoted strings. Strip leading and ending quotes */ -case 316: +case 325: YY_RULE_SETUP -#line 543 "util/configlexer.lex" +#line 552 "util/configlexer.lex" { BEGIN(quotedstring); LEXOUT(("QS ")); } YY_BREAK case YY_STATE_EOF(quotedstring): -#line 544 "util/configlexer.lex" +#line 553 "util/configlexer.lex" { yyerror("EOF inside quoted string"); if(--num_args == 0) { BEGIN(INITIAL); } else { BEGIN(val); } } YY_BREAK -case 317: +case 326: YY_RULE_SETUP -#line 549 "util/configlexer.lex" +#line 558 "util/configlexer.lex" { LEXOUT(("STR(%s) ", yytext)); yymore(); } YY_BREAK -case 318: -/* rule 318 can match eol */ +case 327: +/* rule 327 can match eol */ YY_RULE_SETUP -#line 550 "util/configlexer.lex" +#line 559 "util/configlexer.lex" { yyerror("newline inside quoted string, no end \""); cfg_parser->line++; BEGIN(INITIAL); } YY_BREAK -case 319: +case 328: YY_RULE_SETUP -#line 552 "util/configlexer.lex" +#line 561 "util/configlexer.lex" { LEXOUT(("QE ")); if(--num_args == 0) { BEGIN(INITIAL); } @@ -5789,34 +5964,34 @@ YY_RULE_SETUP } YY_BREAK /* Single Quoted strings. Strip leading and ending quotes */ -case 320: +case 329: YY_RULE_SETUP -#line 564 "util/configlexer.lex" +#line 573 "util/configlexer.lex" { BEGIN(singlequotedstr); LEXOUT(("SQS ")); } YY_BREAK case YY_STATE_EOF(singlequotedstr): -#line 565 "util/configlexer.lex" +#line 574 "util/configlexer.lex" { yyerror("EOF inside quoted string"); if(--num_args == 0) { BEGIN(INITIAL); } else { BEGIN(val); } } YY_BREAK -case 321: +case 330: YY_RULE_SETUP -#line 570 "util/configlexer.lex" +#line 579 "util/configlexer.lex" { LEXOUT(("STR(%s) ", yytext)); yymore(); } YY_BREAK -case 322: -/* rule 322 can match eol */ +case 331: +/* rule 331 can match eol */ YY_RULE_SETUP -#line 571 "util/configlexer.lex" +#line 580 "util/configlexer.lex" { yyerror("newline inside quoted string, no end '"); cfg_parser->line++; BEGIN(INITIAL); } YY_BREAK -case 323: +case 332: YY_RULE_SETUP -#line 573 "util/configlexer.lex" +#line 582 "util/configlexer.lex" { LEXOUT(("SQE ")); if(--num_args == 0) { BEGIN(INITIAL); } @@ -5829,38 +6004,38 @@ YY_RULE_SETUP } YY_BREAK /* include: directive */ -case 324: +case 333: YY_RULE_SETUP -#line 585 "util/configlexer.lex" +#line 594 "util/configlexer.lex" { LEXOUT(("v(%s) ", yytext)); inc_prev = YYSTATE; BEGIN(include); } YY_BREAK case YY_STATE_EOF(include): -#line 587 "util/configlexer.lex" +#line 596 "util/configlexer.lex" { yyerror("EOF inside include directive"); BEGIN(inc_prev); } YY_BREAK -case 325: +case 334: YY_RULE_SETUP -#line 591 "util/configlexer.lex" +#line 600 "util/configlexer.lex" { LEXOUT(("ISP ")); /* ignore */ } YY_BREAK -case 326: -/* rule 326 can match eol */ +case 335: +/* rule 335 can match eol */ YY_RULE_SETUP -#line 592 "util/configlexer.lex" +#line 601 "util/configlexer.lex" { LEXOUT(("NL\n")); cfg_parser->line++;} YY_BREAK -case 327: +case 336: YY_RULE_SETUP -#line 593 "util/configlexer.lex" +#line 602 "util/configlexer.lex" { LEXOUT(("IQS ")); BEGIN(include_quoted); } YY_BREAK -case 328: +case 337: YY_RULE_SETUP -#line 594 "util/configlexer.lex" +#line 603 "util/configlexer.lex" { LEXOUT(("Iunquotedstr(%s) ", yytext)); config_start_include_glob(yytext, 0); @@ -5868,27 +6043,27 @@ YY_RULE_SETUP } YY_BREAK case YY_STATE_EOF(include_quoted): -#line 599 "util/configlexer.lex" +#line 608 "util/configlexer.lex" { yyerror("EOF inside quoted string"); BEGIN(inc_prev); } YY_BREAK -case 329: +case 338: YY_RULE_SETUP -#line 603 "util/configlexer.lex" +#line 612 "util/configlexer.lex" { LEXOUT(("ISTR(%s) ", yytext)); yymore(); } YY_BREAK -case 330: -/* rule 330 can match eol */ +case 339: +/* rule 339 can match eol */ YY_RULE_SETUP -#line 604 "util/configlexer.lex" +#line 613 "util/configlexer.lex" { yyerror("newline before \" in include name"); cfg_parser->line++; BEGIN(inc_prev); } YY_BREAK -case 331: +case 340: YY_RULE_SETUP -#line 606 "util/configlexer.lex" +#line 615 "util/configlexer.lex" { LEXOUT(("IQE ")); yytext[yyleng - 1] = '\0'; @@ -5898,7 +6073,7 @@ YY_RULE_SETUP YY_BREAK case YY_STATE_EOF(INITIAL): case YY_STATE_EOF(val): -#line 612 "util/configlexer.lex" +#line 621 "util/configlexer.lex" { LEXOUT(("LEXEOF ")); yy_set_bol(1); /* Set beginning of line, so "^" rules match. */ @@ -5913,39 +6088,39 @@ case YY_STATE_EOF(val): } YY_BREAK /* include-toplevel: directive */ -case 332: +case 341: YY_RULE_SETUP -#line 626 "util/configlexer.lex" +#line 635 "util/configlexer.lex" { LEXOUT(("v(%s) ", yytext)); inc_prev = YYSTATE; BEGIN(include_toplevel); } YY_BREAK case YY_STATE_EOF(include_toplevel): -#line 629 "util/configlexer.lex" +#line 638 "util/configlexer.lex" { yyerror("EOF inside include_toplevel directive"); BEGIN(inc_prev); } YY_BREAK -case 333: +case 342: YY_RULE_SETUP -#line 633 "util/configlexer.lex" +#line 642 "util/configlexer.lex" { LEXOUT(("ITSP ")); /* ignore */ } YY_BREAK -case 334: -/* rule 334 can match eol */ +case 343: +/* rule 343 can match eol */ YY_RULE_SETUP -#line 634 "util/configlexer.lex" +#line 643 "util/configlexer.lex" { LEXOUT(("NL\n")); cfg_parser->line++; } YY_BREAK -case 335: +case 344: YY_RULE_SETUP -#line 635 "util/configlexer.lex" +#line 644 "util/configlexer.lex" { LEXOUT(("ITQS ")); BEGIN(include_toplevel_quoted); } YY_BREAK -case 336: +case 345: YY_RULE_SETUP -#line 636 "util/configlexer.lex" +#line 645 "util/configlexer.lex" { LEXOUT(("ITunquotedstr(%s) ", yytext)); config_start_include_glob(yytext, 1); @@ -5954,29 +6129,29 @@ YY_RULE_SETUP } YY_BREAK case YY_STATE_EOF(include_toplevel_quoted): -#line 642 "util/configlexer.lex" +#line 651 "util/configlexer.lex" { yyerror("EOF inside quoted string"); BEGIN(inc_prev); } YY_BREAK -case 337: +case 346: YY_RULE_SETUP -#line 646 "util/configlexer.lex" +#line 655 "util/configlexer.lex" { LEXOUT(("ITSTR(%s) ", yytext)); yymore(); } YY_BREAK -case 338: -/* rule 338 can match eol */ +case 347: +/* rule 347 can match eol */ YY_RULE_SETUP -#line 647 "util/configlexer.lex" +#line 656 "util/configlexer.lex" { yyerror("newline before \" in include name"); cfg_parser->line++; BEGIN(inc_prev); } YY_BREAK -case 339: +case 348: YY_RULE_SETUP -#line 651 "util/configlexer.lex" +#line 660 "util/configlexer.lex" { LEXOUT(("ITQE ")); yytext[yyleng - 1] = '\0'; @@ -5985,33 +6160,33 @@ YY_RULE_SETUP return (VAR_FORCE_TOPLEVEL); } YY_BREAK -case 340: +case 349: YY_RULE_SETUP -#line 659 "util/configlexer.lex" +#line 668 "util/configlexer.lex" { LEXOUT(("unquotedstr(%s) ", yytext)); if(--num_args == 0) { BEGIN(INITIAL); } yylval.str = strdup(yytext); return STRING_ARG; } YY_BREAK -case 341: +case 350: YY_RULE_SETUP -#line 663 "util/configlexer.lex" +#line 672 "util/configlexer.lex" { ub_c_error_msg("unknown keyword '%s'", yytext); } YY_BREAK -case 342: +case 351: YY_RULE_SETUP -#line 667 "util/configlexer.lex" +#line 676 "util/configlexer.lex" { ub_c_error_msg("stray '%s'", yytext); } YY_BREAK -case 343: +case 352: YY_RULE_SETUP -#line 671 "util/configlexer.lex" +#line 680 "util/configlexer.lex" ECHO; YY_BREAK -#line 6012 "" +#line 6187 "" case YY_END_OF_BUFFER: { @@ -6306,7 +6481,7 @@ static int yy_get_next_buffer (void) while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { yy_current_state = (int) yy_def[yy_current_state]; - if ( yy_current_state >= 3354 ) + if ( yy_current_state >= 3484 ) yy_c = yy_meta[yy_c]; } yy_current_state = yy_nxt[yy_base[yy_current_state] + yy_c]; @@ -6334,11 +6509,11 @@ static int yy_get_next_buffer (void) while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { yy_current_state = (int) yy_def[yy_current_state]; - if ( yy_current_state >= 3354 ) + if ( yy_current_state >= 3484 ) yy_c = yy_meta[yy_c]; } yy_current_state = yy_nxt[yy_base[yy_current_state] + yy_c]; - yy_is_jam = (yy_current_state == 3353); + yy_is_jam = (yy_current_state == 3483); return yy_is_jam ? 0 : yy_current_state; } @@ -6977,6 +7152,6 @@ void yyfree (void * ptr ) #define YYTABLES_NAME "yytables" -#line 671 "util/configlexer.lex" +#line 680 "util/configlexer.lex" diff --git a/util/configlexer.lex b/util/configlexer.lex index bc4e92c7f11c..dbfc17d499f2 100644 --- a/util/configlexer.lex +++ b/util/configlexer.lex @@ -235,6 +235,9 @@ tcp-upstream{COLON} { YDVAR(1, VAR_TCP_UPSTREAM) } tcp-mss{COLON} { YDVAR(1, VAR_TCP_MSS) } outgoing-tcp-mss{COLON} { YDVAR(1, VAR_OUTGOING_TCP_MSS) } tcp-idle-timeout{COLON} { YDVAR(1, VAR_TCP_IDLE_TIMEOUT) } +max-reuse-tcp-queries{COLON} { YDVAR(1, VAR_MAX_REUSE_TCP_QUERIES) } +tcp-reuse-timeout{COLON} { YDVAR(1, VAR_TCP_REUSE_TIMEOUT) } +tcp-auth-query-timeout{COLON} { YDVAR(1, VAR_TCP_AUTH_QUERY_TIMEOUT) } edns-tcp-keepalive{COLON} { YDVAR(1, VAR_EDNS_TCP_KEEPALIVE) } edns-tcp-keepalive-timeout{COLON} { YDVAR(1, VAR_EDNS_TCP_KEEPALIVE_TIMEOUT) } ssl-upstream{COLON} { YDVAR(1, VAR_SSL_UPSTREAM) } @@ -368,8 +371,10 @@ max-ecs-tree-size-ipv6{COLON} { YDVAR(1, VAR_MAX_ECS_TREE_SIZE_IPV6) } hide-identity{COLON} { YDVAR(1, VAR_HIDE_IDENTITY) } hide-version{COLON} { YDVAR(1, VAR_HIDE_VERSION) } hide-trustanchor{COLON} { YDVAR(1, VAR_HIDE_TRUSTANCHOR) } +hide-http-user-agent{COLON} { YDVAR(1, VAR_HIDE_HTTP_USER_AGENT) } identity{COLON} { YDVAR(1, VAR_IDENTITY) } version{COLON} { YDVAR(1, VAR_VERSION) } +http-user-agent{COLON} { YDVAR(1, VAR_HTTP_USER_AGENT) } module-config{COLON} { YDVAR(1, VAR_MODULE_CONF) } dlv-anchor{COLON} { YDVAR(1, VAR_DLV_ANCHOR) } dlv-anchor-file{COLON} { YDVAR(1, VAR_DLV_ANCHOR_FILE) } @@ -382,6 +387,7 @@ root-key-sentinel{COLON} { YDVAR(1, VAR_ROOT_KEY_SENTINEL) } val-override-date{COLON} { YDVAR(1, VAR_VAL_OVERRIDE_DATE) } val-sig-skew-min{COLON} { YDVAR(1, VAR_VAL_SIG_SKEW_MIN) } val-sig-skew-max{COLON} { YDVAR(1, VAR_VAL_SIG_SKEW_MAX) } +val-max-restart{COLON} { YDVAR(1, VAR_VAL_MAX_RESTART) } val-bogus-ttl{COLON} { YDVAR(1, VAR_BOGUS_TTL) } val-clean-additional{COLON} { YDVAR(1, VAR_VAL_CLEAN_ADDITIONAL) } val-permissive-mode{COLON} { YDVAR(1, VAR_VAL_PERMISSIVE_MODE) } @@ -401,6 +407,9 @@ key-cache-slabs{COLON} { YDVAR(1, VAR_KEY_CACHE_SLABS) } neg-cache-size{COLON} { YDVAR(1, VAR_NEG_CACHE_SIZE) } val-nsec3-keysize-iterations{COLON} { YDVAR(1, VAR_VAL_NSEC3_KEYSIZE_ITERATIONS) } +zonemd-permissive-mode{COLON} { YDVAR(1, VAR_ZONEMD_PERMISSIVE_MODE) } +zonemd-check{COLON} { YDVAR(1, VAR_ZONEMD_CHECK) } +zonemd-reject-absence{COLON} { YDVAR(1, VAR_ZONEMD_REJECT_ABSENCE) } add-holddown{COLON} { YDVAR(1, VAR_ADD_HOLDDOWN) } del-holddown{COLON} { YDVAR(1, VAR_DEL_HOLDDOWN) } keep-missing{COLON} { YDVAR(1, VAR_KEEP_MISSING) } diff --git a/util/configparser.c b/util/configparser.c index 8423701db038..127240e38e35 100644 --- a/util/configparser.c +++ b/util/configparser.c @@ -242,210 +242,219 @@ extern int yydebug; VAR_CONTROL_KEY_FILE = 357, /* VAR_CONTROL_KEY_FILE */ VAR_CONTROL_CERT_FILE = 358, /* VAR_CONTROL_CERT_FILE */ VAR_CONTROL_USE_CERT = 359, /* VAR_CONTROL_USE_CERT */ - VAR_EXTENDED_STATISTICS = 360, /* VAR_EXTENDED_STATISTICS */ - VAR_LOCAL_DATA_PTR = 361, /* VAR_LOCAL_DATA_PTR */ - VAR_JOSTLE_TIMEOUT = 362, /* VAR_JOSTLE_TIMEOUT */ - VAR_STUB_PRIME = 363, /* VAR_STUB_PRIME */ - VAR_UNWANTED_REPLY_THRESHOLD = 364, /* VAR_UNWANTED_REPLY_THRESHOLD */ - VAR_LOG_TIME_ASCII = 365, /* VAR_LOG_TIME_ASCII */ - VAR_DOMAIN_INSECURE = 366, /* VAR_DOMAIN_INSECURE */ - VAR_PYTHON = 367, /* VAR_PYTHON */ - VAR_PYTHON_SCRIPT = 368, /* VAR_PYTHON_SCRIPT */ - VAR_VAL_SIG_SKEW_MIN = 369, /* VAR_VAL_SIG_SKEW_MIN */ - VAR_VAL_SIG_SKEW_MAX = 370, /* VAR_VAL_SIG_SKEW_MAX */ - VAR_CACHE_MIN_TTL = 371, /* VAR_CACHE_MIN_TTL */ - VAR_VAL_LOG_LEVEL = 372, /* VAR_VAL_LOG_LEVEL */ - VAR_AUTO_TRUST_ANCHOR_FILE = 373, /* VAR_AUTO_TRUST_ANCHOR_FILE */ - VAR_KEEP_MISSING = 374, /* VAR_KEEP_MISSING */ - VAR_ADD_HOLDDOWN = 375, /* VAR_ADD_HOLDDOWN */ - VAR_DEL_HOLDDOWN = 376, /* VAR_DEL_HOLDDOWN */ - VAR_SO_RCVBUF = 377, /* VAR_SO_RCVBUF */ - VAR_EDNS_BUFFER_SIZE = 378, /* VAR_EDNS_BUFFER_SIZE */ - VAR_PREFETCH = 379, /* VAR_PREFETCH */ - VAR_PREFETCH_KEY = 380, /* VAR_PREFETCH_KEY */ - VAR_SO_SNDBUF = 381, /* VAR_SO_SNDBUF */ - VAR_SO_REUSEPORT = 382, /* VAR_SO_REUSEPORT */ - VAR_HARDEN_BELOW_NXDOMAIN = 383, /* VAR_HARDEN_BELOW_NXDOMAIN */ - VAR_IGNORE_CD_FLAG = 384, /* VAR_IGNORE_CD_FLAG */ - VAR_LOG_QUERIES = 385, /* VAR_LOG_QUERIES */ - VAR_LOG_REPLIES = 386, /* VAR_LOG_REPLIES */ - VAR_LOG_LOCAL_ACTIONS = 387, /* VAR_LOG_LOCAL_ACTIONS */ - VAR_TCP_UPSTREAM = 388, /* VAR_TCP_UPSTREAM */ - VAR_SSL_UPSTREAM = 389, /* VAR_SSL_UPSTREAM */ - VAR_SSL_SERVICE_KEY = 390, /* VAR_SSL_SERVICE_KEY */ - VAR_SSL_SERVICE_PEM = 391, /* VAR_SSL_SERVICE_PEM */ - VAR_SSL_PORT = 392, /* VAR_SSL_PORT */ - VAR_FORWARD_FIRST = 393, /* VAR_FORWARD_FIRST */ - VAR_STUB_SSL_UPSTREAM = 394, /* VAR_STUB_SSL_UPSTREAM */ - VAR_FORWARD_SSL_UPSTREAM = 395, /* VAR_FORWARD_SSL_UPSTREAM */ - VAR_TLS_CERT_BUNDLE = 396, /* VAR_TLS_CERT_BUNDLE */ - VAR_HTTPS_PORT = 397, /* VAR_HTTPS_PORT */ - VAR_HTTP_ENDPOINT = 398, /* VAR_HTTP_ENDPOINT */ - VAR_HTTP_MAX_STREAMS = 399, /* VAR_HTTP_MAX_STREAMS */ - VAR_HTTP_QUERY_BUFFER_SIZE = 400, /* VAR_HTTP_QUERY_BUFFER_SIZE */ - VAR_HTTP_RESPONSE_BUFFER_SIZE = 401, /* VAR_HTTP_RESPONSE_BUFFER_SIZE */ - VAR_HTTP_NODELAY = 402, /* VAR_HTTP_NODELAY */ - VAR_HTTP_NOTLS_DOWNSTREAM = 403, /* VAR_HTTP_NOTLS_DOWNSTREAM */ - VAR_STUB_FIRST = 404, /* VAR_STUB_FIRST */ - VAR_MINIMAL_RESPONSES = 405, /* VAR_MINIMAL_RESPONSES */ - VAR_RRSET_ROUNDROBIN = 406, /* VAR_RRSET_ROUNDROBIN */ - VAR_MAX_UDP_SIZE = 407, /* VAR_MAX_UDP_SIZE */ - VAR_DELAY_CLOSE = 408, /* VAR_DELAY_CLOSE */ - VAR_UDP_CONNECT = 409, /* VAR_UDP_CONNECT */ - VAR_UNBLOCK_LAN_ZONES = 410, /* VAR_UNBLOCK_LAN_ZONES */ - VAR_INSECURE_LAN_ZONES = 411, /* VAR_INSECURE_LAN_ZONES */ - VAR_INFRA_CACHE_MIN_RTT = 412, /* VAR_INFRA_CACHE_MIN_RTT */ - VAR_INFRA_KEEP_PROBING = 413, /* VAR_INFRA_KEEP_PROBING */ - VAR_DNS64_PREFIX = 414, /* VAR_DNS64_PREFIX */ - VAR_DNS64_SYNTHALL = 415, /* VAR_DNS64_SYNTHALL */ - VAR_DNS64_IGNORE_AAAA = 416, /* VAR_DNS64_IGNORE_AAAA */ - VAR_DNSTAP = 417, /* VAR_DNSTAP */ - VAR_DNSTAP_ENABLE = 418, /* VAR_DNSTAP_ENABLE */ - VAR_DNSTAP_SOCKET_PATH = 419, /* VAR_DNSTAP_SOCKET_PATH */ - VAR_DNSTAP_IP = 420, /* VAR_DNSTAP_IP */ - VAR_DNSTAP_TLS = 421, /* VAR_DNSTAP_TLS */ - VAR_DNSTAP_TLS_SERVER_NAME = 422, /* VAR_DNSTAP_TLS_SERVER_NAME */ - VAR_DNSTAP_TLS_CERT_BUNDLE = 423, /* VAR_DNSTAP_TLS_CERT_BUNDLE */ - VAR_DNSTAP_TLS_CLIENT_KEY_FILE = 424, /* VAR_DNSTAP_TLS_CLIENT_KEY_FILE */ - VAR_DNSTAP_TLS_CLIENT_CERT_FILE = 425, /* VAR_DNSTAP_TLS_CLIENT_CERT_FILE */ - VAR_DNSTAP_SEND_IDENTITY = 426, /* VAR_DNSTAP_SEND_IDENTITY */ - VAR_DNSTAP_SEND_VERSION = 427, /* VAR_DNSTAP_SEND_VERSION */ - VAR_DNSTAP_BIDIRECTIONAL = 428, /* VAR_DNSTAP_BIDIRECTIONAL */ - VAR_DNSTAP_IDENTITY = 429, /* VAR_DNSTAP_IDENTITY */ - VAR_DNSTAP_VERSION = 430, /* VAR_DNSTAP_VERSION */ - VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES = 431, /* VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES */ - VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES = 432, /* VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES */ - VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES = 433, /* VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES */ - VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES = 434, /* VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES */ - VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES = 435, /* VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES */ - VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES = 436, /* VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES */ - VAR_RESPONSE_IP_TAG = 437, /* VAR_RESPONSE_IP_TAG */ - VAR_RESPONSE_IP = 438, /* VAR_RESPONSE_IP */ - VAR_RESPONSE_IP_DATA = 439, /* VAR_RESPONSE_IP_DATA */ - VAR_HARDEN_ALGO_DOWNGRADE = 440, /* VAR_HARDEN_ALGO_DOWNGRADE */ - VAR_IP_TRANSPARENT = 441, /* VAR_IP_TRANSPARENT */ - VAR_IP_DSCP = 442, /* VAR_IP_DSCP */ - VAR_DISABLE_DNSSEC_LAME_CHECK = 443, /* VAR_DISABLE_DNSSEC_LAME_CHECK */ - VAR_IP_RATELIMIT = 444, /* VAR_IP_RATELIMIT */ - VAR_IP_RATELIMIT_SLABS = 445, /* VAR_IP_RATELIMIT_SLABS */ - VAR_IP_RATELIMIT_SIZE = 446, /* VAR_IP_RATELIMIT_SIZE */ - VAR_RATELIMIT = 447, /* VAR_RATELIMIT */ - VAR_RATELIMIT_SLABS = 448, /* VAR_RATELIMIT_SLABS */ - VAR_RATELIMIT_SIZE = 449, /* VAR_RATELIMIT_SIZE */ - VAR_RATELIMIT_FOR_DOMAIN = 450, /* VAR_RATELIMIT_FOR_DOMAIN */ - VAR_RATELIMIT_BELOW_DOMAIN = 451, /* VAR_RATELIMIT_BELOW_DOMAIN */ - VAR_IP_RATELIMIT_FACTOR = 452, /* VAR_IP_RATELIMIT_FACTOR */ - VAR_RATELIMIT_FACTOR = 453, /* VAR_RATELIMIT_FACTOR */ - VAR_SEND_CLIENT_SUBNET = 454, /* VAR_SEND_CLIENT_SUBNET */ - VAR_CLIENT_SUBNET_ZONE = 455, /* VAR_CLIENT_SUBNET_ZONE */ - VAR_CLIENT_SUBNET_ALWAYS_FORWARD = 456, /* VAR_CLIENT_SUBNET_ALWAYS_FORWARD */ - VAR_CLIENT_SUBNET_OPCODE = 457, /* VAR_CLIENT_SUBNET_OPCODE */ - VAR_MAX_CLIENT_SUBNET_IPV4 = 458, /* VAR_MAX_CLIENT_SUBNET_IPV4 */ - VAR_MAX_CLIENT_SUBNET_IPV6 = 459, /* VAR_MAX_CLIENT_SUBNET_IPV6 */ - VAR_MIN_CLIENT_SUBNET_IPV4 = 460, /* VAR_MIN_CLIENT_SUBNET_IPV4 */ - VAR_MIN_CLIENT_SUBNET_IPV6 = 461, /* VAR_MIN_CLIENT_SUBNET_IPV6 */ - VAR_MAX_ECS_TREE_SIZE_IPV4 = 462, /* VAR_MAX_ECS_TREE_SIZE_IPV4 */ - VAR_MAX_ECS_TREE_SIZE_IPV6 = 463, /* VAR_MAX_ECS_TREE_SIZE_IPV6 */ - VAR_CAPS_WHITELIST = 464, /* VAR_CAPS_WHITELIST */ - VAR_CACHE_MAX_NEGATIVE_TTL = 465, /* VAR_CACHE_MAX_NEGATIVE_TTL */ - VAR_PERMIT_SMALL_HOLDDOWN = 466, /* VAR_PERMIT_SMALL_HOLDDOWN */ - VAR_QNAME_MINIMISATION = 467, /* VAR_QNAME_MINIMISATION */ - VAR_QNAME_MINIMISATION_STRICT = 468, /* VAR_QNAME_MINIMISATION_STRICT */ - VAR_IP_FREEBIND = 469, /* VAR_IP_FREEBIND */ - VAR_DEFINE_TAG = 470, /* VAR_DEFINE_TAG */ - VAR_LOCAL_ZONE_TAG = 471, /* VAR_LOCAL_ZONE_TAG */ - VAR_ACCESS_CONTROL_TAG = 472, /* VAR_ACCESS_CONTROL_TAG */ - VAR_LOCAL_ZONE_OVERRIDE = 473, /* VAR_LOCAL_ZONE_OVERRIDE */ - VAR_ACCESS_CONTROL_TAG_ACTION = 474, /* VAR_ACCESS_CONTROL_TAG_ACTION */ - VAR_ACCESS_CONTROL_TAG_DATA = 475, /* VAR_ACCESS_CONTROL_TAG_DATA */ - VAR_VIEW = 476, /* VAR_VIEW */ - VAR_ACCESS_CONTROL_VIEW = 477, /* VAR_ACCESS_CONTROL_VIEW */ - VAR_VIEW_FIRST = 478, /* VAR_VIEW_FIRST */ - VAR_SERVE_EXPIRED = 479, /* VAR_SERVE_EXPIRED */ - VAR_SERVE_EXPIRED_TTL = 480, /* VAR_SERVE_EXPIRED_TTL */ - VAR_SERVE_EXPIRED_TTL_RESET = 481, /* VAR_SERVE_EXPIRED_TTL_RESET */ - VAR_SERVE_EXPIRED_REPLY_TTL = 482, /* VAR_SERVE_EXPIRED_REPLY_TTL */ - VAR_SERVE_EXPIRED_CLIENT_TIMEOUT = 483, /* VAR_SERVE_EXPIRED_CLIENT_TIMEOUT */ - VAR_SERVE_ORIGINAL_TTL = 484, /* VAR_SERVE_ORIGINAL_TTL */ - VAR_FAKE_DSA = 485, /* VAR_FAKE_DSA */ - VAR_FAKE_SHA1 = 486, /* VAR_FAKE_SHA1 */ - VAR_LOG_IDENTITY = 487, /* VAR_LOG_IDENTITY */ - VAR_HIDE_TRUSTANCHOR = 488, /* VAR_HIDE_TRUSTANCHOR */ - VAR_TRUST_ANCHOR_SIGNALING = 489, /* VAR_TRUST_ANCHOR_SIGNALING */ - VAR_AGGRESSIVE_NSEC = 490, /* VAR_AGGRESSIVE_NSEC */ - VAR_USE_SYSTEMD = 491, /* VAR_USE_SYSTEMD */ - VAR_SHM_ENABLE = 492, /* VAR_SHM_ENABLE */ - VAR_SHM_KEY = 493, /* VAR_SHM_KEY */ - VAR_ROOT_KEY_SENTINEL = 494, /* VAR_ROOT_KEY_SENTINEL */ - VAR_DNSCRYPT = 495, /* VAR_DNSCRYPT */ - VAR_DNSCRYPT_ENABLE = 496, /* VAR_DNSCRYPT_ENABLE */ - VAR_DNSCRYPT_PORT = 497, /* VAR_DNSCRYPT_PORT */ - VAR_DNSCRYPT_PROVIDER = 498, /* VAR_DNSCRYPT_PROVIDER */ - VAR_DNSCRYPT_SECRET_KEY = 499, /* VAR_DNSCRYPT_SECRET_KEY */ - VAR_DNSCRYPT_PROVIDER_CERT = 500, /* VAR_DNSCRYPT_PROVIDER_CERT */ - VAR_DNSCRYPT_PROVIDER_CERT_ROTATED = 501, /* VAR_DNSCRYPT_PROVIDER_CERT_ROTATED */ - VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE = 502, /* VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE */ - VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS = 503, /* VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS */ - VAR_DNSCRYPT_NONCE_CACHE_SIZE = 504, /* VAR_DNSCRYPT_NONCE_CACHE_SIZE */ - VAR_DNSCRYPT_NONCE_CACHE_SLABS = 505, /* VAR_DNSCRYPT_NONCE_CACHE_SLABS */ - VAR_PAD_RESPONSES = 506, /* VAR_PAD_RESPONSES */ - VAR_PAD_RESPONSES_BLOCK_SIZE = 507, /* VAR_PAD_RESPONSES_BLOCK_SIZE */ - VAR_PAD_QUERIES = 508, /* VAR_PAD_QUERIES */ - VAR_PAD_QUERIES_BLOCK_SIZE = 509, /* VAR_PAD_QUERIES_BLOCK_SIZE */ - VAR_IPSECMOD_ENABLED = 510, /* VAR_IPSECMOD_ENABLED */ - VAR_IPSECMOD_HOOK = 511, /* VAR_IPSECMOD_HOOK */ - VAR_IPSECMOD_IGNORE_BOGUS = 512, /* VAR_IPSECMOD_IGNORE_BOGUS */ - VAR_IPSECMOD_MAX_TTL = 513, /* VAR_IPSECMOD_MAX_TTL */ - VAR_IPSECMOD_WHITELIST = 514, /* VAR_IPSECMOD_WHITELIST */ - VAR_IPSECMOD_STRICT = 515, /* VAR_IPSECMOD_STRICT */ - VAR_CACHEDB = 516, /* VAR_CACHEDB */ - VAR_CACHEDB_BACKEND = 517, /* VAR_CACHEDB_BACKEND */ - VAR_CACHEDB_SECRETSEED = 518, /* VAR_CACHEDB_SECRETSEED */ - VAR_CACHEDB_REDISHOST = 519, /* VAR_CACHEDB_REDISHOST */ - VAR_CACHEDB_REDISPORT = 520, /* VAR_CACHEDB_REDISPORT */ - VAR_CACHEDB_REDISTIMEOUT = 521, /* VAR_CACHEDB_REDISTIMEOUT */ - VAR_CACHEDB_REDISEXPIRERECORDS = 522, /* VAR_CACHEDB_REDISEXPIRERECORDS */ - VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM = 523, /* VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM */ - VAR_FOR_UPSTREAM = 524, /* VAR_FOR_UPSTREAM */ - VAR_AUTH_ZONE = 525, /* VAR_AUTH_ZONE */ - VAR_ZONEFILE = 526, /* VAR_ZONEFILE */ - VAR_MASTER = 527, /* VAR_MASTER */ - VAR_URL = 528, /* VAR_URL */ - VAR_FOR_DOWNSTREAM = 529, /* VAR_FOR_DOWNSTREAM */ - VAR_FALLBACK_ENABLED = 530, /* VAR_FALLBACK_ENABLED */ - VAR_TLS_ADDITIONAL_PORT = 531, /* VAR_TLS_ADDITIONAL_PORT */ - VAR_LOW_RTT = 532, /* VAR_LOW_RTT */ - VAR_LOW_RTT_PERMIL = 533, /* VAR_LOW_RTT_PERMIL */ - VAR_FAST_SERVER_PERMIL = 534, /* VAR_FAST_SERVER_PERMIL */ - VAR_FAST_SERVER_NUM = 535, /* VAR_FAST_SERVER_NUM */ - VAR_ALLOW_NOTIFY = 536, /* VAR_ALLOW_NOTIFY */ - VAR_TLS_WIN_CERT = 537, /* VAR_TLS_WIN_CERT */ - VAR_TCP_CONNECTION_LIMIT = 538, /* VAR_TCP_CONNECTION_LIMIT */ - VAR_FORWARD_NO_CACHE = 539, /* VAR_FORWARD_NO_CACHE */ - VAR_STUB_NO_CACHE = 540, /* VAR_STUB_NO_CACHE */ - VAR_LOG_SERVFAIL = 541, /* VAR_LOG_SERVFAIL */ - VAR_DENY_ANY = 542, /* VAR_DENY_ANY */ - VAR_UNKNOWN_SERVER_TIME_LIMIT = 543, /* VAR_UNKNOWN_SERVER_TIME_LIMIT */ - VAR_LOG_TAG_QUERYREPLY = 544, /* VAR_LOG_TAG_QUERYREPLY */ - VAR_STREAM_WAIT_SIZE = 545, /* VAR_STREAM_WAIT_SIZE */ - VAR_TLS_CIPHERS = 546, /* VAR_TLS_CIPHERS */ - VAR_TLS_CIPHERSUITES = 547, /* VAR_TLS_CIPHERSUITES */ - VAR_TLS_USE_SNI = 548, /* VAR_TLS_USE_SNI */ - VAR_IPSET = 549, /* VAR_IPSET */ - VAR_IPSET_NAME_V4 = 550, /* VAR_IPSET_NAME_V4 */ - VAR_IPSET_NAME_V6 = 551, /* VAR_IPSET_NAME_V6 */ - VAR_TLS_SESSION_TICKET_KEYS = 552, /* VAR_TLS_SESSION_TICKET_KEYS */ - VAR_RPZ = 553, /* VAR_RPZ */ - VAR_TAGS = 554, /* VAR_TAGS */ - VAR_RPZ_ACTION_OVERRIDE = 555, /* VAR_RPZ_ACTION_OVERRIDE */ - VAR_RPZ_CNAME_OVERRIDE = 556, /* VAR_RPZ_CNAME_OVERRIDE */ - VAR_RPZ_LOG = 557, /* VAR_RPZ_LOG */ - VAR_RPZ_LOG_NAME = 558, /* VAR_RPZ_LOG_NAME */ - VAR_DYNLIB = 559, /* VAR_DYNLIB */ - VAR_DYNLIB_FILE = 560, /* VAR_DYNLIB_FILE */ - VAR_EDNS_CLIENT_STRING = 561, /* VAR_EDNS_CLIENT_STRING */ - VAR_EDNS_CLIENT_STRING_OPCODE = 562, /* VAR_EDNS_CLIENT_STRING_OPCODE */ - VAR_NSID = 563 /* VAR_NSID */ + VAR_TCP_REUSE_TIMEOUT = 360, /* VAR_TCP_REUSE_TIMEOUT */ + VAR_MAX_REUSE_TCP_QUERIES = 361, /* VAR_MAX_REUSE_TCP_QUERIES */ + VAR_EXTENDED_STATISTICS = 362, /* VAR_EXTENDED_STATISTICS */ + VAR_LOCAL_DATA_PTR = 363, /* VAR_LOCAL_DATA_PTR */ + VAR_JOSTLE_TIMEOUT = 364, /* VAR_JOSTLE_TIMEOUT */ + VAR_STUB_PRIME = 365, /* VAR_STUB_PRIME */ + VAR_UNWANTED_REPLY_THRESHOLD = 366, /* VAR_UNWANTED_REPLY_THRESHOLD */ + VAR_LOG_TIME_ASCII = 367, /* VAR_LOG_TIME_ASCII */ + VAR_DOMAIN_INSECURE = 368, /* VAR_DOMAIN_INSECURE */ + VAR_PYTHON = 369, /* VAR_PYTHON */ + VAR_PYTHON_SCRIPT = 370, /* VAR_PYTHON_SCRIPT */ + VAR_VAL_SIG_SKEW_MIN = 371, /* VAR_VAL_SIG_SKEW_MIN */ + VAR_VAL_SIG_SKEW_MAX = 372, /* VAR_VAL_SIG_SKEW_MAX */ + VAR_VAL_MAX_RESTART = 373, /* VAR_VAL_MAX_RESTART */ + VAR_CACHE_MIN_TTL = 374, /* VAR_CACHE_MIN_TTL */ + VAR_VAL_LOG_LEVEL = 375, /* VAR_VAL_LOG_LEVEL */ + VAR_AUTO_TRUST_ANCHOR_FILE = 376, /* VAR_AUTO_TRUST_ANCHOR_FILE */ + VAR_KEEP_MISSING = 377, /* VAR_KEEP_MISSING */ + VAR_ADD_HOLDDOWN = 378, /* VAR_ADD_HOLDDOWN */ + VAR_DEL_HOLDDOWN = 379, /* VAR_DEL_HOLDDOWN */ + VAR_SO_RCVBUF = 380, /* VAR_SO_RCVBUF */ + VAR_EDNS_BUFFER_SIZE = 381, /* VAR_EDNS_BUFFER_SIZE */ + VAR_PREFETCH = 382, /* VAR_PREFETCH */ + VAR_PREFETCH_KEY = 383, /* VAR_PREFETCH_KEY */ + VAR_SO_SNDBUF = 384, /* VAR_SO_SNDBUF */ + VAR_SO_REUSEPORT = 385, /* VAR_SO_REUSEPORT */ + VAR_HARDEN_BELOW_NXDOMAIN = 386, /* VAR_HARDEN_BELOW_NXDOMAIN */ + VAR_IGNORE_CD_FLAG = 387, /* VAR_IGNORE_CD_FLAG */ + VAR_LOG_QUERIES = 388, /* VAR_LOG_QUERIES */ + VAR_LOG_REPLIES = 389, /* VAR_LOG_REPLIES */ + VAR_LOG_LOCAL_ACTIONS = 390, /* VAR_LOG_LOCAL_ACTIONS */ + VAR_TCP_UPSTREAM = 391, /* VAR_TCP_UPSTREAM */ + VAR_SSL_UPSTREAM = 392, /* VAR_SSL_UPSTREAM */ + VAR_TCP_AUTH_QUERY_TIMEOUT = 393, /* VAR_TCP_AUTH_QUERY_TIMEOUT */ + VAR_SSL_SERVICE_KEY = 394, /* VAR_SSL_SERVICE_KEY */ + VAR_SSL_SERVICE_PEM = 395, /* VAR_SSL_SERVICE_PEM */ + VAR_SSL_PORT = 396, /* VAR_SSL_PORT */ + VAR_FORWARD_FIRST = 397, /* VAR_FORWARD_FIRST */ + VAR_STUB_SSL_UPSTREAM = 398, /* VAR_STUB_SSL_UPSTREAM */ + VAR_FORWARD_SSL_UPSTREAM = 399, /* VAR_FORWARD_SSL_UPSTREAM */ + VAR_TLS_CERT_BUNDLE = 400, /* VAR_TLS_CERT_BUNDLE */ + VAR_HTTPS_PORT = 401, /* VAR_HTTPS_PORT */ + VAR_HTTP_ENDPOINT = 402, /* VAR_HTTP_ENDPOINT */ + VAR_HTTP_MAX_STREAMS = 403, /* VAR_HTTP_MAX_STREAMS */ + VAR_HTTP_QUERY_BUFFER_SIZE = 404, /* VAR_HTTP_QUERY_BUFFER_SIZE */ + VAR_HTTP_RESPONSE_BUFFER_SIZE = 405, /* VAR_HTTP_RESPONSE_BUFFER_SIZE */ + VAR_HTTP_NODELAY = 406, /* VAR_HTTP_NODELAY */ + VAR_HTTP_NOTLS_DOWNSTREAM = 407, /* VAR_HTTP_NOTLS_DOWNSTREAM */ + VAR_STUB_FIRST = 408, /* VAR_STUB_FIRST */ + VAR_MINIMAL_RESPONSES = 409, /* VAR_MINIMAL_RESPONSES */ + VAR_RRSET_ROUNDROBIN = 410, /* VAR_RRSET_ROUNDROBIN */ + VAR_MAX_UDP_SIZE = 411, /* VAR_MAX_UDP_SIZE */ + VAR_DELAY_CLOSE = 412, /* VAR_DELAY_CLOSE */ + VAR_UDP_CONNECT = 413, /* VAR_UDP_CONNECT */ + VAR_UNBLOCK_LAN_ZONES = 414, /* VAR_UNBLOCK_LAN_ZONES */ + VAR_INSECURE_LAN_ZONES = 415, /* VAR_INSECURE_LAN_ZONES */ + VAR_INFRA_CACHE_MIN_RTT = 416, /* VAR_INFRA_CACHE_MIN_RTT */ + VAR_INFRA_KEEP_PROBING = 417, /* VAR_INFRA_KEEP_PROBING */ + VAR_DNS64_PREFIX = 418, /* VAR_DNS64_PREFIX */ + VAR_DNS64_SYNTHALL = 419, /* VAR_DNS64_SYNTHALL */ + VAR_DNS64_IGNORE_AAAA = 420, /* VAR_DNS64_IGNORE_AAAA */ + VAR_DNSTAP = 421, /* VAR_DNSTAP */ + VAR_DNSTAP_ENABLE = 422, /* VAR_DNSTAP_ENABLE */ + VAR_DNSTAP_SOCKET_PATH = 423, /* VAR_DNSTAP_SOCKET_PATH */ + VAR_DNSTAP_IP = 424, /* VAR_DNSTAP_IP */ + VAR_DNSTAP_TLS = 425, /* VAR_DNSTAP_TLS */ + VAR_DNSTAP_TLS_SERVER_NAME = 426, /* VAR_DNSTAP_TLS_SERVER_NAME */ + VAR_DNSTAP_TLS_CERT_BUNDLE = 427, /* VAR_DNSTAP_TLS_CERT_BUNDLE */ + VAR_DNSTAP_TLS_CLIENT_KEY_FILE = 428, /* VAR_DNSTAP_TLS_CLIENT_KEY_FILE */ + VAR_DNSTAP_TLS_CLIENT_CERT_FILE = 429, /* VAR_DNSTAP_TLS_CLIENT_CERT_FILE */ + VAR_DNSTAP_SEND_IDENTITY = 430, /* VAR_DNSTAP_SEND_IDENTITY */ + VAR_DNSTAP_SEND_VERSION = 431, /* VAR_DNSTAP_SEND_VERSION */ + VAR_DNSTAP_BIDIRECTIONAL = 432, /* VAR_DNSTAP_BIDIRECTIONAL */ + VAR_DNSTAP_IDENTITY = 433, /* VAR_DNSTAP_IDENTITY */ + VAR_DNSTAP_VERSION = 434, /* VAR_DNSTAP_VERSION */ + VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES = 435, /* VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES */ + VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES = 436, /* VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES */ + VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES = 437, /* VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES */ + VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES = 438, /* VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES */ + VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES = 439, /* VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES */ + VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES = 440, /* VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES */ + VAR_RESPONSE_IP_TAG = 441, /* VAR_RESPONSE_IP_TAG */ + VAR_RESPONSE_IP = 442, /* VAR_RESPONSE_IP */ + VAR_RESPONSE_IP_DATA = 443, /* VAR_RESPONSE_IP_DATA */ + VAR_HARDEN_ALGO_DOWNGRADE = 444, /* VAR_HARDEN_ALGO_DOWNGRADE */ + VAR_IP_TRANSPARENT = 445, /* VAR_IP_TRANSPARENT */ + VAR_IP_DSCP = 446, /* VAR_IP_DSCP */ + VAR_DISABLE_DNSSEC_LAME_CHECK = 447, /* VAR_DISABLE_DNSSEC_LAME_CHECK */ + VAR_IP_RATELIMIT = 448, /* VAR_IP_RATELIMIT */ + VAR_IP_RATELIMIT_SLABS = 449, /* VAR_IP_RATELIMIT_SLABS */ + VAR_IP_RATELIMIT_SIZE = 450, /* VAR_IP_RATELIMIT_SIZE */ + VAR_RATELIMIT = 451, /* VAR_RATELIMIT */ + VAR_RATELIMIT_SLABS = 452, /* VAR_RATELIMIT_SLABS */ + VAR_RATELIMIT_SIZE = 453, /* VAR_RATELIMIT_SIZE */ + VAR_RATELIMIT_FOR_DOMAIN = 454, /* VAR_RATELIMIT_FOR_DOMAIN */ + VAR_RATELIMIT_BELOW_DOMAIN = 455, /* VAR_RATELIMIT_BELOW_DOMAIN */ + VAR_IP_RATELIMIT_FACTOR = 456, /* VAR_IP_RATELIMIT_FACTOR */ + VAR_RATELIMIT_FACTOR = 457, /* VAR_RATELIMIT_FACTOR */ + VAR_SEND_CLIENT_SUBNET = 458, /* VAR_SEND_CLIENT_SUBNET */ + VAR_CLIENT_SUBNET_ZONE = 459, /* VAR_CLIENT_SUBNET_ZONE */ + VAR_CLIENT_SUBNET_ALWAYS_FORWARD = 460, /* VAR_CLIENT_SUBNET_ALWAYS_FORWARD */ + VAR_CLIENT_SUBNET_OPCODE = 461, /* VAR_CLIENT_SUBNET_OPCODE */ + VAR_MAX_CLIENT_SUBNET_IPV4 = 462, /* VAR_MAX_CLIENT_SUBNET_IPV4 */ + VAR_MAX_CLIENT_SUBNET_IPV6 = 463, /* VAR_MAX_CLIENT_SUBNET_IPV6 */ + VAR_MIN_CLIENT_SUBNET_IPV4 = 464, /* VAR_MIN_CLIENT_SUBNET_IPV4 */ + VAR_MIN_CLIENT_SUBNET_IPV6 = 465, /* VAR_MIN_CLIENT_SUBNET_IPV6 */ + VAR_MAX_ECS_TREE_SIZE_IPV4 = 466, /* VAR_MAX_ECS_TREE_SIZE_IPV4 */ + VAR_MAX_ECS_TREE_SIZE_IPV6 = 467, /* VAR_MAX_ECS_TREE_SIZE_IPV6 */ + VAR_CAPS_WHITELIST = 468, /* VAR_CAPS_WHITELIST */ + VAR_CACHE_MAX_NEGATIVE_TTL = 469, /* VAR_CACHE_MAX_NEGATIVE_TTL */ + VAR_PERMIT_SMALL_HOLDDOWN = 470, /* VAR_PERMIT_SMALL_HOLDDOWN */ + VAR_QNAME_MINIMISATION = 471, /* VAR_QNAME_MINIMISATION */ + VAR_QNAME_MINIMISATION_STRICT = 472, /* VAR_QNAME_MINIMISATION_STRICT */ + VAR_IP_FREEBIND = 473, /* VAR_IP_FREEBIND */ + VAR_DEFINE_TAG = 474, /* VAR_DEFINE_TAG */ + VAR_LOCAL_ZONE_TAG = 475, /* VAR_LOCAL_ZONE_TAG */ + VAR_ACCESS_CONTROL_TAG = 476, /* VAR_ACCESS_CONTROL_TAG */ + VAR_LOCAL_ZONE_OVERRIDE = 477, /* VAR_LOCAL_ZONE_OVERRIDE */ + VAR_ACCESS_CONTROL_TAG_ACTION = 478, /* VAR_ACCESS_CONTROL_TAG_ACTION */ + VAR_ACCESS_CONTROL_TAG_DATA = 479, /* VAR_ACCESS_CONTROL_TAG_DATA */ + VAR_VIEW = 480, /* VAR_VIEW */ + VAR_ACCESS_CONTROL_VIEW = 481, /* VAR_ACCESS_CONTROL_VIEW */ + VAR_VIEW_FIRST = 482, /* VAR_VIEW_FIRST */ + VAR_SERVE_EXPIRED = 483, /* VAR_SERVE_EXPIRED */ + VAR_SERVE_EXPIRED_TTL = 484, /* VAR_SERVE_EXPIRED_TTL */ + VAR_SERVE_EXPIRED_TTL_RESET = 485, /* VAR_SERVE_EXPIRED_TTL_RESET */ + VAR_SERVE_EXPIRED_REPLY_TTL = 486, /* VAR_SERVE_EXPIRED_REPLY_TTL */ + VAR_SERVE_EXPIRED_CLIENT_TIMEOUT = 487, /* VAR_SERVE_EXPIRED_CLIENT_TIMEOUT */ + VAR_SERVE_ORIGINAL_TTL = 488, /* VAR_SERVE_ORIGINAL_TTL */ + VAR_FAKE_DSA = 489, /* VAR_FAKE_DSA */ + VAR_FAKE_SHA1 = 490, /* VAR_FAKE_SHA1 */ + VAR_LOG_IDENTITY = 491, /* VAR_LOG_IDENTITY */ + VAR_HIDE_TRUSTANCHOR = 492, /* VAR_HIDE_TRUSTANCHOR */ + VAR_HIDE_HTTP_USER_AGENT = 493, /* VAR_HIDE_HTTP_USER_AGENT */ + VAR_HTTP_USER_AGENT = 494, /* VAR_HTTP_USER_AGENT */ + VAR_TRUST_ANCHOR_SIGNALING = 495, /* VAR_TRUST_ANCHOR_SIGNALING */ + VAR_AGGRESSIVE_NSEC = 496, /* VAR_AGGRESSIVE_NSEC */ + VAR_USE_SYSTEMD = 497, /* VAR_USE_SYSTEMD */ + VAR_SHM_ENABLE = 498, /* VAR_SHM_ENABLE */ + VAR_SHM_KEY = 499, /* VAR_SHM_KEY */ + VAR_ROOT_KEY_SENTINEL = 500, /* VAR_ROOT_KEY_SENTINEL */ + VAR_DNSCRYPT = 501, /* VAR_DNSCRYPT */ + VAR_DNSCRYPT_ENABLE = 502, /* VAR_DNSCRYPT_ENABLE */ + VAR_DNSCRYPT_PORT = 503, /* VAR_DNSCRYPT_PORT */ + VAR_DNSCRYPT_PROVIDER = 504, /* VAR_DNSCRYPT_PROVIDER */ + VAR_DNSCRYPT_SECRET_KEY = 505, /* VAR_DNSCRYPT_SECRET_KEY */ + VAR_DNSCRYPT_PROVIDER_CERT = 506, /* VAR_DNSCRYPT_PROVIDER_CERT */ + VAR_DNSCRYPT_PROVIDER_CERT_ROTATED = 507, /* VAR_DNSCRYPT_PROVIDER_CERT_ROTATED */ + VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE = 508, /* VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE */ + VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS = 509, /* VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS */ + VAR_DNSCRYPT_NONCE_CACHE_SIZE = 510, /* VAR_DNSCRYPT_NONCE_CACHE_SIZE */ + VAR_DNSCRYPT_NONCE_CACHE_SLABS = 511, /* VAR_DNSCRYPT_NONCE_CACHE_SLABS */ + VAR_PAD_RESPONSES = 512, /* VAR_PAD_RESPONSES */ + VAR_PAD_RESPONSES_BLOCK_SIZE = 513, /* VAR_PAD_RESPONSES_BLOCK_SIZE */ + VAR_PAD_QUERIES = 514, /* VAR_PAD_QUERIES */ + VAR_PAD_QUERIES_BLOCK_SIZE = 515, /* VAR_PAD_QUERIES_BLOCK_SIZE */ + VAR_IPSECMOD_ENABLED = 516, /* VAR_IPSECMOD_ENABLED */ + VAR_IPSECMOD_HOOK = 517, /* VAR_IPSECMOD_HOOK */ + VAR_IPSECMOD_IGNORE_BOGUS = 518, /* VAR_IPSECMOD_IGNORE_BOGUS */ + VAR_IPSECMOD_MAX_TTL = 519, /* VAR_IPSECMOD_MAX_TTL */ + VAR_IPSECMOD_WHITELIST = 520, /* VAR_IPSECMOD_WHITELIST */ + VAR_IPSECMOD_STRICT = 521, /* VAR_IPSECMOD_STRICT */ + VAR_CACHEDB = 522, /* VAR_CACHEDB */ + VAR_CACHEDB_BACKEND = 523, /* VAR_CACHEDB_BACKEND */ + VAR_CACHEDB_SECRETSEED = 524, /* VAR_CACHEDB_SECRETSEED */ + VAR_CACHEDB_REDISHOST = 525, /* VAR_CACHEDB_REDISHOST */ + VAR_CACHEDB_REDISPORT = 526, /* VAR_CACHEDB_REDISPORT */ + VAR_CACHEDB_REDISTIMEOUT = 527, /* VAR_CACHEDB_REDISTIMEOUT */ + VAR_CACHEDB_REDISEXPIRERECORDS = 528, /* VAR_CACHEDB_REDISEXPIRERECORDS */ + VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM = 529, /* VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM */ + VAR_FOR_UPSTREAM = 530, /* VAR_FOR_UPSTREAM */ + VAR_AUTH_ZONE = 531, /* VAR_AUTH_ZONE */ + VAR_ZONEFILE = 532, /* VAR_ZONEFILE */ + VAR_MASTER = 533, /* VAR_MASTER */ + VAR_URL = 534, /* VAR_URL */ + VAR_FOR_DOWNSTREAM = 535, /* VAR_FOR_DOWNSTREAM */ + VAR_FALLBACK_ENABLED = 536, /* VAR_FALLBACK_ENABLED */ + VAR_TLS_ADDITIONAL_PORT = 537, /* VAR_TLS_ADDITIONAL_PORT */ + VAR_LOW_RTT = 538, /* VAR_LOW_RTT */ + VAR_LOW_RTT_PERMIL = 539, /* VAR_LOW_RTT_PERMIL */ + VAR_FAST_SERVER_PERMIL = 540, /* VAR_FAST_SERVER_PERMIL */ + VAR_FAST_SERVER_NUM = 541, /* VAR_FAST_SERVER_NUM */ + VAR_ALLOW_NOTIFY = 542, /* VAR_ALLOW_NOTIFY */ + VAR_TLS_WIN_CERT = 543, /* VAR_TLS_WIN_CERT */ + VAR_TCP_CONNECTION_LIMIT = 544, /* VAR_TCP_CONNECTION_LIMIT */ + VAR_FORWARD_NO_CACHE = 545, /* VAR_FORWARD_NO_CACHE */ + VAR_STUB_NO_CACHE = 546, /* VAR_STUB_NO_CACHE */ + VAR_LOG_SERVFAIL = 547, /* VAR_LOG_SERVFAIL */ + VAR_DENY_ANY = 548, /* VAR_DENY_ANY */ + VAR_UNKNOWN_SERVER_TIME_LIMIT = 549, /* VAR_UNKNOWN_SERVER_TIME_LIMIT */ + VAR_LOG_TAG_QUERYREPLY = 550, /* VAR_LOG_TAG_QUERYREPLY */ + VAR_STREAM_WAIT_SIZE = 551, /* VAR_STREAM_WAIT_SIZE */ + VAR_TLS_CIPHERS = 552, /* VAR_TLS_CIPHERS */ + VAR_TLS_CIPHERSUITES = 553, /* VAR_TLS_CIPHERSUITES */ + VAR_TLS_USE_SNI = 554, /* VAR_TLS_USE_SNI */ + VAR_IPSET = 555, /* VAR_IPSET */ + VAR_IPSET_NAME_V4 = 556, /* VAR_IPSET_NAME_V4 */ + VAR_IPSET_NAME_V6 = 557, /* VAR_IPSET_NAME_V6 */ + VAR_TLS_SESSION_TICKET_KEYS = 558, /* VAR_TLS_SESSION_TICKET_KEYS */ + VAR_RPZ = 559, /* VAR_RPZ */ + VAR_TAGS = 560, /* VAR_TAGS */ + VAR_RPZ_ACTION_OVERRIDE = 561, /* VAR_RPZ_ACTION_OVERRIDE */ + VAR_RPZ_CNAME_OVERRIDE = 562, /* VAR_RPZ_CNAME_OVERRIDE */ + VAR_RPZ_LOG = 563, /* VAR_RPZ_LOG */ + VAR_RPZ_LOG_NAME = 564, /* VAR_RPZ_LOG_NAME */ + VAR_DYNLIB = 565, /* VAR_DYNLIB */ + VAR_DYNLIB_FILE = 566, /* VAR_DYNLIB_FILE */ + VAR_EDNS_CLIENT_STRING = 567, /* VAR_EDNS_CLIENT_STRING */ + VAR_EDNS_CLIENT_STRING_OPCODE = 568, /* VAR_EDNS_CLIENT_STRING_OPCODE */ + VAR_NSID = 569, /* VAR_NSID */ + VAR_ZONEMD_PERMISSIVE_MODE = 570, /* VAR_ZONEMD_PERMISSIVE_MODE */ + VAR_ZONEMD_CHECK = 571, /* VAR_ZONEMD_CHECK */ + VAR_ZONEMD_REJECT_ABSENCE = 572 /* VAR_ZONEMD_REJECT_ABSENCE */ }; typedef enum yytokentype yytoken_kind_t; #endif @@ -555,210 +564,219 @@ extern int yydebug; #define VAR_CONTROL_KEY_FILE 357 #define VAR_CONTROL_CERT_FILE 358 #define VAR_CONTROL_USE_CERT 359 -#define VAR_EXTENDED_STATISTICS 360 -#define VAR_LOCAL_DATA_PTR 361 -#define VAR_JOSTLE_TIMEOUT 362 -#define VAR_STUB_PRIME 363 -#define VAR_UNWANTED_REPLY_THRESHOLD 364 -#define VAR_LOG_TIME_ASCII 365 -#define VAR_DOMAIN_INSECURE 366 -#define VAR_PYTHON 367 -#define VAR_PYTHON_SCRIPT 368 -#define VAR_VAL_SIG_SKEW_MIN 369 -#define VAR_VAL_SIG_SKEW_MAX 370 -#define VAR_CACHE_MIN_TTL 371 -#define VAR_VAL_LOG_LEVEL 372 -#define VAR_AUTO_TRUST_ANCHOR_FILE 373 -#define VAR_KEEP_MISSING 374 -#define VAR_ADD_HOLDDOWN 375 -#define VAR_DEL_HOLDDOWN 376 -#define VAR_SO_RCVBUF 377 -#define VAR_EDNS_BUFFER_SIZE 378 -#define VAR_PREFETCH 379 -#define VAR_PREFETCH_KEY 380 -#define VAR_SO_SNDBUF 381 -#define VAR_SO_REUSEPORT 382 -#define VAR_HARDEN_BELOW_NXDOMAIN 383 -#define VAR_IGNORE_CD_FLAG 384 -#define VAR_LOG_QUERIES 385 -#define VAR_LOG_REPLIES 386 -#define VAR_LOG_LOCAL_ACTIONS 387 -#define VAR_TCP_UPSTREAM 388 -#define VAR_SSL_UPSTREAM 389 -#define VAR_SSL_SERVICE_KEY 390 -#define VAR_SSL_SERVICE_PEM 391 -#define VAR_SSL_PORT 392 -#define VAR_FORWARD_FIRST 393 -#define VAR_STUB_SSL_UPSTREAM 394 -#define VAR_FORWARD_SSL_UPSTREAM 395 -#define VAR_TLS_CERT_BUNDLE 396 -#define VAR_HTTPS_PORT 397 -#define VAR_HTTP_ENDPOINT 398 -#define VAR_HTTP_MAX_STREAMS 399 -#define VAR_HTTP_QUERY_BUFFER_SIZE 400 -#define VAR_HTTP_RESPONSE_BUFFER_SIZE 401 -#define VAR_HTTP_NODELAY 402 -#define VAR_HTTP_NOTLS_DOWNSTREAM 403 -#define VAR_STUB_FIRST 404 -#define VAR_MINIMAL_RESPONSES 405 -#define VAR_RRSET_ROUNDROBIN 406 -#define VAR_MAX_UDP_SIZE 407 -#define VAR_DELAY_CLOSE 408 -#define VAR_UDP_CONNECT 409 -#define VAR_UNBLOCK_LAN_ZONES 410 -#define VAR_INSECURE_LAN_ZONES 411 -#define VAR_INFRA_CACHE_MIN_RTT 412 -#define VAR_INFRA_KEEP_PROBING 413 -#define VAR_DNS64_PREFIX 414 -#define VAR_DNS64_SYNTHALL 415 -#define VAR_DNS64_IGNORE_AAAA 416 -#define VAR_DNSTAP 417 -#define VAR_DNSTAP_ENABLE 418 -#define VAR_DNSTAP_SOCKET_PATH 419 -#define VAR_DNSTAP_IP 420 -#define VAR_DNSTAP_TLS 421 -#define VAR_DNSTAP_TLS_SERVER_NAME 422 -#define VAR_DNSTAP_TLS_CERT_BUNDLE 423 -#define VAR_DNSTAP_TLS_CLIENT_KEY_FILE 424 -#define VAR_DNSTAP_TLS_CLIENT_CERT_FILE 425 -#define VAR_DNSTAP_SEND_IDENTITY 426 -#define VAR_DNSTAP_SEND_VERSION 427 -#define VAR_DNSTAP_BIDIRECTIONAL 428 -#define VAR_DNSTAP_IDENTITY 429 -#define VAR_DNSTAP_VERSION 430 -#define VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES 431 -#define VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES 432 -#define VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES 433 -#define VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES 434 -#define VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES 435 -#define VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES 436 -#define VAR_RESPONSE_IP_TAG 437 -#define VAR_RESPONSE_IP 438 -#define VAR_RESPONSE_IP_DATA 439 -#define VAR_HARDEN_ALGO_DOWNGRADE 440 -#define VAR_IP_TRANSPARENT 441 -#define VAR_IP_DSCP 442 -#define VAR_DISABLE_DNSSEC_LAME_CHECK 443 -#define VAR_IP_RATELIMIT 444 -#define VAR_IP_RATELIMIT_SLABS 445 -#define VAR_IP_RATELIMIT_SIZE 446 -#define VAR_RATELIMIT 447 -#define VAR_RATELIMIT_SLABS 448 -#define VAR_RATELIMIT_SIZE 449 -#define VAR_RATELIMIT_FOR_DOMAIN 450 -#define VAR_RATELIMIT_BELOW_DOMAIN 451 -#define VAR_IP_RATELIMIT_FACTOR 452 -#define VAR_RATELIMIT_FACTOR 453 -#define VAR_SEND_CLIENT_SUBNET 454 -#define VAR_CLIENT_SUBNET_ZONE 455 -#define VAR_CLIENT_SUBNET_ALWAYS_FORWARD 456 -#define VAR_CLIENT_SUBNET_OPCODE 457 -#define VAR_MAX_CLIENT_SUBNET_IPV4 458 -#define VAR_MAX_CLIENT_SUBNET_IPV6 459 -#define VAR_MIN_CLIENT_SUBNET_IPV4 460 -#define VAR_MIN_CLIENT_SUBNET_IPV6 461 -#define VAR_MAX_ECS_TREE_SIZE_IPV4 462 -#define VAR_MAX_ECS_TREE_SIZE_IPV6 463 -#define VAR_CAPS_WHITELIST 464 -#define VAR_CACHE_MAX_NEGATIVE_TTL 465 -#define VAR_PERMIT_SMALL_HOLDDOWN 466 -#define VAR_QNAME_MINIMISATION 467 -#define VAR_QNAME_MINIMISATION_STRICT 468 -#define VAR_IP_FREEBIND 469 -#define VAR_DEFINE_TAG 470 -#define VAR_LOCAL_ZONE_TAG 471 -#define VAR_ACCESS_CONTROL_TAG 472 -#define VAR_LOCAL_ZONE_OVERRIDE 473 -#define VAR_ACCESS_CONTROL_TAG_ACTION 474 -#define VAR_ACCESS_CONTROL_TAG_DATA 475 -#define VAR_VIEW 476 -#define VAR_ACCESS_CONTROL_VIEW 477 -#define VAR_VIEW_FIRST 478 -#define VAR_SERVE_EXPIRED 479 -#define VAR_SERVE_EXPIRED_TTL 480 -#define VAR_SERVE_EXPIRED_TTL_RESET 481 -#define VAR_SERVE_EXPIRED_REPLY_TTL 482 -#define VAR_SERVE_EXPIRED_CLIENT_TIMEOUT 483 -#define VAR_SERVE_ORIGINAL_TTL 484 -#define VAR_FAKE_DSA 485 -#define VAR_FAKE_SHA1 486 -#define VAR_LOG_IDENTITY 487 -#define VAR_HIDE_TRUSTANCHOR 488 -#define VAR_TRUST_ANCHOR_SIGNALING 489 -#define VAR_AGGRESSIVE_NSEC 490 -#define VAR_USE_SYSTEMD 491 -#define VAR_SHM_ENABLE 492 -#define VAR_SHM_KEY 493 -#define VAR_ROOT_KEY_SENTINEL 494 -#define VAR_DNSCRYPT 495 -#define VAR_DNSCRYPT_ENABLE 496 -#define VAR_DNSCRYPT_PORT 497 -#define VAR_DNSCRYPT_PROVIDER 498 -#define VAR_DNSCRYPT_SECRET_KEY 499 -#define VAR_DNSCRYPT_PROVIDER_CERT 500 -#define VAR_DNSCRYPT_PROVIDER_CERT_ROTATED 501 -#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE 502 -#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS 503 -#define VAR_DNSCRYPT_NONCE_CACHE_SIZE 504 -#define VAR_DNSCRYPT_NONCE_CACHE_SLABS 505 -#define VAR_PAD_RESPONSES 506 -#define VAR_PAD_RESPONSES_BLOCK_SIZE 507 -#define VAR_PAD_QUERIES 508 -#define VAR_PAD_QUERIES_BLOCK_SIZE 509 -#define VAR_IPSECMOD_ENABLED 510 -#define VAR_IPSECMOD_HOOK 511 -#define VAR_IPSECMOD_IGNORE_BOGUS 512 -#define VAR_IPSECMOD_MAX_TTL 513 -#define VAR_IPSECMOD_WHITELIST 514 -#define VAR_IPSECMOD_STRICT 515 -#define VAR_CACHEDB 516 -#define VAR_CACHEDB_BACKEND 517 -#define VAR_CACHEDB_SECRETSEED 518 -#define VAR_CACHEDB_REDISHOST 519 -#define VAR_CACHEDB_REDISPORT 520 -#define VAR_CACHEDB_REDISTIMEOUT 521 -#define VAR_CACHEDB_REDISEXPIRERECORDS 522 -#define VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM 523 -#define VAR_FOR_UPSTREAM 524 -#define VAR_AUTH_ZONE 525 -#define VAR_ZONEFILE 526 -#define VAR_MASTER 527 -#define VAR_URL 528 -#define VAR_FOR_DOWNSTREAM 529 -#define VAR_FALLBACK_ENABLED 530 -#define VAR_TLS_ADDITIONAL_PORT 531 -#define VAR_LOW_RTT 532 -#define VAR_LOW_RTT_PERMIL 533 -#define VAR_FAST_SERVER_PERMIL 534 -#define VAR_FAST_SERVER_NUM 535 -#define VAR_ALLOW_NOTIFY 536 -#define VAR_TLS_WIN_CERT 537 -#define VAR_TCP_CONNECTION_LIMIT 538 -#define VAR_FORWARD_NO_CACHE 539 -#define VAR_STUB_NO_CACHE 540 -#define VAR_LOG_SERVFAIL 541 -#define VAR_DENY_ANY 542 -#define VAR_UNKNOWN_SERVER_TIME_LIMIT 543 -#define VAR_LOG_TAG_QUERYREPLY 544 -#define VAR_STREAM_WAIT_SIZE 545 -#define VAR_TLS_CIPHERS 546 -#define VAR_TLS_CIPHERSUITES 547 -#define VAR_TLS_USE_SNI 548 -#define VAR_IPSET 549 -#define VAR_IPSET_NAME_V4 550 -#define VAR_IPSET_NAME_V6 551 -#define VAR_TLS_SESSION_TICKET_KEYS 552 -#define VAR_RPZ 553 -#define VAR_TAGS 554 -#define VAR_RPZ_ACTION_OVERRIDE 555 -#define VAR_RPZ_CNAME_OVERRIDE 556 -#define VAR_RPZ_LOG 557 -#define VAR_RPZ_LOG_NAME 558 -#define VAR_DYNLIB 559 -#define VAR_DYNLIB_FILE 560 -#define VAR_EDNS_CLIENT_STRING 561 -#define VAR_EDNS_CLIENT_STRING_OPCODE 562 -#define VAR_NSID 563 +#define VAR_TCP_REUSE_TIMEOUT 360 +#define VAR_MAX_REUSE_TCP_QUERIES 361 +#define VAR_EXTENDED_STATISTICS 362 +#define VAR_LOCAL_DATA_PTR 363 +#define VAR_JOSTLE_TIMEOUT 364 +#define VAR_STUB_PRIME 365 +#define VAR_UNWANTED_REPLY_THRESHOLD 366 +#define VAR_LOG_TIME_ASCII 367 +#define VAR_DOMAIN_INSECURE 368 +#define VAR_PYTHON 369 +#define VAR_PYTHON_SCRIPT 370 +#define VAR_VAL_SIG_SKEW_MIN 371 +#define VAR_VAL_SIG_SKEW_MAX 372 +#define VAR_VAL_MAX_RESTART 373 +#define VAR_CACHE_MIN_TTL 374 +#define VAR_VAL_LOG_LEVEL 375 +#define VAR_AUTO_TRUST_ANCHOR_FILE 376 +#define VAR_KEEP_MISSING 377 +#define VAR_ADD_HOLDDOWN 378 +#define VAR_DEL_HOLDDOWN 379 +#define VAR_SO_RCVBUF 380 +#define VAR_EDNS_BUFFER_SIZE 381 +#define VAR_PREFETCH 382 +#define VAR_PREFETCH_KEY 383 +#define VAR_SO_SNDBUF 384 +#define VAR_SO_REUSEPORT 385 +#define VAR_HARDEN_BELOW_NXDOMAIN 386 +#define VAR_IGNORE_CD_FLAG 387 +#define VAR_LOG_QUERIES 388 +#define VAR_LOG_REPLIES 389 +#define VAR_LOG_LOCAL_ACTIONS 390 +#define VAR_TCP_UPSTREAM 391 +#define VAR_SSL_UPSTREAM 392 +#define VAR_TCP_AUTH_QUERY_TIMEOUT 393 +#define VAR_SSL_SERVICE_KEY 394 +#define VAR_SSL_SERVICE_PEM 395 +#define VAR_SSL_PORT 396 +#define VAR_FORWARD_FIRST 397 +#define VAR_STUB_SSL_UPSTREAM 398 +#define VAR_FORWARD_SSL_UPSTREAM 399 +#define VAR_TLS_CERT_BUNDLE 400 +#define VAR_HTTPS_PORT 401 +#define VAR_HTTP_ENDPOINT 402 +#define VAR_HTTP_MAX_STREAMS 403 +#define VAR_HTTP_QUERY_BUFFER_SIZE 404 +#define VAR_HTTP_RESPONSE_BUFFER_SIZE 405 +#define VAR_HTTP_NODELAY 406 +#define VAR_HTTP_NOTLS_DOWNSTREAM 407 +#define VAR_STUB_FIRST 408 +#define VAR_MINIMAL_RESPONSES 409 +#define VAR_RRSET_ROUNDROBIN 410 +#define VAR_MAX_UDP_SIZE 411 +#define VAR_DELAY_CLOSE 412 +#define VAR_UDP_CONNECT 413 +#define VAR_UNBLOCK_LAN_ZONES 414 +#define VAR_INSECURE_LAN_ZONES 415 +#define VAR_INFRA_CACHE_MIN_RTT 416 +#define VAR_INFRA_KEEP_PROBING 417 +#define VAR_DNS64_PREFIX 418 +#define VAR_DNS64_SYNTHALL 419 +#define VAR_DNS64_IGNORE_AAAA 420 +#define VAR_DNSTAP 421 +#define VAR_DNSTAP_ENABLE 422 +#define VAR_DNSTAP_SOCKET_PATH 423 +#define VAR_DNSTAP_IP 424 +#define VAR_DNSTAP_TLS 425 +#define VAR_DNSTAP_TLS_SERVER_NAME 426 +#define VAR_DNSTAP_TLS_CERT_BUNDLE 427 +#define VAR_DNSTAP_TLS_CLIENT_KEY_FILE 428 +#define VAR_DNSTAP_TLS_CLIENT_CERT_FILE 429 +#define VAR_DNSTAP_SEND_IDENTITY 430 +#define VAR_DNSTAP_SEND_VERSION 431 +#define VAR_DNSTAP_BIDIRECTIONAL 432 +#define VAR_DNSTAP_IDENTITY 433 +#define VAR_DNSTAP_VERSION 434 +#define VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES 435 +#define VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES 436 +#define VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES 437 +#define VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES 438 +#define VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES 439 +#define VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES 440 +#define VAR_RESPONSE_IP_TAG 441 +#define VAR_RESPONSE_IP 442 +#define VAR_RESPONSE_IP_DATA 443 +#define VAR_HARDEN_ALGO_DOWNGRADE 444 +#define VAR_IP_TRANSPARENT 445 +#define VAR_IP_DSCP 446 +#define VAR_DISABLE_DNSSEC_LAME_CHECK 447 +#define VAR_IP_RATELIMIT 448 +#define VAR_IP_RATELIMIT_SLABS 449 +#define VAR_IP_RATELIMIT_SIZE 450 +#define VAR_RATELIMIT 451 +#define VAR_RATELIMIT_SLABS 452 +#define VAR_RATELIMIT_SIZE 453 +#define VAR_RATELIMIT_FOR_DOMAIN 454 +#define VAR_RATELIMIT_BELOW_DOMAIN 455 +#define VAR_IP_RATELIMIT_FACTOR 456 +#define VAR_RATELIMIT_FACTOR 457 +#define VAR_SEND_CLIENT_SUBNET 458 +#define VAR_CLIENT_SUBNET_ZONE 459 +#define VAR_CLIENT_SUBNET_ALWAYS_FORWARD 460 +#define VAR_CLIENT_SUBNET_OPCODE 461 +#define VAR_MAX_CLIENT_SUBNET_IPV4 462 +#define VAR_MAX_CLIENT_SUBNET_IPV6 463 +#define VAR_MIN_CLIENT_SUBNET_IPV4 464 +#define VAR_MIN_CLIENT_SUBNET_IPV6 465 +#define VAR_MAX_ECS_TREE_SIZE_IPV4 466 +#define VAR_MAX_ECS_TREE_SIZE_IPV6 467 +#define VAR_CAPS_WHITELIST 468 +#define VAR_CACHE_MAX_NEGATIVE_TTL 469 +#define VAR_PERMIT_SMALL_HOLDDOWN 470 +#define VAR_QNAME_MINIMISATION 471 +#define VAR_QNAME_MINIMISATION_STRICT 472 +#define VAR_IP_FREEBIND 473 +#define VAR_DEFINE_TAG 474 +#define VAR_LOCAL_ZONE_TAG 475 +#define VAR_ACCESS_CONTROL_TAG 476 +#define VAR_LOCAL_ZONE_OVERRIDE 477 +#define VAR_ACCESS_CONTROL_TAG_ACTION 478 +#define VAR_ACCESS_CONTROL_TAG_DATA 479 +#define VAR_VIEW 480 +#define VAR_ACCESS_CONTROL_VIEW 481 +#define VAR_VIEW_FIRST 482 +#define VAR_SERVE_EXPIRED 483 +#define VAR_SERVE_EXPIRED_TTL 484 +#define VAR_SERVE_EXPIRED_TTL_RESET 485 +#define VAR_SERVE_EXPIRED_REPLY_TTL 486 +#define VAR_SERVE_EXPIRED_CLIENT_TIMEOUT 487 +#define VAR_SERVE_ORIGINAL_TTL 488 +#define VAR_FAKE_DSA 489 +#define VAR_FAKE_SHA1 490 +#define VAR_LOG_IDENTITY 491 +#define VAR_HIDE_TRUSTANCHOR 492 +#define VAR_HIDE_HTTP_USER_AGENT 493 +#define VAR_HTTP_USER_AGENT 494 +#define VAR_TRUST_ANCHOR_SIGNALING 495 +#define VAR_AGGRESSIVE_NSEC 496 +#define VAR_USE_SYSTEMD 497 +#define VAR_SHM_ENABLE 498 +#define VAR_SHM_KEY 499 +#define VAR_ROOT_KEY_SENTINEL 500 +#define VAR_DNSCRYPT 501 +#define VAR_DNSCRYPT_ENABLE 502 +#define VAR_DNSCRYPT_PORT 503 +#define VAR_DNSCRYPT_PROVIDER 504 +#define VAR_DNSCRYPT_SECRET_KEY 505 +#define VAR_DNSCRYPT_PROVIDER_CERT 506 +#define VAR_DNSCRYPT_PROVIDER_CERT_ROTATED 507 +#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE 508 +#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS 509 +#define VAR_DNSCRYPT_NONCE_CACHE_SIZE 510 +#define VAR_DNSCRYPT_NONCE_CACHE_SLABS 511 +#define VAR_PAD_RESPONSES 512 +#define VAR_PAD_RESPONSES_BLOCK_SIZE 513 +#define VAR_PAD_QUERIES 514 +#define VAR_PAD_QUERIES_BLOCK_SIZE 515 +#define VAR_IPSECMOD_ENABLED 516 +#define VAR_IPSECMOD_HOOK 517 +#define VAR_IPSECMOD_IGNORE_BOGUS 518 +#define VAR_IPSECMOD_MAX_TTL 519 +#define VAR_IPSECMOD_WHITELIST 520 +#define VAR_IPSECMOD_STRICT 521 +#define VAR_CACHEDB 522 +#define VAR_CACHEDB_BACKEND 523 +#define VAR_CACHEDB_SECRETSEED 524 +#define VAR_CACHEDB_REDISHOST 525 +#define VAR_CACHEDB_REDISPORT 526 +#define VAR_CACHEDB_REDISTIMEOUT 527 +#define VAR_CACHEDB_REDISEXPIRERECORDS 528 +#define VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM 529 +#define VAR_FOR_UPSTREAM 530 +#define VAR_AUTH_ZONE 531 +#define VAR_ZONEFILE 532 +#define VAR_MASTER 533 +#define VAR_URL 534 +#define VAR_FOR_DOWNSTREAM 535 +#define VAR_FALLBACK_ENABLED 536 +#define VAR_TLS_ADDITIONAL_PORT 537 +#define VAR_LOW_RTT 538 +#define VAR_LOW_RTT_PERMIL 539 +#define VAR_FAST_SERVER_PERMIL 540 +#define VAR_FAST_SERVER_NUM 541 +#define VAR_ALLOW_NOTIFY 542 +#define VAR_TLS_WIN_CERT 543 +#define VAR_TCP_CONNECTION_LIMIT 544 +#define VAR_FORWARD_NO_CACHE 545 +#define VAR_STUB_NO_CACHE 546 +#define VAR_LOG_SERVFAIL 547 +#define VAR_DENY_ANY 548 +#define VAR_UNKNOWN_SERVER_TIME_LIMIT 549 +#define VAR_LOG_TAG_QUERYREPLY 550 +#define VAR_STREAM_WAIT_SIZE 551 +#define VAR_TLS_CIPHERS 552 +#define VAR_TLS_CIPHERSUITES 553 +#define VAR_TLS_USE_SNI 554 +#define VAR_IPSET 555 +#define VAR_IPSET_NAME_V4 556 +#define VAR_IPSET_NAME_V6 557 +#define VAR_TLS_SESSION_TICKET_KEYS 558 +#define VAR_RPZ 559 +#define VAR_TAGS 560 +#define VAR_RPZ_ACTION_OVERRIDE 561 +#define VAR_RPZ_CNAME_OVERRIDE 562 +#define VAR_RPZ_LOG 563 +#define VAR_RPZ_LOG_NAME 564 +#define VAR_DYNLIB 565 +#define VAR_DYNLIB_FILE 566 +#define VAR_EDNS_CLIENT_STRING 567 +#define VAR_EDNS_CLIENT_STRING_OPCODE 568 +#define VAR_NSID 569 +#define VAR_ZONEMD_PERMISSIVE_MODE 570 +#define VAR_ZONEMD_CHECK 571 +#define VAR_ZONEMD_REJECT_ABSENCE 572 /* Value type. */ #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED @@ -768,7 +786,7 @@ union YYSTYPE char* str; -#line 772 "util/configparser.c" +#line 790 "util/configparser.c" }; typedef union YYSTYPE YYSTYPE; @@ -891,544 +909,562 @@ enum yysymbol_kind_t YYSYMBOL_VAR_CONTROL_KEY_FILE = 102, /* VAR_CONTROL_KEY_FILE */ YYSYMBOL_VAR_CONTROL_CERT_FILE = 103, /* VAR_CONTROL_CERT_FILE */ YYSYMBOL_VAR_CONTROL_USE_CERT = 104, /* VAR_CONTROL_USE_CERT */ - YYSYMBOL_VAR_EXTENDED_STATISTICS = 105, /* VAR_EXTENDED_STATISTICS */ - YYSYMBOL_VAR_LOCAL_DATA_PTR = 106, /* VAR_LOCAL_DATA_PTR */ - YYSYMBOL_VAR_JOSTLE_TIMEOUT = 107, /* VAR_JOSTLE_TIMEOUT */ - YYSYMBOL_VAR_STUB_PRIME = 108, /* VAR_STUB_PRIME */ - YYSYMBOL_VAR_UNWANTED_REPLY_THRESHOLD = 109, /* VAR_UNWANTED_REPLY_THRESHOLD */ - YYSYMBOL_VAR_LOG_TIME_ASCII = 110, /* VAR_LOG_TIME_ASCII */ - YYSYMBOL_VAR_DOMAIN_INSECURE = 111, /* VAR_DOMAIN_INSECURE */ - YYSYMBOL_VAR_PYTHON = 112, /* VAR_PYTHON */ - YYSYMBOL_VAR_PYTHON_SCRIPT = 113, /* VAR_PYTHON_SCRIPT */ - YYSYMBOL_VAR_VAL_SIG_SKEW_MIN = 114, /* VAR_VAL_SIG_SKEW_MIN */ - YYSYMBOL_VAR_VAL_SIG_SKEW_MAX = 115, /* VAR_VAL_SIG_SKEW_MAX */ - YYSYMBOL_VAR_CACHE_MIN_TTL = 116, /* VAR_CACHE_MIN_TTL */ - YYSYMBOL_VAR_VAL_LOG_LEVEL = 117, /* VAR_VAL_LOG_LEVEL */ - YYSYMBOL_VAR_AUTO_TRUST_ANCHOR_FILE = 118, /* VAR_AUTO_TRUST_ANCHOR_FILE */ - YYSYMBOL_VAR_KEEP_MISSING = 119, /* VAR_KEEP_MISSING */ - YYSYMBOL_VAR_ADD_HOLDDOWN = 120, /* VAR_ADD_HOLDDOWN */ - YYSYMBOL_VAR_DEL_HOLDDOWN = 121, /* VAR_DEL_HOLDDOWN */ - YYSYMBOL_VAR_SO_RCVBUF = 122, /* VAR_SO_RCVBUF */ - YYSYMBOL_VAR_EDNS_BUFFER_SIZE = 123, /* VAR_EDNS_BUFFER_SIZE */ - YYSYMBOL_VAR_PREFETCH = 124, /* VAR_PREFETCH */ - YYSYMBOL_VAR_PREFETCH_KEY = 125, /* VAR_PREFETCH_KEY */ - YYSYMBOL_VAR_SO_SNDBUF = 126, /* VAR_SO_SNDBUF */ - YYSYMBOL_VAR_SO_REUSEPORT = 127, /* VAR_SO_REUSEPORT */ - YYSYMBOL_VAR_HARDEN_BELOW_NXDOMAIN = 128, /* VAR_HARDEN_BELOW_NXDOMAIN */ - YYSYMBOL_VAR_IGNORE_CD_FLAG = 129, /* VAR_IGNORE_CD_FLAG */ - YYSYMBOL_VAR_LOG_QUERIES = 130, /* VAR_LOG_QUERIES */ - YYSYMBOL_VAR_LOG_REPLIES = 131, /* VAR_LOG_REPLIES */ - YYSYMBOL_VAR_LOG_LOCAL_ACTIONS = 132, /* VAR_LOG_LOCAL_ACTIONS */ - YYSYMBOL_VAR_TCP_UPSTREAM = 133, /* VAR_TCP_UPSTREAM */ - YYSYMBOL_VAR_SSL_UPSTREAM = 134, /* VAR_SSL_UPSTREAM */ - YYSYMBOL_VAR_SSL_SERVICE_KEY = 135, /* VAR_SSL_SERVICE_KEY */ - YYSYMBOL_VAR_SSL_SERVICE_PEM = 136, /* VAR_SSL_SERVICE_PEM */ - YYSYMBOL_VAR_SSL_PORT = 137, /* VAR_SSL_PORT */ - YYSYMBOL_VAR_FORWARD_FIRST = 138, /* VAR_FORWARD_FIRST */ - YYSYMBOL_VAR_STUB_SSL_UPSTREAM = 139, /* VAR_STUB_SSL_UPSTREAM */ - YYSYMBOL_VAR_FORWARD_SSL_UPSTREAM = 140, /* VAR_FORWARD_SSL_UPSTREAM */ - YYSYMBOL_VAR_TLS_CERT_BUNDLE = 141, /* VAR_TLS_CERT_BUNDLE */ - YYSYMBOL_VAR_HTTPS_PORT = 142, /* VAR_HTTPS_PORT */ - YYSYMBOL_VAR_HTTP_ENDPOINT = 143, /* VAR_HTTP_ENDPOINT */ - YYSYMBOL_VAR_HTTP_MAX_STREAMS = 144, /* VAR_HTTP_MAX_STREAMS */ - YYSYMBOL_VAR_HTTP_QUERY_BUFFER_SIZE = 145, /* VAR_HTTP_QUERY_BUFFER_SIZE */ - YYSYMBOL_VAR_HTTP_RESPONSE_BUFFER_SIZE = 146, /* VAR_HTTP_RESPONSE_BUFFER_SIZE */ - YYSYMBOL_VAR_HTTP_NODELAY = 147, /* VAR_HTTP_NODELAY */ - YYSYMBOL_VAR_HTTP_NOTLS_DOWNSTREAM = 148, /* VAR_HTTP_NOTLS_DOWNSTREAM */ - YYSYMBOL_VAR_STUB_FIRST = 149, /* VAR_STUB_FIRST */ - YYSYMBOL_VAR_MINIMAL_RESPONSES = 150, /* VAR_MINIMAL_RESPONSES */ - YYSYMBOL_VAR_RRSET_ROUNDROBIN = 151, /* VAR_RRSET_ROUNDROBIN */ - YYSYMBOL_VAR_MAX_UDP_SIZE = 152, /* VAR_MAX_UDP_SIZE */ - YYSYMBOL_VAR_DELAY_CLOSE = 153, /* VAR_DELAY_CLOSE */ - YYSYMBOL_VAR_UDP_CONNECT = 154, /* VAR_UDP_CONNECT */ - YYSYMBOL_VAR_UNBLOCK_LAN_ZONES = 155, /* VAR_UNBLOCK_LAN_ZONES */ - YYSYMBOL_VAR_INSECURE_LAN_ZONES = 156, /* VAR_INSECURE_LAN_ZONES */ - YYSYMBOL_VAR_INFRA_CACHE_MIN_RTT = 157, /* VAR_INFRA_CACHE_MIN_RTT */ - YYSYMBOL_VAR_INFRA_KEEP_PROBING = 158, /* VAR_INFRA_KEEP_PROBING */ - YYSYMBOL_VAR_DNS64_PREFIX = 159, /* VAR_DNS64_PREFIX */ - YYSYMBOL_VAR_DNS64_SYNTHALL = 160, /* VAR_DNS64_SYNTHALL */ - YYSYMBOL_VAR_DNS64_IGNORE_AAAA = 161, /* VAR_DNS64_IGNORE_AAAA */ - YYSYMBOL_VAR_DNSTAP = 162, /* VAR_DNSTAP */ - YYSYMBOL_VAR_DNSTAP_ENABLE = 163, /* VAR_DNSTAP_ENABLE */ - YYSYMBOL_VAR_DNSTAP_SOCKET_PATH = 164, /* VAR_DNSTAP_SOCKET_PATH */ - YYSYMBOL_VAR_DNSTAP_IP = 165, /* VAR_DNSTAP_IP */ - YYSYMBOL_VAR_DNSTAP_TLS = 166, /* VAR_DNSTAP_TLS */ - YYSYMBOL_VAR_DNSTAP_TLS_SERVER_NAME = 167, /* VAR_DNSTAP_TLS_SERVER_NAME */ - YYSYMBOL_VAR_DNSTAP_TLS_CERT_BUNDLE = 168, /* VAR_DNSTAP_TLS_CERT_BUNDLE */ - YYSYMBOL_VAR_DNSTAP_TLS_CLIENT_KEY_FILE = 169, /* VAR_DNSTAP_TLS_CLIENT_KEY_FILE */ - YYSYMBOL_VAR_DNSTAP_TLS_CLIENT_CERT_FILE = 170, /* VAR_DNSTAP_TLS_CLIENT_CERT_FILE */ - YYSYMBOL_VAR_DNSTAP_SEND_IDENTITY = 171, /* VAR_DNSTAP_SEND_IDENTITY */ - YYSYMBOL_VAR_DNSTAP_SEND_VERSION = 172, /* VAR_DNSTAP_SEND_VERSION */ - YYSYMBOL_VAR_DNSTAP_BIDIRECTIONAL = 173, /* VAR_DNSTAP_BIDIRECTIONAL */ - YYSYMBOL_VAR_DNSTAP_IDENTITY = 174, /* VAR_DNSTAP_IDENTITY */ - YYSYMBOL_VAR_DNSTAP_VERSION = 175, /* VAR_DNSTAP_VERSION */ - YYSYMBOL_VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES = 176, /* VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES */ - YYSYMBOL_VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES = 177, /* VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES */ - YYSYMBOL_VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES = 178, /* VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES */ - YYSYMBOL_VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES = 179, /* VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES */ - YYSYMBOL_VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES = 180, /* VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES */ - YYSYMBOL_VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES = 181, /* VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES */ - YYSYMBOL_VAR_RESPONSE_IP_TAG = 182, /* VAR_RESPONSE_IP_TAG */ - YYSYMBOL_VAR_RESPONSE_IP = 183, /* VAR_RESPONSE_IP */ - YYSYMBOL_VAR_RESPONSE_IP_DATA = 184, /* VAR_RESPONSE_IP_DATA */ - YYSYMBOL_VAR_HARDEN_ALGO_DOWNGRADE = 185, /* VAR_HARDEN_ALGO_DOWNGRADE */ - YYSYMBOL_VAR_IP_TRANSPARENT = 186, /* VAR_IP_TRANSPARENT */ - YYSYMBOL_VAR_IP_DSCP = 187, /* VAR_IP_DSCP */ - YYSYMBOL_VAR_DISABLE_DNSSEC_LAME_CHECK = 188, /* VAR_DISABLE_DNSSEC_LAME_CHECK */ - YYSYMBOL_VAR_IP_RATELIMIT = 189, /* VAR_IP_RATELIMIT */ - YYSYMBOL_VAR_IP_RATELIMIT_SLABS = 190, /* VAR_IP_RATELIMIT_SLABS */ - YYSYMBOL_VAR_IP_RATELIMIT_SIZE = 191, /* VAR_IP_RATELIMIT_SIZE */ - YYSYMBOL_VAR_RATELIMIT = 192, /* VAR_RATELIMIT */ - YYSYMBOL_VAR_RATELIMIT_SLABS = 193, /* VAR_RATELIMIT_SLABS */ - YYSYMBOL_VAR_RATELIMIT_SIZE = 194, /* VAR_RATELIMIT_SIZE */ - YYSYMBOL_VAR_RATELIMIT_FOR_DOMAIN = 195, /* VAR_RATELIMIT_FOR_DOMAIN */ - YYSYMBOL_VAR_RATELIMIT_BELOW_DOMAIN = 196, /* VAR_RATELIMIT_BELOW_DOMAIN */ - YYSYMBOL_VAR_IP_RATELIMIT_FACTOR = 197, /* VAR_IP_RATELIMIT_FACTOR */ - YYSYMBOL_VAR_RATELIMIT_FACTOR = 198, /* VAR_RATELIMIT_FACTOR */ - YYSYMBOL_VAR_SEND_CLIENT_SUBNET = 199, /* VAR_SEND_CLIENT_SUBNET */ - YYSYMBOL_VAR_CLIENT_SUBNET_ZONE = 200, /* VAR_CLIENT_SUBNET_ZONE */ - YYSYMBOL_VAR_CLIENT_SUBNET_ALWAYS_FORWARD = 201, /* VAR_CLIENT_SUBNET_ALWAYS_FORWARD */ - YYSYMBOL_VAR_CLIENT_SUBNET_OPCODE = 202, /* VAR_CLIENT_SUBNET_OPCODE */ - YYSYMBOL_VAR_MAX_CLIENT_SUBNET_IPV4 = 203, /* VAR_MAX_CLIENT_SUBNET_IPV4 */ - YYSYMBOL_VAR_MAX_CLIENT_SUBNET_IPV6 = 204, /* VAR_MAX_CLIENT_SUBNET_IPV6 */ - YYSYMBOL_VAR_MIN_CLIENT_SUBNET_IPV4 = 205, /* VAR_MIN_CLIENT_SUBNET_IPV4 */ - YYSYMBOL_VAR_MIN_CLIENT_SUBNET_IPV6 = 206, /* VAR_MIN_CLIENT_SUBNET_IPV6 */ - YYSYMBOL_VAR_MAX_ECS_TREE_SIZE_IPV4 = 207, /* VAR_MAX_ECS_TREE_SIZE_IPV4 */ - YYSYMBOL_VAR_MAX_ECS_TREE_SIZE_IPV6 = 208, /* VAR_MAX_ECS_TREE_SIZE_IPV6 */ - YYSYMBOL_VAR_CAPS_WHITELIST = 209, /* VAR_CAPS_WHITELIST */ - YYSYMBOL_VAR_CACHE_MAX_NEGATIVE_TTL = 210, /* VAR_CACHE_MAX_NEGATIVE_TTL */ - YYSYMBOL_VAR_PERMIT_SMALL_HOLDDOWN = 211, /* VAR_PERMIT_SMALL_HOLDDOWN */ - YYSYMBOL_VAR_QNAME_MINIMISATION = 212, /* VAR_QNAME_MINIMISATION */ - YYSYMBOL_VAR_QNAME_MINIMISATION_STRICT = 213, /* VAR_QNAME_MINIMISATION_STRICT */ - YYSYMBOL_VAR_IP_FREEBIND = 214, /* VAR_IP_FREEBIND */ - YYSYMBOL_VAR_DEFINE_TAG = 215, /* VAR_DEFINE_TAG */ - YYSYMBOL_VAR_LOCAL_ZONE_TAG = 216, /* VAR_LOCAL_ZONE_TAG */ - YYSYMBOL_VAR_ACCESS_CONTROL_TAG = 217, /* VAR_ACCESS_CONTROL_TAG */ - YYSYMBOL_VAR_LOCAL_ZONE_OVERRIDE = 218, /* VAR_LOCAL_ZONE_OVERRIDE */ - YYSYMBOL_VAR_ACCESS_CONTROL_TAG_ACTION = 219, /* VAR_ACCESS_CONTROL_TAG_ACTION */ - YYSYMBOL_VAR_ACCESS_CONTROL_TAG_DATA = 220, /* VAR_ACCESS_CONTROL_TAG_DATA */ - YYSYMBOL_VAR_VIEW = 221, /* VAR_VIEW */ - YYSYMBOL_VAR_ACCESS_CONTROL_VIEW = 222, /* VAR_ACCESS_CONTROL_VIEW */ - YYSYMBOL_VAR_VIEW_FIRST = 223, /* VAR_VIEW_FIRST */ - YYSYMBOL_VAR_SERVE_EXPIRED = 224, /* VAR_SERVE_EXPIRED */ - YYSYMBOL_VAR_SERVE_EXPIRED_TTL = 225, /* VAR_SERVE_EXPIRED_TTL */ - YYSYMBOL_VAR_SERVE_EXPIRED_TTL_RESET = 226, /* VAR_SERVE_EXPIRED_TTL_RESET */ - YYSYMBOL_VAR_SERVE_EXPIRED_REPLY_TTL = 227, /* VAR_SERVE_EXPIRED_REPLY_TTL */ - YYSYMBOL_VAR_SERVE_EXPIRED_CLIENT_TIMEOUT = 228, /* VAR_SERVE_EXPIRED_CLIENT_TIMEOUT */ - YYSYMBOL_VAR_SERVE_ORIGINAL_TTL = 229, /* VAR_SERVE_ORIGINAL_TTL */ - YYSYMBOL_VAR_FAKE_DSA = 230, /* VAR_FAKE_DSA */ - YYSYMBOL_VAR_FAKE_SHA1 = 231, /* VAR_FAKE_SHA1 */ - YYSYMBOL_VAR_LOG_IDENTITY = 232, /* VAR_LOG_IDENTITY */ - YYSYMBOL_VAR_HIDE_TRUSTANCHOR = 233, /* VAR_HIDE_TRUSTANCHOR */ - YYSYMBOL_VAR_TRUST_ANCHOR_SIGNALING = 234, /* VAR_TRUST_ANCHOR_SIGNALING */ - YYSYMBOL_VAR_AGGRESSIVE_NSEC = 235, /* VAR_AGGRESSIVE_NSEC */ - YYSYMBOL_VAR_USE_SYSTEMD = 236, /* VAR_USE_SYSTEMD */ - YYSYMBOL_VAR_SHM_ENABLE = 237, /* VAR_SHM_ENABLE */ - YYSYMBOL_VAR_SHM_KEY = 238, /* VAR_SHM_KEY */ - YYSYMBOL_VAR_ROOT_KEY_SENTINEL = 239, /* VAR_ROOT_KEY_SENTINEL */ - YYSYMBOL_VAR_DNSCRYPT = 240, /* VAR_DNSCRYPT */ - YYSYMBOL_VAR_DNSCRYPT_ENABLE = 241, /* VAR_DNSCRYPT_ENABLE */ - YYSYMBOL_VAR_DNSCRYPT_PORT = 242, /* VAR_DNSCRYPT_PORT */ - YYSYMBOL_VAR_DNSCRYPT_PROVIDER = 243, /* VAR_DNSCRYPT_PROVIDER */ - YYSYMBOL_VAR_DNSCRYPT_SECRET_KEY = 244, /* VAR_DNSCRYPT_SECRET_KEY */ - YYSYMBOL_VAR_DNSCRYPT_PROVIDER_CERT = 245, /* VAR_DNSCRYPT_PROVIDER_CERT */ - YYSYMBOL_VAR_DNSCRYPT_PROVIDER_CERT_ROTATED = 246, /* VAR_DNSCRYPT_PROVIDER_CERT_ROTATED */ - YYSYMBOL_VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE = 247, /* VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE */ - YYSYMBOL_VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS = 248, /* VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS */ - YYSYMBOL_VAR_DNSCRYPT_NONCE_CACHE_SIZE = 249, /* VAR_DNSCRYPT_NONCE_CACHE_SIZE */ - YYSYMBOL_VAR_DNSCRYPT_NONCE_CACHE_SLABS = 250, /* VAR_DNSCRYPT_NONCE_CACHE_SLABS */ - YYSYMBOL_VAR_PAD_RESPONSES = 251, /* VAR_PAD_RESPONSES */ - YYSYMBOL_VAR_PAD_RESPONSES_BLOCK_SIZE = 252, /* VAR_PAD_RESPONSES_BLOCK_SIZE */ - YYSYMBOL_VAR_PAD_QUERIES = 253, /* VAR_PAD_QUERIES */ - YYSYMBOL_VAR_PAD_QUERIES_BLOCK_SIZE = 254, /* VAR_PAD_QUERIES_BLOCK_SIZE */ - YYSYMBOL_VAR_IPSECMOD_ENABLED = 255, /* VAR_IPSECMOD_ENABLED */ - YYSYMBOL_VAR_IPSECMOD_HOOK = 256, /* VAR_IPSECMOD_HOOK */ - YYSYMBOL_VAR_IPSECMOD_IGNORE_BOGUS = 257, /* VAR_IPSECMOD_IGNORE_BOGUS */ - YYSYMBOL_VAR_IPSECMOD_MAX_TTL = 258, /* VAR_IPSECMOD_MAX_TTL */ - YYSYMBOL_VAR_IPSECMOD_WHITELIST = 259, /* VAR_IPSECMOD_WHITELIST */ - YYSYMBOL_VAR_IPSECMOD_STRICT = 260, /* VAR_IPSECMOD_STRICT */ - YYSYMBOL_VAR_CACHEDB = 261, /* VAR_CACHEDB */ - YYSYMBOL_VAR_CACHEDB_BACKEND = 262, /* VAR_CACHEDB_BACKEND */ - YYSYMBOL_VAR_CACHEDB_SECRETSEED = 263, /* VAR_CACHEDB_SECRETSEED */ - YYSYMBOL_VAR_CACHEDB_REDISHOST = 264, /* VAR_CACHEDB_REDISHOST */ - YYSYMBOL_VAR_CACHEDB_REDISPORT = 265, /* VAR_CACHEDB_REDISPORT */ - YYSYMBOL_VAR_CACHEDB_REDISTIMEOUT = 266, /* VAR_CACHEDB_REDISTIMEOUT */ - YYSYMBOL_VAR_CACHEDB_REDISEXPIRERECORDS = 267, /* VAR_CACHEDB_REDISEXPIRERECORDS */ - YYSYMBOL_VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM = 268, /* VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM */ - YYSYMBOL_VAR_FOR_UPSTREAM = 269, /* VAR_FOR_UPSTREAM */ - YYSYMBOL_VAR_AUTH_ZONE = 270, /* VAR_AUTH_ZONE */ - YYSYMBOL_VAR_ZONEFILE = 271, /* VAR_ZONEFILE */ - YYSYMBOL_VAR_MASTER = 272, /* VAR_MASTER */ - YYSYMBOL_VAR_URL = 273, /* VAR_URL */ - YYSYMBOL_VAR_FOR_DOWNSTREAM = 274, /* VAR_FOR_DOWNSTREAM */ - YYSYMBOL_VAR_FALLBACK_ENABLED = 275, /* VAR_FALLBACK_ENABLED */ - YYSYMBOL_VAR_TLS_ADDITIONAL_PORT = 276, /* VAR_TLS_ADDITIONAL_PORT */ - YYSYMBOL_VAR_LOW_RTT = 277, /* VAR_LOW_RTT */ - YYSYMBOL_VAR_LOW_RTT_PERMIL = 278, /* VAR_LOW_RTT_PERMIL */ - YYSYMBOL_VAR_FAST_SERVER_PERMIL = 279, /* VAR_FAST_SERVER_PERMIL */ - YYSYMBOL_VAR_FAST_SERVER_NUM = 280, /* VAR_FAST_SERVER_NUM */ - YYSYMBOL_VAR_ALLOW_NOTIFY = 281, /* VAR_ALLOW_NOTIFY */ - YYSYMBOL_VAR_TLS_WIN_CERT = 282, /* VAR_TLS_WIN_CERT */ - YYSYMBOL_VAR_TCP_CONNECTION_LIMIT = 283, /* VAR_TCP_CONNECTION_LIMIT */ - YYSYMBOL_VAR_FORWARD_NO_CACHE = 284, /* VAR_FORWARD_NO_CACHE */ - YYSYMBOL_VAR_STUB_NO_CACHE = 285, /* VAR_STUB_NO_CACHE */ - YYSYMBOL_VAR_LOG_SERVFAIL = 286, /* VAR_LOG_SERVFAIL */ - YYSYMBOL_VAR_DENY_ANY = 287, /* VAR_DENY_ANY */ - YYSYMBOL_VAR_UNKNOWN_SERVER_TIME_LIMIT = 288, /* VAR_UNKNOWN_SERVER_TIME_LIMIT */ - YYSYMBOL_VAR_LOG_TAG_QUERYREPLY = 289, /* VAR_LOG_TAG_QUERYREPLY */ - YYSYMBOL_VAR_STREAM_WAIT_SIZE = 290, /* VAR_STREAM_WAIT_SIZE */ - YYSYMBOL_VAR_TLS_CIPHERS = 291, /* VAR_TLS_CIPHERS */ - YYSYMBOL_VAR_TLS_CIPHERSUITES = 292, /* VAR_TLS_CIPHERSUITES */ - YYSYMBOL_VAR_TLS_USE_SNI = 293, /* VAR_TLS_USE_SNI */ - YYSYMBOL_VAR_IPSET = 294, /* VAR_IPSET */ - YYSYMBOL_VAR_IPSET_NAME_V4 = 295, /* VAR_IPSET_NAME_V4 */ - YYSYMBOL_VAR_IPSET_NAME_V6 = 296, /* VAR_IPSET_NAME_V6 */ - YYSYMBOL_VAR_TLS_SESSION_TICKET_KEYS = 297, /* VAR_TLS_SESSION_TICKET_KEYS */ - YYSYMBOL_VAR_RPZ = 298, /* VAR_RPZ */ - YYSYMBOL_VAR_TAGS = 299, /* VAR_TAGS */ - YYSYMBOL_VAR_RPZ_ACTION_OVERRIDE = 300, /* VAR_RPZ_ACTION_OVERRIDE */ - YYSYMBOL_VAR_RPZ_CNAME_OVERRIDE = 301, /* VAR_RPZ_CNAME_OVERRIDE */ - YYSYMBOL_VAR_RPZ_LOG = 302, /* VAR_RPZ_LOG */ - YYSYMBOL_VAR_RPZ_LOG_NAME = 303, /* VAR_RPZ_LOG_NAME */ - YYSYMBOL_VAR_DYNLIB = 304, /* VAR_DYNLIB */ - YYSYMBOL_VAR_DYNLIB_FILE = 305, /* VAR_DYNLIB_FILE */ - YYSYMBOL_VAR_EDNS_CLIENT_STRING = 306, /* VAR_EDNS_CLIENT_STRING */ - YYSYMBOL_VAR_EDNS_CLIENT_STRING_OPCODE = 307, /* VAR_EDNS_CLIENT_STRING_OPCODE */ - YYSYMBOL_VAR_NSID = 308, /* VAR_NSID */ - YYSYMBOL_YYACCEPT = 309, /* $accept */ - YYSYMBOL_toplevelvars = 310, /* toplevelvars */ - YYSYMBOL_toplevelvar = 311, /* toplevelvar */ - YYSYMBOL_force_toplevel = 312, /* force_toplevel */ - YYSYMBOL_serverstart = 313, /* serverstart */ - YYSYMBOL_contents_server = 314, /* contents_server */ - YYSYMBOL_content_server = 315, /* content_server */ - YYSYMBOL_stubstart = 316, /* stubstart */ - YYSYMBOL_contents_stub = 317, /* contents_stub */ - YYSYMBOL_content_stub = 318, /* content_stub */ - YYSYMBOL_forwardstart = 319, /* forwardstart */ - YYSYMBOL_contents_forward = 320, /* contents_forward */ - YYSYMBOL_content_forward = 321, /* content_forward */ - YYSYMBOL_viewstart = 322, /* viewstart */ - YYSYMBOL_contents_view = 323, /* contents_view */ - YYSYMBOL_content_view = 324, /* content_view */ - YYSYMBOL_authstart = 325, /* authstart */ - YYSYMBOL_contents_auth = 326, /* contents_auth */ - YYSYMBOL_content_auth = 327, /* content_auth */ - YYSYMBOL_rpz_tag = 328, /* rpz_tag */ - YYSYMBOL_rpz_action_override = 329, /* rpz_action_override */ - YYSYMBOL_rpz_cname_override = 330, /* rpz_cname_override */ - YYSYMBOL_rpz_log = 331, /* rpz_log */ - YYSYMBOL_rpz_log_name = 332, /* rpz_log_name */ - YYSYMBOL_rpzstart = 333, /* rpzstart */ - YYSYMBOL_contents_rpz = 334, /* contents_rpz */ - YYSYMBOL_content_rpz = 335, /* content_rpz */ - YYSYMBOL_server_num_threads = 336, /* server_num_threads */ - YYSYMBOL_server_verbosity = 337, /* server_verbosity */ - YYSYMBOL_server_statistics_interval = 338, /* server_statistics_interval */ - YYSYMBOL_server_statistics_cumulative = 339, /* server_statistics_cumulative */ - YYSYMBOL_server_extended_statistics = 340, /* server_extended_statistics */ - YYSYMBOL_server_shm_enable = 341, /* server_shm_enable */ - YYSYMBOL_server_shm_key = 342, /* server_shm_key */ - YYSYMBOL_server_port = 343, /* server_port */ - YYSYMBOL_server_send_client_subnet = 344, /* server_send_client_subnet */ - YYSYMBOL_server_client_subnet_zone = 345, /* server_client_subnet_zone */ - YYSYMBOL_server_client_subnet_always_forward = 346, /* server_client_subnet_always_forward */ - YYSYMBOL_server_client_subnet_opcode = 347, /* server_client_subnet_opcode */ - YYSYMBOL_server_max_client_subnet_ipv4 = 348, /* server_max_client_subnet_ipv4 */ - YYSYMBOL_server_max_client_subnet_ipv6 = 349, /* server_max_client_subnet_ipv6 */ - YYSYMBOL_server_min_client_subnet_ipv4 = 350, /* server_min_client_subnet_ipv4 */ - YYSYMBOL_server_min_client_subnet_ipv6 = 351, /* server_min_client_subnet_ipv6 */ - YYSYMBOL_server_max_ecs_tree_size_ipv4 = 352, /* server_max_ecs_tree_size_ipv4 */ - YYSYMBOL_server_max_ecs_tree_size_ipv6 = 353, /* server_max_ecs_tree_size_ipv6 */ - YYSYMBOL_server_interface = 354, /* server_interface */ - YYSYMBOL_server_outgoing_interface = 355, /* server_outgoing_interface */ - YYSYMBOL_server_outgoing_range = 356, /* server_outgoing_range */ - YYSYMBOL_server_outgoing_port_permit = 357, /* server_outgoing_port_permit */ - YYSYMBOL_server_outgoing_port_avoid = 358, /* server_outgoing_port_avoid */ - YYSYMBOL_server_outgoing_num_tcp = 359, /* server_outgoing_num_tcp */ - YYSYMBOL_server_incoming_num_tcp = 360, /* server_incoming_num_tcp */ - YYSYMBOL_server_interface_automatic = 361, /* server_interface_automatic */ - YYSYMBOL_server_do_ip4 = 362, /* server_do_ip4 */ - YYSYMBOL_server_do_ip6 = 363, /* server_do_ip6 */ - YYSYMBOL_server_do_udp = 364, /* server_do_udp */ - YYSYMBOL_server_do_tcp = 365, /* server_do_tcp */ - YYSYMBOL_server_prefer_ip4 = 366, /* server_prefer_ip4 */ - YYSYMBOL_server_prefer_ip6 = 367, /* server_prefer_ip6 */ - YYSYMBOL_server_tcp_mss = 368, /* server_tcp_mss */ - YYSYMBOL_server_outgoing_tcp_mss = 369, /* server_outgoing_tcp_mss */ - YYSYMBOL_server_tcp_idle_timeout = 370, /* server_tcp_idle_timeout */ - YYSYMBOL_server_tcp_keepalive = 371, /* server_tcp_keepalive */ - YYSYMBOL_server_tcp_keepalive_timeout = 372, /* server_tcp_keepalive_timeout */ - YYSYMBOL_server_tcp_upstream = 373, /* server_tcp_upstream */ - YYSYMBOL_server_udp_upstream_without_downstream = 374, /* server_udp_upstream_without_downstream */ - YYSYMBOL_server_ssl_upstream = 375, /* server_ssl_upstream */ - YYSYMBOL_server_ssl_service_key = 376, /* server_ssl_service_key */ - YYSYMBOL_server_ssl_service_pem = 377, /* server_ssl_service_pem */ - YYSYMBOL_server_ssl_port = 378, /* server_ssl_port */ - YYSYMBOL_server_tls_cert_bundle = 379, /* server_tls_cert_bundle */ - YYSYMBOL_server_tls_win_cert = 380, /* server_tls_win_cert */ - YYSYMBOL_server_tls_additional_port = 381, /* server_tls_additional_port */ - YYSYMBOL_server_tls_ciphers = 382, /* server_tls_ciphers */ - YYSYMBOL_server_tls_ciphersuites = 383, /* server_tls_ciphersuites */ - YYSYMBOL_server_tls_session_ticket_keys = 384, /* server_tls_session_ticket_keys */ - YYSYMBOL_server_tls_use_sni = 385, /* server_tls_use_sni */ - YYSYMBOL_server_https_port = 386, /* server_https_port */ - YYSYMBOL_server_http_endpoint = 387, /* server_http_endpoint */ - YYSYMBOL_server_http_max_streams = 388, /* server_http_max_streams */ - YYSYMBOL_server_http_query_buffer_size = 389, /* server_http_query_buffer_size */ - YYSYMBOL_server_http_response_buffer_size = 390, /* server_http_response_buffer_size */ - YYSYMBOL_server_http_nodelay = 391, /* server_http_nodelay */ - YYSYMBOL_server_http_notls_downstream = 392, /* server_http_notls_downstream */ - YYSYMBOL_server_use_systemd = 393, /* server_use_systemd */ - YYSYMBOL_server_do_daemonize = 394, /* server_do_daemonize */ - YYSYMBOL_server_use_syslog = 395, /* server_use_syslog */ - YYSYMBOL_server_log_time_ascii = 396, /* server_log_time_ascii */ - YYSYMBOL_server_log_queries = 397, /* server_log_queries */ - YYSYMBOL_server_log_replies = 398, /* server_log_replies */ - YYSYMBOL_server_log_tag_queryreply = 399, /* server_log_tag_queryreply */ - YYSYMBOL_server_log_servfail = 400, /* server_log_servfail */ - YYSYMBOL_server_log_local_actions = 401, /* server_log_local_actions */ - YYSYMBOL_server_chroot = 402, /* server_chroot */ - YYSYMBOL_server_username = 403, /* server_username */ - YYSYMBOL_server_directory = 404, /* server_directory */ - YYSYMBOL_server_logfile = 405, /* server_logfile */ - YYSYMBOL_server_pidfile = 406, /* server_pidfile */ - YYSYMBOL_server_root_hints = 407, /* server_root_hints */ - YYSYMBOL_server_dlv_anchor_file = 408, /* server_dlv_anchor_file */ - YYSYMBOL_server_dlv_anchor = 409, /* server_dlv_anchor */ - YYSYMBOL_server_auto_trust_anchor_file = 410, /* server_auto_trust_anchor_file */ - YYSYMBOL_server_trust_anchor_file = 411, /* server_trust_anchor_file */ - YYSYMBOL_server_trusted_keys_file = 412, /* server_trusted_keys_file */ - YYSYMBOL_server_trust_anchor = 413, /* server_trust_anchor */ - YYSYMBOL_server_trust_anchor_signaling = 414, /* server_trust_anchor_signaling */ - YYSYMBOL_server_root_key_sentinel = 415, /* server_root_key_sentinel */ - YYSYMBOL_server_domain_insecure = 416, /* server_domain_insecure */ - YYSYMBOL_server_hide_identity = 417, /* server_hide_identity */ - YYSYMBOL_server_hide_version = 418, /* server_hide_version */ - YYSYMBOL_server_hide_trustanchor = 419, /* server_hide_trustanchor */ - YYSYMBOL_server_identity = 420, /* server_identity */ - YYSYMBOL_server_version = 421, /* server_version */ - YYSYMBOL_server_nsid = 422, /* server_nsid */ - YYSYMBOL_server_so_rcvbuf = 423, /* server_so_rcvbuf */ - YYSYMBOL_server_so_sndbuf = 424, /* server_so_sndbuf */ - YYSYMBOL_server_so_reuseport = 425, /* server_so_reuseport */ - YYSYMBOL_server_ip_transparent = 426, /* server_ip_transparent */ - YYSYMBOL_server_ip_freebind = 427, /* server_ip_freebind */ - YYSYMBOL_server_ip_dscp = 428, /* server_ip_dscp */ - YYSYMBOL_server_stream_wait_size = 429, /* server_stream_wait_size */ - YYSYMBOL_server_edns_buffer_size = 430, /* server_edns_buffer_size */ - YYSYMBOL_server_msg_buffer_size = 431, /* server_msg_buffer_size */ - YYSYMBOL_server_msg_cache_size = 432, /* server_msg_cache_size */ - YYSYMBOL_server_msg_cache_slabs = 433, /* server_msg_cache_slabs */ - YYSYMBOL_server_num_queries_per_thread = 434, /* server_num_queries_per_thread */ - YYSYMBOL_server_jostle_timeout = 435, /* server_jostle_timeout */ - YYSYMBOL_server_delay_close = 436, /* server_delay_close */ - YYSYMBOL_server_udp_connect = 437, /* server_udp_connect */ - YYSYMBOL_server_unblock_lan_zones = 438, /* server_unblock_lan_zones */ - YYSYMBOL_server_insecure_lan_zones = 439, /* server_insecure_lan_zones */ - YYSYMBOL_server_rrset_cache_size = 440, /* server_rrset_cache_size */ - YYSYMBOL_server_rrset_cache_slabs = 441, /* server_rrset_cache_slabs */ - YYSYMBOL_server_infra_host_ttl = 442, /* server_infra_host_ttl */ - YYSYMBOL_server_infra_lame_ttl = 443, /* server_infra_lame_ttl */ - YYSYMBOL_server_infra_cache_numhosts = 444, /* server_infra_cache_numhosts */ - YYSYMBOL_server_infra_cache_lame_size = 445, /* server_infra_cache_lame_size */ - YYSYMBOL_server_infra_cache_slabs = 446, /* server_infra_cache_slabs */ - YYSYMBOL_server_infra_cache_min_rtt = 447, /* server_infra_cache_min_rtt */ - YYSYMBOL_server_infra_keep_probing = 448, /* server_infra_keep_probing */ - YYSYMBOL_server_target_fetch_policy = 449, /* server_target_fetch_policy */ - YYSYMBOL_server_harden_short_bufsize = 450, /* server_harden_short_bufsize */ - YYSYMBOL_server_harden_large_queries = 451, /* server_harden_large_queries */ - YYSYMBOL_server_harden_glue = 452, /* server_harden_glue */ - YYSYMBOL_server_harden_dnssec_stripped = 453, /* server_harden_dnssec_stripped */ - YYSYMBOL_server_harden_below_nxdomain = 454, /* server_harden_below_nxdomain */ - YYSYMBOL_server_harden_referral_path = 455, /* server_harden_referral_path */ - YYSYMBOL_server_harden_algo_downgrade = 456, /* server_harden_algo_downgrade */ - YYSYMBOL_server_use_caps_for_id = 457, /* server_use_caps_for_id */ - YYSYMBOL_server_caps_whitelist = 458, /* server_caps_whitelist */ - YYSYMBOL_server_private_address = 459, /* server_private_address */ - YYSYMBOL_server_private_domain = 460, /* server_private_domain */ - YYSYMBOL_server_prefetch = 461, /* server_prefetch */ - YYSYMBOL_server_prefetch_key = 462, /* server_prefetch_key */ - YYSYMBOL_server_deny_any = 463, /* server_deny_any */ - YYSYMBOL_server_unwanted_reply_threshold = 464, /* server_unwanted_reply_threshold */ - YYSYMBOL_server_do_not_query_address = 465, /* server_do_not_query_address */ - YYSYMBOL_server_do_not_query_localhost = 466, /* server_do_not_query_localhost */ - YYSYMBOL_server_access_control = 467, /* server_access_control */ - YYSYMBOL_server_module_conf = 468, /* server_module_conf */ - YYSYMBOL_server_val_override_date = 469, /* server_val_override_date */ - YYSYMBOL_server_val_sig_skew_min = 470, /* server_val_sig_skew_min */ - YYSYMBOL_server_val_sig_skew_max = 471, /* server_val_sig_skew_max */ - YYSYMBOL_server_cache_max_ttl = 472, /* server_cache_max_ttl */ - YYSYMBOL_server_cache_max_negative_ttl = 473, /* server_cache_max_negative_ttl */ - YYSYMBOL_server_cache_min_ttl = 474, /* server_cache_min_ttl */ - YYSYMBOL_server_bogus_ttl = 475, /* server_bogus_ttl */ - YYSYMBOL_server_val_clean_additional = 476, /* server_val_clean_additional */ - YYSYMBOL_server_val_permissive_mode = 477, /* server_val_permissive_mode */ - YYSYMBOL_server_aggressive_nsec = 478, /* server_aggressive_nsec */ - YYSYMBOL_server_ignore_cd_flag = 479, /* server_ignore_cd_flag */ - YYSYMBOL_server_serve_expired = 480, /* server_serve_expired */ - YYSYMBOL_server_serve_expired_ttl = 481, /* server_serve_expired_ttl */ - YYSYMBOL_server_serve_expired_ttl_reset = 482, /* server_serve_expired_ttl_reset */ - YYSYMBOL_server_serve_expired_reply_ttl = 483, /* server_serve_expired_reply_ttl */ - YYSYMBOL_server_serve_expired_client_timeout = 484, /* server_serve_expired_client_timeout */ - YYSYMBOL_server_serve_original_ttl = 485, /* server_serve_original_ttl */ - YYSYMBOL_server_fake_dsa = 486, /* server_fake_dsa */ - YYSYMBOL_server_fake_sha1 = 487, /* server_fake_sha1 */ - YYSYMBOL_server_val_log_level = 488, /* server_val_log_level */ - YYSYMBOL_server_val_nsec3_keysize_iterations = 489, /* server_val_nsec3_keysize_iterations */ - YYSYMBOL_server_add_holddown = 490, /* server_add_holddown */ - YYSYMBOL_server_del_holddown = 491, /* server_del_holddown */ - YYSYMBOL_server_keep_missing = 492, /* server_keep_missing */ - YYSYMBOL_server_permit_small_holddown = 493, /* server_permit_small_holddown */ - YYSYMBOL_server_key_cache_size = 494, /* server_key_cache_size */ - YYSYMBOL_server_key_cache_slabs = 495, /* server_key_cache_slabs */ - YYSYMBOL_server_neg_cache_size = 496, /* server_neg_cache_size */ - YYSYMBOL_server_local_zone = 497, /* server_local_zone */ - YYSYMBOL_server_local_data = 498, /* server_local_data */ - YYSYMBOL_server_local_data_ptr = 499, /* server_local_data_ptr */ - YYSYMBOL_server_minimal_responses = 500, /* server_minimal_responses */ - YYSYMBOL_server_rrset_roundrobin = 501, /* server_rrset_roundrobin */ - YYSYMBOL_server_unknown_server_time_limit = 502, /* server_unknown_server_time_limit */ - YYSYMBOL_server_max_udp_size = 503, /* server_max_udp_size */ - YYSYMBOL_server_dns64_prefix = 504, /* server_dns64_prefix */ - YYSYMBOL_server_dns64_synthall = 505, /* server_dns64_synthall */ - YYSYMBOL_server_dns64_ignore_aaaa = 506, /* server_dns64_ignore_aaaa */ - YYSYMBOL_server_define_tag = 507, /* server_define_tag */ - YYSYMBOL_server_local_zone_tag = 508, /* server_local_zone_tag */ - YYSYMBOL_server_access_control_tag = 509, /* server_access_control_tag */ - YYSYMBOL_server_access_control_tag_action = 510, /* server_access_control_tag_action */ - YYSYMBOL_server_access_control_tag_data = 511, /* server_access_control_tag_data */ - YYSYMBOL_server_local_zone_override = 512, /* server_local_zone_override */ - YYSYMBOL_server_access_control_view = 513, /* server_access_control_view */ - YYSYMBOL_server_response_ip_tag = 514, /* server_response_ip_tag */ - YYSYMBOL_server_ip_ratelimit = 515, /* server_ip_ratelimit */ - YYSYMBOL_server_ratelimit = 516, /* server_ratelimit */ - YYSYMBOL_server_ip_ratelimit_size = 517, /* server_ip_ratelimit_size */ - YYSYMBOL_server_ratelimit_size = 518, /* server_ratelimit_size */ - YYSYMBOL_server_ip_ratelimit_slabs = 519, /* server_ip_ratelimit_slabs */ - YYSYMBOL_server_ratelimit_slabs = 520, /* server_ratelimit_slabs */ - YYSYMBOL_server_ratelimit_for_domain = 521, /* server_ratelimit_for_domain */ - YYSYMBOL_server_ratelimit_below_domain = 522, /* server_ratelimit_below_domain */ - YYSYMBOL_server_ip_ratelimit_factor = 523, /* server_ip_ratelimit_factor */ - YYSYMBOL_server_ratelimit_factor = 524, /* server_ratelimit_factor */ - YYSYMBOL_server_low_rtt = 525, /* server_low_rtt */ - YYSYMBOL_server_fast_server_num = 526, /* server_fast_server_num */ - YYSYMBOL_server_fast_server_permil = 527, /* server_fast_server_permil */ - YYSYMBOL_server_qname_minimisation = 528, /* server_qname_minimisation */ - YYSYMBOL_server_qname_minimisation_strict = 529, /* server_qname_minimisation_strict */ - YYSYMBOL_server_pad_responses = 530, /* server_pad_responses */ - YYSYMBOL_server_pad_responses_block_size = 531, /* server_pad_responses_block_size */ - YYSYMBOL_server_pad_queries = 532, /* server_pad_queries */ - YYSYMBOL_server_pad_queries_block_size = 533, /* server_pad_queries_block_size */ - YYSYMBOL_server_ipsecmod_enabled = 534, /* server_ipsecmod_enabled */ - YYSYMBOL_server_ipsecmod_ignore_bogus = 535, /* server_ipsecmod_ignore_bogus */ - YYSYMBOL_server_ipsecmod_hook = 536, /* server_ipsecmod_hook */ - YYSYMBOL_server_ipsecmod_max_ttl = 537, /* server_ipsecmod_max_ttl */ - YYSYMBOL_server_ipsecmod_whitelist = 538, /* server_ipsecmod_whitelist */ - YYSYMBOL_server_ipsecmod_strict = 539, /* server_ipsecmod_strict */ - YYSYMBOL_server_edns_client_string = 540, /* server_edns_client_string */ - YYSYMBOL_server_edns_client_string_opcode = 541, /* server_edns_client_string_opcode */ - YYSYMBOL_stub_name = 542, /* stub_name */ - YYSYMBOL_stub_host = 543, /* stub_host */ - YYSYMBOL_stub_addr = 544, /* stub_addr */ - YYSYMBOL_stub_first = 545, /* stub_first */ - YYSYMBOL_stub_no_cache = 546, /* stub_no_cache */ - YYSYMBOL_stub_ssl_upstream = 547, /* stub_ssl_upstream */ - YYSYMBOL_stub_prime = 548, /* stub_prime */ - YYSYMBOL_forward_name = 549, /* forward_name */ - YYSYMBOL_forward_host = 550, /* forward_host */ - YYSYMBOL_forward_addr = 551, /* forward_addr */ - YYSYMBOL_forward_first = 552, /* forward_first */ - YYSYMBOL_forward_no_cache = 553, /* forward_no_cache */ - YYSYMBOL_forward_ssl_upstream = 554, /* forward_ssl_upstream */ - YYSYMBOL_auth_name = 555, /* auth_name */ - YYSYMBOL_auth_zonefile = 556, /* auth_zonefile */ - YYSYMBOL_auth_master = 557, /* auth_master */ - YYSYMBOL_auth_url = 558, /* auth_url */ - YYSYMBOL_auth_allow_notify = 559, /* auth_allow_notify */ - YYSYMBOL_auth_for_downstream = 560, /* auth_for_downstream */ - YYSYMBOL_auth_for_upstream = 561, /* auth_for_upstream */ - YYSYMBOL_auth_fallback_enabled = 562, /* auth_fallback_enabled */ - YYSYMBOL_view_name = 563, /* view_name */ - YYSYMBOL_view_local_zone = 564, /* view_local_zone */ - YYSYMBOL_view_response_ip = 565, /* view_response_ip */ - YYSYMBOL_view_response_ip_data = 566, /* view_response_ip_data */ - YYSYMBOL_view_local_data = 567, /* view_local_data */ - YYSYMBOL_view_local_data_ptr = 568, /* view_local_data_ptr */ - YYSYMBOL_view_first = 569, /* view_first */ - YYSYMBOL_rcstart = 570, /* rcstart */ - YYSYMBOL_contents_rc = 571, /* contents_rc */ - YYSYMBOL_content_rc = 572, /* content_rc */ - YYSYMBOL_rc_control_enable = 573, /* rc_control_enable */ - YYSYMBOL_rc_control_port = 574, /* rc_control_port */ - YYSYMBOL_rc_control_interface = 575, /* rc_control_interface */ - YYSYMBOL_rc_control_use_cert = 576, /* rc_control_use_cert */ - YYSYMBOL_rc_server_key_file = 577, /* rc_server_key_file */ - YYSYMBOL_rc_server_cert_file = 578, /* rc_server_cert_file */ - YYSYMBOL_rc_control_key_file = 579, /* rc_control_key_file */ - YYSYMBOL_rc_control_cert_file = 580, /* rc_control_cert_file */ - YYSYMBOL_dtstart = 581, /* dtstart */ - YYSYMBOL_contents_dt = 582, /* contents_dt */ - YYSYMBOL_content_dt = 583, /* content_dt */ - YYSYMBOL_dt_dnstap_enable = 584, /* dt_dnstap_enable */ - YYSYMBOL_dt_dnstap_bidirectional = 585, /* dt_dnstap_bidirectional */ - YYSYMBOL_dt_dnstap_socket_path = 586, /* dt_dnstap_socket_path */ - YYSYMBOL_dt_dnstap_ip = 587, /* dt_dnstap_ip */ - YYSYMBOL_dt_dnstap_tls = 588, /* dt_dnstap_tls */ - YYSYMBOL_dt_dnstap_tls_server_name = 589, /* dt_dnstap_tls_server_name */ - YYSYMBOL_dt_dnstap_tls_cert_bundle = 590, /* dt_dnstap_tls_cert_bundle */ - YYSYMBOL_dt_dnstap_tls_client_key_file = 591, /* dt_dnstap_tls_client_key_file */ - YYSYMBOL_dt_dnstap_tls_client_cert_file = 592, /* dt_dnstap_tls_client_cert_file */ - YYSYMBOL_dt_dnstap_send_identity = 593, /* dt_dnstap_send_identity */ - YYSYMBOL_dt_dnstap_send_version = 594, /* dt_dnstap_send_version */ - YYSYMBOL_dt_dnstap_identity = 595, /* dt_dnstap_identity */ - YYSYMBOL_dt_dnstap_version = 596, /* dt_dnstap_version */ - YYSYMBOL_dt_dnstap_log_resolver_query_messages = 597, /* dt_dnstap_log_resolver_query_messages */ - YYSYMBOL_dt_dnstap_log_resolver_response_messages = 598, /* dt_dnstap_log_resolver_response_messages */ - YYSYMBOL_dt_dnstap_log_client_query_messages = 599, /* dt_dnstap_log_client_query_messages */ - YYSYMBOL_dt_dnstap_log_client_response_messages = 600, /* dt_dnstap_log_client_response_messages */ - YYSYMBOL_dt_dnstap_log_forwarder_query_messages = 601, /* dt_dnstap_log_forwarder_query_messages */ - YYSYMBOL_dt_dnstap_log_forwarder_response_messages = 602, /* dt_dnstap_log_forwarder_response_messages */ - YYSYMBOL_pythonstart = 603, /* pythonstart */ - YYSYMBOL_contents_py = 604, /* contents_py */ - YYSYMBOL_content_py = 605, /* content_py */ - YYSYMBOL_py_script = 606, /* py_script */ - YYSYMBOL_dynlibstart = 607, /* dynlibstart */ - YYSYMBOL_contents_dl = 608, /* contents_dl */ - YYSYMBOL_content_dl = 609, /* content_dl */ - YYSYMBOL_dl_file = 610, /* dl_file */ - YYSYMBOL_server_disable_dnssec_lame_check = 611, /* server_disable_dnssec_lame_check */ - YYSYMBOL_server_log_identity = 612, /* server_log_identity */ - YYSYMBOL_server_response_ip = 613, /* server_response_ip */ - YYSYMBOL_server_response_ip_data = 614, /* server_response_ip_data */ - YYSYMBOL_dnscstart = 615, /* dnscstart */ - YYSYMBOL_contents_dnsc = 616, /* contents_dnsc */ - YYSYMBOL_content_dnsc = 617, /* content_dnsc */ - YYSYMBOL_dnsc_dnscrypt_enable = 618, /* dnsc_dnscrypt_enable */ - YYSYMBOL_dnsc_dnscrypt_port = 619, /* dnsc_dnscrypt_port */ - YYSYMBOL_dnsc_dnscrypt_provider = 620, /* dnsc_dnscrypt_provider */ - YYSYMBOL_dnsc_dnscrypt_provider_cert = 621, /* dnsc_dnscrypt_provider_cert */ - YYSYMBOL_dnsc_dnscrypt_provider_cert_rotated = 622, /* dnsc_dnscrypt_provider_cert_rotated */ - YYSYMBOL_dnsc_dnscrypt_secret_key = 623, /* dnsc_dnscrypt_secret_key */ - YYSYMBOL_dnsc_dnscrypt_shared_secret_cache_size = 624, /* dnsc_dnscrypt_shared_secret_cache_size */ - YYSYMBOL_dnsc_dnscrypt_shared_secret_cache_slabs = 625, /* dnsc_dnscrypt_shared_secret_cache_slabs */ - YYSYMBOL_dnsc_dnscrypt_nonce_cache_size = 626, /* dnsc_dnscrypt_nonce_cache_size */ - YYSYMBOL_dnsc_dnscrypt_nonce_cache_slabs = 627, /* dnsc_dnscrypt_nonce_cache_slabs */ - YYSYMBOL_cachedbstart = 628, /* cachedbstart */ - YYSYMBOL_contents_cachedb = 629, /* contents_cachedb */ - YYSYMBOL_content_cachedb = 630, /* content_cachedb */ - YYSYMBOL_cachedb_backend_name = 631, /* cachedb_backend_name */ - YYSYMBOL_cachedb_secret_seed = 632, /* cachedb_secret_seed */ - YYSYMBOL_redis_server_host = 633, /* redis_server_host */ - YYSYMBOL_redis_server_port = 634, /* redis_server_port */ - YYSYMBOL_redis_timeout = 635, /* redis_timeout */ - YYSYMBOL_redis_expire_records = 636, /* redis_expire_records */ - YYSYMBOL_server_tcp_connection_limit = 637, /* server_tcp_connection_limit */ - YYSYMBOL_ipsetstart = 638, /* ipsetstart */ - YYSYMBOL_contents_ipset = 639, /* contents_ipset */ - YYSYMBOL_content_ipset = 640, /* content_ipset */ - YYSYMBOL_ipset_name_v4 = 641, /* ipset_name_v4 */ - YYSYMBOL_ipset_name_v6 = 642 /* ipset_name_v6 */ + YYSYMBOL_VAR_TCP_REUSE_TIMEOUT = 105, /* VAR_TCP_REUSE_TIMEOUT */ + YYSYMBOL_VAR_MAX_REUSE_TCP_QUERIES = 106, /* VAR_MAX_REUSE_TCP_QUERIES */ + YYSYMBOL_VAR_EXTENDED_STATISTICS = 107, /* VAR_EXTENDED_STATISTICS */ + YYSYMBOL_VAR_LOCAL_DATA_PTR = 108, /* VAR_LOCAL_DATA_PTR */ + YYSYMBOL_VAR_JOSTLE_TIMEOUT = 109, /* VAR_JOSTLE_TIMEOUT */ + YYSYMBOL_VAR_STUB_PRIME = 110, /* VAR_STUB_PRIME */ + YYSYMBOL_VAR_UNWANTED_REPLY_THRESHOLD = 111, /* VAR_UNWANTED_REPLY_THRESHOLD */ + YYSYMBOL_VAR_LOG_TIME_ASCII = 112, /* VAR_LOG_TIME_ASCII */ + YYSYMBOL_VAR_DOMAIN_INSECURE = 113, /* VAR_DOMAIN_INSECURE */ + YYSYMBOL_VAR_PYTHON = 114, /* VAR_PYTHON */ + YYSYMBOL_VAR_PYTHON_SCRIPT = 115, /* VAR_PYTHON_SCRIPT */ + YYSYMBOL_VAR_VAL_SIG_SKEW_MIN = 116, /* VAR_VAL_SIG_SKEW_MIN */ + YYSYMBOL_VAR_VAL_SIG_SKEW_MAX = 117, /* VAR_VAL_SIG_SKEW_MAX */ + YYSYMBOL_VAR_VAL_MAX_RESTART = 118, /* VAR_VAL_MAX_RESTART */ + YYSYMBOL_VAR_CACHE_MIN_TTL = 119, /* VAR_CACHE_MIN_TTL */ + YYSYMBOL_VAR_VAL_LOG_LEVEL = 120, /* VAR_VAL_LOG_LEVEL */ + YYSYMBOL_VAR_AUTO_TRUST_ANCHOR_FILE = 121, /* VAR_AUTO_TRUST_ANCHOR_FILE */ + YYSYMBOL_VAR_KEEP_MISSING = 122, /* VAR_KEEP_MISSING */ + YYSYMBOL_VAR_ADD_HOLDDOWN = 123, /* VAR_ADD_HOLDDOWN */ + YYSYMBOL_VAR_DEL_HOLDDOWN = 124, /* VAR_DEL_HOLDDOWN */ + YYSYMBOL_VAR_SO_RCVBUF = 125, /* VAR_SO_RCVBUF */ + YYSYMBOL_VAR_EDNS_BUFFER_SIZE = 126, /* VAR_EDNS_BUFFER_SIZE */ + YYSYMBOL_VAR_PREFETCH = 127, /* VAR_PREFETCH */ + YYSYMBOL_VAR_PREFETCH_KEY = 128, /* VAR_PREFETCH_KEY */ + YYSYMBOL_VAR_SO_SNDBUF = 129, /* VAR_SO_SNDBUF */ + YYSYMBOL_VAR_SO_REUSEPORT = 130, /* VAR_SO_REUSEPORT */ + YYSYMBOL_VAR_HARDEN_BELOW_NXDOMAIN = 131, /* VAR_HARDEN_BELOW_NXDOMAIN */ + YYSYMBOL_VAR_IGNORE_CD_FLAG = 132, /* VAR_IGNORE_CD_FLAG */ + YYSYMBOL_VAR_LOG_QUERIES = 133, /* VAR_LOG_QUERIES */ + YYSYMBOL_VAR_LOG_REPLIES = 134, /* VAR_LOG_REPLIES */ + YYSYMBOL_VAR_LOG_LOCAL_ACTIONS = 135, /* VAR_LOG_LOCAL_ACTIONS */ + YYSYMBOL_VAR_TCP_UPSTREAM = 136, /* VAR_TCP_UPSTREAM */ + YYSYMBOL_VAR_SSL_UPSTREAM = 137, /* VAR_SSL_UPSTREAM */ + YYSYMBOL_VAR_TCP_AUTH_QUERY_TIMEOUT = 138, /* VAR_TCP_AUTH_QUERY_TIMEOUT */ + YYSYMBOL_VAR_SSL_SERVICE_KEY = 139, /* VAR_SSL_SERVICE_KEY */ + YYSYMBOL_VAR_SSL_SERVICE_PEM = 140, /* VAR_SSL_SERVICE_PEM */ + YYSYMBOL_VAR_SSL_PORT = 141, /* VAR_SSL_PORT */ + YYSYMBOL_VAR_FORWARD_FIRST = 142, /* VAR_FORWARD_FIRST */ + YYSYMBOL_VAR_STUB_SSL_UPSTREAM = 143, /* VAR_STUB_SSL_UPSTREAM */ + YYSYMBOL_VAR_FORWARD_SSL_UPSTREAM = 144, /* VAR_FORWARD_SSL_UPSTREAM */ + YYSYMBOL_VAR_TLS_CERT_BUNDLE = 145, /* VAR_TLS_CERT_BUNDLE */ + YYSYMBOL_VAR_HTTPS_PORT = 146, /* VAR_HTTPS_PORT */ + YYSYMBOL_VAR_HTTP_ENDPOINT = 147, /* VAR_HTTP_ENDPOINT */ + YYSYMBOL_VAR_HTTP_MAX_STREAMS = 148, /* VAR_HTTP_MAX_STREAMS */ + YYSYMBOL_VAR_HTTP_QUERY_BUFFER_SIZE = 149, /* VAR_HTTP_QUERY_BUFFER_SIZE */ + YYSYMBOL_VAR_HTTP_RESPONSE_BUFFER_SIZE = 150, /* VAR_HTTP_RESPONSE_BUFFER_SIZE */ + YYSYMBOL_VAR_HTTP_NODELAY = 151, /* VAR_HTTP_NODELAY */ + YYSYMBOL_VAR_HTTP_NOTLS_DOWNSTREAM = 152, /* VAR_HTTP_NOTLS_DOWNSTREAM */ + YYSYMBOL_VAR_STUB_FIRST = 153, /* VAR_STUB_FIRST */ + YYSYMBOL_VAR_MINIMAL_RESPONSES = 154, /* VAR_MINIMAL_RESPONSES */ + YYSYMBOL_VAR_RRSET_ROUNDROBIN = 155, /* VAR_RRSET_ROUNDROBIN */ + YYSYMBOL_VAR_MAX_UDP_SIZE = 156, /* VAR_MAX_UDP_SIZE */ + YYSYMBOL_VAR_DELAY_CLOSE = 157, /* VAR_DELAY_CLOSE */ + YYSYMBOL_VAR_UDP_CONNECT = 158, /* VAR_UDP_CONNECT */ + YYSYMBOL_VAR_UNBLOCK_LAN_ZONES = 159, /* VAR_UNBLOCK_LAN_ZONES */ + YYSYMBOL_VAR_INSECURE_LAN_ZONES = 160, /* VAR_INSECURE_LAN_ZONES */ + YYSYMBOL_VAR_INFRA_CACHE_MIN_RTT = 161, /* VAR_INFRA_CACHE_MIN_RTT */ + YYSYMBOL_VAR_INFRA_KEEP_PROBING = 162, /* VAR_INFRA_KEEP_PROBING */ + YYSYMBOL_VAR_DNS64_PREFIX = 163, /* VAR_DNS64_PREFIX */ + YYSYMBOL_VAR_DNS64_SYNTHALL = 164, /* VAR_DNS64_SYNTHALL */ + YYSYMBOL_VAR_DNS64_IGNORE_AAAA = 165, /* VAR_DNS64_IGNORE_AAAA */ + YYSYMBOL_VAR_DNSTAP = 166, /* VAR_DNSTAP */ + YYSYMBOL_VAR_DNSTAP_ENABLE = 167, /* VAR_DNSTAP_ENABLE */ + YYSYMBOL_VAR_DNSTAP_SOCKET_PATH = 168, /* VAR_DNSTAP_SOCKET_PATH */ + YYSYMBOL_VAR_DNSTAP_IP = 169, /* VAR_DNSTAP_IP */ + YYSYMBOL_VAR_DNSTAP_TLS = 170, /* VAR_DNSTAP_TLS */ + YYSYMBOL_VAR_DNSTAP_TLS_SERVER_NAME = 171, /* VAR_DNSTAP_TLS_SERVER_NAME */ + YYSYMBOL_VAR_DNSTAP_TLS_CERT_BUNDLE = 172, /* VAR_DNSTAP_TLS_CERT_BUNDLE */ + YYSYMBOL_VAR_DNSTAP_TLS_CLIENT_KEY_FILE = 173, /* VAR_DNSTAP_TLS_CLIENT_KEY_FILE */ + YYSYMBOL_VAR_DNSTAP_TLS_CLIENT_CERT_FILE = 174, /* VAR_DNSTAP_TLS_CLIENT_CERT_FILE */ + YYSYMBOL_VAR_DNSTAP_SEND_IDENTITY = 175, /* VAR_DNSTAP_SEND_IDENTITY */ + YYSYMBOL_VAR_DNSTAP_SEND_VERSION = 176, /* VAR_DNSTAP_SEND_VERSION */ + YYSYMBOL_VAR_DNSTAP_BIDIRECTIONAL = 177, /* VAR_DNSTAP_BIDIRECTIONAL */ + YYSYMBOL_VAR_DNSTAP_IDENTITY = 178, /* VAR_DNSTAP_IDENTITY */ + YYSYMBOL_VAR_DNSTAP_VERSION = 179, /* VAR_DNSTAP_VERSION */ + YYSYMBOL_VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES = 180, /* VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES */ + YYSYMBOL_VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES = 181, /* VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES */ + YYSYMBOL_VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES = 182, /* VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES */ + YYSYMBOL_VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES = 183, /* VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES */ + YYSYMBOL_VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES = 184, /* VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES */ + YYSYMBOL_VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES = 185, /* VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES */ + YYSYMBOL_VAR_RESPONSE_IP_TAG = 186, /* VAR_RESPONSE_IP_TAG */ + YYSYMBOL_VAR_RESPONSE_IP = 187, /* VAR_RESPONSE_IP */ + YYSYMBOL_VAR_RESPONSE_IP_DATA = 188, /* VAR_RESPONSE_IP_DATA */ + YYSYMBOL_VAR_HARDEN_ALGO_DOWNGRADE = 189, /* VAR_HARDEN_ALGO_DOWNGRADE */ + YYSYMBOL_VAR_IP_TRANSPARENT = 190, /* VAR_IP_TRANSPARENT */ + YYSYMBOL_VAR_IP_DSCP = 191, /* VAR_IP_DSCP */ + YYSYMBOL_VAR_DISABLE_DNSSEC_LAME_CHECK = 192, /* VAR_DISABLE_DNSSEC_LAME_CHECK */ + YYSYMBOL_VAR_IP_RATELIMIT = 193, /* VAR_IP_RATELIMIT */ + YYSYMBOL_VAR_IP_RATELIMIT_SLABS = 194, /* VAR_IP_RATELIMIT_SLABS */ + YYSYMBOL_VAR_IP_RATELIMIT_SIZE = 195, /* VAR_IP_RATELIMIT_SIZE */ + YYSYMBOL_VAR_RATELIMIT = 196, /* VAR_RATELIMIT */ + YYSYMBOL_VAR_RATELIMIT_SLABS = 197, /* VAR_RATELIMIT_SLABS */ + YYSYMBOL_VAR_RATELIMIT_SIZE = 198, /* VAR_RATELIMIT_SIZE */ + YYSYMBOL_VAR_RATELIMIT_FOR_DOMAIN = 199, /* VAR_RATELIMIT_FOR_DOMAIN */ + YYSYMBOL_VAR_RATELIMIT_BELOW_DOMAIN = 200, /* VAR_RATELIMIT_BELOW_DOMAIN */ + YYSYMBOL_VAR_IP_RATELIMIT_FACTOR = 201, /* VAR_IP_RATELIMIT_FACTOR */ + YYSYMBOL_VAR_RATELIMIT_FACTOR = 202, /* VAR_RATELIMIT_FACTOR */ + YYSYMBOL_VAR_SEND_CLIENT_SUBNET = 203, /* VAR_SEND_CLIENT_SUBNET */ + YYSYMBOL_VAR_CLIENT_SUBNET_ZONE = 204, /* VAR_CLIENT_SUBNET_ZONE */ + YYSYMBOL_VAR_CLIENT_SUBNET_ALWAYS_FORWARD = 205, /* VAR_CLIENT_SUBNET_ALWAYS_FORWARD */ + YYSYMBOL_VAR_CLIENT_SUBNET_OPCODE = 206, /* VAR_CLIENT_SUBNET_OPCODE */ + YYSYMBOL_VAR_MAX_CLIENT_SUBNET_IPV4 = 207, /* VAR_MAX_CLIENT_SUBNET_IPV4 */ + YYSYMBOL_VAR_MAX_CLIENT_SUBNET_IPV6 = 208, /* VAR_MAX_CLIENT_SUBNET_IPV6 */ + YYSYMBOL_VAR_MIN_CLIENT_SUBNET_IPV4 = 209, /* VAR_MIN_CLIENT_SUBNET_IPV4 */ + YYSYMBOL_VAR_MIN_CLIENT_SUBNET_IPV6 = 210, /* VAR_MIN_CLIENT_SUBNET_IPV6 */ + YYSYMBOL_VAR_MAX_ECS_TREE_SIZE_IPV4 = 211, /* VAR_MAX_ECS_TREE_SIZE_IPV4 */ + YYSYMBOL_VAR_MAX_ECS_TREE_SIZE_IPV6 = 212, /* VAR_MAX_ECS_TREE_SIZE_IPV6 */ + YYSYMBOL_VAR_CAPS_WHITELIST = 213, /* VAR_CAPS_WHITELIST */ + YYSYMBOL_VAR_CACHE_MAX_NEGATIVE_TTL = 214, /* VAR_CACHE_MAX_NEGATIVE_TTL */ + YYSYMBOL_VAR_PERMIT_SMALL_HOLDDOWN = 215, /* VAR_PERMIT_SMALL_HOLDDOWN */ + YYSYMBOL_VAR_QNAME_MINIMISATION = 216, /* VAR_QNAME_MINIMISATION */ + YYSYMBOL_VAR_QNAME_MINIMISATION_STRICT = 217, /* VAR_QNAME_MINIMISATION_STRICT */ + YYSYMBOL_VAR_IP_FREEBIND = 218, /* VAR_IP_FREEBIND */ + YYSYMBOL_VAR_DEFINE_TAG = 219, /* VAR_DEFINE_TAG */ + YYSYMBOL_VAR_LOCAL_ZONE_TAG = 220, /* VAR_LOCAL_ZONE_TAG */ + YYSYMBOL_VAR_ACCESS_CONTROL_TAG = 221, /* VAR_ACCESS_CONTROL_TAG */ + YYSYMBOL_VAR_LOCAL_ZONE_OVERRIDE = 222, /* VAR_LOCAL_ZONE_OVERRIDE */ + YYSYMBOL_VAR_ACCESS_CONTROL_TAG_ACTION = 223, /* VAR_ACCESS_CONTROL_TAG_ACTION */ + YYSYMBOL_VAR_ACCESS_CONTROL_TAG_DATA = 224, /* VAR_ACCESS_CONTROL_TAG_DATA */ + YYSYMBOL_VAR_VIEW = 225, /* VAR_VIEW */ + YYSYMBOL_VAR_ACCESS_CONTROL_VIEW = 226, /* VAR_ACCESS_CONTROL_VIEW */ + YYSYMBOL_VAR_VIEW_FIRST = 227, /* VAR_VIEW_FIRST */ + YYSYMBOL_VAR_SERVE_EXPIRED = 228, /* VAR_SERVE_EXPIRED */ + YYSYMBOL_VAR_SERVE_EXPIRED_TTL = 229, /* VAR_SERVE_EXPIRED_TTL */ + YYSYMBOL_VAR_SERVE_EXPIRED_TTL_RESET = 230, /* VAR_SERVE_EXPIRED_TTL_RESET */ + YYSYMBOL_VAR_SERVE_EXPIRED_REPLY_TTL = 231, /* VAR_SERVE_EXPIRED_REPLY_TTL */ + YYSYMBOL_VAR_SERVE_EXPIRED_CLIENT_TIMEOUT = 232, /* VAR_SERVE_EXPIRED_CLIENT_TIMEOUT */ + YYSYMBOL_VAR_SERVE_ORIGINAL_TTL = 233, /* VAR_SERVE_ORIGINAL_TTL */ + YYSYMBOL_VAR_FAKE_DSA = 234, /* VAR_FAKE_DSA */ + YYSYMBOL_VAR_FAKE_SHA1 = 235, /* VAR_FAKE_SHA1 */ + YYSYMBOL_VAR_LOG_IDENTITY = 236, /* VAR_LOG_IDENTITY */ + YYSYMBOL_VAR_HIDE_TRUSTANCHOR = 237, /* VAR_HIDE_TRUSTANCHOR */ + YYSYMBOL_VAR_HIDE_HTTP_USER_AGENT = 238, /* VAR_HIDE_HTTP_USER_AGENT */ + YYSYMBOL_VAR_HTTP_USER_AGENT = 239, /* VAR_HTTP_USER_AGENT */ + YYSYMBOL_VAR_TRUST_ANCHOR_SIGNALING = 240, /* VAR_TRUST_ANCHOR_SIGNALING */ + YYSYMBOL_VAR_AGGRESSIVE_NSEC = 241, /* VAR_AGGRESSIVE_NSEC */ + YYSYMBOL_VAR_USE_SYSTEMD = 242, /* VAR_USE_SYSTEMD */ + YYSYMBOL_VAR_SHM_ENABLE = 243, /* VAR_SHM_ENABLE */ + YYSYMBOL_VAR_SHM_KEY = 244, /* VAR_SHM_KEY */ + YYSYMBOL_VAR_ROOT_KEY_SENTINEL = 245, /* VAR_ROOT_KEY_SENTINEL */ + YYSYMBOL_VAR_DNSCRYPT = 246, /* VAR_DNSCRYPT */ + YYSYMBOL_VAR_DNSCRYPT_ENABLE = 247, /* VAR_DNSCRYPT_ENABLE */ + YYSYMBOL_VAR_DNSCRYPT_PORT = 248, /* VAR_DNSCRYPT_PORT */ + YYSYMBOL_VAR_DNSCRYPT_PROVIDER = 249, /* VAR_DNSCRYPT_PROVIDER */ + YYSYMBOL_VAR_DNSCRYPT_SECRET_KEY = 250, /* VAR_DNSCRYPT_SECRET_KEY */ + YYSYMBOL_VAR_DNSCRYPT_PROVIDER_CERT = 251, /* VAR_DNSCRYPT_PROVIDER_CERT */ + YYSYMBOL_VAR_DNSCRYPT_PROVIDER_CERT_ROTATED = 252, /* VAR_DNSCRYPT_PROVIDER_CERT_ROTATED */ + YYSYMBOL_VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE = 253, /* VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE */ + YYSYMBOL_VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS = 254, /* VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS */ + YYSYMBOL_VAR_DNSCRYPT_NONCE_CACHE_SIZE = 255, /* VAR_DNSCRYPT_NONCE_CACHE_SIZE */ + YYSYMBOL_VAR_DNSCRYPT_NONCE_CACHE_SLABS = 256, /* VAR_DNSCRYPT_NONCE_CACHE_SLABS */ + YYSYMBOL_VAR_PAD_RESPONSES = 257, /* VAR_PAD_RESPONSES */ + YYSYMBOL_VAR_PAD_RESPONSES_BLOCK_SIZE = 258, /* VAR_PAD_RESPONSES_BLOCK_SIZE */ + YYSYMBOL_VAR_PAD_QUERIES = 259, /* VAR_PAD_QUERIES */ + YYSYMBOL_VAR_PAD_QUERIES_BLOCK_SIZE = 260, /* VAR_PAD_QUERIES_BLOCK_SIZE */ + YYSYMBOL_VAR_IPSECMOD_ENABLED = 261, /* VAR_IPSECMOD_ENABLED */ + YYSYMBOL_VAR_IPSECMOD_HOOK = 262, /* VAR_IPSECMOD_HOOK */ + YYSYMBOL_VAR_IPSECMOD_IGNORE_BOGUS = 263, /* VAR_IPSECMOD_IGNORE_BOGUS */ + YYSYMBOL_VAR_IPSECMOD_MAX_TTL = 264, /* VAR_IPSECMOD_MAX_TTL */ + YYSYMBOL_VAR_IPSECMOD_WHITELIST = 265, /* VAR_IPSECMOD_WHITELIST */ + YYSYMBOL_VAR_IPSECMOD_STRICT = 266, /* VAR_IPSECMOD_STRICT */ + YYSYMBOL_VAR_CACHEDB = 267, /* VAR_CACHEDB */ + YYSYMBOL_VAR_CACHEDB_BACKEND = 268, /* VAR_CACHEDB_BACKEND */ + YYSYMBOL_VAR_CACHEDB_SECRETSEED = 269, /* VAR_CACHEDB_SECRETSEED */ + YYSYMBOL_VAR_CACHEDB_REDISHOST = 270, /* VAR_CACHEDB_REDISHOST */ + YYSYMBOL_VAR_CACHEDB_REDISPORT = 271, /* VAR_CACHEDB_REDISPORT */ + YYSYMBOL_VAR_CACHEDB_REDISTIMEOUT = 272, /* VAR_CACHEDB_REDISTIMEOUT */ + YYSYMBOL_VAR_CACHEDB_REDISEXPIRERECORDS = 273, /* VAR_CACHEDB_REDISEXPIRERECORDS */ + YYSYMBOL_VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM = 274, /* VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM */ + YYSYMBOL_VAR_FOR_UPSTREAM = 275, /* VAR_FOR_UPSTREAM */ + YYSYMBOL_VAR_AUTH_ZONE = 276, /* VAR_AUTH_ZONE */ + YYSYMBOL_VAR_ZONEFILE = 277, /* VAR_ZONEFILE */ + YYSYMBOL_VAR_MASTER = 278, /* VAR_MASTER */ + YYSYMBOL_VAR_URL = 279, /* VAR_URL */ + YYSYMBOL_VAR_FOR_DOWNSTREAM = 280, /* VAR_FOR_DOWNSTREAM */ + YYSYMBOL_VAR_FALLBACK_ENABLED = 281, /* VAR_FALLBACK_ENABLED */ + YYSYMBOL_VAR_TLS_ADDITIONAL_PORT = 282, /* VAR_TLS_ADDITIONAL_PORT */ + YYSYMBOL_VAR_LOW_RTT = 283, /* VAR_LOW_RTT */ + YYSYMBOL_VAR_LOW_RTT_PERMIL = 284, /* VAR_LOW_RTT_PERMIL */ + YYSYMBOL_VAR_FAST_SERVER_PERMIL = 285, /* VAR_FAST_SERVER_PERMIL */ + YYSYMBOL_VAR_FAST_SERVER_NUM = 286, /* VAR_FAST_SERVER_NUM */ + YYSYMBOL_VAR_ALLOW_NOTIFY = 287, /* VAR_ALLOW_NOTIFY */ + YYSYMBOL_VAR_TLS_WIN_CERT = 288, /* VAR_TLS_WIN_CERT */ + YYSYMBOL_VAR_TCP_CONNECTION_LIMIT = 289, /* VAR_TCP_CONNECTION_LIMIT */ + YYSYMBOL_VAR_FORWARD_NO_CACHE = 290, /* VAR_FORWARD_NO_CACHE */ + YYSYMBOL_VAR_STUB_NO_CACHE = 291, /* VAR_STUB_NO_CACHE */ + YYSYMBOL_VAR_LOG_SERVFAIL = 292, /* VAR_LOG_SERVFAIL */ + YYSYMBOL_VAR_DENY_ANY = 293, /* VAR_DENY_ANY */ + YYSYMBOL_VAR_UNKNOWN_SERVER_TIME_LIMIT = 294, /* VAR_UNKNOWN_SERVER_TIME_LIMIT */ + YYSYMBOL_VAR_LOG_TAG_QUERYREPLY = 295, /* VAR_LOG_TAG_QUERYREPLY */ + YYSYMBOL_VAR_STREAM_WAIT_SIZE = 296, /* VAR_STREAM_WAIT_SIZE */ + YYSYMBOL_VAR_TLS_CIPHERS = 297, /* VAR_TLS_CIPHERS */ + YYSYMBOL_VAR_TLS_CIPHERSUITES = 298, /* VAR_TLS_CIPHERSUITES */ + YYSYMBOL_VAR_TLS_USE_SNI = 299, /* VAR_TLS_USE_SNI */ + YYSYMBOL_VAR_IPSET = 300, /* VAR_IPSET */ + YYSYMBOL_VAR_IPSET_NAME_V4 = 301, /* VAR_IPSET_NAME_V4 */ + YYSYMBOL_VAR_IPSET_NAME_V6 = 302, /* VAR_IPSET_NAME_V6 */ + YYSYMBOL_VAR_TLS_SESSION_TICKET_KEYS = 303, /* VAR_TLS_SESSION_TICKET_KEYS */ + YYSYMBOL_VAR_RPZ = 304, /* VAR_RPZ */ + YYSYMBOL_VAR_TAGS = 305, /* VAR_TAGS */ + YYSYMBOL_VAR_RPZ_ACTION_OVERRIDE = 306, /* VAR_RPZ_ACTION_OVERRIDE */ + YYSYMBOL_VAR_RPZ_CNAME_OVERRIDE = 307, /* VAR_RPZ_CNAME_OVERRIDE */ + YYSYMBOL_VAR_RPZ_LOG = 308, /* VAR_RPZ_LOG */ + YYSYMBOL_VAR_RPZ_LOG_NAME = 309, /* VAR_RPZ_LOG_NAME */ + YYSYMBOL_VAR_DYNLIB = 310, /* VAR_DYNLIB */ + YYSYMBOL_VAR_DYNLIB_FILE = 311, /* VAR_DYNLIB_FILE */ + YYSYMBOL_VAR_EDNS_CLIENT_STRING = 312, /* VAR_EDNS_CLIENT_STRING */ + YYSYMBOL_VAR_EDNS_CLIENT_STRING_OPCODE = 313, /* VAR_EDNS_CLIENT_STRING_OPCODE */ + YYSYMBOL_VAR_NSID = 314, /* VAR_NSID */ + YYSYMBOL_VAR_ZONEMD_PERMISSIVE_MODE = 315, /* VAR_ZONEMD_PERMISSIVE_MODE */ + YYSYMBOL_VAR_ZONEMD_CHECK = 316, /* VAR_ZONEMD_CHECK */ + YYSYMBOL_VAR_ZONEMD_REJECT_ABSENCE = 317, /* VAR_ZONEMD_REJECT_ABSENCE */ + YYSYMBOL_YYACCEPT = 318, /* $accept */ + YYSYMBOL_toplevelvars = 319, /* toplevelvars */ + YYSYMBOL_toplevelvar = 320, /* toplevelvar */ + YYSYMBOL_force_toplevel = 321, /* force_toplevel */ + YYSYMBOL_serverstart = 322, /* serverstart */ + YYSYMBOL_contents_server = 323, /* contents_server */ + YYSYMBOL_content_server = 324, /* content_server */ + YYSYMBOL_stubstart = 325, /* stubstart */ + YYSYMBOL_contents_stub = 326, /* contents_stub */ + YYSYMBOL_content_stub = 327, /* content_stub */ + YYSYMBOL_forwardstart = 328, /* forwardstart */ + YYSYMBOL_contents_forward = 329, /* contents_forward */ + YYSYMBOL_content_forward = 330, /* content_forward */ + YYSYMBOL_viewstart = 331, /* viewstart */ + YYSYMBOL_contents_view = 332, /* contents_view */ + YYSYMBOL_content_view = 333, /* content_view */ + YYSYMBOL_authstart = 334, /* authstart */ + YYSYMBOL_contents_auth = 335, /* contents_auth */ + YYSYMBOL_content_auth = 336, /* content_auth */ + YYSYMBOL_rpz_tag = 337, /* rpz_tag */ + YYSYMBOL_rpz_action_override = 338, /* rpz_action_override */ + YYSYMBOL_rpz_cname_override = 339, /* rpz_cname_override */ + YYSYMBOL_rpz_log = 340, /* rpz_log */ + YYSYMBOL_rpz_log_name = 341, /* rpz_log_name */ + YYSYMBOL_rpzstart = 342, /* rpzstart */ + YYSYMBOL_contents_rpz = 343, /* contents_rpz */ + YYSYMBOL_content_rpz = 344, /* content_rpz */ + YYSYMBOL_server_num_threads = 345, /* server_num_threads */ + YYSYMBOL_server_verbosity = 346, /* server_verbosity */ + YYSYMBOL_server_statistics_interval = 347, /* server_statistics_interval */ + YYSYMBOL_server_statistics_cumulative = 348, /* server_statistics_cumulative */ + YYSYMBOL_server_extended_statistics = 349, /* server_extended_statistics */ + YYSYMBOL_server_shm_enable = 350, /* server_shm_enable */ + YYSYMBOL_server_shm_key = 351, /* server_shm_key */ + YYSYMBOL_server_port = 352, /* server_port */ + YYSYMBOL_server_send_client_subnet = 353, /* server_send_client_subnet */ + YYSYMBOL_server_client_subnet_zone = 354, /* server_client_subnet_zone */ + YYSYMBOL_server_client_subnet_always_forward = 355, /* server_client_subnet_always_forward */ + YYSYMBOL_server_client_subnet_opcode = 356, /* server_client_subnet_opcode */ + YYSYMBOL_server_max_client_subnet_ipv4 = 357, /* server_max_client_subnet_ipv4 */ + YYSYMBOL_server_max_client_subnet_ipv6 = 358, /* server_max_client_subnet_ipv6 */ + YYSYMBOL_server_min_client_subnet_ipv4 = 359, /* server_min_client_subnet_ipv4 */ + YYSYMBOL_server_min_client_subnet_ipv6 = 360, /* server_min_client_subnet_ipv6 */ + YYSYMBOL_server_max_ecs_tree_size_ipv4 = 361, /* server_max_ecs_tree_size_ipv4 */ + YYSYMBOL_server_max_ecs_tree_size_ipv6 = 362, /* server_max_ecs_tree_size_ipv6 */ + YYSYMBOL_server_interface = 363, /* server_interface */ + YYSYMBOL_server_outgoing_interface = 364, /* server_outgoing_interface */ + YYSYMBOL_server_outgoing_range = 365, /* server_outgoing_range */ + YYSYMBOL_server_outgoing_port_permit = 366, /* server_outgoing_port_permit */ + YYSYMBOL_server_outgoing_port_avoid = 367, /* server_outgoing_port_avoid */ + YYSYMBOL_server_outgoing_num_tcp = 368, /* server_outgoing_num_tcp */ + YYSYMBOL_server_incoming_num_tcp = 369, /* server_incoming_num_tcp */ + YYSYMBOL_server_interface_automatic = 370, /* server_interface_automatic */ + YYSYMBOL_server_do_ip4 = 371, /* server_do_ip4 */ + YYSYMBOL_server_do_ip6 = 372, /* server_do_ip6 */ + YYSYMBOL_server_do_udp = 373, /* server_do_udp */ + YYSYMBOL_server_do_tcp = 374, /* server_do_tcp */ + YYSYMBOL_server_prefer_ip4 = 375, /* server_prefer_ip4 */ + YYSYMBOL_server_prefer_ip6 = 376, /* server_prefer_ip6 */ + YYSYMBOL_server_tcp_mss = 377, /* server_tcp_mss */ + YYSYMBOL_server_outgoing_tcp_mss = 378, /* server_outgoing_tcp_mss */ + YYSYMBOL_server_tcp_idle_timeout = 379, /* server_tcp_idle_timeout */ + YYSYMBOL_server_max_reuse_tcp_queries = 380, /* server_max_reuse_tcp_queries */ + YYSYMBOL_server_tcp_reuse_timeout = 381, /* server_tcp_reuse_timeout */ + YYSYMBOL_server_tcp_auth_query_timeout = 382, /* server_tcp_auth_query_timeout */ + YYSYMBOL_server_tcp_keepalive = 383, /* server_tcp_keepalive */ + YYSYMBOL_server_tcp_keepalive_timeout = 384, /* server_tcp_keepalive_timeout */ + YYSYMBOL_server_tcp_upstream = 385, /* server_tcp_upstream */ + YYSYMBOL_server_udp_upstream_without_downstream = 386, /* server_udp_upstream_without_downstream */ + YYSYMBOL_server_ssl_upstream = 387, /* server_ssl_upstream */ + YYSYMBOL_server_ssl_service_key = 388, /* server_ssl_service_key */ + YYSYMBOL_server_ssl_service_pem = 389, /* server_ssl_service_pem */ + YYSYMBOL_server_ssl_port = 390, /* server_ssl_port */ + YYSYMBOL_server_tls_cert_bundle = 391, /* server_tls_cert_bundle */ + YYSYMBOL_server_tls_win_cert = 392, /* server_tls_win_cert */ + YYSYMBOL_server_tls_additional_port = 393, /* server_tls_additional_port */ + YYSYMBOL_server_tls_ciphers = 394, /* server_tls_ciphers */ + YYSYMBOL_server_tls_ciphersuites = 395, /* server_tls_ciphersuites */ + YYSYMBOL_server_tls_session_ticket_keys = 396, /* server_tls_session_ticket_keys */ + YYSYMBOL_server_tls_use_sni = 397, /* server_tls_use_sni */ + YYSYMBOL_server_https_port = 398, /* server_https_port */ + YYSYMBOL_server_http_endpoint = 399, /* server_http_endpoint */ + YYSYMBOL_server_http_max_streams = 400, /* server_http_max_streams */ + YYSYMBOL_server_http_query_buffer_size = 401, /* server_http_query_buffer_size */ + YYSYMBOL_server_http_response_buffer_size = 402, /* server_http_response_buffer_size */ + YYSYMBOL_server_http_nodelay = 403, /* server_http_nodelay */ + YYSYMBOL_server_http_notls_downstream = 404, /* server_http_notls_downstream */ + YYSYMBOL_server_use_systemd = 405, /* server_use_systemd */ + YYSYMBOL_server_do_daemonize = 406, /* server_do_daemonize */ + YYSYMBOL_server_use_syslog = 407, /* server_use_syslog */ + YYSYMBOL_server_log_time_ascii = 408, /* server_log_time_ascii */ + YYSYMBOL_server_log_queries = 409, /* server_log_queries */ + YYSYMBOL_server_log_replies = 410, /* server_log_replies */ + YYSYMBOL_server_log_tag_queryreply = 411, /* server_log_tag_queryreply */ + YYSYMBOL_server_log_servfail = 412, /* server_log_servfail */ + YYSYMBOL_server_log_local_actions = 413, /* server_log_local_actions */ + YYSYMBOL_server_chroot = 414, /* server_chroot */ + YYSYMBOL_server_username = 415, /* server_username */ + YYSYMBOL_server_directory = 416, /* server_directory */ + YYSYMBOL_server_logfile = 417, /* server_logfile */ + YYSYMBOL_server_pidfile = 418, /* server_pidfile */ + YYSYMBOL_server_root_hints = 419, /* server_root_hints */ + YYSYMBOL_server_dlv_anchor_file = 420, /* server_dlv_anchor_file */ + YYSYMBOL_server_dlv_anchor = 421, /* server_dlv_anchor */ + YYSYMBOL_server_auto_trust_anchor_file = 422, /* server_auto_trust_anchor_file */ + YYSYMBOL_server_trust_anchor_file = 423, /* server_trust_anchor_file */ + YYSYMBOL_server_trusted_keys_file = 424, /* server_trusted_keys_file */ + YYSYMBOL_server_trust_anchor = 425, /* server_trust_anchor */ + YYSYMBOL_server_trust_anchor_signaling = 426, /* server_trust_anchor_signaling */ + YYSYMBOL_server_root_key_sentinel = 427, /* server_root_key_sentinel */ + YYSYMBOL_server_domain_insecure = 428, /* server_domain_insecure */ + YYSYMBOL_server_hide_identity = 429, /* server_hide_identity */ + YYSYMBOL_server_hide_version = 430, /* server_hide_version */ + YYSYMBOL_server_hide_trustanchor = 431, /* server_hide_trustanchor */ + YYSYMBOL_server_hide_http_user_agent = 432, /* server_hide_http_user_agent */ + YYSYMBOL_server_identity = 433, /* server_identity */ + YYSYMBOL_server_version = 434, /* server_version */ + YYSYMBOL_server_http_user_agent = 435, /* server_http_user_agent */ + YYSYMBOL_server_nsid = 436, /* server_nsid */ + YYSYMBOL_server_so_rcvbuf = 437, /* server_so_rcvbuf */ + YYSYMBOL_server_so_sndbuf = 438, /* server_so_sndbuf */ + YYSYMBOL_server_so_reuseport = 439, /* server_so_reuseport */ + YYSYMBOL_server_ip_transparent = 440, /* server_ip_transparent */ + YYSYMBOL_server_ip_freebind = 441, /* server_ip_freebind */ + YYSYMBOL_server_ip_dscp = 442, /* server_ip_dscp */ + YYSYMBOL_server_stream_wait_size = 443, /* server_stream_wait_size */ + YYSYMBOL_server_edns_buffer_size = 444, /* server_edns_buffer_size */ + YYSYMBOL_server_msg_buffer_size = 445, /* server_msg_buffer_size */ + YYSYMBOL_server_msg_cache_size = 446, /* server_msg_cache_size */ + YYSYMBOL_server_msg_cache_slabs = 447, /* server_msg_cache_slabs */ + YYSYMBOL_server_num_queries_per_thread = 448, /* server_num_queries_per_thread */ + YYSYMBOL_server_jostle_timeout = 449, /* server_jostle_timeout */ + YYSYMBOL_server_delay_close = 450, /* server_delay_close */ + YYSYMBOL_server_udp_connect = 451, /* server_udp_connect */ + YYSYMBOL_server_unblock_lan_zones = 452, /* server_unblock_lan_zones */ + YYSYMBOL_server_insecure_lan_zones = 453, /* server_insecure_lan_zones */ + YYSYMBOL_server_rrset_cache_size = 454, /* server_rrset_cache_size */ + YYSYMBOL_server_rrset_cache_slabs = 455, /* server_rrset_cache_slabs */ + YYSYMBOL_server_infra_host_ttl = 456, /* server_infra_host_ttl */ + YYSYMBOL_server_infra_lame_ttl = 457, /* server_infra_lame_ttl */ + YYSYMBOL_server_infra_cache_numhosts = 458, /* server_infra_cache_numhosts */ + YYSYMBOL_server_infra_cache_lame_size = 459, /* server_infra_cache_lame_size */ + YYSYMBOL_server_infra_cache_slabs = 460, /* server_infra_cache_slabs */ + YYSYMBOL_server_infra_cache_min_rtt = 461, /* server_infra_cache_min_rtt */ + YYSYMBOL_server_infra_keep_probing = 462, /* server_infra_keep_probing */ + YYSYMBOL_server_target_fetch_policy = 463, /* server_target_fetch_policy */ + YYSYMBOL_server_harden_short_bufsize = 464, /* server_harden_short_bufsize */ + YYSYMBOL_server_harden_large_queries = 465, /* server_harden_large_queries */ + YYSYMBOL_server_harden_glue = 466, /* server_harden_glue */ + YYSYMBOL_server_harden_dnssec_stripped = 467, /* server_harden_dnssec_stripped */ + YYSYMBOL_server_harden_below_nxdomain = 468, /* server_harden_below_nxdomain */ + YYSYMBOL_server_harden_referral_path = 469, /* server_harden_referral_path */ + YYSYMBOL_server_harden_algo_downgrade = 470, /* server_harden_algo_downgrade */ + YYSYMBOL_server_use_caps_for_id = 471, /* server_use_caps_for_id */ + YYSYMBOL_server_caps_whitelist = 472, /* server_caps_whitelist */ + YYSYMBOL_server_private_address = 473, /* server_private_address */ + YYSYMBOL_server_private_domain = 474, /* server_private_domain */ + YYSYMBOL_server_prefetch = 475, /* server_prefetch */ + YYSYMBOL_server_prefetch_key = 476, /* server_prefetch_key */ + YYSYMBOL_server_deny_any = 477, /* server_deny_any */ + YYSYMBOL_server_unwanted_reply_threshold = 478, /* server_unwanted_reply_threshold */ + YYSYMBOL_server_do_not_query_address = 479, /* server_do_not_query_address */ + YYSYMBOL_server_do_not_query_localhost = 480, /* server_do_not_query_localhost */ + YYSYMBOL_server_access_control = 481, /* server_access_control */ + YYSYMBOL_server_module_conf = 482, /* server_module_conf */ + YYSYMBOL_server_val_override_date = 483, /* server_val_override_date */ + YYSYMBOL_server_val_sig_skew_min = 484, /* server_val_sig_skew_min */ + YYSYMBOL_server_val_sig_skew_max = 485, /* server_val_sig_skew_max */ + YYSYMBOL_server_val_max_restart = 486, /* server_val_max_restart */ + YYSYMBOL_server_cache_max_ttl = 487, /* server_cache_max_ttl */ + YYSYMBOL_server_cache_max_negative_ttl = 488, /* server_cache_max_negative_ttl */ + YYSYMBOL_server_cache_min_ttl = 489, /* server_cache_min_ttl */ + YYSYMBOL_server_bogus_ttl = 490, /* server_bogus_ttl */ + YYSYMBOL_server_val_clean_additional = 491, /* server_val_clean_additional */ + YYSYMBOL_server_val_permissive_mode = 492, /* server_val_permissive_mode */ + YYSYMBOL_server_aggressive_nsec = 493, /* server_aggressive_nsec */ + YYSYMBOL_server_ignore_cd_flag = 494, /* server_ignore_cd_flag */ + YYSYMBOL_server_serve_expired = 495, /* server_serve_expired */ + YYSYMBOL_server_serve_expired_ttl = 496, /* server_serve_expired_ttl */ + YYSYMBOL_server_serve_expired_ttl_reset = 497, /* server_serve_expired_ttl_reset */ + YYSYMBOL_server_serve_expired_reply_ttl = 498, /* server_serve_expired_reply_ttl */ + YYSYMBOL_server_serve_expired_client_timeout = 499, /* server_serve_expired_client_timeout */ + YYSYMBOL_server_serve_original_ttl = 500, /* server_serve_original_ttl */ + YYSYMBOL_server_fake_dsa = 501, /* server_fake_dsa */ + YYSYMBOL_server_fake_sha1 = 502, /* server_fake_sha1 */ + YYSYMBOL_server_val_log_level = 503, /* server_val_log_level */ + YYSYMBOL_server_val_nsec3_keysize_iterations = 504, /* server_val_nsec3_keysize_iterations */ + YYSYMBOL_server_zonemd_permissive_mode = 505, /* server_zonemd_permissive_mode */ + YYSYMBOL_server_add_holddown = 506, /* server_add_holddown */ + YYSYMBOL_server_del_holddown = 507, /* server_del_holddown */ + YYSYMBOL_server_keep_missing = 508, /* server_keep_missing */ + YYSYMBOL_server_permit_small_holddown = 509, /* server_permit_small_holddown */ + YYSYMBOL_server_key_cache_size = 510, /* server_key_cache_size */ + YYSYMBOL_server_key_cache_slabs = 511, /* server_key_cache_slabs */ + YYSYMBOL_server_neg_cache_size = 512, /* server_neg_cache_size */ + YYSYMBOL_server_local_zone = 513, /* server_local_zone */ + YYSYMBOL_server_local_data = 514, /* server_local_data */ + YYSYMBOL_server_local_data_ptr = 515, /* server_local_data_ptr */ + YYSYMBOL_server_minimal_responses = 516, /* server_minimal_responses */ + YYSYMBOL_server_rrset_roundrobin = 517, /* server_rrset_roundrobin */ + YYSYMBOL_server_unknown_server_time_limit = 518, /* server_unknown_server_time_limit */ + YYSYMBOL_server_max_udp_size = 519, /* server_max_udp_size */ + YYSYMBOL_server_dns64_prefix = 520, /* server_dns64_prefix */ + YYSYMBOL_server_dns64_synthall = 521, /* server_dns64_synthall */ + YYSYMBOL_server_dns64_ignore_aaaa = 522, /* server_dns64_ignore_aaaa */ + YYSYMBOL_server_define_tag = 523, /* server_define_tag */ + YYSYMBOL_server_local_zone_tag = 524, /* server_local_zone_tag */ + YYSYMBOL_server_access_control_tag = 525, /* server_access_control_tag */ + YYSYMBOL_server_access_control_tag_action = 526, /* server_access_control_tag_action */ + YYSYMBOL_server_access_control_tag_data = 527, /* server_access_control_tag_data */ + YYSYMBOL_server_local_zone_override = 528, /* server_local_zone_override */ + YYSYMBOL_server_access_control_view = 529, /* server_access_control_view */ + YYSYMBOL_server_response_ip_tag = 530, /* server_response_ip_tag */ + YYSYMBOL_server_ip_ratelimit = 531, /* server_ip_ratelimit */ + YYSYMBOL_server_ratelimit = 532, /* server_ratelimit */ + YYSYMBOL_server_ip_ratelimit_size = 533, /* server_ip_ratelimit_size */ + YYSYMBOL_server_ratelimit_size = 534, /* server_ratelimit_size */ + YYSYMBOL_server_ip_ratelimit_slabs = 535, /* server_ip_ratelimit_slabs */ + YYSYMBOL_server_ratelimit_slabs = 536, /* server_ratelimit_slabs */ + YYSYMBOL_server_ratelimit_for_domain = 537, /* server_ratelimit_for_domain */ + YYSYMBOL_server_ratelimit_below_domain = 538, /* server_ratelimit_below_domain */ + YYSYMBOL_server_ip_ratelimit_factor = 539, /* server_ip_ratelimit_factor */ + YYSYMBOL_server_ratelimit_factor = 540, /* server_ratelimit_factor */ + YYSYMBOL_server_low_rtt = 541, /* server_low_rtt */ + YYSYMBOL_server_fast_server_num = 542, /* server_fast_server_num */ + YYSYMBOL_server_fast_server_permil = 543, /* server_fast_server_permil */ + YYSYMBOL_server_qname_minimisation = 544, /* server_qname_minimisation */ + YYSYMBOL_server_qname_minimisation_strict = 545, /* server_qname_minimisation_strict */ + YYSYMBOL_server_pad_responses = 546, /* server_pad_responses */ + YYSYMBOL_server_pad_responses_block_size = 547, /* server_pad_responses_block_size */ + YYSYMBOL_server_pad_queries = 548, /* server_pad_queries */ + YYSYMBOL_server_pad_queries_block_size = 549, /* server_pad_queries_block_size */ + YYSYMBOL_server_ipsecmod_enabled = 550, /* server_ipsecmod_enabled */ + YYSYMBOL_server_ipsecmod_ignore_bogus = 551, /* server_ipsecmod_ignore_bogus */ + YYSYMBOL_server_ipsecmod_hook = 552, /* server_ipsecmod_hook */ + YYSYMBOL_server_ipsecmod_max_ttl = 553, /* server_ipsecmod_max_ttl */ + YYSYMBOL_server_ipsecmod_whitelist = 554, /* server_ipsecmod_whitelist */ + YYSYMBOL_server_ipsecmod_strict = 555, /* server_ipsecmod_strict */ + YYSYMBOL_server_edns_client_string = 556, /* server_edns_client_string */ + YYSYMBOL_server_edns_client_string_opcode = 557, /* server_edns_client_string_opcode */ + YYSYMBOL_stub_name = 558, /* stub_name */ + YYSYMBOL_stub_host = 559, /* stub_host */ + YYSYMBOL_stub_addr = 560, /* stub_addr */ + YYSYMBOL_stub_first = 561, /* stub_first */ + YYSYMBOL_stub_no_cache = 562, /* stub_no_cache */ + YYSYMBOL_stub_ssl_upstream = 563, /* stub_ssl_upstream */ + YYSYMBOL_stub_prime = 564, /* stub_prime */ + YYSYMBOL_forward_name = 565, /* forward_name */ + YYSYMBOL_forward_host = 566, /* forward_host */ + YYSYMBOL_forward_addr = 567, /* forward_addr */ + YYSYMBOL_forward_first = 568, /* forward_first */ + YYSYMBOL_forward_no_cache = 569, /* forward_no_cache */ + YYSYMBOL_forward_ssl_upstream = 570, /* forward_ssl_upstream */ + YYSYMBOL_auth_name = 571, /* auth_name */ + YYSYMBOL_auth_zonefile = 572, /* auth_zonefile */ + YYSYMBOL_auth_master = 573, /* auth_master */ + YYSYMBOL_auth_url = 574, /* auth_url */ + YYSYMBOL_auth_allow_notify = 575, /* auth_allow_notify */ + YYSYMBOL_auth_zonemd_check = 576, /* auth_zonemd_check */ + YYSYMBOL_auth_zonemd_reject_absence = 577, /* auth_zonemd_reject_absence */ + YYSYMBOL_auth_for_downstream = 578, /* auth_for_downstream */ + YYSYMBOL_auth_for_upstream = 579, /* auth_for_upstream */ + YYSYMBOL_auth_fallback_enabled = 580, /* auth_fallback_enabled */ + YYSYMBOL_view_name = 581, /* view_name */ + YYSYMBOL_view_local_zone = 582, /* view_local_zone */ + YYSYMBOL_view_response_ip = 583, /* view_response_ip */ + YYSYMBOL_view_response_ip_data = 584, /* view_response_ip_data */ + YYSYMBOL_view_local_data = 585, /* view_local_data */ + YYSYMBOL_view_local_data_ptr = 586, /* view_local_data_ptr */ + YYSYMBOL_view_first = 587, /* view_first */ + YYSYMBOL_rcstart = 588, /* rcstart */ + YYSYMBOL_contents_rc = 589, /* contents_rc */ + YYSYMBOL_content_rc = 590, /* content_rc */ + YYSYMBOL_rc_control_enable = 591, /* rc_control_enable */ + YYSYMBOL_rc_control_port = 592, /* rc_control_port */ + YYSYMBOL_rc_control_interface = 593, /* rc_control_interface */ + YYSYMBOL_rc_control_use_cert = 594, /* rc_control_use_cert */ + YYSYMBOL_rc_server_key_file = 595, /* rc_server_key_file */ + YYSYMBOL_rc_server_cert_file = 596, /* rc_server_cert_file */ + YYSYMBOL_rc_control_key_file = 597, /* rc_control_key_file */ + YYSYMBOL_rc_control_cert_file = 598, /* rc_control_cert_file */ + YYSYMBOL_dtstart = 599, /* dtstart */ + YYSYMBOL_contents_dt = 600, /* contents_dt */ + YYSYMBOL_content_dt = 601, /* content_dt */ + YYSYMBOL_dt_dnstap_enable = 602, /* dt_dnstap_enable */ + YYSYMBOL_dt_dnstap_bidirectional = 603, /* dt_dnstap_bidirectional */ + YYSYMBOL_dt_dnstap_socket_path = 604, /* dt_dnstap_socket_path */ + YYSYMBOL_dt_dnstap_ip = 605, /* dt_dnstap_ip */ + YYSYMBOL_dt_dnstap_tls = 606, /* dt_dnstap_tls */ + YYSYMBOL_dt_dnstap_tls_server_name = 607, /* dt_dnstap_tls_server_name */ + YYSYMBOL_dt_dnstap_tls_cert_bundle = 608, /* dt_dnstap_tls_cert_bundle */ + YYSYMBOL_dt_dnstap_tls_client_key_file = 609, /* dt_dnstap_tls_client_key_file */ + YYSYMBOL_dt_dnstap_tls_client_cert_file = 610, /* dt_dnstap_tls_client_cert_file */ + YYSYMBOL_dt_dnstap_send_identity = 611, /* dt_dnstap_send_identity */ + YYSYMBOL_dt_dnstap_send_version = 612, /* dt_dnstap_send_version */ + YYSYMBOL_dt_dnstap_identity = 613, /* dt_dnstap_identity */ + YYSYMBOL_dt_dnstap_version = 614, /* dt_dnstap_version */ + YYSYMBOL_dt_dnstap_log_resolver_query_messages = 615, /* dt_dnstap_log_resolver_query_messages */ + YYSYMBOL_dt_dnstap_log_resolver_response_messages = 616, /* dt_dnstap_log_resolver_response_messages */ + YYSYMBOL_dt_dnstap_log_client_query_messages = 617, /* dt_dnstap_log_client_query_messages */ + YYSYMBOL_dt_dnstap_log_client_response_messages = 618, /* dt_dnstap_log_client_response_messages */ + YYSYMBOL_dt_dnstap_log_forwarder_query_messages = 619, /* dt_dnstap_log_forwarder_query_messages */ + YYSYMBOL_dt_dnstap_log_forwarder_response_messages = 620, /* dt_dnstap_log_forwarder_response_messages */ + YYSYMBOL_pythonstart = 621, /* pythonstart */ + YYSYMBOL_contents_py = 622, /* contents_py */ + YYSYMBOL_content_py = 623, /* content_py */ + YYSYMBOL_py_script = 624, /* py_script */ + YYSYMBOL_dynlibstart = 625, /* dynlibstart */ + YYSYMBOL_contents_dl = 626, /* contents_dl */ + YYSYMBOL_content_dl = 627, /* content_dl */ + YYSYMBOL_dl_file = 628, /* dl_file */ + YYSYMBOL_server_disable_dnssec_lame_check = 629, /* server_disable_dnssec_lame_check */ + YYSYMBOL_server_log_identity = 630, /* server_log_identity */ + YYSYMBOL_server_response_ip = 631, /* server_response_ip */ + YYSYMBOL_server_response_ip_data = 632, /* server_response_ip_data */ + YYSYMBOL_dnscstart = 633, /* dnscstart */ + YYSYMBOL_contents_dnsc = 634, /* contents_dnsc */ + YYSYMBOL_content_dnsc = 635, /* content_dnsc */ + YYSYMBOL_dnsc_dnscrypt_enable = 636, /* dnsc_dnscrypt_enable */ + YYSYMBOL_dnsc_dnscrypt_port = 637, /* dnsc_dnscrypt_port */ + YYSYMBOL_dnsc_dnscrypt_provider = 638, /* dnsc_dnscrypt_provider */ + YYSYMBOL_dnsc_dnscrypt_provider_cert = 639, /* dnsc_dnscrypt_provider_cert */ + YYSYMBOL_dnsc_dnscrypt_provider_cert_rotated = 640, /* dnsc_dnscrypt_provider_cert_rotated */ + YYSYMBOL_dnsc_dnscrypt_secret_key = 641, /* dnsc_dnscrypt_secret_key */ + YYSYMBOL_dnsc_dnscrypt_shared_secret_cache_size = 642, /* dnsc_dnscrypt_shared_secret_cache_size */ + YYSYMBOL_dnsc_dnscrypt_shared_secret_cache_slabs = 643, /* dnsc_dnscrypt_shared_secret_cache_slabs */ + YYSYMBOL_dnsc_dnscrypt_nonce_cache_size = 644, /* dnsc_dnscrypt_nonce_cache_size */ + YYSYMBOL_dnsc_dnscrypt_nonce_cache_slabs = 645, /* dnsc_dnscrypt_nonce_cache_slabs */ + YYSYMBOL_cachedbstart = 646, /* cachedbstart */ + YYSYMBOL_contents_cachedb = 647, /* contents_cachedb */ + YYSYMBOL_content_cachedb = 648, /* content_cachedb */ + YYSYMBOL_cachedb_backend_name = 649, /* cachedb_backend_name */ + YYSYMBOL_cachedb_secret_seed = 650, /* cachedb_secret_seed */ + YYSYMBOL_redis_server_host = 651, /* redis_server_host */ + YYSYMBOL_redis_server_port = 652, /* redis_server_port */ + YYSYMBOL_redis_timeout = 653, /* redis_timeout */ + YYSYMBOL_redis_expire_records = 654, /* redis_expire_records */ + YYSYMBOL_server_tcp_connection_limit = 655, /* server_tcp_connection_limit */ + YYSYMBOL_ipsetstart = 656, /* ipsetstart */ + YYSYMBOL_contents_ipset = 657, /* contents_ipset */ + YYSYMBOL_content_ipset = 658, /* content_ipset */ + YYSYMBOL_ipset_name_v4 = 659, /* ipset_name_v4 */ + YYSYMBOL_ipset_name_v6 = 660 /* ipset_name_v6 */ }; typedef enum yysymbol_kind_t yysymbol_kind_t; @@ -1738,18 +1774,18 @@ union yyalloc /* YYFINAL -- State number of the termination state. */ #define YYFINAL 2 /* YYLAST -- Last index in YYTABLE. */ -#define YYLAST 652 +#define YYLAST 672 /* YYNTOKENS -- Number of terminals. */ -#define YYNTOKENS 309 +#define YYNTOKENS 318 /* YYNNTS -- Number of nonterminals. */ -#define YYNNTS 334 +#define YYNNTS 343 /* YYNRULES -- Number of rules. */ -#define YYNRULES 644 +#define YYNRULES 662 /* YYNSTATES -- Number of states. */ -#define YYNSTATES 957 +#define YYNSTATES 984 -#define YYMAXUTOK 563 +#define YYMAXUTOK 572 /* YYTRANSLATE(TOKEN-NUM) -- Symbol number corresponding to TOKEN-NUM @@ -1819,78 +1855,81 @@ static const yytype_int16 yytranslate[] = 275, 276, 277, 278, 279, 280, 281, 282, 283, 284, 285, 286, 287, 288, 289, 290, 291, 292, 293, 294, 295, 296, 297, 298, 299, 300, 301, 302, 303, 304, - 305, 306, 307, 308 + 305, 306, 307, 308, 309, 310, 311, 312, 313, 314, + 315, 316, 317 }; #if YYDEBUG /* YYRLINE[YYN] -- Source line where rule number YYN was defined. */ static const yytype_int16 yyrline[] = { - 0, 187, 187, 187, 188, 188, 189, 189, 190, 190, - 190, 191, 191, 192, 192, 193, 193, 194, 196, 202, - 207, 208, 209, 209, 209, 210, 210, 211, 211, 211, - 212, 212, 213, 213, 213, 214, 214, 215, 215, 215, - 216, 216, 216, 217, 217, 218, 218, 219, 219, 220, - 220, 221, 221, 222, 222, 223, 223, 224, 224, 225, - 225, 225, 226, 226, 226, 227, 227, 227, 228, 228, - 229, 229, 230, 230, 231, 231, 232, 232, 232, 233, - 233, 234, 234, 235, 235, 235, 236, 236, 237, 237, - 238, 238, 239, 239, 239, 240, 240, 241, 241, 242, - 242, 243, 243, 244, 244, 245, 245, 245, 246, 246, - 247, 247, 247, 248, 248, 248, 249, 249, 249, 250, - 250, 250, 250, 251, 252, 252, 252, 253, 253, 253, - 254, 254, 255, 255, 256, 256, 256, 257, 257, 257, - 258, 258, 259, 259, 259, 260, 260, 261, 261, 261, - 262, 262, 263, 263, 264, 264, 265, 266, 266, 267, - 267, 268, 268, 269, 270, 270, 271, 271, 272, 272, - 273, 273, 274, 274, 275, 275, 275, 276, 276, 277, - 277, 278, 278, 279, 280, 280, 281, 281, 282, 283, - 283, 284, 284, 285, 285, 286, 286, 287, 287, 287, - 288, 288, 288, 289, 289, 290, 291, 291, 292, 292, - 293, 293, 294, 294, 295, 295, 295, 296, 296, 296, - 297, 297, 297, 298, 298, 299, 299, 300, 300, 301, - 301, 302, 302, 304, 316, 317, 318, 318, 318, 318, - 318, 319, 319, 321, 333, 334, 335, 335, 335, 335, - 336, 336, 338, 352, 353, 354, 354, 354, 354, 355, - 355, 355, 357, 374, 375, 376, 376, 376, 376, 377, - 377, 377, 378, 381, 400, 417, 425, 435, 443, 460, - 461, 462, 462, 462, 462, 462, 463, 463, 463, 464, - 464, 466, 475, 484, 495, 504, 513, 522, 533, 542, - 554, 568, 583, 594, 611, 628, 645, 662, 677, 692, - 705, 720, 729, 738, 747, 756, 765, 774, 783, 792, - 801, 810, 819, 828, 837, 846, 859, 868, 881, 890, - 899, 908, 915, 922, 931, 938, 947, 955, 962, 969, - 977, 986, 994, 1010, 1018, 1026, 1034, 1042, 1050, 1059, - 1068, 1082, 1091, 1100, 1109, 1118, 1127, 1136, 1143, 1150, - 1176, 1184, 1191, 1198, 1205, 1212, 1220, 1228, 1236, 1243, - 1254, 1265, 1272, 1281, 1290, 1299, 1306, 1313, 1329, 1337, - 1345, 1355, 1365, 1375, 1389, 1397, 1410, 1421, 1429, 1442, - 1451, 1460, 1469, 1478, 1488, 1498, 1506, 1519, 1528, 1536, - 1545, 1553, 1566, 1575, 1585, 1592, 1602, 1612, 1622, 1632, - 1642, 1652, 1662, 1672, 1679, 1686, 1693, 1702, 1711, 1720, - 1729, 1736, 1746, 1766, 1773, 1791, 1804, 1817, 1826, 1835, - 1844, 1853, 1863, 1873, 1884, 1893, 1902, 1911, 1920, 1929, - 1938, 1947, 1960, 1973, 1982, 1989, 1998, 2007, 2016, 2025, - 2033, 2046, 2054, 2099, 2106, 2121, 2131, 2141, 2148, 2155, - 2162, 2171, 2179, 2193, 2214, 2235, 2247, 2259, 2271, 2280, - 2301, 2311, 2320, 2328, 2336, 2349, 2362, 2377, 2392, 2401, - 2410, 2416, 2425, 2434, 2444, 2454, 2464, 2473, 2483, 2492, - 2505, 2518, 2530, 2544, 2556, 2570, 2579, 2591, 2601, 2608, - 2615, 2624, 2633, 2643, 2653, 2663, 2670, 2677, 2686, 2695, - 2705, 2715, 2722, 2729, 2736, 2744, 2754, 2764, 2774, 2784, - 2823, 2833, 2841, 2849, 2864, 2873, 2878, 2879, 2880, 2880, - 2880, 2881, 2881, 2881, 2882, 2882, 2884, 2894, 2903, 2910, - 2917, 2924, 2931, 2938, 2945, 2950, 2951, 2952, 2952, 2952, - 2953, 2953, 2953, 2954, 2955, 2955, 2956, 2956, 2957, 2957, - 2958, 2959, 2960, 2961, 2962, 2963, 2965, 2974, 2984, 2991, - 2998, 3007, 3014, 3021, 3028, 3035, 3044, 3053, 3060, 3067, - 3077, 3087, 3097, 3107, 3117, 3127, 3132, 3133, 3134, 3136, - 3142, 3147, 3148, 3149, 3151, 3157, 3167, 3174, 3183, 3191, - 3196, 3197, 3199, 3199, 3199, 3200, 3200, 3201, 3202, 3203, - 3204, 3205, 3207, 3217, 3226, 3233, 3242, 3249, 3258, 3266, - 3279, 3287, 3300, 3305, 3306, 3307, 3307, 3308, 3308, 3308, - 3309, 3311, 3323, 3335, 3347, 3362, 3375, 3388, 3399, 3404, - 3405, 3406, 3406, 3408, 3423 + 0, 190, 190, 190, 191, 191, 192, 192, 193, 193, + 193, 194, 194, 195, 195, 196, 196, 197, 199, 205, + 210, 211, 212, 212, 212, 213, 213, 214, 214, 214, + 215, 215, 216, 216, 216, 217, 217, 218, 218, 218, + 219, 219, 219, 220, 220, 221, 221, 222, 222, 223, + 223, 224, 224, 225, 225, 226, 226, 227, 227, 228, + 228, 228, 229, 229, 230, 230, 230, 231, 231, 231, + 232, 232, 233, 233, 234, 234, 235, 235, 236, 236, + 236, 237, 237, 238, 238, 239, 239, 239, 240, 240, + 241, 241, 242, 242, 243, 243, 243, 244, 244, 245, + 245, 246, 246, 247, 247, 248, 248, 249, 249, 250, + 250, 251, 251, 252, 252, 252, 253, 253, 253, 254, + 254, 254, 255, 255, 255, 255, 256, 257, 257, 257, + 258, 258, 258, 259, 259, 260, 260, 261, 261, 261, + 262, 262, 262, 263, 263, 264, 264, 264, 265, 265, + 266, 266, 266, 267, 267, 268, 268, 269, 269, 270, + 271, 271, 272, 272, 273, 273, 274, 275, 275, 276, + 276, 277, 277, 278, 278, 279, 279, 280, 280, 280, + 281, 281, 282, 282, 283, 283, 284, 285, 285, 286, + 286, 287, 288, 288, 289, 289, 290, 290, 291, 291, + 292, 292, 292, 293, 293, 293, 294, 294, 295, 296, + 296, 297, 297, 298, 298, 299, 299, 300, 300, 300, + 301, 301, 301, 302, 302, 302, 303, 303, 304, 304, + 305, 305, 306, 306, 307, 307, 308, 308, 309, 309, + 312, 324, 325, 326, 326, 326, 326, 326, 327, 327, + 329, 341, 342, 343, 343, 343, 343, 344, 344, 346, + 360, 361, 362, 362, 362, 362, 363, 363, 363, 365, + 384, 385, 386, 386, 386, 386, 387, 387, 387, 388, + 388, 388, 391, 410, 427, 435, 445, 453, 470, 471, + 472, 472, 472, 472, 472, 473, 473, 473, 474, 474, + 476, 485, 494, 505, 514, 523, 532, 543, 552, 564, + 578, 593, 604, 621, 638, 655, 672, 687, 702, 715, + 730, 739, 748, 757, 766, 775, 784, 793, 802, 811, + 820, 829, 838, 847, 856, 869, 880, 891, 902, 911, + 924, 933, 942, 951, 958, 965, 974, 981, 990, 998, + 1005, 1012, 1020, 1029, 1037, 1053, 1061, 1069, 1077, 1085, + 1093, 1102, 1111, 1125, 1134, 1143, 1152, 1161, 1170, 1179, + 1186, 1193, 1219, 1227, 1234, 1241, 1248, 1255, 1263, 1271, + 1279, 1286, 1297, 1308, 1315, 1324, 1333, 1342, 1351, 1358, + 1365, 1372, 1388, 1396, 1404, 1414, 1424, 1434, 1448, 1456, + 1469, 1480, 1488, 1501, 1510, 1519, 1528, 1537, 1547, 1557, + 1565, 1578, 1587, 1595, 1604, 1612, 1625, 1634, 1644, 1651, + 1661, 1671, 1681, 1691, 1701, 1711, 1721, 1731, 1738, 1745, + 1752, 1761, 1770, 1779, 1788, 1795, 1805, 1825, 1832, 1850, + 1863, 1876, 1889, 1898, 1907, 1916, 1925, 1935, 1945, 1956, + 1965, 1974, 1983, 1992, 2001, 2010, 2019, 2032, 2045, 2054, + 2061, 2070, 2079, 2088, 2097, 2106, 2114, 2127, 2135, 2180, + 2187, 2202, 2212, 2222, 2229, 2236, 2243, 2252, 2260, 2274, + 2295, 2316, 2328, 2340, 2352, 2361, 2382, 2392, 2401, 2409, + 2417, 2430, 2443, 2458, 2473, 2482, 2491, 2497, 2506, 2515, + 2525, 2535, 2545, 2554, 2564, 2573, 2586, 2599, 2611, 2625, + 2637, 2651, 2660, 2672, 2682, 2689, 2696, 2705, 2714, 2724, + 2734, 2744, 2751, 2758, 2767, 2776, 2786, 2796, 2803, 2810, + 2817, 2825, 2835, 2845, 2855, 2865, 2875, 2885, 2931, 2941, + 2949, 2957, 2972, 2981, 2986, 2987, 2988, 2988, 2988, 2989, + 2989, 2989, 2990, 2990, 2992, 3002, 3011, 3018, 3025, 3032, + 3039, 3046, 3053, 3058, 3059, 3060, 3060, 3060, 3061, 3061, + 3061, 3062, 3063, 3063, 3064, 3064, 3065, 3065, 3066, 3067, + 3068, 3069, 3070, 3071, 3073, 3082, 3092, 3099, 3106, 3115, + 3122, 3129, 3136, 3143, 3152, 3161, 3168, 3175, 3185, 3195, + 3205, 3215, 3225, 3235, 3240, 3241, 3242, 3244, 3250, 3255, + 3256, 3257, 3259, 3265, 3275, 3282, 3291, 3299, 3304, 3305, + 3307, 3307, 3307, 3308, 3308, 3309, 3310, 3311, 3312, 3313, + 3315, 3325, 3334, 3341, 3350, 3357, 3366, 3374, 3387, 3395, + 3408, 3413, 3414, 3415, 3415, 3416, 3416, 3416, 3417, 3419, + 3431, 3443, 3455, 3470, 3483, 3496, 3507, 3512, 3513, 3514, + 3514, 3516, 3531 }; #endif @@ -1939,32 +1978,35 @@ static const char *const yytname[] = "VAR_PRIVATE_DOMAIN", "VAR_REMOTE_CONTROL", "VAR_CONTROL_ENABLE", "VAR_CONTROL_INTERFACE", "VAR_CONTROL_PORT", "VAR_SERVER_KEY_FILE", "VAR_SERVER_CERT_FILE", "VAR_CONTROL_KEY_FILE", "VAR_CONTROL_CERT_FILE", - "VAR_CONTROL_USE_CERT", "VAR_EXTENDED_STATISTICS", "VAR_LOCAL_DATA_PTR", - "VAR_JOSTLE_TIMEOUT", "VAR_STUB_PRIME", "VAR_UNWANTED_REPLY_THRESHOLD", - "VAR_LOG_TIME_ASCII", "VAR_DOMAIN_INSECURE", "VAR_PYTHON", - "VAR_PYTHON_SCRIPT", "VAR_VAL_SIG_SKEW_MIN", "VAR_VAL_SIG_SKEW_MAX", + "VAR_CONTROL_USE_CERT", "VAR_TCP_REUSE_TIMEOUT", + "VAR_MAX_REUSE_TCP_QUERIES", "VAR_EXTENDED_STATISTICS", + "VAR_LOCAL_DATA_PTR", "VAR_JOSTLE_TIMEOUT", "VAR_STUB_PRIME", + "VAR_UNWANTED_REPLY_THRESHOLD", "VAR_LOG_TIME_ASCII", + "VAR_DOMAIN_INSECURE", "VAR_PYTHON", "VAR_PYTHON_SCRIPT", + "VAR_VAL_SIG_SKEW_MIN", "VAR_VAL_SIG_SKEW_MAX", "VAR_VAL_MAX_RESTART", "VAR_CACHE_MIN_TTL", "VAR_VAL_LOG_LEVEL", "VAR_AUTO_TRUST_ANCHOR_FILE", "VAR_KEEP_MISSING", "VAR_ADD_HOLDDOWN", "VAR_DEL_HOLDDOWN", "VAR_SO_RCVBUF", "VAR_EDNS_BUFFER_SIZE", "VAR_PREFETCH", "VAR_PREFETCH_KEY", "VAR_SO_SNDBUF", "VAR_SO_REUSEPORT", "VAR_HARDEN_BELOW_NXDOMAIN", "VAR_IGNORE_CD_FLAG", "VAR_LOG_QUERIES", "VAR_LOG_REPLIES", "VAR_LOG_LOCAL_ACTIONS", "VAR_TCP_UPSTREAM", - "VAR_SSL_UPSTREAM", "VAR_SSL_SERVICE_KEY", "VAR_SSL_SERVICE_PEM", - "VAR_SSL_PORT", "VAR_FORWARD_FIRST", "VAR_STUB_SSL_UPSTREAM", - "VAR_FORWARD_SSL_UPSTREAM", "VAR_TLS_CERT_BUNDLE", "VAR_HTTPS_PORT", - "VAR_HTTP_ENDPOINT", "VAR_HTTP_MAX_STREAMS", - "VAR_HTTP_QUERY_BUFFER_SIZE", "VAR_HTTP_RESPONSE_BUFFER_SIZE", - "VAR_HTTP_NODELAY", "VAR_HTTP_NOTLS_DOWNSTREAM", "VAR_STUB_FIRST", - "VAR_MINIMAL_RESPONSES", "VAR_RRSET_ROUNDROBIN", "VAR_MAX_UDP_SIZE", - "VAR_DELAY_CLOSE", "VAR_UDP_CONNECT", "VAR_UNBLOCK_LAN_ZONES", - "VAR_INSECURE_LAN_ZONES", "VAR_INFRA_CACHE_MIN_RTT", - "VAR_INFRA_KEEP_PROBING", "VAR_DNS64_PREFIX", "VAR_DNS64_SYNTHALL", - "VAR_DNS64_IGNORE_AAAA", "VAR_DNSTAP", "VAR_DNSTAP_ENABLE", - "VAR_DNSTAP_SOCKET_PATH", "VAR_DNSTAP_IP", "VAR_DNSTAP_TLS", - "VAR_DNSTAP_TLS_SERVER_NAME", "VAR_DNSTAP_TLS_CERT_BUNDLE", - "VAR_DNSTAP_TLS_CLIENT_KEY_FILE", "VAR_DNSTAP_TLS_CLIENT_CERT_FILE", - "VAR_DNSTAP_SEND_IDENTITY", "VAR_DNSTAP_SEND_VERSION", - "VAR_DNSTAP_BIDIRECTIONAL", "VAR_DNSTAP_IDENTITY", "VAR_DNSTAP_VERSION", + "VAR_SSL_UPSTREAM", "VAR_TCP_AUTH_QUERY_TIMEOUT", "VAR_SSL_SERVICE_KEY", + "VAR_SSL_SERVICE_PEM", "VAR_SSL_PORT", "VAR_FORWARD_FIRST", + "VAR_STUB_SSL_UPSTREAM", "VAR_FORWARD_SSL_UPSTREAM", + "VAR_TLS_CERT_BUNDLE", "VAR_HTTPS_PORT", "VAR_HTTP_ENDPOINT", + "VAR_HTTP_MAX_STREAMS", "VAR_HTTP_QUERY_BUFFER_SIZE", + "VAR_HTTP_RESPONSE_BUFFER_SIZE", "VAR_HTTP_NODELAY", + "VAR_HTTP_NOTLS_DOWNSTREAM", "VAR_STUB_FIRST", "VAR_MINIMAL_RESPONSES", + "VAR_RRSET_ROUNDROBIN", "VAR_MAX_UDP_SIZE", "VAR_DELAY_CLOSE", + "VAR_UDP_CONNECT", "VAR_UNBLOCK_LAN_ZONES", "VAR_INSECURE_LAN_ZONES", + "VAR_INFRA_CACHE_MIN_RTT", "VAR_INFRA_KEEP_PROBING", "VAR_DNS64_PREFIX", + "VAR_DNS64_SYNTHALL", "VAR_DNS64_IGNORE_AAAA", "VAR_DNSTAP", + "VAR_DNSTAP_ENABLE", "VAR_DNSTAP_SOCKET_PATH", "VAR_DNSTAP_IP", + "VAR_DNSTAP_TLS", "VAR_DNSTAP_TLS_SERVER_NAME", + "VAR_DNSTAP_TLS_CERT_BUNDLE", "VAR_DNSTAP_TLS_CLIENT_KEY_FILE", + "VAR_DNSTAP_TLS_CLIENT_CERT_FILE", "VAR_DNSTAP_SEND_IDENTITY", + "VAR_DNSTAP_SEND_VERSION", "VAR_DNSTAP_BIDIRECTIONAL", + "VAR_DNSTAP_IDENTITY", "VAR_DNSTAP_VERSION", "VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES", "VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES", "VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES", @@ -1992,7 +2034,8 @@ static const char *const yytname[] = "VAR_SERVE_EXPIRED_TTL_RESET", "VAR_SERVE_EXPIRED_REPLY_TTL", "VAR_SERVE_EXPIRED_CLIENT_TIMEOUT", "VAR_SERVE_ORIGINAL_TTL", "VAR_FAKE_DSA", "VAR_FAKE_SHA1", "VAR_LOG_IDENTITY", - "VAR_HIDE_TRUSTANCHOR", "VAR_TRUST_ANCHOR_SIGNALING", + "VAR_HIDE_TRUSTANCHOR", "VAR_HIDE_HTTP_USER_AGENT", + "VAR_HTTP_USER_AGENT", "VAR_TRUST_ANCHOR_SIGNALING", "VAR_AGGRESSIVE_NSEC", "VAR_USE_SYSTEMD", "VAR_SHM_ENABLE", "VAR_SHM_KEY", "VAR_ROOT_KEY_SENTINEL", "VAR_DNSCRYPT", "VAR_DNSCRYPT_ENABLE", "VAR_DNSCRYPT_PORT", "VAR_DNSCRYPT_PROVIDER", @@ -2021,11 +2064,12 @@ static const char *const yytname[] = "VAR_RPZ_ACTION_OVERRIDE", "VAR_RPZ_CNAME_OVERRIDE", "VAR_RPZ_LOG", "VAR_RPZ_LOG_NAME", "VAR_DYNLIB", "VAR_DYNLIB_FILE", "VAR_EDNS_CLIENT_STRING", "VAR_EDNS_CLIENT_STRING_OPCODE", "VAR_NSID", - "$accept", "toplevelvars", "toplevelvar", "force_toplevel", - "serverstart", "contents_server", "content_server", "stubstart", - "contents_stub", "content_stub", "forwardstart", "contents_forward", - "content_forward", "viewstart", "contents_view", "content_view", - "authstart", "contents_auth", "content_auth", "rpz_tag", + "VAR_ZONEMD_PERMISSIVE_MODE", "VAR_ZONEMD_CHECK", + "VAR_ZONEMD_REJECT_ABSENCE", "$accept", "toplevelvars", "toplevelvar", + "force_toplevel", "serverstart", "contents_server", "content_server", + "stubstart", "contents_stub", "content_stub", "forwardstart", + "contents_forward", "content_forward", "viewstart", "contents_view", + "content_view", "authstart", "contents_auth", "content_auth", "rpz_tag", "rpz_action_override", "rpz_cname_override", "rpz_log", "rpz_log_name", "rpzstart", "contents_rpz", "content_rpz", "server_num_threads", "server_verbosity", "server_statistics_interval", @@ -2042,50 +2086,53 @@ static const char *const yytname[] = "server_interface_automatic", "server_do_ip4", "server_do_ip6", "server_do_udp", "server_do_tcp", "server_prefer_ip4", "server_prefer_ip6", "server_tcp_mss", "server_outgoing_tcp_mss", - "server_tcp_idle_timeout", "server_tcp_keepalive", - "server_tcp_keepalive_timeout", "server_tcp_upstream", - "server_udp_upstream_without_downstream", "server_ssl_upstream", - "server_ssl_service_key", "server_ssl_service_pem", "server_ssl_port", - "server_tls_cert_bundle", "server_tls_win_cert", - "server_tls_additional_port", "server_tls_ciphers", - "server_tls_ciphersuites", "server_tls_session_ticket_keys", - "server_tls_use_sni", "server_https_port", "server_http_endpoint", - "server_http_max_streams", "server_http_query_buffer_size", - "server_http_response_buffer_size", "server_http_nodelay", - "server_http_notls_downstream", "server_use_systemd", - "server_do_daemonize", "server_use_syslog", "server_log_time_ascii", - "server_log_queries", "server_log_replies", "server_log_tag_queryreply", - "server_log_servfail", "server_log_local_actions", "server_chroot", - "server_username", "server_directory", "server_logfile", - "server_pidfile", "server_root_hints", "server_dlv_anchor_file", - "server_dlv_anchor", "server_auto_trust_anchor_file", - "server_trust_anchor_file", "server_trusted_keys_file", - "server_trust_anchor", "server_trust_anchor_signaling", - "server_root_key_sentinel", "server_domain_insecure", - "server_hide_identity", "server_hide_version", "server_hide_trustanchor", - "server_identity", "server_version", "server_nsid", "server_so_rcvbuf", - "server_so_sndbuf", "server_so_reuseport", "server_ip_transparent", - "server_ip_freebind", "server_ip_dscp", "server_stream_wait_size", - "server_edns_buffer_size", "server_msg_buffer_size", - "server_msg_cache_size", "server_msg_cache_slabs", - "server_num_queries_per_thread", "server_jostle_timeout", - "server_delay_close", "server_udp_connect", "server_unblock_lan_zones", - "server_insecure_lan_zones", "server_rrset_cache_size", - "server_rrset_cache_slabs", "server_infra_host_ttl", - "server_infra_lame_ttl", "server_infra_cache_numhosts", - "server_infra_cache_lame_size", "server_infra_cache_slabs", - "server_infra_cache_min_rtt", "server_infra_keep_probing", - "server_target_fetch_policy", "server_harden_short_bufsize", - "server_harden_large_queries", "server_harden_glue", - "server_harden_dnssec_stripped", "server_harden_below_nxdomain", - "server_harden_referral_path", "server_harden_algo_downgrade", - "server_use_caps_for_id", "server_caps_whitelist", - "server_private_address", "server_private_domain", "server_prefetch", - "server_prefetch_key", "server_deny_any", - "server_unwanted_reply_threshold", "server_do_not_query_address", - "server_do_not_query_localhost", "server_access_control", - "server_module_conf", "server_val_override_date", - "server_val_sig_skew_min", "server_val_sig_skew_max", + "server_tcp_idle_timeout", "server_max_reuse_tcp_queries", + "server_tcp_reuse_timeout", "server_tcp_auth_query_timeout", + "server_tcp_keepalive", "server_tcp_keepalive_timeout", + "server_tcp_upstream", "server_udp_upstream_without_downstream", + "server_ssl_upstream", "server_ssl_service_key", + "server_ssl_service_pem", "server_ssl_port", "server_tls_cert_bundle", + "server_tls_win_cert", "server_tls_additional_port", + "server_tls_ciphers", "server_tls_ciphersuites", + "server_tls_session_ticket_keys", "server_tls_use_sni", + "server_https_port", "server_http_endpoint", "server_http_max_streams", + "server_http_query_buffer_size", "server_http_response_buffer_size", + "server_http_nodelay", "server_http_notls_downstream", + "server_use_systemd", "server_do_daemonize", "server_use_syslog", + "server_log_time_ascii", "server_log_queries", "server_log_replies", + "server_log_tag_queryreply", "server_log_servfail", + "server_log_local_actions", "server_chroot", "server_username", + "server_directory", "server_logfile", "server_pidfile", + "server_root_hints", "server_dlv_anchor_file", "server_dlv_anchor", + "server_auto_trust_anchor_file", "server_trust_anchor_file", + "server_trusted_keys_file", "server_trust_anchor", + "server_trust_anchor_signaling", "server_root_key_sentinel", + "server_domain_insecure", "server_hide_identity", "server_hide_version", + "server_hide_trustanchor", "server_hide_http_user_agent", + "server_identity", "server_version", "server_http_user_agent", + "server_nsid", "server_so_rcvbuf", "server_so_sndbuf", + "server_so_reuseport", "server_ip_transparent", "server_ip_freebind", + "server_ip_dscp", "server_stream_wait_size", "server_edns_buffer_size", + "server_msg_buffer_size", "server_msg_cache_size", + "server_msg_cache_slabs", "server_num_queries_per_thread", + "server_jostle_timeout", "server_delay_close", "server_udp_connect", + "server_unblock_lan_zones", "server_insecure_lan_zones", + "server_rrset_cache_size", "server_rrset_cache_slabs", + "server_infra_host_ttl", "server_infra_lame_ttl", + "server_infra_cache_numhosts", "server_infra_cache_lame_size", + "server_infra_cache_slabs", "server_infra_cache_min_rtt", + "server_infra_keep_probing", "server_target_fetch_policy", + "server_harden_short_bufsize", "server_harden_large_queries", + "server_harden_glue", "server_harden_dnssec_stripped", + "server_harden_below_nxdomain", "server_harden_referral_path", + "server_harden_algo_downgrade", "server_use_caps_for_id", + "server_caps_whitelist", "server_private_address", + "server_private_domain", "server_prefetch", "server_prefetch_key", + "server_deny_any", "server_unwanted_reply_threshold", + "server_do_not_query_address", "server_do_not_query_localhost", + "server_access_control", "server_module_conf", + "server_val_override_date", "server_val_sig_skew_min", + "server_val_sig_skew_max", "server_val_max_restart", "server_cache_max_ttl", "server_cache_max_negative_ttl", "server_cache_min_ttl", "server_bogus_ttl", "server_val_clean_additional", "server_val_permissive_mode", @@ -2094,8 +2141,8 @@ static const char *const yytname[] = "server_serve_expired_ttl_reset", "server_serve_expired_reply_ttl", "server_serve_expired_client_timeout", "server_serve_original_ttl", "server_fake_dsa", "server_fake_sha1", "server_val_log_level", - "server_val_nsec3_keysize_iterations", "server_add_holddown", - "server_del_holddown", "server_keep_missing", + "server_val_nsec3_keysize_iterations", "server_zonemd_permissive_mode", + "server_add_holddown", "server_del_holddown", "server_keep_missing", "server_permit_small_holddown", "server_key_cache_size", "server_key_cache_slabs", "server_neg_cache_size", "server_local_zone", "server_local_data", "server_local_data_ptr", "server_minimal_responses", @@ -2122,19 +2169,19 @@ static const char *const yytname[] = "stub_prime", "forward_name", "forward_host", "forward_addr", "forward_first", "forward_no_cache", "forward_ssl_upstream", "auth_name", "auth_zonefile", "auth_master", "auth_url", "auth_allow_notify", - "auth_for_downstream", "auth_for_upstream", "auth_fallback_enabled", - "view_name", "view_local_zone", "view_response_ip", - "view_response_ip_data", "view_local_data", "view_local_data_ptr", - "view_first", "rcstart", "contents_rc", "content_rc", - "rc_control_enable", "rc_control_port", "rc_control_interface", - "rc_control_use_cert", "rc_server_key_file", "rc_server_cert_file", - "rc_control_key_file", "rc_control_cert_file", "dtstart", "contents_dt", - "content_dt", "dt_dnstap_enable", "dt_dnstap_bidirectional", - "dt_dnstap_socket_path", "dt_dnstap_ip", "dt_dnstap_tls", - "dt_dnstap_tls_server_name", "dt_dnstap_tls_cert_bundle", - "dt_dnstap_tls_client_key_file", "dt_dnstap_tls_client_cert_file", - "dt_dnstap_send_identity", "dt_dnstap_send_version", - "dt_dnstap_identity", "dt_dnstap_version", + "auth_zonemd_check", "auth_zonemd_reject_absence", "auth_for_downstream", + "auth_for_upstream", "auth_fallback_enabled", "view_name", + "view_local_zone", "view_response_ip", "view_response_ip_data", + "view_local_data", "view_local_data_ptr", "view_first", "rcstart", + "contents_rc", "content_rc", "rc_control_enable", "rc_control_port", + "rc_control_interface", "rc_control_use_cert", "rc_server_key_file", + "rc_server_cert_file", "rc_control_key_file", "rc_control_cert_file", + "dtstart", "contents_dt", "content_dt", "dt_dnstap_enable", + "dt_dnstap_bidirectional", "dt_dnstap_socket_path", "dt_dnstap_ip", + "dt_dnstap_tls", "dt_dnstap_tls_server_name", + "dt_dnstap_tls_cert_bundle", "dt_dnstap_tls_client_key_file", + "dt_dnstap_tls_client_cert_file", "dt_dnstap_send_identity", + "dt_dnstap_send_version", "dt_dnstap_identity", "dt_dnstap_version", "dt_dnstap_log_resolver_query_messages", "dt_dnstap_log_resolver_response_messages", "dt_dnstap_log_client_query_messages", @@ -2199,11 +2246,12 @@ static const yytype_int16 yytoknum[] = 525, 526, 527, 528, 529, 530, 531, 532, 533, 534, 535, 536, 537, 538, 539, 540, 541, 542, 543, 544, 545, 546, 547, 548, 549, 550, 551, 552, 553, 554, - 555, 556, 557, 558, 559, 560, 561, 562, 563 + 555, 556, 557, 558, 559, 560, 561, 562, 563, 564, + 565, 566, 567, 568, 569, 570, 571, 572 }; #endif -#define YYPACT_NINF (-296) +#define YYPACT_NINF (-302) #define yypact_value_is_default(Yyn) \ ((Yyn) == YYPACT_NINF) @@ -2217,102 +2265,105 @@ static const yytype_int16 yytoknum[] = STATE-NUM. */ static const yytype_int16 yypact[] = { - -296, 0, -296, -296, -296, -296, -296, -296, -296, -296, - -296, -296, -296, -296, -296, -296, -296, -296, -296, -296, - -296, -296, -296, -296, -296, -296, -296, -296, -296, -296, - -296, -296, 292, -42, -38, -43, -21, -44, -11, -96, - -109, -295, -216, -245, -287, 3, 4, 13, 25, 26, - 27, 30, 31, 32, 33, 34, 35, 37, 38, 39, - 40, 41, 43, 44, 45, 46, 47, 48, 49, 50, - 51, 52, 54, 55, 84, 85, 88, 89, 91, 93, - 94, 95, 96, 98, 99, 100, 101, 103, 104, 105, + -302, 0, -302, -302, -302, -302, -302, -302, -302, -302, + -302, -302, -302, -302, -302, -302, -302, -302, -302, -302, + -302, -302, -302, -302, -302, -302, -302, -302, -302, -302, + -302, -302, 298, -43, -38, -42, -44, -28, -29, -149, + -109, -301, -194, -192, -293, 3, 4, 27, 28, 31, + 32, 33, 34, 35, 37, 38, 39, 40, 41, 53, + 54, 55, 72, 73, 74, 75, 76, 77, 78, 79, + 80, 81, 82, 83, 84, 85, 87, 88, 89, 91, + 92, 93, 95, 97, 98, 99, 101, 102, 103, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 120, 121, 122, 123, 124, 125, - 126, 127, 128, 129, 132, 133, 134, 135, 136, 137, + 126, 127, 128, 129, 130, 131, 132, 133, 134, 137, 138, 139, 140, 141, 142, 143, 144, 145, 146, 147, - 148, 149, 150, 151, 153, 154, 155, 156, 157, 158, + 148, 149, 150, 151, 152, 153, 154, 155, 157, 158, 159, 160, 161, 162, 163, 164, 165, 166, 167, 168, - 169, 171, 172, 173, 174, 175, 176, 177, 178, 179, + 169, 170, 171, 172, 173, 174, 176, 177, 178, 179, 180, 181, 182, 183, 184, 185, 186, 187, 188, 189, 190, 191, 192, 193, 194, 195, 196, 197, 198, 199, 200, 201, 202, 203, 204, 205, 206, 207, 208, 209, - 210, 212, 213, 214, 215, 216, 220, 221, 222, 223, - 224, 225, 226, 228, 229, 231, 232, 234, 235, 237, - 239, 252, 253, 254, 255, 256, 257, 258, 259, 261, - 262, 263, 264, 265, 266, 267, 268, 269, 270, 271, - 272, 273, 274, 275, 276, 277, 278, 279, 280, 281, - 282, 283, 285, 286, 287, 289, 290, 291, 293, 327, - 328, 329, 330, 334, 335, 336, -296, -296, -296, -296, - -296, -296, -296, -296, -296, -296, -296, -296, -296, -296, - -296, -296, -296, -296, -296, -296, -296, -296, -296, -296, - -296, -296, -296, -296, -296, -296, -296, -296, -296, -296, - -296, -296, -296, -296, -296, -296, -296, -296, -296, -296, - -296, -296, -296, -296, -296, -296, -296, -296, -296, -296, - -296, -296, -296, -296, -296, -296, -296, -296, -296, -296, - -296, -296, -296, -296, -296, -296, -296, -296, -296, -296, - -296, -296, -296, -296, -296, -296, -296, -296, -296, -296, - -296, -296, -296, -296, -296, -296, -296, -296, -296, -296, - -296, -296, -296, -296, -296, -296, -296, -296, -296, -296, - -296, -296, -296, -296, -296, -296, -296, -296, -296, -296, - -296, -296, -296, -296, -296, -296, -296, -296, -296, -296, - -296, -296, -296, -296, -296, -296, -296, -296, -296, -296, - -296, -296, -296, -296, -296, -296, -296, -296, -296, -296, - -296, -296, -296, -296, -296, -296, -296, -296, -296, -296, - -296, -296, -296, -296, -296, -296, -296, -296, -296, -296, - -296, -296, -296, -296, -296, -296, -296, -296, -296, -296, - -296, -296, -296, -296, -296, -296, -296, -296, -296, -296, - -296, -296, -296, -296, -296, -296, -296, -296, -296, -296, - -296, -296, -296, -296, -296, -296, -296, -296, -296, -296, - -296, -296, -296, -296, -296, -296, -296, -296, 378, 379, - 380, 381, 382, 383, 384, -296, -296, -296, -296, -296, - -296, -296, -296, 385, 386, 390, 394, 395, 420, -296, - -296, -296, -296, -296, -296, -296, 421, 422, 431, 444, - 445, 446, 447, -296, -296, -296, -296, -296, -296, -296, - -296, 448, 449, 450, 451, 452, 453, 454, 455, -296, - -296, -296, -296, -296, -296, -296, -296, -296, 456, 457, - 458, 459, 460, -296, -296, -296, -296, -296, -296, -296, - -296, -296, -296, -296, 461, 462, 463, 503, 505, 522, - 523, 524, -296, -296, -296, -296, -296, -296, -296, -296, - -296, 525, 526, 527, 528, 529, 530, 531, 532, 543, - 544, 545, 546, 547, 548, 549, 551, 552, 553, 554, - -296, -296, -296, -296, -296, -296, -296, -296, -296, -296, - -296, -296, -296, -296, -296, -296, -296, -296, -296, -296, - 555, -296, -296, 556, -296, -296, 557, 560, 563, 566, - 567, 576, 577, 578, 580, 581, -296, -296, -296, -296, - -296, -296, -296, -296, -296, -296, -296, 582, 583, 584, - 585, 586, 587, -296, -296, -296, -296, -296, -296, -296, - 591, 592, -296, -296, -296, -296, -296, -296, -296, -296, - -296, -296, -296, -296, -296, -296, -296, -296, -296, -296, - -296, -296, -296, -296, -296, -296, -296, -296, -296, -296, - -296, -296, -296, -296, -296, -296, -296, -296, -296, -296, - -296, -296, -296, -296, -296, -296, -296, -296, -296, -296, - -296, -296, -296, -296, -296, -296, -296, -296, -296, -296, - -296, -296, -296, -296, -296, 593, 594, -296, -296, -296, - -296, -296, -296, -296, -296, -296, -296, -296, -296, -296, - -296, -296, -296, -296, -296, -296, -296, -296, -296, -296, - -296, -296, -296, -296, -296, -296, -296, -296, -296, -296, - -296, -296, -296, -296, -296, -296, -296, -296, -296, -296, - -296, -296, -296, -296, -296, -296, -296, -296, -296, -296, - -296, -296, -296, -296, -296, -296, -296, -296, -296, -296, - -296, 595, 596, 597, -296, -296, -296, -296, -296, -296, - -296, -296, -296, -296, 598, 599, -296, -296, -296, -296, - -296, -296, -296, -296, -296, -296, -296, -296, -296, -296, - -296, -296, -296, -296, -296, 600, 601, 602, 603, 604, - 605, -296, -296, -296, -296, -296, -296, -296, -296, -296, - -296, -296, -296, -296, -296, -296, -296, -296, -296, -296, - -296, -296, -296, -296, -296, -296, -296, -296, -296, -296, - -296, -296, -296, 606, -296, -296, -296, -296, -296, -296, - -296, -296, -296, 607, -296, -296, -296, -296, -296, -296, - -296, -296, -296, -296, -296, -296, -296, -296, -296, -296, - 608, -296, -296, 609, 610, -296, -296, -296, -296, -296, - -296, -296, -296, -296, -296, -296, -296, -296, -296, -296, - -296, -296, -296, -296, -296, -296, -296, -296, -296, -296, - -296, -296, -296, -296, -296, -296, -296, -296, -296, -296, - -296, -296, -296, -296, -296, -296, -296, -296, -296, -296, - -296, -296, -296, -296, -296, -296, -296, -296, -296, -296, - -296, -296, -296, -296, -296, -296, -296, -296, -296, -296, - -296, -296, -296, -296, -296, 611, 612, 613, -296, -296, - -296, -296, -296, -296, -296, -296, -296 + 210, 211, 212, 213, 214, 216, 217, 218, 219, 220, + 222, 228, 229, 230, 231, 232, 234, 235, 237, 243, + 244, 245, 246, 247, 248, 250, 251, 252, 253, 254, + 255, 256, 258, 259, 260, 261, 264, 265, 272, 273, + 274, 275, 276, 277, 278, 279, 280, 281, 282, 283, + 284, 285, 286, 287, 288, 289, 291, 292, 293, 295, + 296, 297, 299, 333, 334, 335, 336, 340, 341, 342, + 384, 385, 386, -302, -302, -302, -302, -302, -302, -302, + -302, -302, -302, -302, -302, -302, -302, -302, -302, -302, + -302, -302, -302, -302, -302, -302, -302, -302, -302, -302, + -302, -302, -302, -302, -302, -302, -302, -302, -302, -302, + -302, -302, -302, -302, -302, -302, -302, -302, -302, -302, + -302, -302, -302, -302, -302, -302, -302, -302, -302, -302, + -302, -302, -302, -302, -302, -302, -302, -302, -302, -302, + -302, -302, -302, -302, -302, -302, -302, -302, -302, -302, + -302, -302, -302, -302, -302, -302, -302, -302, -302, -302, + -302, -302, -302, -302, -302, -302, -302, -302, -302, -302, + -302, -302, -302, -302, -302, -302, -302, -302, -302, -302, + -302, -302, -302, -302, -302, -302, -302, -302, -302, -302, + -302, -302, -302, -302, -302, -302, -302, -302, -302, -302, + -302, -302, -302, -302, -302, -302, -302, -302, -302, -302, + -302, -302, -302, -302, -302, -302, -302, -302, -302, -302, + -302, -302, -302, -302, -302, -302, -302, -302, -302, -302, + -302, -302, -302, -302, -302, -302, -302, -302, -302, -302, + -302, -302, -302, -302, -302, -302, -302, -302, -302, -302, + -302, -302, -302, -302, -302, -302, -302, -302, -302, -302, + -302, -302, -302, -302, -302, -302, -302, -302, -302, -302, + -302, -302, -302, -302, -302, -302, -302, -302, -302, -302, + -302, -302, -302, -302, -302, -302, -302, -302, -302, -302, + -302, -302, 387, 388, 389, 390, 391, 392, 398, -302, + -302, -302, -302, -302, -302, -302, -302, 402, 403, 430, + 431, 432, 441, -302, -302, -302, -302, -302, -302, -302, + 454, 455, 456, 457, 458, 459, 460, -302, -302, -302, + -302, -302, -302, -302, -302, 461, 462, 463, 464, 465, + 466, 467, 468, 469, 470, -302, -302, -302, -302, -302, + -302, -302, -302, -302, -302, -302, 471, 472, 473, 513, + 515, -302, -302, -302, -302, -302, -302, -302, -302, -302, + -302, -302, 534, 535, 536, 537, 538, 539, 540, 541, + -302, -302, -302, -302, -302, -302, -302, -302, -302, 542, + 543, 544, 555, 556, 557, 558, 559, 560, 561, 563, + 564, 565, 566, 567, 568, 569, 572, 575, -302, -302, + -302, -302, -302, -302, -302, -302, -302, -302, -302, -302, + -302, -302, -302, -302, -302, -302, -302, -302, 578, -302, + -302, 579, -302, -302, 588, 589, 590, 592, 593, 594, + 595, 596, 597, 598, -302, -302, -302, -302, -302, -302, + -302, -302, -302, -302, -302, 599, 604, 605, 606, 607, + 608, -302, -302, -302, -302, -302, -302, -302, 609, 610, + -302, -302, -302, -302, -302, -302, -302, -302, -302, -302, + -302, -302, -302, -302, -302, -302, -302, -302, -302, -302, + -302, -302, -302, -302, -302, -302, -302, -302, -302, -302, + -302, -302, -302, -302, -302, -302, -302, -302, -302, -302, + -302, -302, -302, -302, -302, -302, -302, -302, -302, -302, + -302, -302, -302, -302, -302, -302, -302, -302, -302, -302, + -302, -302, -302, 611, 612, -302, -302, -302, -302, -302, + -302, -302, -302, -302, -302, -302, -302, -302, -302, -302, + -302, -302, -302, -302, -302, -302, -302, -302, -302, -302, + -302, -302, -302, -302, -302, -302, -302, -302, -302, -302, + -302, -302, -302, -302, -302, -302, -302, -302, -302, -302, + -302, -302, -302, -302, -302, -302, -302, -302, -302, -302, + -302, -302, -302, -302, -302, -302, -302, -302, -302, -302, + -302, -302, -302, 613, 614, 615, -302, -302, -302, -302, + -302, -302, -302, -302, -302, -302, 616, 617, -302, -302, + -302, -302, -302, -302, -302, -302, -302, -302, -302, -302, + -302, -302, -302, -302, -302, -302, -302, 618, 619, 620, + 621, 622, 623, -302, -302, -302, -302, -302, -302, -302, + -302, -302, -302, -302, -302, -302, -302, -302, -302, -302, + -302, -302, -302, -302, -302, -302, -302, -302, -302, -302, + -302, -302, -302, -302, -302, -302, -302, 624, -302, -302, + -302, -302, -302, -302, -302, -302, -302, 625, -302, -302, + -302, -302, -302, -302, -302, -302, -302, -302, -302, -302, + -302, -302, -302, -302, -302, 626, -302, -302, 627, 628, + -302, -302, -302, -302, -302, -302, -302, -302, -302, -302, + -302, -302, -302, -302, -302, -302, -302, -302, -302, -302, + -302, -302, -302, -302, -302, -302, -302, -302, -302, -302, + -302, -302, -302, -302, -302, -302, -302, -302, -302, -302, + -302, -302, -302, -302, -302, -302, -302, -302, -302, -302, + -302, -302, -302, -302, -302, -302, -302, -302, -302, -302, + -302, -302, -302, -302, -302, -302, -302, -302, -302, -302, + -302, -302, 629, 630, 631, -302, -302, -302, -302, -302, + -302, -302, -302, -302 }; /* YYDEFACT[STATE-NUM] -- Default reduction number in state STATE-NUM. @@ -2320,10 +2371,10 @@ static const yytype_int16 yypact[] = means the default is an error. */ static const yytype_int16 yydefact[] = { - 2, 0, 1, 18, 19, 233, 243, 525, 585, 544, - 252, 599, 622, 262, 638, 278, 590, 3, 17, 21, - 235, 245, 254, 264, 280, 527, 546, 587, 592, 601, - 624, 640, 4, 5, 6, 10, 14, 15, 8, 9, + 2, 0, 1, 18, 19, 240, 250, 543, 603, 562, + 259, 617, 640, 269, 656, 287, 608, 3, 17, 21, + 242, 252, 261, 271, 289, 545, 564, 605, 610, 619, + 642, 658, 4, 5, 6, 10, 14, 15, 8, 9, 7, 16, 11, 12, 13, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -2345,155 +2396,160 @@ static const yytype_int16 yydefact[] = 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 20, 22, 23, 86, - 89, 98, 200, 201, 24, 160, 161, 162, 163, 164, - 165, 166, 167, 168, 169, 37, 77, 25, 90, 91, - 48, 70, 85, 26, 27, 30, 31, 28, 29, 32, - 33, 34, 35, 36, 121, 212, 122, 124, 125, 126, - 214, 219, 215, 226, 227, 228, 229, 127, 128, 129, - 130, 131, 132, 133, 196, 87, 76, 102, 119, 120, - 224, 221, 123, 38, 39, 40, 41, 42, 78, 92, - 93, 108, 64, 74, 65, 204, 205, 103, 58, 59, - 203, 60, 61, 232, 112, 116, 137, 147, 174, 150, - 225, 113, 71, 43, 44, 45, 100, 138, 139, 140, - 141, 46, 47, 49, 50, 52, 53, 51, 145, 151, - 54, 55, 56, 62, 81, 117, 95, 146, 88, 170, - 96, 97, 114, 115, 222, 101, 57, 79, 82, 63, - 66, 104, 105, 80, 171, 106, 67, 68, 69, 213, - 118, 188, 189, 190, 191, 192, 193, 194, 202, 107, - 75, 109, 110, 111, 172, 72, 73, 94, 83, 84, - 99, 134, 135, 223, 136, 142, 143, 144, 175, 176, - 178, 180, 181, 179, 182, 197, 148, 149, 154, 155, - 152, 153, 156, 157, 159, 158, 216, 218, 217, 173, - 183, 184, 185, 186, 187, 206, 208, 207, 209, 210, - 211, 230, 231, 177, 195, 198, 199, 220, 0, 0, - 0, 0, 0, 0, 0, 234, 236, 237, 238, 240, - 241, 242, 239, 0, 0, 0, 0, 0, 0, 244, - 246, 247, 248, 249, 250, 251, 0, 0, 0, 0, - 0, 0, 0, 253, 255, 256, 259, 260, 257, 261, - 258, 0, 0, 0, 0, 0, 0, 0, 0, 263, - 265, 266, 267, 268, 272, 269, 270, 271, 0, 0, - 0, 0, 0, 283, 287, 288, 289, 290, 279, 281, - 282, 284, 285, 286, 0, 0, 0, 0, 0, 0, - 0, 0, 526, 528, 530, 529, 535, 531, 532, 533, - 534, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 545, 547, 549, 548, 550, 551, 552, 553, 554, 555, - 556, 557, 558, 559, 560, 561, 562, 563, 564, 565, - 0, 586, 588, 0, 591, 593, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 600, 602, 603, 604, - 606, 607, 605, 608, 609, 610, 611, 0, 0, 0, - 0, 0, 0, 623, 625, 626, 627, 628, 629, 630, - 0, 0, 639, 641, 642, 292, 291, 298, 311, 309, - 321, 317, 318, 322, 319, 320, 323, 324, 325, 326, - 327, 357, 358, 359, 360, 361, 387, 388, 389, 395, - 396, 314, 397, 398, 401, 399, 400, 404, 405, 406, - 420, 372, 373, 375, 376, 407, 423, 366, 368, 424, - 430, 431, 432, 315, 386, 449, 450, 367, 444, 350, - 310, 362, 421, 427, 408, 0, 0, 453, 316, 293, - 349, 412, 294, 312, 313, 363, 364, 451, 410, 414, - 415, 295, 454, 390, 419, 351, 371, 425, 426, 429, - 443, 365, 447, 445, 446, 378, 385, 416, 417, 379, - 380, 409, 434, 352, 353, 356, 328, 330, 331, 332, - 333, 334, 341, 342, 343, 344, 345, 346, 347, 455, - 456, 458, 391, 392, 393, 394, 402, 403, 459, 460, - 461, 0, 0, 0, 411, 381, 383, 595, 470, 474, - 472, 471, 475, 473, 0, 0, 478, 479, 299, 300, - 301, 302, 303, 304, 305, 306, 307, 308, 413, 428, - 448, 483, 484, 382, 462, 0, 0, 0, 0, 0, - 0, 435, 436, 437, 438, 439, 440, 441, 442, 596, - 374, 369, 433, 348, 296, 297, 370, 485, 486, 487, - 488, 489, 491, 490, 492, 493, 494, 329, 336, 480, - 482, 481, 335, 0, 355, 418, 457, 354, 384, 337, - 338, 340, 339, 0, 496, 377, 497, 498, 499, 503, - 502, 500, 501, 504, 505, 506, 507, 509, 508, 518, - 0, 522, 523, 0, 0, 524, 510, 516, 511, 512, - 513, 515, 517, 514, 273, 274, 275, 276, 277, 536, - 538, 537, 540, 541, 542, 543, 539, 566, 568, 569, - 570, 571, 572, 573, 574, 575, 576, 567, 577, 578, - 579, 580, 581, 582, 583, 584, 589, 594, 612, 613, - 614, 617, 615, 616, 618, 619, 620, 621, 631, 632, - 633, 634, 635, 636, 643, 644, 422, 452, 469, 597, - 598, 476, 477, 463, 464, 0, 0, 0, 468, 637, - 495, 519, 520, 521, 467, 465, 466 + 0, 0, 0, 20, 22, 23, 88, 91, 100, 203, + 204, 24, 163, 164, 165, 166, 167, 168, 169, 170, + 171, 172, 37, 79, 25, 92, 93, 48, 72, 87, + 26, 27, 30, 31, 28, 29, 32, 33, 34, 237, + 238, 239, 35, 36, 124, 215, 125, 127, 128, 129, + 217, 222, 218, 229, 230, 231, 232, 130, 131, 132, + 133, 134, 135, 136, 199, 89, 78, 104, 122, 123, + 227, 224, 126, 38, 39, 40, 41, 42, 80, 94, + 95, 111, 66, 76, 67, 207, 208, 105, 58, 59, + 206, 62, 60, 61, 63, 235, 115, 119, 140, 150, + 177, 153, 228, 116, 73, 43, 44, 45, 102, 141, + 142, 143, 144, 46, 47, 49, 50, 52, 53, 51, + 148, 154, 54, 55, 56, 64, 83, 120, 97, 149, + 90, 173, 98, 99, 117, 118, 225, 103, 57, 81, + 84, 65, 68, 106, 107, 108, 82, 174, 109, 69, + 70, 71, 216, 121, 191, 192, 193, 194, 195, 196, + 197, 205, 110, 77, 236, 112, 113, 114, 175, 74, + 75, 96, 85, 86, 101, 137, 138, 226, 139, 145, + 146, 147, 178, 179, 181, 183, 184, 182, 185, 200, + 151, 152, 157, 158, 155, 156, 159, 160, 162, 161, + 219, 221, 220, 176, 186, 187, 188, 189, 190, 209, + 211, 210, 212, 213, 214, 233, 234, 180, 198, 201, + 202, 223, 0, 0, 0, 0, 0, 0, 0, 241, + 243, 244, 245, 247, 248, 249, 246, 0, 0, 0, + 0, 0, 0, 251, 253, 254, 255, 256, 257, 258, + 0, 0, 0, 0, 0, 0, 0, 260, 262, 263, + 266, 267, 264, 268, 265, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 270, 272, 273, 274, 275, + 279, 280, 281, 276, 277, 278, 0, 0, 0, 0, + 0, 292, 296, 297, 298, 299, 288, 290, 291, 293, + 294, 295, 0, 0, 0, 0, 0, 0, 0, 0, + 544, 546, 548, 547, 553, 549, 550, 551, 552, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 563, 565, + 567, 566, 568, 569, 570, 571, 572, 573, 574, 575, + 576, 577, 578, 579, 580, 581, 582, 583, 0, 604, + 606, 0, 609, 611, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 618, 620, 621, 622, 624, 625, + 623, 626, 627, 628, 629, 0, 0, 0, 0, 0, + 0, 641, 643, 644, 645, 646, 647, 648, 0, 0, + 657, 659, 660, 301, 300, 307, 320, 318, 330, 326, + 327, 331, 328, 329, 332, 333, 334, 338, 339, 369, + 370, 371, 372, 373, 401, 402, 403, 409, 410, 323, + 411, 412, 415, 413, 414, 418, 419, 420, 434, 384, + 385, 388, 389, 421, 437, 378, 380, 438, 445, 446, + 447, 324, 400, 465, 466, 379, 459, 362, 319, 374, + 435, 442, 422, 0, 0, 469, 325, 302, 361, 426, + 303, 321, 322, 375, 376, 467, 424, 428, 429, 336, + 335, 304, 470, 404, 433, 363, 383, 439, 440, 441, + 444, 458, 377, 463, 461, 462, 392, 399, 430, 431, + 393, 394, 423, 449, 364, 365, 368, 340, 342, 337, + 343, 344, 345, 346, 353, 354, 355, 356, 357, 358, + 359, 471, 472, 474, 405, 406, 407, 408, 416, 417, + 475, 476, 477, 0, 0, 0, 425, 395, 397, 613, + 486, 490, 488, 487, 491, 489, 0, 0, 494, 495, + 308, 309, 310, 311, 312, 313, 314, 315, 316, 317, + 427, 443, 464, 499, 500, 396, 478, 0, 0, 0, + 0, 0, 0, 450, 451, 452, 453, 454, 455, 456, + 457, 614, 386, 387, 390, 381, 448, 360, 305, 306, + 382, 501, 502, 503, 504, 505, 507, 506, 508, 509, + 510, 341, 348, 496, 498, 497, 347, 0, 367, 432, + 473, 366, 398, 349, 350, 352, 351, 0, 512, 391, + 460, 513, 514, 515, 519, 518, 516, 517, 520, 521, + 522, 523, 525, 524, 536, 0, 540, 541, 0, 0, + 542, 526, 534, 527, 528, 529, 533, 535, 530, 531, + 532, 282, 283, 284, 285, 286, 554, 556, 555, 558, + 559, 560, 561, 557, 584, 586, 587, 588, 589, 590, + 591, 592, 593, 594, 585, 595, 596, 597, 598, 599, + 600, 601, 602, 607, 612, 630, 631, 632, 635, 633, + 634, 636, 637, 638, 639, 649, 650, 651, 652, 653, + 654, 661, 662, 436, 468, 485, 615, 616, 492, 493, + 479, 480, 0, 0, 0, 484, 655, 511, 537, 538, + 539, 483, 481, 482 }; /* YYPGOTO[NTERM-NUM]. */ static const yytype_int16 yypgoto[] = { - -296, -296, -296, -296, -296, -296, -296, -296, -296, -296, - -296, -296, -296, -296, -296, -296, -296, -296, -296, -296, - -296, -296, -296, -296, -296, -296, -296, -296, -296, -296, - -296, -296, -296, -296, -296, -296, -296, -296, -296, -296, - -296, -296, -296, -296, -296, -296, -296, -296, -296, -296, - -296, -296, -296, -296, -296, -296, -296, -296, -296, -296, - -296, -296, -296, -296, -296, -296, -296, -296, -296, -296, - -296, -296, -296, -296, -296, -296, -296, -296, -296, -296, - -296, -296, -296, -296, -296, -296, -296, -296, -296, -296, - -296, -296, -296, -296, -296, -296, -296, -296, -296, -296, - -296, -296, -296, -296, -296, -296, -296, -296, -296, -296, - -296, -296, -296, -296, -296, -296, -296, -296, -296, -296, - -296, -296, -296, -296, -296, -296, -296, -296, -296, -296, - -296, -296, -296, -296, -296, -296, -296, -296, -296, -296, - -296, -296, -296, -296, -296, -296, -296, -296, -296, -296, - -296, -296, -296, -296, -296, -296, -296, -296, -296, -296, - -296, -296, -296, -296, -296, -296, -296, -296, -296, -296, - -296, -296, -296, -296, -296, -296, -296, -296, -296, -296, - -296, -296, -296, -296, -296, -296, -296, -296, -296, -296, - -296, -296, -296, -296, -296, -296, -296, -296, -296, -296, - -296, -296, -296, -296, -296, -296, -296, -296, -296, -296, - -296, -296, -296, -296, -296, -296, -296, -296, -296, -296, - -296, -296, -296, -296, -296, -296, -296, -296, -296, -296, - -296, -296, -296, -296, -296, -296, -296, -296, -296, -296, - -296, -296, -296, -296, -296, -296, 588, 589, 590, 614, - 615, -296, -296, -296, -296, -296, -296, -296, -296, -296, - -296, -296, -296, -296, -296, -296, -296, -296, -296, -296, - -296, -296, -296, -296, -296, -296, -296, -296, -296, -296, - -296, -296, -296, -296, -296, -296, -296, -296, -296, -296, - -296, -296, -296, -296, -296, -296, -296, -296, -296, -296, - -296, -296, -296, -296, -296, -296, -296, -296, -296, -296, - -296, -296, -296, -296, -296, -296, -296, -296, -296, -296, - -296, -296, -296, -296, -296, -296, -296, -296, -296, -296, - -296, -296, -296, -296 + -302, -302, -302, -302, -302, -302, -302, -302, -302, -302, + -302, -302, -302, -302, -302, -302, -302, -302, -302, -302, + -302, -302, -302, -302, -302, -302, -302, -302, -302, -302, + -302, -302, -302, -302, -302, -302, -302, -302, -302, -302, + -302, -302, -302, -302, -302, -302, -302, -302, -302, -302, + -302, -302, -302, -302, -302, -302, -302, -302, -302, -302, + -302, -302, -302, -302, -302, -302, -302, -302, -302, -302, + -302, -302, -302, -302, -302, -302, -302, -302, -302, -302, + -302, -302, -302, -302, -302, -302, -302, -302, -302, -302, + -302, -302, -302, -302, -302, -302, -302, -302, -302, -302, + -302, -302, -302, -302, -302, -302, -302, -302, -302, -302, + -302, -302, -302, -302, -302, -302, -302, -302, -302, -302, + -302, -302, -302, -302, -302, -302, -302, -302, -302, -302, + -302, -302, -302, -302, -302, -302, -302, -302, -302, -302, + -302, -302, -302, -302, -302, -302, -302, -302, -302, -302, + -302, -302, -302, -302, -302, -302, -302, -302, -302, -302, + -302, -302, -302, -302, -302, -302, -302, -302, -302, -302, + -302, -302, -302, -302, -302, -302, -302, -302, -302, -302, + -302, -302, -302, -302, -302, -302, -302, -302, -302, -302, + -302, -302, -302, -302, -302, -302, -302, -302, -302, -302, + -302, -302, -302, -302, -302, -302, -302, -302, -302, -302, + -302, -302, -302, -302, -302, -302, -302, -302, -302, -302, + -302, -302, -302, -302, -302, -302, -302, -302, -302, -302, + -302, -302, -302, -302, -302, -302, -302, -302, -302, -302, + -302, -302, -302, -302, -302, -302, -302, -302, -302, -302, + -302, -302, -302, 271, 632, 633, 634, 635, -302, -302, + -302, -302, -302, -302, -302, -302, -302, -302, -302, -302, + -302, -302, -302, -302, -302, -302, -302, -302, -302, -302, + -302, -302, -302, -302, -302, -302, -302, -302, -302, -302, + -302, -302, -302, -302, -302, -302, -302, -302, -302, -302, + -302, -302, -302, -302, -302, -302, -302, -302, -302, -302, + -302, -302, -302, -302, -302, -302, -302, -302, -302, -302, + -302, -302, -302, -302, -302, -302, -302, -302, -302, -302, + -302, -302, -302, -302, -302, -302, -302, -302, -302, -302, + -302, -302, -302 }; /* YYDEFGOTO[NTERM-NUM]. */ static const yytype_int16 yydefgoto[] = { - -1, 1, 17, 18, 19, 32, 256, 20, 33, 475, - 21, 34, 489, 22, 35, 503, 23, 36, 519, 533, - 534, 535, 536, 537, 24, 37, 538, 257, 258, 259, - 260, 261, 262, 263, 264, 265, 266, 267, 268, 269, - 270, 271, 272, 273, 274, 275, 276, 277, 278, 279, - 280, 281, 282, 283, 284, 285, 286, 287, 288, 289, - 290, 291, 292, 293, 294, 295, 296, 297, 298, 299, - 300, 301, 302, 303, 304, 305, 306, 307, 308, 309, - 310, 311, 312, 313, 314, 315, 316, 317, 318, 319, - 320, 321, 322, 323, 324, 325, 326, 327, 328, 329, - 330, 331, 332, 333, 334, 335, 336, 337, 338, 339, - 340, 341, 342, 343, 344, 345, 346, 347, 348, 349, - 350, 351, 352, 353, 354, 355, 356, 357, 358, 359, - 360, 361, 362, 363, 364, 365, 366, 367, 368, 369, - 370, 371, 372, 373, 374, 375, 376, 377, 378, 379, - 380, 381, 382, 383, 384, 385, 386, 387, 388, 389, - 390, 391, 392, 393, 394, 395, 396, 397, 398, 399, - 400, 401, 402, 403, 404, 405, 406, 407, 408, 409, - 410, 411, 412, 413, 414, 415, 416, 417, 418, 419, - 420, 421, 422, 423, 424, 425, 426, 427, 428, 429, - 430, 431, 432, 433, 434, 435, 436, 437, 438, 439, - 440, 441, 442, 443, 444, 445, 446, 447, 448, 449, - 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, - 460, 461, 462, 476, 477, 478, 479, 480, 481, 482, - 490, 491, 492, 493, 494, 495, 520, 521, 522, 523, - 524, 525, 526, 527, 504, 505, 506, 507, 508, 509, - 510, 25, 38, 552, 553, 554, 555, 556, 557, 558, - 559, 560, 26, 39, 580, 581, 582, 583, 584, 585, - 586, 587, 588, 589, 590, 591, 592, 593, 594, 595, - 596, 597, 598, 599, 27, 40, 601, 602, 28, 41, - 604, 605, 463, 464, 465, 466, 29, 42, 616, 617, - 618, 619, 620, 621, 622, 623, 624, 625, 626, 30, - 43, 633, 634, 635, 636, 637, 638, 639, 467, 31, - 44, 642, 643, 644 + -1, 1, 17, 18, 19, 32, 263, 20, 33, 489, + 21, 34, 503, 22, 35, 517, 23, 36, 535, 551, + 552, 553, 554, 555, 24, 37, 556, 264, 265, 266, + 267, 268, 269, 270, 271, 272, 273, 274, 275, 276, + 277, 278, 279, 280, 281, 282, 283, 284, 285, 286, + 287, 288, 289, 290, 291, 292, 293, 294, 295, 296, + 297, 298, 299, 300, 301, 302, 303, 304, 305, 306, + 307, 308, 309, 310, 311, 312, 313, 314, 315, 316, + 317, 318, 319, 320, 321, 322, 323, 324, 325, 326, + 327, 328, 329, 330, 331, 332, 333, 334, 335, 336, + 337, 338, 339, 340, 341, 342, 343, 344, 345, 346, + 347, 348, 349, 350, 351, 352, 353, 354, 355, 356, + 357, 358, 359, 360, 361, 362, 363, 364, 365, 366, + 367, 368, 369, 370, 371, 372, 373, 374, 375, 376, + 377, 378, 379, 380, 381, 382, 383, 384, 385, 386, + 387, 388, 389, 390, 391, 392, 393, 394, 395, 396, + 397, 398, 399, 400, 401, 402, 403, 404, 405, 406, + 407, 408, 409, 410, 411, 412, 413, 414, 415, 416, + 417, 418, 419, 420, 421, 422, 423, 424, 425, 426, + 427, 428, 429, 430, 431, 432, 433, 434, 435, 436, + 437, 438, 439, 440, 441, 442, 443, 444, 445, 446, + 447, 448, 449, 450, 451, 452, 453, 454, 455, 456, + 457, 458, 459, 460, 461, 462, 463, 464, 465, 466, + 467, 468, 469, 470, 471, 472, 473, 474, 475, 476, + 490, 491, 492, 493, 494, 495, 496, 504, 505, 506, + 507, 508, 509, 536, 537, 538, 539, 540, 541, 542, + 543, 544, 545, 518, 519, 520, 521, 522, 523, 524, + 25, 38, 570, 571, 572, 573, 574, 575, 576, 577, + 578, 26, 39, 598, 599, 600, 601, 602, 603, 604, + 605, 606, 607, 608, 609, 610, 611, 612, 613, 614, + 615, 616, 617, 27, 40, 619, 620, 28, 41, 622, + 623, 477, 478, 479, 480, 29, 42, 634, 635, 636, + 637, 638, 639, 640, 641, 642, 643, 644, 30, 43, + 651, 652, 653, 654, 655, 656, 657, 481, 31, 44, + 660, 661, 662 }; /* YYTABLE[YYPACT[STATE-NUM]] -- What to do in state STATE-NUM. If @@ -2501,153 +2557,157 @@ static const yytype_int16 yydefgoto[] = number is the opposite. If YYTABLE_NINF, syntax error. */ static const yytype_int16 yytable[] = { - 2, 511, 496, 468, 600, 469, 470, 483, 640, 641, - 603, 3, 4, 645, 646, 484, 485, 627, 628, 629, - 630, 631, 632, 647, 511, 606, 607, 608, 609, 610, - 611, 612, 613, 614, 615, 648, 649, 650, 497, 498, - 651, 652, 653, 654, 655, 656, 5, 657, 658, 659, - 660, 661, 6, 662, 663, 664, 665, 666, 667, 668, - 669, 670, 671, 499, 672, 673, 471, 561, 562, 563, - 564, 565, 566, 567, 568, 569, 570, 571, 572, 573, - 574, 575, 576, 577, 578, 579, 544, 545, 546, 547, - 548, 549, 550, 551, 674, 675, 7, 472, 676, 677, - 486, 678, 487, 679, 680, 681, 682, 473, 683, 684, - 685, 686, 8, 687, 688, 689, 690, 691, 692, 693, - 694, 695, 696, 697, 698, 699, 700, 701, 702, 703, - 704, 705, 706, 707, 708, 709, 710, 711, 712, 713, - 500, 501, 714, 715, 716, 717, 718, 719, 720, 721, + 2, 525, 482, 510, 483, 484, 618, 497, 658, 659, + 621, 3, 4, 663, 664, 498, 499, 525, 579, 580, + 581, 582, 583, 584, 585, 586, 587, 588, 589, 590, + 591, 592, 593, 594, 595, 596, 597, 665, 666, 511, + 512, 667, 668, 669, 670, 671, 5, 672, 673, 674, + 675, 676, 6, 624, 625, 626, 627, 628, 629, 630, + 631, 632, 633, 677, 678, 679, 513, 485, 562, 563, + 564, 565, 566, 567, 568, 569, 645, 646, 647, 648, + 649, 650, 680, 681, 682, 683, 684, 685, 686, 687, + 688, 689, 690, 691, 692, 693, 7, 694, 695, 696, + 486, 697, 698, 699, 500, 700, 501, 701, 702, 703, + 487, 704, 705, 706, 8, 707, 708, 709, 710, 711, + 712, 713, 714, 715, 716, 717, 718, 719, 720, 721, 722, 723, 724, 725, 726, 727, 728, 729, 730, 731, - 732, 733, 9, 734, 735, 736, 737, 738, 739, 740, - 741, 742, 743, 744, 745, 746, 747, 748, 749, 750, - 502, 751, 752, 753, 754, 755, 756, 757, 758, 759, - 760, 761, 762, 763, 764, 765, 766, 767, 768, 769, - 770, 771, 772, 773, 774, 775, 776, 777, 778, 779, - 780, 781, 782, 783, 784, 785, 786, 787, 788, 789, - 790, 10, 791, 792, 793, 794, 795, 513, 514, 515, - 796, 797, 798, 799, 800, 801, 802, 518, 803, 804, - 11, 805, 806, 474, 807, 808, 488, 809, 512, 810, - 513, 514, 515, 516, 517, 528, 529, 530, 531, 532, - 518, 12, 811, 812, 813, 814, 815, 816, 817, 818, - 13, 819, 820, 821, 822, 823, 824, 825, 826, 827, - 828, 829, 830, 831, 832, 833, 834, 835, 836, 837, - 838, 839, 840, 841, 14, 842, 843, 844, 15, 845, - 846, 847, 0, 848, 16, 45, 46, 47, 48, 49, - 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, - 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, - 70, 71, 72, 73, 74, 75, 76, 849, 850, 851, - 852, 77, 78, 79, 853, 854, 855, 80, 81, 82, - 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, - 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, - 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, - 113, 114, 115, 116, 117, 118, 119, 120, 856, 857, - 858, 859, 860, 861, 862, 863, 864, 121, 122, 123, - 865, 124, 125, 126, 866, 867, 127, 128, 129, 130, - 131, 132, 133, 134, 135, 136, 137, 138, 139, 140, - 141, 142, 143, 144, 145, 146, 147, 148, 149, 150, - 868, 869, 870, 151, 152, 153, 154, 155, 156, 157, - 158, 871, 159, 160, 161, 162, 163, 164, 165, 166, - 167, 168, 169, 170, 872, 873, 874, 875, 876, 877, - 878, 879, 880, 881, 882, 883, 884, 885, 886, 887, - 888, 889, 890, 891, 171, 172, 173, 174, 175, 176, - 177, 178, 179, 180, 181, 182, 183, 184, 185, 186, - 187, 188, 189, 190, 191, 192, 193, 194, 195, 196, - 197, 198, 199, 200, 201, 202, 203, 204, 205, 206, - 207, 208, 209, 892, 210, 893, 211, 212, 213, 214, - 215, 216, 217, 218, 219, 220, 221, 222, 223, 224, - 225, 226, 894, 895, 896, 897, 898, 899, 900, 901, - 902, 903, 904, 227, 228, 229, 230, 231, 232, 233, - 234, 235, 236, 905, 906, 907, 908, 909, 910, 911, - 237, 912, 913, 914, 915, 916, 917, 918, 238, 239, - 919, 240, 241, 920, 242, 243, 921, 922, 244, 245, - 246, 247, 248, 249, 250, 251, 923, 924, 925, 252, - 926, 927, 928, 929, 930, 931, 932, 933, 253, 254, - 255, 934, 935, 936, 937, 938, 939, 940, 941, 942, - 943, 944, 945, 946, 947, 948, 949, 950, 951, 952, - 953, 954, 955, 956, 0, 539, 540, 541, 0, 0, + 732, 733, 734, 735, 736, 514, 515, 737, 738, 739, + 740, 741, 742, 743, 744, 745, 746, 747, 748, 749, + 750, 751, 752, 753, 754, 755, 9, 756, 757, 758, + 759, 760, 761, 762, 763, 764, 765, 766, 767, 768, + 769, 770, 771, 772, 773, 516, 774, 775, 776, 777, + 778, 779, 780, 781, 782, 783, 784, 785, 786, 787, + 788, 789, 790, 791, 792, 793, 794, 795, 796, 797, + 798, 799, 800, 801, 802, 803, 804, 805, 806, 807, + 808, 809, 810, 811, 812, 10, 813, 814, 815, 816, + 817, 526, 818, 527, 528, 529, 530, 531, 819, 820, + 821, 822, 823, 532, 824, 825, 11, 826, 488, 527, + 528, 529, 502, 827, 828, 829, 830, 831, 832, 532, + 833, 834, 835, 836, 837, 838, 839, 12, 840, 841, + 842, 843, 533, 534, 844, 845, 13, 546, 547, 548, + 549, 550, 846, 847, 848, 849, 850, 851, 852, 853, + 854, 855, 856, 857, 858, 859, 860, 861, 862, 863, + 14, 864, 865, 866, 15, 867, 868, 869, 557, 870, + 16, 45, 46, 47, 48, 49, 50, 51, 52, 53, + 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, + 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, + 74, 75, 76, 871, 872, 873, 874, 77, 78, 79, + 875, 876, 877, 80, 81, 82, 83, 84, 85, 86, + 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, + 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, + 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, + 117, 118, 119, 120, 878, 879, 880, 881, 882, 883, + 884, 885, 886, 121, 122, 123, 124, 125, 887, 126, + 127, 128, 888, 889, 129, 130, 131, 132, 133, 134, + 135, 136, 137, 138, 139, 140, 141, 142, 143, 144, + 145, 146, 147, 148, 149, 150, 151, 152, 153, 154, + 890, 891, 892, 155, 156, 157, 158, 159, 160, 161, + 162, 893, 163, 164, 165, 166, 167, 168, 169, 170, + 171, 172, 173, 174, 894, 895, 896, 897, 898, 899, + 900, 901, 902, 903, 904, 905, 906, 907, 908, 909, + 910, 911, 912, 913, 175, 176, 177, 178, 179, 180, + 181, 182, 183, 184, 185, 186, 187, 188, 189, 190, + 191, 192, 193, 194, 195, 196, 197, 198, 199, 200, + 201, 202, 203, 204, 205, 206, 207, 208, 209, 210, + 211, 212, 213, 914, 214, 915, 215, 216, 217, 218, + 219, 220, 221, 222, 223, 224, 225, 226, 227, 228, + 229, 230, 231, 232, 916, 917, 918, 919, 920, 921, + 922, 923, 924, 925, 926, 233, 234, 235, 236, 237, + 238, 239, 240, 241, 242, 927, 928, 929, 930, 931, + 932, 933, 243, 934, 935, 936, 937, 938, 939, 940, + 244, 245, 941, 246, 247, 942, 248, 249, 943, 944, + 250, 251, 252, 253, 254, 255, 256, 257, 945, 946, + 947, 258, 948, 949, 950, 951, 952, 953, 954, 955, + 259, 260, 261, 262, 956, 957, 958, 959, 960, 961, + 962, 963, 964, 965, 966, 967, 968, 969, 970, 971, + 972, 973, 974, 975, 976, 977, 978, 979, 980, 981, + 982, 983, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 542, 543 + 0, 0, 0, 0, 0, 0, 0, 0, 0, 558, + 559, 560, 561 }; static const yytype_int16 yycheck[] = { - 0, 45, 45, 45, 113, 47, 48, 45, 295, 296, - 305, 11, 12, 10, 10, 53, 54, 262, 263, 264, - 265, 266, 267, 10, 45, 241, 242, 243, 244, 245, - 246, 247, 248, 249, 250, 10, 10, 10, 81, 82, - 10, 10, 10, 10, 10, 10, 46, 10, 10, 10, - 10, 10, 52, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 106, 10, 10, 108, 163, 164, 165, - 166, 167, 168, 169, 170, 171, 172, 173, 174, 175, - 176, 177, 178, 179, 180, 181, 97, 98, 99, 100, - 101, 102, 103, 104, 10, 10, 96, 139, 10, 10, - 138, 10, 140, 10, 10, 10, 10, 149, 10, 10, - 10, 10, 112, 10, 10, 10, 10, 10, 10, 10, + 0, 45, 45, 45, 47, 48, 115, 45, 301, 302, + 311, 11, 12, 10, 10, 53, 54, 45, 167, 168, + 169, 170, 171, 172, 173, 174, 175, 176, 177, 178, + 179, 180, 181, 182, 183, 184, 185, 10, 10, 81, + 82, 10, 10, 10, 10, 10, 46, 10, 10, 10, + 10, 10, 52, 247, 248, 249, 250, 251, 252, 253, + 254, 255, 256, 10, 10, 10, 108, 110, 97, 98, + 99, 100, 101, 102, 103, 104, 268, 269, 270, 271, + 272, 273, 10, 10, 10, 10, 10, 10, 10, 10, + 10, 10, 10, 10, 10, 10, 96, 10, 10, 10, + 143, 10, 10, 10, 142, 10, 144, 10, 10, 10, + 153, 10, 10, 10, 114, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 183, 184, 10, 10, 10, 10, 10, 10, 10, 10, + 10, 10, 10, 10, 10, 187, 188, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 162, 10, 10, 10, 10, 10, 10, 10, + 10, 10, 10, 10, 10, 10, 166, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 223, 10, 10, 10, 10, 10, 10, 10, 10, 10, + 10, 10, 10, 10, 10, 227, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 221, 10, 10, 10, 10, 10, 271, 272, 273, - 10, 10, 10, 10, 10, 10, 10, 281, 10, 10, - 240, 10, 10, 285, 10, 10, 284, 10, 269, 10, - 271, 272, 273, 274, 275, 299, 300, 301, 302, 303, - 281, 261, 10, 10, 10, 10, 10, 10, 10, 10, - 270, 10, 10, 10, 10, 10, 10, 10, 10, 10, + 10, 10, 10, 10, 10, 225, 10, 10, 10, 10, + 10, 275, 10, 277, 278, 279, 280, 281, 10, 10, + 10, 10, 10, 287, 10, 10, 246, 10, 291, 277, + 278, 279, 290, 10, 10, 10, 10, 10, 10, 287, + 10, 10, 10, 10, 10, 10, 10, 267, 10, 10, + 10, 10, 316, 317, 10, 10, 276, 305, 306, 307, + 308, 309, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 294, 10, 10, 10, 298, 10, - 10, 10, -1, 10, 304, 13, 14, 15, 16, 17, - 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, - 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, - 38, 39, 40, 41, 42, 43, 44, 10, 10, 10, - 10, 49, 50, 51, 10, 10, 10, 55, 56, 57, - 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, - 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, - 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, - 88, 89, 90, 91, 92, 93, 94, 95, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 105, 106, 107, - 10, 109, 110, 111, 10, 10, 114, 115, 116, 117, - 118, 119, 120, 121, 122, 123, 124, 125, 126, 127, - 128, 129, 130, 131, 132, 133, 134, 135, 136, 137, - 10, 10, 10, 141, 142, 143, 144, 145, 146, 147, - 148, 10, 150, 151, 152, 153, 154, 155, 156, 157, - 158, 159, 160, 161, 10, 10, 10, 10, 10, 10, + 300, 10, 10, 10, 304, 10, 10, 10, 37, 10, + 310, 13, 14, 15, 16, 17, 18, 19, 20, 21, + 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, + 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, + 42, 43, 44, 10, 10, 10, 10, 49, 50, 51, + 10, 10, 10, 55, 56, 57, 58, 59, 60, 61, + 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, + 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, + 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, + 92, 93, 94, 95, 10, 10, 10, 10, 10, 10, + 10, 10, 10, 105, 106, 107, 108, 109, 10, 111, + 112, 113, 10, 10, 116, 117, 118, 119, 120, 121, + 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, + 132, 133, 134, 135, 136, 137, 138, 139, 140, 141, + 10, 10, 10, 145, 146, 147, 148, 149, 150, 151, + 152, 10, 154, 155, 156, 157, 158, 159, 160, 161, + 162, 163, 164, 165, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 182, 183, 184, 185, 186, 187, - 188, 189, 190, 191, 192, 193, 194, 195, 196, 197, - 198, 199, 200, 201, 202, 203, 204, 205, 206, 207, - 208, 209, 210, 211, 212, 213, 214, 215, 216, 217, - 218, 219, 220, 10, 222, 10, 224, 225, 226, 227, - 228, 229, 230, 231, 232, 233, 234, 235, 236, 237, - 238, 239, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 251, 252, 253, 254, 255, 256, 257, - 258, 259, 260, 10, 10, 10, 10, 10, 10, 10, - 268, 10, 10, 10, 10, 10, 10, 10, 276, 277, - 10, 279, 280, 10, 282, 283, 10, 10, 286, 287, - 288, 289, 290, 291, 292, 293, 10, 10, 10, 297, - 10, 10, 10, 10, 10, 10, 10, 10, 306, 307, - 308, 10, 10, 10, 10, 10, 10, 10, 10, 10, + 10, 10, 10, 10, 186, 187, 188, 189, 190, 191, + 192, 193, 194, 195, 196, 197, 198, 199, 200, 201, + 202, 203, 204, 205, 206, 207, 208, 209, 210, 211, + 212, 213, 214, 215, 216, 217, 218, 219, 220, 221, + 222, 223, 224, 10, 226, 10, 228, 229, 230, 231, + 232, 233, 234, 235, 236, 237, 238, 239, 240, 241, + 242, 243, 244, 245, 10, 10, 10, 10, 10, 10, + 10, 10, 10, 10, 10, 257, 258, 259, 260, 261, + 262, 263, 264, 265, 266, 10, 10, 10, 10, 10, + 10, 10, 274, 10, 10, 10, 10, 10, 10, 10, + 282, 283, 10, 285, 286, 10, 288, 289, 10, 10, + 292, 293, 294, 295, 296, 297, 298, 299, 10, 10, + 10, 303, 10, 10, 10, 10, 10, 10, 10, 10, + 312, 313, 314, 315, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, -1, 37, 37, 37, -1, -1, + 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, + 10, 10, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 37, 37 + -1, -1, -1, -1, -1, -1, -1, -1, -1, 37, + 37, 37, 37 }; /* YYSTOS[STATE-NUM] -- The (internal number of the) accessing symbol of state STATE-NUM. */ static const yytype_int16 yystos[] = { - 0, 310, 0, 11, 12, 46, 52, 96, 112, 162, - 221, 240, 261, 270, 294, 298, 304, 311, 312, 313, - 316, 319, 322, 325, 333, 570, 581, 603, 607, 615, - 628, 638, 314, 317, 320, 323, 326, 334, 571, 582, - 604, 608, 616, 629, 639, 13, 14, 15, 16, 17, + 0, 319, 0, 11, 12, 46, 52, 96, 114, 166, + 225, 246, 267, 276, 300, 304, 310, 320, 321, 322, + 325, 328, 331, 334, 342, 588, 599, 621, 625, 633, + 646, 656, 323, 326, 329, 332, 335, 343, 589, 600, + 622, 626, 634, 647, 657, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 49, 50, 51, @@ -2655,59 +2715,61 @@ static const yytype_int16 yystos[] = 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, - 95, 105, 106, 107, 109, 110, 111, 114, 115, 116, + 95, 105, 106, 107, 108, 109, 111, 112, 113, 116, 117, 118, 119, 120, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 132, 133, 134, 135, 136, - 137, 141, 142, 143, 144, 145, 146, 147, 148, 150, - 151, 152, 153, 154, 155, 156, 157, 158, 159, 160, - 161, 182, 183, 184, 185, 186, 187, 188, 189, 190, + 137, 138, 139, 140, 141, 145, 146, 147, 148, 149, + 150, 151, 152, 154, 155, 156, 157, 158, 159, 160, + 161, 162, 163, 164, 165, 186, 187, 188, 189, 190, 191, 192, 193, 194, 195, 196, 197, 198, 199, 200, 201, 202, 203, 204, 205, 206, 207, 208, 209, 210, 211, 212, 213, 214, 215, 216, 217, 218, 219, 220, - 222, 224, 225, 226, 227, 228, 229, 230, 231, 232, - 233, 234, 235, 236, 237, 238, 239, 251, 252, 253, - 254, 255, 256, 257, 258, 259, 260, 268, 276, 277, - 279, 280, 282, 283, 286, 287, 288, 289, 290, 291, - 292, 293, 297, 306, 307, 308, 315, 336, 337, 338, - 339, 340, 341, 342, 343, 344, 345, 346, 347, 348, - 349, 350, 351, 352, 353, 354, 355, 356, 357, 358, - 359, 360, 361, 362, 363, 364, 365, 366, 367, 368, - 369, 370, 371, 372, 373, 374, 375, 376, 377, 378, - 379, 380, 381, 382, 383, 384, 385, 386, 387, 388, - 389, 390, 391, 392, 393, 394, 395, 396, 397, 398, - 399, 400, 401, 402, 403, 404, 405, 406, 407, 408, - 409, 410, 411, 412, 413, 414, 415, 416, 417, 418, - 419, 420, 421, 422, 423, 424, 425, 426, 427, 428, - 429, 430, 431, 432, 433, 434, 435, 436, 437, 438, - 439, 440, 441, 442, 443, 444, 445, 446, 447, 448, - 449, 450, 451, 452, 453, 454, 455, 456, 457, 458, - 459, 460, 461, 462, 463, 464, 465, 466, 467, 468, - 469, 470, 471, 472, 473, 474, 475, 476, 477, 478, - 479, 480, 481, 482, 483, 484, 485, 486, 487, 488, - 489, 490, 491, 492, 493, 494, 495, 496, 497, 498, - 499, 500, 501, 502, 503, 504, 505, 506, 507, 508, - 509, 510, 511, 512, 513, 514, 515, 516, 517, 518, - 519, 520, 521, 522, 523, 524, 525, 526, 527, 528, - 529, 530, 531, 532, 533, 534, 535, 536, 537, 538, - 539, 540, 541, 611, 612, 613, 614, 637, 45, 47, - 48, 108, 139, 149, 285, 318, 542, 543, 544, 545, - 546, 547, 548, 45, 53, 54, 138, 140, 284, 321, - 549, 550, 551, 552, 553, 554, 45, 81, 82, 106, - 183, 184, 223, 324, 563, 564, 565, 566, 567, 568, - 569, 45, 269, 271, 272, 273, 274, 275, 281, 327, - 555, 556, 557, 558, 559, 560, 561, 562, 299, 300, - 301, 302, 303, 328, 329, 330, 331, 332, 335, 555, - 556, 557, 558, 559, 97, 98, 99, 100, 101, 102, - 103, 104, 572, 573, 574, 575, 576, 577, 578, 579, - 580, 163, 164, 165, 166, 167, 168, 169, 170, 171, - 172, 173, 174, 175, 176, 177, 178, 179, 180, 181, - 583, 584, 585, 586, 587, 588, 589, 590, 591, 592, - 593, 594, 595, 596, 597, 598, 599, 600, 601, 602, - 113, 605, 606, 305, 609, 610, 241, 242, 243, 244, - 245, 246, 247, 248, 249, 250, 617, 618, 619, 620, - 621, 622, 623, 624, 625, 626, 627, 262, 263, 264, - 265, 266, 267, 630, 631, 632, 633, 634, 635, 636, - 295, 296, 640, 641, 642, 10, 10, 10, 10, 10, + 221, 222, 223, 224, 226, 228, 229, 230, 231, 232, + 233, 234, 235, 236, 237, 238, 239, 240, 241, 242, + 243, 244, 245, 257, 258, 259, 260, 261, 262, 263, + 264, 265, 266, 274, 282, 283, 285, 286, 288, 289, + 292, 293, 294, 295, 296, 297, 298, 299, 303, 312, + 313, 314, 315, 324, 345, 346, 347, 348, 349, 350, + 351, 352, 353, 354, 355, 356, 357, 358, 359, 360, + 361, 362, 363, 364, 365, 366, 367, 368, 369, 370, + 371, 372, 373, 374, 375, 376, 377, 378, 379, 380, + 381, 382, 383, 384, 385, 386, 387, 388, 389, 390, + 391, 392, 393, 394, 395, 396, 397, 398, 399, 400, + 401, 402, 403, 404, 405, 406, 407, 408, 409, 410, + 411, 412, 413, 414, 415, 416, 417, 418, 419, 420, + 421, 422, 423, 424, 425, 426, 427, 428, 429, 430, + 431, 432, 433, 434, 435, 436, 437, 438, 439, 440, + 441, 442, 443, 444, 445, 446, 447, 448, 449, 450, + 451, 452, 453, 454, 455, 456, 457, 458, 459, 460, + 461, 462, 463, 464, 465, 466, 467, 468, 469, 470, + 471, 472, 473, 474, 475, 476, 477, 478, 479, 480, + 481, 482, 483, 484, 485, 486, 487, 488, 489, 490, + 491, 492, 493, 494, 495, 496, 497, 498, 499, 500, + 501, 502, 503, 504, 505, 506, 507, 508, 509, 510, + 511, 512, 513, 514, 515, 516, 517, 518, 519, 520, + 521, 522, 523, 524, 525, 526, 527, 528, 529, 530, + 531, 532, 533, 534, 535, 536, 537, 538, 539, 540, + 541, 542, 543, 544, 545, 546, 547, 548, 549, 550, + 551, 552, 553, 554, 555, 556, 557, 629, 630, 631, + 632, 655, 45, 47, 48, 110, 143, 153, 291, 327, + 558, 559, 560, 561, 562, 563, 564, 45, 53, 54, + 142, 144, 290, 330, 565, 566, 567, 568, 569, 570, + 45, 81, 82, 108, 187, 188, 227, 333, 581, 582, + 583, 584, 585, 586, 587, 45, 275, 277, 278, 279, + 280, 281, 287, 316, 317, 336, 571, 572, 573, 574, + 575, 576, 577, 578, 579, 580, 305, 306, 307, 308, + 309, 337, 338, 339, 340, 341, 344, 571, 572, 573, + 574, 575, 97, 98, 99, 100, 101, 102, 103, 104, + 590, 591, 592, 593, 594, 595, 596, 597, 598, 167, + 168, 169, 170, 171, 172, 173, 174, 175, 176, 177, + 178, 179, 180, 181, 182, 183, 184, 185, 601, 602, + 603, 604, 605, 606, 607, 608, 609, 610, 611, 612, + 613, 614, 615, 616, 617, 618, 619, 620, 115, 623, + 624, 311, 627, 628, 247, 248, 249, 250, 251, 252, + 253, 254, 255, 256, 635, 636, 637, 638, 639, 640, + 641, 642, 643, 644, 645, 268, 269, 270, 271, 272, + 273, 648, 649, 650, 651, 652, 653, 654, 301, 302, + 658, 659, 660, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, @@ -2738,42 +2800,43 @@ static const yytype_int16 yystos[] = 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 10, 10 + 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, + 10, 10, 10, 10 }; /* YYR1[YYN] -- Symbol number of symbol that rule YYN derives. */ static const yytype_int16 yyr1[] = { - 0, 309, 310, 310, 311, 311, 311, 311, 311, 311, - 311, 311, 311, 311, 311, 311, 311, 311, 312, 313, - 314, 314, 315, 315, 315, 315, 315, 315, 315, 315, - 315, 315, 315, 315, 315, 315, 315, 315, 315, 315, - 315, 315, 315, 315, 315, 315, 315, 315, 315, 315, - 315, 315, 315, 315, 315, 315, 315, 315, 315, 315, - 315, 315, 315, 315, 315, 315, 315, 315, 315, 315, - 315, 315, 315, 315, 315, 315, 315, 315, 315, 315, - 315, 315, 315, 315, 315, 315, 315, 315, 315, 315, - 315, 315, 315, 315, 315, 315, 315, 315, 315, 315, - 315, 315, 315, 315, 315, 315, 315, 315, 315, 315, - 315, 315, 315, 315, 315, 315, 315, 315, 315, 315, - 315, 315, 315, 315, 315, 315, 315, 315, 315, 315, - 315, 315, 315, 315, 315, 315, 315, 315, 315, 315, - 315, 315, 315, 315, 315, 315, 315, 315, 315, 315, - 315, 315, 315, 315, 315, 315, 315, 315, 315, 315, - 315, 315, 315, 315, 315, 315, 315, 315, 315, 315, - 315, 315, 315, 315, 315, 315, 315, 315, 315, 315, - 315, 315, 315, 315, 315, 315, 315, 315, 315, 315, - 315, 315, 315, 315, 315, 315, 315, 315, 315, 315, - 315, 315, 315, 315, 315, 315, 315, 315, 315, 315, - 315, 315, 315, 315, 315, 315, 315, 315, 315, 315, - 315, 315, 315, 315, 315, 315, 315, 315, 315, 315, - 315, 315, 315, 316, 317, 317, 318, 318, 318, 318, - 318, 318, 318, 319, 320, 320, 321, 321, 321, 321, - 321, 321, 322, 323, 323, 324, 324, 324, 324, 324, - 324, 324, 325, 326, 326, 327, 327, 327, 327, 327, - 327, 327, 327, 328, 329, 330, 331, 332, 333, 334, - 334, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, + 0, 318, 319, 319, 320, 320, 320, 320, 320, 320, + 320, 320, 320, 320, 320, 320, 320, 320, 321, 322, + 323, 323, 324, 324, 324, 324, 324, 324, 324, 324, + 324, 324, 324, 324, 324, 324, 324, 324, 324, 324, + 324, 324, 324, 324, 324, 324, 324, 324, 324, 324, + 324, 324, 324, 324, 324, 324, 324, 324, 324, 324, + 324, 324, 324, 324, 324, 324, 324, 324, 324, 324, + 324, 324, 324, 324, 324, 324, 324, 324, 324, 324, + 324, 324, 324, 324, 324, 324, 324, 324, 324, 324, + 324, 324, 324, 324, 324, 324, 324, 324, 324, 324, + 324, 324, 324, 324, 324, 324, 324, 324, 324, 324, + 324, 324, 324, 324, 324, 324, 324, 324, 324, 324, + 324, 324, 324, 324, 324, 324, 324, 324, 324, 324, + 324, 324, 324, 324, 324, 324, 324, 324, 324, 324, + 324, 324, 324, 324, 324, 324, 324, 324, 324, 324, + 324, 324, 324, 324, 324, 324, 324, 324, 324, 324, + 324, 324, 324, 324, 324, 324, 324, 324, 324, 324, + 324, 324, 324, 324, 324, 324, 324, 324, 324, 324, + 324, 324, 324, 324, 324, 324, 324, 324, 324, 324, + 324, 324, 324, 324, 324, 324, 324, 324, 324, 324, + 324, 324, 324, 324, 324, 324, 324, 324, 324, 324, + 324, 324, 324, 324, 324, 324, 324, 324, 324, 324, + 324, 324, 324, 324, 324, 324, 324, 324, 324, 324, + 324, 324, 324, 324, 324, 324, 324, 324, 324, 324, + 325, 326, 326, 327, 327, 327, 327, 327, 327, 327, + 328, 329, 329, 330, 330, 330, 330, 330, 330, 331, + 332, 332, 333, 333, 333, 333, 333, 333, 333, 334, + 335, 335, 336, 336, 336, 336, 336, 336, 336, 336, + 336, 336, 337, 338, 339, 340, 341, 342, 343, 343, + 344, 344, 344, 344, 344, 344, 344, 344, 344, 344, 345, 346, 347, 348, 349, 350, 351, 352, 353, 354, 355, 356, 357, 358, 359, 360, 361, 362, 363, 364, 365, 366, 367, 368, 369, 370, 371, 372, 373, 374, @@ -2796,19 +2859,21 @@ static const yytype_int16 yyr1[] = 535, 536, 537, 538, 539, 540, 541, 542, 543, 544, 545, 546, 547, 548, 549, 550, 551, 552, 553, 554, 555, 556, 557, 558, 559, 560, 561, 562, 563, 564, - 565, 566, 567, 568, 569, 570, 571, 571, 572, 572, - 572, 572, 572, 572, 572, 572, 573, 574, 575, 576, - 577, 578, 579, 580, 581, 582, 582, 583, 583, 583, - 583, 583, 583, 583, 583, 583, 583, 583, 583, 583, - 583, 583, 583, 583, 583, 583, 584, 585, 586, 587, - 588, 589, 590, 591, 592, 593, 594, 595, 596, 597, - 598, 599, 600, 601, 602, 603, 604, 604, 605, 606, - 607, 608, 608, 609, 610, 611, 612, 613, 614, 615, - 616, 616, 617, 617, 617, 617, 617, 617, 617, 617, - 617, 617, 618, 619, 620, 621, 622, 623, 624, 625, - 626, 627, 628, 629, 629, 630, 630, 630, 630, 630, - 630, 631, 632, 633, 634, 635, 636, 637, 638, 639, - 639, 640, 640, 641, 642 + 565, 566, 567, 568, 569, 570, 571, 572, 573, 574, + 575, 576, 577, 578, 579, 580, 581, 582, 583, 584, + 585, 586, 587, 588, 589, 589, 590, 590, 590, 590, + 590, 590, 590, 590, 591, 592, 593, 594, 595, 596, + 597, 598, 599, 600, 600, 601, 601, 601, 601, 601, + 601, 601, 601, 601, 601, 601, 601, 601, 601, 601, + 601, 601, 601, 601, 602, 603, 604, 605, 606, 607, + 608, 609, 610, 611, 612, 613, 614, 615, 616, 617, + 618, 619, 620, 621, 622, 622, 623, 624, 625, 626, + 626, 627, 628, 629, 630, 631, 632, 633, 634, 634, + 635, 635, 635, 635, 635, 635, 635, 635, 635, 635, + 636, 637, 638, 639, 640, 641, 642, 643, 644, 645, + 646, 647, 647, 648, 648, 648, 648, 648, 648, 649, + 650, 651, 652, 653, 654, 655, 656, 657, 657, 658, + 658, 659, 660 }; /* YYR2[YYN] -- Number of symbols on the right hand side of rule YYN. */ @@ -2837,48 +2902,50 @@ static const yytype_int8 yyr2[] = 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 2, 0, 1, 1, 1, 1, - 1, 1, 1, 1, 2, 0, 1, 1, 1, 1, - 1, 1, 1, 2, 0, 1, 1, 1, 1, 1, - 1, 1, 1, 2, 0, 1, 1, 1, 1, 1, - 1, 1, 1, 2, 2, 2, 2, 2, 1, 2, - 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 3, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 3, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 3, 3, 4, 4, 4, 3, 3, - 2, 2, 2, 2, 2, 2, 3, 3, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 3, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 3, - 3, 3, 2, 2, 2, 1, 2, 0, 1, 1, - 1, 1, 1, 1, 1, 1, 2, 2, 2, 2, - 2, 2, 2, 2, 1, 2, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 1, 2, 0, 1, 2, - 1, 2, 0, 1, 2, 2, 2, 3, 3, 1, + 1, 2, 0, 1, 1, 1, 1, 1, 1, 1, + 1, 2, 0, 1, 1, 1, 1, 1, 1, 1, 2, 0, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 0, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 2, 2, 2, 2, 2, 1, 2, 0, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 3, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 3, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 3, + 3, 4, 4, 4, 3, 3, 2, 2, 2, 2, + 2, 2, 3, 3, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 3, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 3, 3, 3, + 2, 2, 2, 1, 2, 0, 1, 1, 1, 1, + 1, 1, 1, 1, 2, 2, 2, 2, 2, 2, 2, 2, 1, 2, 0, 1, 1, 1, 1, 1, - 1, 2, 2, 2, 2, 2, 2, 3, 1, 2, - 0, 1, 1, 2, 2 + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 1, 2, 0, 1, 2, 1, 2, + 0, 1, 2, 2, 2, 3, 3, 1, 2, 0, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 1, 2, 0, 1, 1, 1, 1, 1, 1, 2, + 2, 2, 2, 2, 2, 3, 1, 2, 0, 1, + 1, 2, 2 }; @@ -3359,23 +3426,23 @@ yyparse (void) switch (yyn) { case 18: -#line 197 "util/configparser.y" +#line 200 "util/configparser.y" { OUTYY(("\nP(force-toplevel)\n")); } -#line 3367 "util/configparser.c" +#line 3434 "util/configparser.c" break; case 19: -#line 203 "util/configparser.y" +#line 206 "util/configparser.y" { OUTYY(("\nP(server:)\n")); } -#line 3375 "util/configparser.c" +#line 3442 "util/configparser.c" break; - case 233: -#line 305 "util/configparser.y" + case 240: +#line 313 "util/configparser.y" { struct config_stub* s; OUTYY(("\nP(stub_zone:)\n")); @@ -3386,11 +3453,11 @@ yyparse (void) } else yyerror("out of memory"); } -#line 3390 "util/configparser.c" +#line 3457 "util/configparser.c" break; - case 243: -#line 322 "util/configparser.y" + case 250: +#line 330 "util/configparser.y" { struct config_stub* s; OUTYY(("\nP(forward_zone:)\n")); @@ -3401,11 +3468,11 @@ yyparse (void) } else yyerror("out of memory"); } -#line 3405 "util/configparser.c" +#line 3472 "util/configparser.c" break; - case 252: -#line 339 "util/configparser.y" + case 259: +#line 347 "util/configparser.y" { struct config_view* s; OUTYY(("\nP(view:)\n")); @@ -3418,11 +3485,11 @@ yyparse (void) } else yyerror("out of memory"); } -#line 3422 "util/configparser.c" +#line 3489 "util/configparser.c" break; - case 262: -#line 358 "util/configparser.y" + case 269: +#line 366 "util/configparser.y" { struct config_auth* s; OUTYY(("\nP(auth_zone:)\n")); @@ -3434,15 +3501,17 @@ yyparse (void) s->for_downstream = 1; s->for_upstream = 1; s->fallback_enabled = 0; + s->zonemd_check = 0; + s->zonemd_reject_absence = 0; s->isrpz = 0; } else yyerror("out of memory"); } -#line 3442 "util/configparser.c" +#line 3511 "util/configparser.c" break; - case 273: -#line 382 "util/configparser.y" + case 282: +#line 392 "util/configparser.y" { uint8_t* bitlist; size_t len = 0; @@ -3459,11 +3528,11 @@ yyparse (void) } } -#line 3463 "util/configparser.c" +#line 3532 "util/configparser.c" break; - case 274: -#line 401 "util/configparser.y" + case 283: +#line 411 "util/configparser.y" { OUTYY(("P(rpz_action_override:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "nxdomain")!=0 && strcmp((yyvsp[0].str), "nodata")!=0 && @@ -3478,21 +3547,21 @@ yyparse (void) cfg_parser->cfg->auths->rpz_action_override = (yyvsp[0].str); } } -#line 3482 "util/configparser.c" +#line 3551 "util/configparser.c" break; - case 275: -#line 418 "util/configparser.y" + case 284: +#line 428 "util/configparser.y" { OUTYY(("P(rpz_cname_override:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->auths->rpz_cname); cfg_parser->cfg->auths->rpz_cname = (yyvsp[0].str); } -#line 3492 "util/configparser.c" +#line 3561 "util/configparser.c" break; - case 276: -#line 426 "util/configparser.y" + case 285: +#line 436 "util/configparser.y" { OUTYY(("P(rpz_log:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3500,21 +3569,21 @@ yyparse (void) else cfg_parser->cfg->auths->rpz_log = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3504 "util/configparser.c" +#line 3573 "util/configparser.c" break; - case 277: -#line 436 "util/configparser.y" + case 286: +#line 446 "util/configparser.y" { OUTYY(("P(rpz_log_name:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->auths->rpz_log_name); cfg_parser->cfg->auths->rpz_log_name = (yyvsp[0].str); } -#line 3514 "util/configparser.c" +#line 3583 "util/configparser.c" break; - case 278: -#line 444 "util/configparser.y" + case 287: +#line 454 "util/configparser.y" { struct config_auth* s; OUTYY(("\nP(rpz:)\n")); @@ -3530,11 +3599,11 @@ yyparse (void) } else yyerror("out of memory"); } -#line 3534 "util/configparser.c" +#line 3603 "util/configparser.c" break; - case 291: -#line 467 "util/configparser.y" + case 300: +#line 477 "util/configparser.y" { OUTYY(("P(server_num_threads:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3542,11 +3611,11 @@ yyparse (void) else cfg_parser->cfg->num_threads = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3546 "util/configparser.c" +#line 3615 "util/configparser.c" break; - case 292: -#line 476 "util/configparser.y" + case 301: +#line 486 "util/configparser.y" { OUTYY(("P(server_verbosity:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3554,11 +3623,11 @@ yyparse (void) else cfg_parser->cfg->verbosity = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3558 "util/configparser.c" +#line 3627 "util/configparser.c" break; - case 293: -#line 485 "util/configparser.y" + case 302: +#line 495 "util/configparser.y" { OUTYY(("P(server_statistics_interval:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "") == 0 || strcmp((yyvsp[0].str), "0") == 0) @@ -3568,11 +3637,11 @@ yyparse (void) else cfg_parser->cfg->stat_interval = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3572 "util/configparser.c" +#line 3641 "util/configparser.c" break; - case 294: -#line 496 "util/configparser.y" + case 303: +#line 506 "util/configparser.y" { OUTYY(("P(server_statistics_cumulative:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3580,11 +3649,11 @@ yyparse (void) else cfg_parser->cfg->stat_cumulative = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3584 "util/configparser.c" +#line 3653 "util/configparser.c" break; - case 295: -#line 505 "util/configparser.y" + case 304: +#line 515 "util/configparser.y" { OUTYY(("P(server_extended_statistics:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3592,11 +3661,11 @@ yyparse (void) else cfg_parser->cfg->stat_extended = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3596 "util/configparser.c" +#line 3665 "util/configparser.c" break; - case 296: -#line 514 "util/configparser.y" + case 305: +#line 524 "util/configparser.y" { OUTYY(("P(server_shm_enable:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3604,11 +3673,11 @@ yyparse (void) else cfg_parser->cfg->shm_enable = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3608 "util/configparser.c" +#line 3677 "util/configparser.c" break; - case 297: -#line 523 "util/configparser.y" + case 306: +#line 533 "util/configparser.y" { OUTYY(("P(server_shm_key:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "") == 0 || strcmp((yyvsp[0].str), "0") == 0) @@ -3618,11 +3687,11 @@ yyparse (void) else cfg_parser->cfg->shm_key = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3622 "util/configparser.c" +#line 3691 "util/configparser.c" break; - case 298: -#line 534 "util/configparser.y" + case 307: +#line 544 "util/configparser.y" { OUTYY(("P(server_port:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -3630,11 +3699,11 @@ yyparse (void) else cfg_parser->cfg->port = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3634 "util/configparser.c" +#line 3703 "util/configparser.c" break; - case 299: -#line 543 "util/configparser.y" + case 308: +#line 553 "util/configparser.y" { #ifdef CLIENT_SUBNET OUTYY(("P(server_send_client_subnet:%s)\n", (yyvsp[0].str))); @@ -3645,11 +3714,11 @@ yyparse (void) free((yyvsp[0].str)); #endif } -#line 3649 "util/configparser.c" +#line 3718 "util/configparser.c" break; - case 300: -#line 555 "util/configparser.y" + case 309: +#line 565 "util/configparser.y" { #ifdef CLIENT_SUBNET OUTYY(("P(server_client_subnet_zone:%s)\n", (yyvsp[0].str))); @@ -3661,11 +3730,11 @@ yyparse (void) free((yyvsp[0].str)); #endif } -#line 3665 "util/configparser.c" +#line 3734 "util/configparser.c" break; - case 301: -#line 569 "util/configparser.y" + case 310: +#line 579 "util/configparser.y" { #ifdef CLIENT_SUBNET OUTYY(("P(server_client_subnet_always_forward:%s)\n", (yyvsp[0].str))); @@ -3679,11 +3748,11 @@ yyparse (void) #endif free((yyvsp[0].str)); } -#line 3683 "util/configparser.c" +#line 3752 "util/configparser.c" break; - case 302: -#line 584 "util/configparser.y" + case 311: +#line 594 "util/configparser.y" { #ifdef CLIENT_SUBNET OUTYY(("P(client_subnet_opcode:%s)\n", (yyvsp[0].str))); @@ -3693,11 +3762,11 @@ yyparse (void) #endif free((yyvsp[0].str)); } -#line 3697 "util/configparser.c" +#line 3766 "util/configparser.c" break; - case 303: -#line 595 "util/configparser.y" + case 312: +#line 605 "util/configparser.y" { #ifdef CLIENT_SUBNET OUTYY(("P(max_client_subnet_ipv4:%s)\n", (yyvsp[0].str))); @@ -3713,11 +3782,11 @@ yyparse (void) #endif free((yyvsp[0].str)); } -#line 3717 "util/configparser.c" +#line 3786 "util/configparser.c" break; - case 304: -#line 612 "util/configparser.y" + case 313: +#line 622 "util/configparser.y" { #ifdef CLIENT_SUBNET OUTYY(("P(max_client_subnet_ipv6:%s)\n", (yyvsp[0].str))); @@ -3733,11 +3802,11 @@ yyparse (void) #endif free((yyvsp[0].str)); } -#line 3737 "util/configparser.c" +#line 3806 "util/configparser.c" break; - case 305: -#line 629 "util/configparser.y" + case 314: +#line 639 "util/configparser.y" { #ifdef CLIENT_SUBNET OUTYY(("P(min_client_subnet_ipv4:%s)\n", (yyvsp[0].str))); @@ -3753,11 +3822,11 @@ yyparse (void) #endif free((yyvsp[0].str)); } -#line 3757 "util/configparser.c" +#line 3826 "util/configparser.c" break; - case 306: -#line 646 "util/configparser.y" + case 315: +#line 656 "util/configparser.y" { #ifdef CLIENT_SUBNET OUTYY(("P(min_client_subnet_ipv6:%s)\n", (yyvsp[0].str))); @@ -3773,11 +3842,11 @@ yyparse (void) #endif free((yyvsp[0].str)); } -#line 3777 "util/configparser.c" +#line 3846 "util/configparser.c" break; - case 307: -#line 663 "util/configparser.y" + case 316: +#line 673 "util/configparser.y" { #ifdef CLIENT_SUBNET OUTYY(("P(max_ecs_tree_size_ipv4:%s)\n", (yyvsp[0].str))); @@ -3791,11 +3860,11 @@ yyparse (void) #endif free((yyvsp[0].str)); } -#line 3795 "util/configparser.c" +#line 3864 "util/configparser.c" break; - case 308: -#line 678 "util/configparser.y" + case 317: +#line 688 "util/configparser.y" { #ifdef CLIENT_SUBNET OUTYY(("P(max_ecs_tree_size_ipv6:%s)\n", (yyvsp[0].str))); @@ -3809,11 +3878,11 @@ yyparse (void) #endif free((yyvsp[0].str)); } -#line 3813 "util/configparser.c" +#line 3882 "util/configparser.c" break; - case 309: -#line 693 "util/configparser.y" + case 318: +#line 703 "util/configparser.y" { OUTYY(("P(server_interface:%s)\n", (yyvsp[0].str))); if(cfg_parser->cfg->num_ifs == 0) @@ -3825,11 +3894,11 @@ yyparse (void) else cfg_parser->cfg->ifs[cfg_parser->cfg->num_ifs++] = (yyvsp[0].str); } -#line 3829 "util/configparser.c" +#line 3898 "util/configparser.c" break; - case 310: -#line 706 "util/configparser.y" + case 319: +#line 716 "util/configparser.y" { OUTYY(("P(server_outgoing_interface:%s)\n", (yyvsp[0].str))); if(cfg_parser->cfg->num_out_ifs == 0) @@ -3843,11 +3912,11 @@ yyparse (void) cfg_parser->cfg->out_ifs[ cfg_parser->cfg->num_out_ifs++] = (yyvsp[0].str); } -#line 3847 "util/configparser.c" +#line 3916 "util/configparser.c" break; - case 311: -#line 721 "util/configparser.y" + case 320: +#line 731 "util/configparser.y" { OUTYY(("P(server_outgoing_range:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -3855,11 +3924,11 @@ yyparse (void) else cfg_parser->cfg->outgoing_num_ports = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3859 "util/configparser.c" +#line 3928 "util/configparser.c" break; - case 312: -#line 730 "util/configparser.y" + case 321: +#line 740 "util/configparser.y" { OUTYY(("P(server_outgoing_port_permit:%s)\n", (yyvsp[0].str))); if(!cfg_mark_ports((yyvsp[0].str), 1, @@ -3867,11 +3936,11 @@ yyparse (void) yyerror("port number or range (\"low-high\") expected"); free((yyvsp[0].str)); } -#line 3871 "util/configparser.c" +#line 3940 "util/configparser.c" break; - case 313: -#line 739 "util/configparser.y" + case 322: +#line 749 "util/configparser.y" { OUTYY(("P(server_outgoing_port_avoid:%s)\n", (yyvsp[0].str))); if(!cfg_mark_ports((yyvsp[0].str), 0, @@ -3879,11 +3948,11 @@ yyparse (void) yyerror("port number or range (\"low-high\") expected"); free((yyvsp[0].str)); } -#line 3883 "util/configparser.c" +#line 3952 "util/configparser.c" break; - case 314: -#line 748 "util/configparser.y" + case 323: +#line 758 "util/configparser.y" { OUTYY(("P(server_outgoing_num_tcp:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3891,11 +3960,11 @@ yyparse (void) else cfg_parser->cfg->outgoing_num_tcp = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3895 "util/configparser.c" +#line 3964 "util/configparser.c" break; - case 315: -#line 757 "util/configparser.y" + case 324: +#line 767 "util/configparser.y" { OUTYY(("P(server_incoming_num_tcp:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3903,11 +3972,11 @@ yyparse (void) else cfg_parser->cfg->incoming_num_tcp = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3907 "util/configparser.c" +#line 3976 "util/configparser.c" break; - case 316: -#line 766 "util/configparser.y" + case 325: +#line 776 "util/configparser.y" { OUTYY(("P(server_interface_automatic:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3915,11 +3984,11 @@ yyparse (void) else cfg_parser->cfg->if_automatic = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3919 "util/configparser.c" +#line 3988 "util/configparser.c" break; - case 317: -#line 775 "util/configparser.y" + case 326: +#line 785 "util/configparser.y" { OUTYY(("P(server_do_ip4:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3927,11 +3996,11 @@ yyparse (void) else cfg_parser->cfg->do_ip4 = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3931 "util/configparser.c" +#line 4000 "util/configparser.c" break; - case 318: -#line 784 "util/configparser.y" + case 327: +#line 794 "util/configparser.y" { OUTYY(("P(server_do_ip6:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3939,11 +4008,11 @@ yyparse (void) else cfg_parser->cfg->do_ip6 = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3943 "util/configparser.c" +#line 4012 "util/configparser.c" break; - case 319: -#line 793 "util/configparser.y" + case 328: +#line 803 "util/configparser.y" { OUTYY(("P(server_do_udp:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3951,11 +4020,11 @@ yyparse (void) else cfg_parser->cfg->do_udp = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3955 "util/configparser.c" +#line 4024 "util/configparser.c" break; - case 320: -#line 802 "util/configparser.y" + case 329: +#line 812 "util/configparser.y" { OUTYY(("P(server_do_tcp:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3963,11 +4032,11 @@ yyparse (void) else cfg_parser->cfg->do_tcp = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3967 "util/configparser.c" +#line 4036 "util/configparser.c" break; - case 321: -#line 811 "util/configparser.y" + case 330: +#line 821 "util/configparser.y" { OUTYY(("P(server_prefer_ip4:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3975,11 +4044,11 @@ yyparse (void) else cfg_parser->cfg->prefer_ip4 = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3979 "util/configparser.c" +#line 4048 "util/configparser.c" break; - case 322: -#line 820 "util/configparser.y" + case 331: +#line 830 "util/configparser.y" { OUTYY(("P(server_prefer_ip6:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3987,11 +4056,11 @@ yyparse (void) else cfg_parser->cfg->prefer_ip6 = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3991 "util/configparser.c" +#line 4060 "util/configparser.c" break; - case 323: -#line 829 "util/configparser.y" + case 332: +#line 839 "util/configparser.y" { OUTYY(("P(server_tcp_mss:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3999,11 +4068,11 @@ yyparse (void) else cfg_parser->cfg->tcp_mss = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4003 "util/configparser.c" +#line 4072 "util/configparser.c" break; - case 324: -#line 838 "util/configparser.y" + case 333: +#line 848 "util/configparser.y" { OUTYY(("P(server_outgoing_tcp_mss:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -4011,11 +4080,11 @@ yyparse (void) else cfg_parser->cfg->outgoing_tcp_mss = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4015 "util/configparser.c" +#line 4084 "util/configparser.c" break; - case 325: -#line 847 "util/configparser.y" + case 334: +#line 857 "util/configparser.y" { OUTYY(("P(server_tcp_idle_timeout:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -4027,11 +4096,53 @@ yyparse (void) else cfg_parser->cfg->tcp_idle_timeout = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4031 "util/configparser.c" +#line 4100 "util/configparser.c" break; - case 326: -#line 860 "util/configparser.y" + case 335: +#line 870 "util/configparser.y" + { + OUTYY(("P(server_max_reuse_tcp_queries:%s)\n", (yyvsp[0].str))); + if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) + yyerror("number expected"); + else if (atoi((yyvsp[0].str)) < 1) + cfg_parser->cfg->max_reuse_tcp_queries = 0; + else cfg_parser->cfg->max_reuse_tcp_queries = atoi((yyvsp[0].str)); + free((yyvsp[0].str)); + } +#line 4114 "util/configparser.c" + break; + + case 336: +#line 881 "util/configparser.y" + { + OUTYY(("P(server_tcp_reuse_timeout:%s)\n", (yyvsp[0].str))); + if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) + yyerror("number expected"); + else if (atoi((yyvsp[0].str)) < 1) + cfg_parser->cfg->tcp_reuse_timeout = 0; + else cfg_parser->cfg->tcp_reuse_timeout = atoi((yyvsp[0].str)); + free((yyvsp[0].str)); + } +#line 4128 "util/configparser.c" + break; + + case 337: +#line 892 "util/configparser.y" + { + OUTYY(("P(server_tcp_auth_query_timeout:%s)\n", (yyvsp[0].str))); + if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) + yyerror("number expected"); + else if (atoi((yyvsp[0].str)) < 1) + cfg_parser->cfg->tcp_auth_query_timeout = 0; + else cfg_parser->cfg->tcp_auth_query_timeout = atoi((yyvsp[0].str)); + free((yyvsp[0].str)); + } +#line 4142 "util/configparser.c" + break; + + case 338: +#line 903 "util/configparser.y" { OUTYY(("P(server_tcp_keepalive:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4039,11 +4150,11 @@ yyparse (void) else cfg_parser->cfg->do_tcp_keepalive = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4043 "util/configparser.c" +#line 4154 "util/configparser.c" break; - case 327: -#line 869 "util/configparser.y" + case 339: +#line 912 "util/configparser.y" { OUTYY(("P(server_tcp_keepalive_timeout:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -4055,11 +4166,11 @@ yyparse (void) else cfg_parser->cfg->tcp_keepalive_timeout = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4059 "util/configparser.c" +#line 4170 "util/configparser.c" break; - case 328: -#line 882 "util/configparser.y" + case 340: +#line 925 "util/configparser.y" { OUTYY(("P(server_tcp_upstream:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4067,11 +4178,11 @@ yyparse (void) else cfg_parser->cfg->tcp_upstream = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4071 "util/configparser.c" +#line 4182 "util/configparser.c" break; - case 329: -#line 891 "util/configparser.y" + case 341: +#line 934 "util/configparser.y" { OUTYY(("P(server_udp_upstream_without_downstream:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4079,11 +4190,11 @@ yyparse (void) else cfg_parser->cfg->udp_upstream_without_downstream = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4083 "util/configparser.c" +#line 4194 "util/configparser.c" break; - case 330: -#line 900 "util/configparser.y" + case 342: +#line 943 "util/configparser.y" { OUTYY(("P(server_ssl_upstream:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4091,31 +4202,31 @@ yyparse (void) else cfg_parser->cfg->ssl_upstream = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4095 "util/configparser.c" +#line 4206 "util/configparser.c" break; - case 331: -#line 909 "util/configparser.y" + case 343: +#line 952 "util/configparser.y" { OUTYY(("P(server_ssl_service_key:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->ssl_service_key); cfg_parser->cfg->ssl_service_key = (yyvsp[0].str); } -#line 4105 "util/configparser.c" +#line 4216 "util/configparser.c" break; - case 332: -#line 916 "util/configparser.y" + case 344: +#line 959 "util/configparser.y" { OUTYY(("P(server_ssl_service_pem:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->ssl_service_pem); cfg_parser->cfg->ssl_service_pem = (yyvsp[0].str); } -#line 4115 "util/configparser.c" +#line 4226 "util/configparser.c" break; - case 333: -#line 923 "util/configparser.y" + case 345: +#line 966 "util/configparser.y" { OUTYY(("P(server_ssl_port:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -4123,21 +4234,21 @@ yyparse (void) else cfg_parser->cfg->ssl_port = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4127 "util/configparser.c" +#line 4238 "util/configparser.c" break; - case 334: -#line 932 "util/configparser.y" + case 346: +#line 975 "util/configparser.y" { OUTYY(("P(server_tls_cert_bundle:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->tls_cert_bundle); cfg_parser->cfg->tls_cert_bundle = (yyvsp[0].str); } -#line 4137 "util/configparser.c" +#line 4248 "util/configparser.c" break; - case 335: -#line 939 "util/configparser.y" + case 347: +#line 982 "util/configparser.y" { OUTYY(("P(server_tls_win_cert:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4145,53 +4256,53 @@ yyparse (void) else cfg_parser->cfg->tls_win_cert = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4149 "util/configparser.c" +#line 4260 "util/configparser.c" break; - case 336: -#line 948 "util/configparser.y" + case 348: +#line 991 "util/configparser.y" { OUTYY(("P(server_tls_additional_port:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->tls_additional_port, (yyvsp[0].str))) yyerror("out of memory"); } -#line 4160 "util/configparser.c" +#line 4271 "util/configparser.c" break; - case 337: -#line 956 "util/configparser.y" + case 349: +#line 999 "util/configparser.y" { OUTYY(("P(server_tls_ciphers:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->tls_ciphers); cfg_parser->cfg->tls_ciphers = (yyvsp[0].str); } -#line 4170 "util/configparser.c" +#line 4281 "util/configparser.c" break; - case 338: -#line 963 "util/configparser.y" + case 350: +#line 1006 "util/configparser.y" { OUTYY(("P(server_tls_ciphersuites:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->tls_ciphersuites); cfg_parser->cfg->tls_ciphersuites = (yyvsp[0].str); } -#line 4180 "util/configparser.c" +#line 4291 "util/configparser.c" break; - case 339: -#line 970 "util/configparser.y" + case 351: +#line 1013 "util/configparser.y" { OUTYY(("P(server_tls_session_ticket_keys:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_append(&cfg_parser->cfg->tls_session_ticket_keys, (yyvsp[0].str))) yyerror("out of memory"); } -#line 4191 "util/configparser.c" +#line 4302 "util/configparser.c" break; - case 340: -#line 978 "util/configparser.y" + case 352: +#line 1021 "util/configparser.y" { OUTYY(("P(server_tls_use_sni:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4199,11 +4310,11 @@ yyparse (void) else cfg_parser->cfg->tls_use_sni = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4203 "util/configparser.c" +#line 4314 "util/configparser.c" break; - case 341: -#line 987 "util/configparser.y" + case 353: +#line 1030 "util/configparser.y" { OUTYY(("P(server_https_port:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -4211,11 +4322,11 @@ yyparse (void) else cfg_parser->cfg->https_port = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4215 "util/configparser.c" +#line 4326 "util/configparser.c" break; - case 342: -#line 995 "util/configparser.y" + case 354: +#line 1038 "util/configparser.y" { OUTYY(("P(server_http_endpoint:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->http_endpoint); @@ -4231,11 +4342,11 @@ yyparse (void) cfg_parser->cfg->http_endpoint = (yyvsp[0].str); } } -#line 4235 "util/configparser.c" +#line 4346 "util/configparser.c" break; - case 343: -#line 1011 "util/configparser.y" + case 355: +#line 1054 "util/configparser.y" { OUTYY(("P(server_http_max_streams:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -4243,11 +4354,11 @@ yyparse (void) else cfg_parser->cfg->http_max_streams = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4247 "util/configparser.c" +#line 4358 "util/configparser.c" break; - case 344: -#line 1019 "util/configparser.y" + case 356: +#line 1062 "util/configparser.y" { OUTYY(("P(server_http_query_buffer_size:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), @@ -4255,11 +4366,11 @@ yyparse (void) yyerror("memory size expected"); free((yyvsp[0].str)); } -#line 4259 "util/configparser.c" +#line 4370 "util/configparser.c" break; - case 345: -#line 1027 "util/configparser.y" + case 357: +#line 1070 "util/configparser.y" { OUTYY(("P(server_http_response_buffer_size:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), @@ -4267,11 +4378,11 @@ yyparse (void) yyerror("memory size expected"); free((yyvsp[0].str)); } -#line 4271 "util/configparser.c" +#line 4382 "util/configparser.c" break; - case 346: -#line 1035 "util/configparser.y" + case 358: +#line 1078 "util/configparser.y" { OUTYY(("P(server_http_nodelay:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4279,11 +4390,11 @@ yyparse (void) else cfg_parser->cfg->http_nodelay = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4283 "util/configparser.c" +#line 4394 "util/configparser.c" break; - case 347: -#line 1043 "util/configparser.y" + case 359: +#line 1086 "util/configparser.y" { OUTYY(("P(server_http_notls_downstream:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4291,11 +4402,11 @@ yyparse (void) else cfg_parser->cfg->http_notls_downstream = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4295 "util/configparser.c" +#line 4406 "util/configparser.c" break; - case 348: -#line 1051 "util/configparser.y" + case 360: +#line 1094 "util/configparser.y" { OUTYY(("P(server_use_systemd:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4303,11 +4414,11 @@ yyparse (void) else cfg_parser->cfg->use_systemd = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4307 "util/configparser.c" +#line 4418 "util/configparser.c" break; - case 349: -#line 1060 "util/configparser.y" + case 361: +#line 1103 "util/configparser.y" { OUTYY(("P(server_do_daemonize:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4315,11 +4426,11 @@ yyparse (void) else cfg_parser->cfg->do_daemonize = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4319 "util/configparser.c" +#line 4430 "util/configparser.c" break; - case 350: -#line 1069 "util/configparser.y" + case 362: +#line 1112 "util/configparser.y" { OUTYY(("P(server_use_syslog:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4332,11 +4443,11 @@ yyparse (void) #endif free((yyvsp[0].str)); } -#line 4336 "util/configparser.c" +#line 4447 "util/configparser.c" break; - case 351: -#line 1083 "util/configparser.y" + case 363: +#line 1126 "util/configparser.y" { OUTYY(("P(server_log_time_ascii:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4344,11 +4455,11 @@ yyparse (void) else cfg_parser->cfg->log_time_ascii = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4348 "util/configparser.c" +#line 4459 "util/configparser.c" break; - case 352: -#line 1092 "util/configparser.y" + case 364: +#line 1135 "util/configparser.y" { OUTYY(("P(server_log_queries:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4356,11 +4467,11 @@ yyparse (void) else cfg_parser->cfg->log_queries = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4360 "util/configparser.c" +#line 4471 "util/configparser.c" break; - case 353: -#line 1101 "util/configparser.y" + case 365: +#line 1144 "util/configparser.y" { OUTYY(("P(server_log_replies:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4368,11 +4479,11 @@ yyparse (void) else cfg_parser->cfg->log_replies = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4372 "util/configparser.c" +#line 4483 "util/configparser.c" break; - case 354: -#line 1110 "util/configparser.y" + case 366: +#line 1153 "util/configparser.y" { OUTYY(("P(server_log_tag_queryreply:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4380,11 +4491,11 @@ yyparse (void) else cfg_parser->cfg->log_tag_queryreply = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4384 "util/configparser.c" +#line 4495 "util/configparser.c" break; - case 355: -#line 1119 "util/configparser.y" + case 367: +#line 1162 "util/configparser.y" { OUTYY(("P(server_log_servfail:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4392,11 +4503,11 @@ yyparse (void) else cfg_parser->cfg->log_servfail = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4396 "util/configparser.c" +#line 4507 "util/configparser.c" break; - case 356: -#line 1128 "util/configparser.y" + case 368: +#line 1171 "util/configparser.y" { OUTYY(("P(server_log_local_actions:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4404,31 +4515,31 @@ yyparse (void) else cfg_parser->cfg->log_local_actions = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4408 "util/configparser.c" +#line 4519 "util/configparser.c" break; - case 357: -#line 1137 "util/configparser.y" + case 369: +#line 1180 "util/configparser.y" { OUTYY(("P(server_chroot:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->chrootdir); cfg_parser->cfg->chrootdir = (yyvsp[0].str); } -#line 4418 "util/configparser.c" +#line 4529 "util/configparser.c" break; - case 358: -#line 1144 "util/configparser.y" + case 370: +#line 1187 "util/configparser.y" { OUTYY(("P(server_username:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->username); cfg_parser->cfg->username = (yyvsp[0].str); } -#line 4428 "util/configparser.c" +#line 4539 "util/configparser.c" break; - case 359: -#line 1151 "util/configparser.y" + case 371: +#line 1194 "util/configparser.y" { OUTYY(("P(server_directory:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->directory); @@ -4453,105 +4564,105 @@ yyparse (void) } } } -#line 4457 "util/configparser.c" +#line 4568 "util/configparser.c" break; - case 360: -#line 1177 "util/configparser.y" + case 372: +#line 1220 "util/configparser.y" { OUTYY(("P(server_logfile:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->logfile); cfg_parser->cfg->logfile = (yyvsp[0].str); cfg_parser->cfg->use_syslog = 0; } -#line 4468 "util/configparser.c" +#line 4579 "util/configparser.c" break; - case 361: -#line 1185 "util/configparser.y" + case 373: +#line 1228 "util/configparser.y" { OUTYY(("P(server_pidfile:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->pidfile); cfg_parser->cfg->pidfile = (yyvsp[0].str); } -#line 4478 "util/configparser.c" +#line 4589 "util/configparser.c" break; - case 362: -#line 1192 "util/configparser.y" + case 374: +#line 1235 "util/configparser.y" { OUTYY(("P(server_root_hints:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->root_hints, (yyvsp[0].str))) yyerror("out of memory"); } -#line 4488 "util/configparser.c" +#line 4599 "util/configparser.c" break; - case 363: -#line 1199 "util/configparser.y" + case 375: +#line 1242 "util/configparser.y" { OUTYY(("P(server_dlv_anchor_file:%s)\n", (yyvsp[0].str))); log_warn("option dlv-anchor-file ignored: DLV is decommissioned"); free((yyvsp[0].str)); } -#line 4498 "util/configparser.c" +#line 4609 "util/configparser.c" break; - case 364: -#line 1206 "util/configparser.y" + case 376: +#line 1249 "util/configparser.y" { OUTYY(("P(server_dlv_anchor:%s)\n", (yyvsp[0].str))); log_warn("option dlv-anchor ignored: DLV is decommissioned"); free((yyvsp[0].str)); } -#line 4508 "util/configparser.c" +#line 4619 "util/configparser.c" break; - case 365: -#line 1213 "util/configparser.y" + case 377: +#line 1256 "util/configparser.y" { OUTYY(("P(server_auto_trust_anchor_file:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg-> auto_trust_anchor_file_list, (yyvsp[0].str))) yyerror("out of memory"); } -#line 4519 "util/configparser.c" +#line 4630 "util/configparser.c" break; - case 366: -#line 1221 "util/configparser.y" + case 378: +#line 1264 "util/configparser.y" { OUTYY(("P(server_trust_anchor_file:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg-> trust_anchor_file_list, (yyvsp[0].str))) yyerror("out of memory"); } -#line 4530 "util/configparser.c" +#line 4641 "util/configparser.c" break; - case 367: -#line 1229 "util/configparser.y" + case 379: +#line 1272 "util/configparser.y" { OUTYY(("P(server_trusted_keys_file:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg-> trusted_keys_file_list, (yyvsp[0].str))) yyerror("out of memory"); } -#line 4541 "util/configparser.c" +#line 4652 "util/configparser.c" break; - case 368: -#line 1237 "util/configparser.y" + case 380: +#line 1280 "util/configparser.y" { OUTYY(("P(server_trust_anchor:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->trust_anchor_list, (yyvsp[0].str))) yyerror("out of memory"); } -#line 4551 "util/configparser.c" +#line 4662 "util/configparser.c" break; - case 369: -#line 1244 "util/configparser.y" + case 381: +#line 1287 "util/configparser.y" { OUTYY(("P(server_trust_anchor_signaling:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4561,11 +4672,11 @@ yyparse (void) (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4565 "util/configparser.c" +#line 4676 "util/configparser.c" break; - case 370: -#line 1255 "util/configparser.y" + case 382: +#line 1298 "util/configparser.y" { OUTYY(("P(server_root_key_sentinel:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4575,21 +4686,21 @@ yyparse (void) (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4579 "util/configparser.c" +#line 4690 "util/configparser.c" break; - case 371: -#line 1266 "util/configparser.y" + case 383: +#line 1309 "util/configparser.y" { OUTYY(("P(server_domain_insecure:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->domain_insecure, (yyvsp[0].str))) yyerror("out of memory"); } -#line 4589 "util/configparser.c" +#line 4700 "util/configparser.c" break; - case 372: -#line 1273 "util/configparser.y" + case 384: +#line 1316 "util/configparser.y" { OUTYY(("P(server_hide_identity:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4597,11 +4708,11 @@ yyparse (void) else cfg_parser->cfg->hide_identity = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4601 "util/configparser.c" +#line 4712 "util/configparser.c" break; - case 373: -#line 1282 "util/configparser.y" + case 385: +#line 1325 "util/configparser.y" { OUTYY(("P(server_hide_version:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4609,11 +4720,11 @@ yyparse (void) else cfg_parser->cfg->hide_version = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4613 "util/configparser.c" +#line 4724 "util/configparser.c" break; - case 374: -#line 1291 "util/configparser.y" + case 386: +#line 1334 "util/configparser.y" { OUTYY(("P(server_hide_trustanchor:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4621,31 +4732,53 @@ yyparse (void) else cfg_parser->cfg->hide_trustanchor = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4625 "util/configparser.c" +#line 4736 "util/configparser.c" break; - case 375: -#line 1300 "util/configparser.y" + case 387: +#line 1343 "util/configparser.y" + { + OUTYY(("P(server_hide_user_agent:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->hide_http_user_agent = (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 4748 "util/configparser.c" + break; + + case 388: +#line 1352 "util/configparser.y" { OUTYY(("P(server_identity:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->identity); cfg_parser->cfg->identity = (yyvsp[0].str); } -#line 4635 "util/configparser.c" +#line 4758 "util/configparser.c" break; - case 376: -#line 1307 "util/configparser.y" + case 389: +#line 1359 "util/configparser.y" { OUTYY(("P(server_version:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->version); cfg_parser->cfg->version = (yyvsp[0].str); } -#line 4645 "util/configparser.c" +#line 4768 "util/configparser.c" break; - case 377: -#line 1314 "util/configparser.y" + case 390: +#line 1366 "util/configparser.y" + { + OUTYY(("P(server_http_user_agent:%s)\n", (yyvsp[0].str))); + free(cfg_parser->cfg->http_user_agent); + cfg_parser->cfg->http_user_agent = (yyvsp[0].str); + } +#line 4778 "util/configparser.c" + break; + + case 391: +#line 1373 "util/configparser.y" { OUTYY(("P(server_nsid:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->nsid_cfg_str); @@ -4660,33 +4793,33 @@ yyparse (void) yyerror("the NSID must be either a hex string or an " "ascii character string prepended with ascii_."); } -#line 4664 "util/configparser.c" +#line 4797 "util/configparser.c" break; - case 378: -#line 1330 "util/configparser.y" + case 392: +#line 1389 "util/configparser.y" { OUTYY(("P(server_so_rcvbuf:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->so_rcvbuf)) yyerror("buffer size expected"); free((yyvsp[0].str)); } -#line 4675 "util/configparser.c" +#line 4808 "util/configparser.c" break; - case 379: -#line 1338 "util/configparser.y" + case 393: +#line 1397 "util/configparser.y" { OUTYY(("P(server_so_sndbuf:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->so_sndbuf)) yyerror("buffer size expected"); free((yyvsp[0].str)); } -#line 4686 "util/configparser.c" +#line 4819 "util/configparser.c" break; - case 380: -#line 1346 "util/configparser.y" + case 394: +#line 1405 "util/configparser.y" { OUTYY(("P(server_so_reuseport:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4695,11 +4828,11 @@ yyparse (void) (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4699 "util/configparser.c" +#line 4832 "util/configparser.c" break; - case 381: -#line 1356 "util/configparser.y" + case 395: +#line 1415 "util/configparser.y" { OUTYY(("P(server_ip_transparent:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4708,11 +4841,11 @@ yyparse (void) (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4712 "util/configparser.c" +#line 4845 "util/configparser.c" break; - case 382: -#line 1366 "util/configparser.y" + case 396: +#line 1425 "util/configparser.y" { OUTYY(("P(server_ip_freebind:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4721,11 +4854,11 @@ yyparse (void) (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4725 "util/configparser.c" +#line 4858 "util/configparser.c" break; - case 383: -#line 1376 "util/configparser.y" + case 397: +#line 1435 "util/configparser.y" { OUTYY(("P(server_ip_dscp:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -4738,22 +4871,22 @@ yyparse (void) cfg_parser->cfg->ip_dscp = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4742 "util/configparser.c" +#line 4875 "util/configparser.c" break; - case 384: -#line 1390 "util/configparser.y" + case 398: +#line 1449 "util/configparser.y" { OUTYY(("P(server_stream_wait_size:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->stream_wait_size)) yyerror("memory size expected"); free((yyvsp[0].str)); } -#line 4753 "util/configparser.c" +#line 4886 "util/configparser.c" break; - case 385: -#line 1398 "util/configparser.y" + case 399: +#line 1457 "util/configparser.y" { OUTYY(("P(server_edns_buffer_size:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -4765,11 +4898,11 @@ yyparse (void) else cfg_parser->cfg->edns_buffer_size = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4769 "util/configparser.c" +#line 4902 "util/configparser.c" break; - case 386: -#line 1411 "util/configparser.y" + case 400: +#line 1470 "util/configparser.y" { OUTYY(("P(server_msg_buffer_size:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -4779,22 +4912,22 @@ yyparse (void) else cfg_parser->cfg->msg_buffer_size = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4783 "util/configparser.c" +#line 4916 "util/configparser.c" break; - case 387: -#line 1422 "util/configparser.y" + case 401: +#line 1481 "util/configparser.y" { OUTYY(("P(server_msg_cache_size:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->msg_cache_size)) yyerror("memory size expected"); free((yyvsp[0].str)); } -#line 4794 "util/configparser.c" +#line 4927 "util/configparser.c" break; - case 388: -#line 1430 "util/configparser.y" + case 402: +#line 1489 "util/configparser.y" { OUTYY(("P(server_msg_cache_slabs:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -4806,11 +4939,11 @@ yyparse (void) } free((yyvsp[0].str)); } -#line 4810 "util/configparser.c" +#line 4943 "util/configparser.c" break; - case 389: -#line 1443 "util/configparser.y" + case 403: +#line 1502 "util/configparser.y" { OUTYY(("P(server_num_queries_per_thread:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -4818,11 +4951,11 @@ yyparse (void) else cfg_parser->cfg->num_queries_per_thread = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4822 "util/configparser.c" +#line 4955 "util/configparser.c" break; - case 390: -#line 1452 "util/configparser.y" + case 404: +#line 1511 "util/configparser.y" { OUTYY(("P(server_jostle_timeout:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -4830,11 +4963,11 @@ yyparse (void) else cfg_parser->cfg->jostle_time = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4834 "util/configparser.c" +#line 4967 "util/configparser.c" break; - case 391: -#line 1461 "util/configparser.y" + case 405: +#line 1520 "util/configparser.y" { OUTYY(("P(server_delay_close:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -4842,11 +4975,11 @@ yyparse (void) else cfg_parser->cfg->delay_close = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4846 "util/configparser.c" +#line 4979 "util/configparser.c" break; - case 392: -#line 1470 "util/configparser.y" + case 406: +#line 1529 "util/configparser.y" { OUTYY(("P(server_udp_connect:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4854,11 +4987,11 @@ yyparse (void) else cfg_parser->cfg->udp_connect = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4858 "util/configparser.c" +#line 4991 "util/configparser.c" break; - case 393: -#line 1479 "util/configparser.y" + case 407: +#line 1538 "util/configparser.y" { OUTYY(("P(server_unblock_lan_zones:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4867,11 +5000,11 @@ yyparse (void) (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4871 "util/configparser.c" +#line 5004 "util/configparser.c" break; - case 394: -#line 1489 "util/configparser.y" + case 408: +#line 1548 "util/configparser.y" { OUTYY(("P(server_insecure_lan_zones:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4880,22 +5013,22 @@ yyparse (void) (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4884 "util/configparser.c" +#line 5017 "util/configparser.c" break; - case 395: -#line 1499 "util/configparser.y" + case 409: +#line 1558 "util/configparser.y" { OUTYY(("P(server_rrset_cache_size:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->rrset_cache_size)) yyerror("memory size expected"); free((yyvsp[0].str)); } -#line 4895 "util/configparser.c" +#line 5028 "util/configparser.c" break; - case 396: -#line 1507 "util/configparser.y" + case 410: +#line 1566 "util/configparser.y" { OUTYY(("P(server_rrset_cache_slabs:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -4907,11 +5040,11 @@ yyparse (void) } free((yyvsp[0].str)); } -#line 4911 "util/configparser.c" +#line 5044 "util/configparser.c" break; - case 397: -#line 1520 "util/configparser.y" + case 411: +#line 1579 "util/configparser.y" { OUTYY(("P(server_infra_host_ttl:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -4919,22 +5052,22 @@ yyparse (void) else cfg_parser->cfg->host_ttl = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4923 "util/configparser.c" +#line 5056 "util/configparser.c" break; - case 398: -#line 1529 "util/configparser.y" + case 412: +#line 1588 "util/configparser.y" { OUTYY(("P(server_infra_lame_ttl:%s)\n", (yyvsp[0].str))); verbose(VERB_DETAIL, "ignored infra-lame-ttl: %s (option " "removed, use infra-host-ttl)", (yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4934 "util/configparser.c" +#line 5067 "util/configparser.c" break; - case 399: -#line 1537 "util/configparser.y" + case 413: +#line 1596 "util/configparser.y" { OUTYY(("P(server_infra_cache_numhosts:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -4942,22 +5075,22 @@ yyparse (void) else cfg_parser->cfg->infra_cache_numhosts = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4946 "util/configparser.c" +#line 5079 "util/configparser.c" break; - case 400: -#line 1546 "util/configparser.y" + case 414: +#line 1605 "util/configparser.y" { OUTYY(("P(server_infra_cache_lame_size:%s)\n", (yyvsp[0].str))); verbose(VERB_DETAIL, "ignored infra-cache-lame-size: %s " "(option removed, use infra-cache-numhosts)", (yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4957 "util/configparser.c" +#line 5090 "util/configparser.c" break; - case 401: -#line 1554 "util/configparser.y" + case 415: +#line 1613 "util/configparser.y" { OUTYY(("P(server_infra_cache_slabs:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -4969,11 +5102,11 @@ yyparse (void) } free((yyvsp[0].str)); } -#line 4973 "util/configparser.c" +#line 5106 "util/configparser.c" break; - case 402: -#line 1567 "util/configparser.y" + case 416: +#line 1626 "util/configparser.y" { OUTYY(("P(server_infra_cache_min_rtt:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -4981,11 +5114,11 @@ yyparse (void) else cfg_parser->cfg->infra_cache_min_rtt = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4985 "util/configparser.c" +#line 5118 "util/configparser.c" break; - case 403: -#line 1576 "util/configparser.y" + case 417: +#line 1635 "util/configparser.y" { OUTYY(("P(server_infra_keep_probing:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4994,21 +5127,21 @@ yyparse (void) (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4998 "util/configparser.c" +#line 5131 "util/configparser.c" break; - case 404: -#line 1586 "util/configparser.y" + case 418: +#line 1645 "util/configparser.y" { OUTYY(("P(server_target_fetch_policy:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->target_fetch_policy); cfg_parser->cfg->target_fetch_policy = (yyvsp[0].str); } -#line 5008 "util/configparser.c" +#line 5141 "util/configparser.c" break; - case 405: -#line 1593 "util/configparser.y" + case 419: +#line 1652 "util/configparser.y" { OUTYY(("P(server_harden_short_bufsize:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5017,11 +5150,11 @@ yyparse (void) (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5021 "util/configparser.c" +#line 5154 "util/configparser.c" break; - case 406: -#line 1603 "util/configparser.y" + case 420: +#line 1662 "util/configparser.y" { OUTYY(("P(server_harden_large_queries:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5030,11 +5163,11 @@ yyparse (void) (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5034 "util/configparser.c" +#line 5167 "util/configparser.c" break; - case 407: -#line 1613 "util/configparser.y" + case 421: +#line 1672 "util/configparser.y" { OUTYY(("P(server_harden_glue:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5043,11 +5176,11 @@ yyparse (void) (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5047 "util/configparser.c" +#line 5180 "util/configparser.c" break; - case 408: -#line 1623 "util/configparser.y" + case 422: +#line 1682 "util/configparser.y" { OUTYY(("P(server_harden_dnssec_stripped:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5056,11 +5189,11 @@ yyparse (void) (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5060 "util/configparser.c" +#line 5193 "util/configparser.c" break; - case 409: -#line 1633 "util/configparser.y" + case 423: +#line 1692 "util/configparser.y" { OUTYY(("P(server_harden_below_nxdomain:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5069,11 +5202,11 @@ yyparse (void) (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5073 "util/configparser.c" +#line 5206 "util/configparser.c" break; - case 410: -#line 1643 "util/configparser.y" + case 424: +#line 1702 "util/configparser.y" { OUTYY(("P(server_harden_referral_path:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5082,11 +5215,11 @@ yyparse (void) (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5086 "util/configparser.c" +#line 5219 "util/configparser.c" break; - case 411: -#line 1653 "util/configparser.y" + case 425: +#line 1712 "util/configparser.y" { OUTYY(("P(server_harden_algo_downgrade:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5095,11 +5228,11 @@ yyparse (void) (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5099 "util/configparser.c" +#line 5232 "util/configparser.c" break; - case 412: -#line 1663 "util/configparser.y" + case 426: +#line 1722 "util/configparser.y" { OUTYY(("P(server_use_caps_for_id:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5108,41 +5241,41 @@ yyparse (void) (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5112 "util/configparser.c" +#line 5245 "util/configparser.c" break; - case 413: -#line 1673 "util/configparser.y" + case 427: +#line 1732 "util/configparser.y" { OUTYY(("P(server_caps_whitelist:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->caps_whitelist, (yyvsp[0].str))) yyerror("out of memory"); } -#line 5122 "util/configparser.c" +#line 5255 "util/configparser.c" break; - case 414: -#line 1680 "util/configparser.y" + case 428: +#line 1739 "util/configparser.y" { OUTYY(("P(server_private_address:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->private_address, (yyvsp[0].str))) yyerror("out of memory"); } -#line 5132 "util/configparser.c" +#line 5265 "util/configparser.c" break; - case 415: -#line 1687 "util/configparser.y" + case 429: +#line 1746 "util/configparser.y" { OUTYY(("P(server_private_domain:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->private_domain, (yyvsp[0].str))) yyerror("out of memory"); } -#line 5142 "util/configparser.c" +#line 5275 "util/configparser.c" break; - case 416: -#line 1694 "util/configparser.y" + case 430: +#line 1753 "util/configparser.y" { OUTYY(("P(server_prefetch:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5150,11 +5283,11 @@ yyparse (void) else cfg_parser->cfg->prefetch = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5154 "util/configparser.c" +#line 5287 "util/configparser.c" break; - case 417: -#line 1703 "util/configparser.y" + case 431: +#line 1762 "util/configparser.y" { OUTYY(("P(server_prefetch_key:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5162,11 +5295,11 @@ yyparse (void) else cfg_parser->cfg->prefetch_key = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5166 "util/configparser.c" +#line 5299 "util/configparser.c" break; - case 418: -#line 1712 "util/configparser.y" + case 432: +#line 1771 "util/configparser.y" { OUTYY(("P(server_deny_any:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5174,11 +5307,11 @@ yyparse (void) else cfg_parser->cfg->deny_any = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5178 "util/configparser.c" +#line 5311 "util/configparser.c" break; - case 419: -#line 1721 "util/configparser.y" + case 433: +#line 1780 "util/configparser.y" { OUTYY(("P(server_unwanted_reply_threshold:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -5186,21 +5319,21 @@ yyparse (void) else cfg_parser->cfg->unwanted_threshold = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 5190 "util/configparser.c" +#line 5323 "util/configparser.c" break; - case 420: -#line 1730 "util/configparser.y" + case 434: +#line 1789 "util/configparser.y" { OUTYY(("P(server_do_not_query_address:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->donotqueryaddrs, (yyvsp[0].str))) yyerror("out of memory"); } -#line 5200 "util/configparser.c" +#line 5333 "util/configparser.c" break; - case 421: -#line 1737 "util/configparser.y" + case 435: +#line 1796 "util/configparser.y" { OUTYY(("P(server_do_not_query_localhost:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5209,11 +5342,11 @@ yyparse (void) (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5213 "util/configparser.c" +#line 5346 "util/configparser.c" break; - case 422: -#line 1747 "util/configparser.y" + case 436: +#line 1806 "util/configparser.y" { OUTYY(("P(server_access_control:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "deny")!=0 && strcmp((yyvsp[0].str), "refuse")!=0 && @@ -5232,21 +5365,21 @@ yyparse (void) fatal_exit("out of memory adding acl"); } } -#line 5236 "util/configparser.c" +#line 5369 "util/configparser.c" break; - case 423: -#line 1767 "util/configparser.y" + case 437: +#line 1826 "util/configparser.y" { OUTYY(("P(server_module_conf:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->module_conf); cfg_parser->cfg->module_conf = (yyvsp[0].str); } -#line 5246 "util/configparser.c" +#line 5379 "util/configparser.c" break; - case 424: -#line 1774 "util/configparser.y" + case 438: +#line 1833 "util/configparser.y" { OUTYY(("P(server_val_override_date:%s)\n", (yyvsp[0].str))); if(*(yyvsp[0].str) == '\0' || strcmp((yyvsp[0].str), "0") == 0) { @@ -5263,11 +5396,11 @@ yyparse (void) } free((yyvsp[0].str)); } -#line 5267 "util/configparser.c" +#line 5400 "util/configparser.c" break; - case 425: -#line 1792 "util/configparser.y" + case 439: +#line 1851 "util/configparser.y" { OUTYY(("P(server_val_sig_skew_min:%s)\n", (yyvsp[0].str))); if(*(yyvsp[0].str) == '\0' || strcmp((yyvsp[0].str), "0") == 0) { @@ -5279,11 +5412,11 @@ yyparse (void) } free((yyvsp[0].str)); } -#line 5283 "util/configparser.c" +#line 5416 "util/configparser.c" break; - case 426: -#line 1805 "util/configparser.y" + case 440: +#line 1864 "util/configparser.y" { OUTYY(("P(server_val_sig_skew_max:%s)\n", (yyvsp[0].str))); if(*(yyvsp[0].str) == '\0' || strcmp((yyvsp[0].str), "0") == 0) { @@ -5295,11 +5428,27 @@ yyparse (void) } free((yyvsp[0].str)); } -#line 5299 "util/configparser.c" +#line 5432 "util/configparser.c" break; - case 427: -#line 1818 "util/configparser.y" + case 441: +#line 1877 "util/configparser.y" + { + OUTYY(("P(server_val_max_restart:%s)\n", (yyvsp[0].str))); + if(*(yyvsp[0].str) == '\0' || strcmp((yyvsp[0].str), "0") == 0) { + cfg_parser->cfg->val_max_restart = 0; + } else { + cfg_parser->cfg->val_max_restart = atoi((yyvsp[0].str)); + if(!cfg_parser->cfg->val_max_restart) + yyerror("number expected"); + } + free((yyvsp[0].str)); + } +#line 5448 "util/configparser.c" + break; + + case 442: +#line 1890 "util/configparser.y" { OUTYY(("P(server_cache_max_ttl:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -5307,11 +5456,11 @@ yyparse (void) else cfg_parser->cfg->max_ttl = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 5311 "util/configparser.c" +#line 5460 "util/configparser.c" break; - case 428: -#line 1827 "util/configparser.y" + case 443: +#line 1899 "util/configparser.y" { OUTYY(("P(server_cache_max_negative_ttl:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -5319,11 +5468,11 @@ yyparse (void) else cfg_parser->cfg->max_negative_ttl = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 5323 "util/configparser.c" +#line 5472 "util/configparser.c" break; - case 429: -#line 1836 "util/configparser.y" + case 444: +#line 1908 "util/configparser.y" { OUTYY(("P(server_cache_min_ttl:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -5331,11 +5480,11 @@ yyparse (void) else cfg_parser->cfg->min_ttl = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 5335 "util/configparser.c" +#line 5484 "util/configparser.c" break; - case 430: -#line 1845 "util/configparser.y" + case 445: +#line 1917 "util/configparser.y" { OUTYY(("P(server_bogus_ttl:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -5343,11 +5492,11 @@ yyparse (void) else cfg_parser->cfg->bogus_ttl = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 5347 "util/configparser.c" +#line 5496 "util/configparser.c" break; - case 431: -#line 1854 "util/configparser.y" + case 446: +#line 1926 "util/configparser.y" { OUTYY(("P(server_val_clean_additional:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5356,11 +5505,11 @@ yyparse (void) (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5360 "util/configparser.c" +#line 5509 "util/configparser.c" break; - case 432: -#line 1864 "util/configparser.y" + case 447: +#line 1936 "util/configparser.y" { OUTYY(("P(server_val_permissive_mode:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5369,11 +5518,11 @@ yyparse (void) (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5373 "util/configparser.c" +#line 5522 "util/configparser.c" break; - case 433: -#line 1874 "util/configparser.y" + case 448: +#line 1946 "util/configparser.y" { OUTYY(("P(server_aggressive_nsec:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5383,11 +5532,11 @@ yyparse (void) (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5387 "util/configparser.c" +#line 5536 "util/configparser.c" break; - case 434: -#line 1885 "util/configparser.y" + case 449: +#line 1957 "util/configparser.y" { OUTYY(("P(server_ignore_cd_flag:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5395,11 +5544,11 @@ yyparse (void) else cfg_parser->cfg->ignore_cd = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5399 "util/configparser.c" +#line 5548 "util/configparser.c" break; - case 435: -#line 1894 "util/configparser.y" + case 450: +#line 1966 "util/configparser.y" { OUTYY(("P(server_serve_expired:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5407,11 +5556,11 @@ yyparse (void) else cfg_parser->cfg->serve_expired = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5411 "util/configparser.c" +#line 5560 "util/configparser.c" break; - case 436: -#line 1903 "util/configparser.y" + case 451: +#line 1975 "util/configparser.y" { OUTYY(("P(server_serve_expired_ttl:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -5419,11 +5568,11 @@ yyparse (void) else cfg_parser->cfg->serve_expired_ttl = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 5423 "util/configparser.c" +#line 5572 "util/configparser.c" break; - case 437: -#line 1912 "util/configparser.y" + case 452: +#line 1984 "util/configparser.y" { OUTYY(("P(server_serve_expired_ttl_reset:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5431,11 +5580,11 @@ yyparse (void) else cfg_parser->cfg->serve_expired_ttl_reset = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5435 "util/configparser.c" +#line 5584 "util/configparser.c" break; - case 438: -#line 1921 "util/configparser.y" + case 453: +#line 1993 "util/configparser.y" { OUTYY(("P(server_serve_expired_reply_ttl:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -5443,11 +5592,11 @@ yyparse (void) else cfg_parser->cfg->serve_expired_reply_ttl = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 5447 "util/configparser.c" +#line 5596 "util/configparser.c" break; - case 439: -#line 1930 "util/configparser.y" + case 454: +#line 2002 "util/configparser.y" { OUTYY(("P(server_serve_expired_client_timeout:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -5455,11 +5604,11 @@ yyparse (void) else cfg_parser->cfg->serve_expired_client_timeout = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 5459 "util/configparser.c" +#line 5608 "util/configparser.c" break; - case 440: -#line 1939 "util/configparser.y" + case 455: +#line 2011 "util/configparser.y" { OUTYY(("P(server_serve_original_ttl:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5467,11 +5616,11 @@ yyparse (void) else cfg_parser->cfg->serve_original_ttl = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5471 "util/configparser.c" +#line 5620 "util/configparser.c" break; - case 441: -#line 1948 "util/configparser.y" + case 456: +#line 2020 "util/configparser.y" { OUTYY(("P(server_fake_dsa:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5483,11 +5632,11 @@ yyparse (void) #endif free((yyvsp[0].str)); } -#line 5487 "util/configparser.c" +#line 5636 "util/configparser.c" break; - case 442: -#line 1961 "util/configparser.y" + case 457: +#line 2033 "util/configparser.y" { OUTYY(("P(server_fake_sha1:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5499,11 +5648,11 @@ yyparse (void) #endif free((yyvsp[0].str)); } -#line 5503 "util/configparser.c" +#line 5652 "util/configparser.c" break; - case 443: -#line 1974 "util/configparser.y" + case 458: +#line 2046 "util/configparser.y" { OUTYY(("P(server_val_log_level:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -5511,21 +5660,33 @@ yyparse (void) else cfg_parser->cfg->val_log_level = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 5515 "util/configparser.c" +#line 5664 "util/configparser.c" break; - case 444: -#line 1983 "util/configparser.y" + case 459: +#line 2055 "util/configparser.y" { OUTYY(("P(server_val_nsec3_keysize_iterations:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->val_nsec3_key_iterations); cfg_parser->cfg->val_nsec3_key_iterations = (yyvsp[0].str); } -#line 5525 "util/configparser.c" +#line 5674 "util/configparser.c" break; - case 445: -#line 1990 "util/configparser.y" + case 460: +#line 2062 "util/configparser.y" + { + OUTYY(("P(server_zonemd_permissive_mode:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->zonemd_permissive_mode = (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 5686 "util/configparser.c" + break; + + case 461: +#line 2071 "util/configparser.y" { OUTYY(("P(server_add_holddown:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -5533,11 +5694,11 @@ yyparse (void) else cfg_parser->cfg->add_holddown = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 5537 "util/configparser.c" +#line 5698 "util/configparser.c" break; - case 446: -#line 1999 "util/configparser.y" + case 462: +#line 2080 "util/configparser.y" { OUTYY(("P(server_del_holddown:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -5545,11 +5706,11 @@ yyparse (void) else cfg_parser->cfg->del_holddown = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 5549 "util/configparser.c" +#line 5710 "util/configparser.c" break; - case 447: -#line 2008 "util/configparser.y" + case 463: +#line 2089 "util/configparser.y" { OUTYY(("P(server_keep_missing:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -5557,11 +5718,11 @@ yyparse (void) else cfg_parser->cfg->keep_missing = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 5561 "util/configparser.c" +#line 5722 "util/configparser.c" break; - case 448: -#line 2017 "util/configparser.y" + case 464: +#line 2098 "util/configparser.y" { OUTYY(("P(server_permit_small_holddown:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5570,22 +5731,22 @@ yyparse (void) (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5574 "util/configparser.c" +#line 5735 "util/configparser.c" break; - case 449: -#line 2026 "util/configparser.y" + case 465: +#line 2107 "util/configparser.y" { OUTYY(("P(server_key_cache_size:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->key_cache_size)) yyerror("memory size expected"); free((yyvsp[0].str)); } -#line 5585 "util/configparser.c" +#line 5746 "util/configparser.c" break; - case 450: -#line 2034 "util/configparser.y" + case 466: +#line 2115 "util/configparser.y" { OUTYY(("P(server_key_cache_slabs:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -5597,22 +5758,22 @@ yyparse (void) } free((yyvsp[0].str)); } -#line 5601 "util/configparser.c" +#line 5762 "util/configparser.c" break; - case 451: -#line 2047 "util/configparser.y" + case 467: +#line 2128 "util/configparser.y" { OUTYY(("P(server_neg_cache_size:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->neg_cache_size)) yyerror("memory size expected"); free((yyvsp[0].str)); } -#line 5612 "util/configparser.c" +#line 5773 "util/configparser.c" break; - case 452: -#line 2055 "util/configparser.y" + case 468: +#line 2136 "util/configparser.y" { OUTYY(("P(server_local_zone:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "static")!=0 && strcmp((yyvsp[0].str), "deny")!=0 && @@ -5656,21 +5817,21 @@ yyparse (void) fatal_exit("out of memory adding local-zone"); } } -#line 5660 "util/configparser.c" +#line 5821 "util/configparser.c" break; - case 453: -#line 2100 "util/configparser.y" + case 469: +#line 2181 "util/configparser.y" { OUTYY(("P(server_local_data:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->local_data, (yyvsp[0].str))) fatal_exit("out of memory adding local-data"); } -#line 5670 "util/configparser.c" +#line 5831 "util/configparser.c" break; - case 454: -#line 2107 "util/configparser.y" + case 470: +#line 2188 "util/configparser.y" { char* ptr; OUTYY(("P(server_local_data_ptr:%s)\n", (yyvsp[0].str))); @@ -5684,11 +5845,11 @@ yyparse (void) yyerror("local-data-ptr could not be reversed"); } } -#line 5688 "util/configparser.c" +#line 5849 "util/configparser.c" break; - case 455: -#line 2122 "util/configparser.y" + case 471: +#line 2203 "util/configparser.y" { OUTYY(("P(server_minimal_responses:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5697,11 +5858,11 @@ yyparse (void) (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5701 "util/configparser.c" +#line 5862 "util/configparser.c" break; - case 456: -#line 2132 "util/configparser.y" + case 472: +#line 2213 "util/configparser.y" { OUTYY(("P(server_rrset_roundrobin:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5710,41 +5871,41 @@ yyparse (void) (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5714 "util/configparser.c" +#line 5875 "util/configparser.c" break; - case 457: -#line 2142 "util/configparser.y" + case 473: +#line 2223 "util/configparser.y" { OUTYY(("P(server_unknown_server_time_limit:%s)\n", (yyvsp[0].str))); cfg_parser->cfg->unknown_server_time_limit = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 5724 "util/configparser.c" +#line 5885 "util/configparser.c" break; - case 458: -#line 2149 "util/configparser.y" + case 474: +#line 2230 "util/configparser.y" { OUTYY(("P(server_max_udp_size:%s)\n", (yyvsp[0].str))); cfg_parser->cfg->max_udp_size = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 5734 "util/configparser.c" +#line 5895 "util/configparser.c" break; - case 459: -#line 2156 "util/configparser.y" + case 475: +#line 2237 "util/configparser.y" { OUTYY(("P(dns64_prefix:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->dns64_prefix); cfg_parser->cfg->dns64_prefix = (yyvsp[0].str); } -#line 5744 "util/configparser.c" +#line 5905 "util/configparser.c" break; - case 460: -#line 2163 "util/configparser.y" + case 476: +#line 2244 "util/configparser.y" { OUTYY(("P(server_dns64_synthall:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5752,22 +5913,22 @@ yyparse (void) else cfg_parser->cfg->dns64_synthall = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5756 "util/configparser.c" +#line 5917 "util/configparser.c" break; - case 461: -#line 2172 "util/configparser.y" + case 477: +#line 2253 "util/configparser.y" { OUTYY(("P(dns64_ignore_aaaa:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->dns64_ignore_aaaa, (yyvsp[0].str))) fatal_exit("out of memory adding dns64-ignore-aaaa"); } -#line 5767 "util/configparser.c" +#line 5928 "util/configparser.c" break; - case 462: -#line 2180 "util/configparser.y" + case 478: +#line 2261 "util/configparser.y" { char* p, *s = (yyvsp[0].str); OUTYY(("P(server_define_tag:%s)\n", (yyvsp[0].str))); @@ -5780,11 +5941,11 @@ yyparse (void) } free((yyvsp[0].str)); } -#line 5784 "util/configparser.c" +#line 5945 "util/configparser.c" break; - case 463: -#line 2194 "util/configparser.y" + case 479: +#line 2275 "util/configparser.y" { size_t len = 0; uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, (yyvsp[0].str), @@ -5804,11 +5965,11 @@ yyparse (void) } } } -#line 5808 "util/configparser.c" +#line 5969 "util/configparser.c" break; - case 464: -#line 2215 "util/configparser.y" + case 480: +#line 2296 "util/configparser.y" { size_t len = 0; uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, (yyvsp[0].str), @@ -5828,11 +5989,11 @@ yyparse (void) } } } -#line 5832 "util/configparser.c" +#line 5993 "util/configparser.c" break; - case 465: -#line 2236 "util/configparser.y" + case 481: +#line 2317 "util/configparser.y" { OUTYY(("P(server_access_control_tag_action:%s %s %s)\n", (yyvsp[-2].str), (yyvsp[-1].str), (yyvsp[0].str))); if(!cfg_str3list_insert(&cfg_parser->cfg->acl_tag_actions, @@ -5843,11 +6004,11 @@ yyparse (void) free((yyvsp[0].str)); } } -#line 5847 "util/configparser.c" +#line 6008 "util/configparser.c" break; - case 466: -#line 2248 "util/configparser.y" + case 482: +#line 2329 "util/configparser.y" { OUTYY(("P(server_access_control_tag_data:%s %s %s)\n", (yyvsp[-2].str), (yyvsp[-1].str), (yyvsp[0].str))); if(!cfg_str3list_insert(&cfg_parser->cfg->acl_tag_datas, @@ -5858,11 +6019,11 @@ yyparse (void) free((yyvsp[0].str)); } } -#line 5862 "util/configparser.c" +#line 6023 "util/configparser.c" break; - case 467: -#line 2260 "util/configparser.y" + case 483: +#line 2341 "util/configparser.y" { OUTYY(("P(server_local_zone_override:%s %s %s)\n", (yyvsp[-2].str), (yyvsp[-1].str), (yyvsp[0].str))); if(!cfg_str3list_insert(&cfg_parser->cfg->local_zone_overrides, @@ -5873,11 +6034,11 @@ yyparse (void) free((yyvsp[0].str)); } } -#line 5877 "util/configparser.c" +#line 6038 "util/configparser.c" break; - case 468: -#line 2272 "util/configparser.y" + case 484: +#line 2353 "util/configparser.y" { OUTYY(("P(server_access_control_view:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); if(!cfg_str2list_insert(&cfg_parser->cfg->acl_view, @@ -5885,11 +6046,11 @@ yyparse (void) yyerror("out of memory"); } } -#line 5889 "util/configparser.c" +#line 6050 "util/configparser.c" break; - case 469: -#line 2281 "util/configparser.y" + case 485: +#line 2362 "util/configparser.y" { size_t len = 0; uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, (yyvsp[0].str), @@ -5909,11 +6070,11 @@ yyparse (void) } } } -#line 5913 "util/configparser.c" +#line 6074 "util/configparser.c" break; - case 470: -#line 2302 "util/configparser.y" + case 486: +#line 2383 "util/configparser.y" { OUTYY(("P(server_ip_ratelimit:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -5921,11 +6082,11 @@ yyparse (void) else cfg_parser->cfg->ip_ratelimit = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 5925 "util/configparser.c" +#line 6086 "util/configparser.c" break; - case 471: -#line 2312 "util/configparser.y" + case 487: +#line 2393 "util/configparser.y" { OUTYY(("P(server_ratelimit:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -5933,33 +6094,33 @@ yyparse (void) else cfg_parser->cfg->ratelimit = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 5937 "util/configparser.c" +#line 6098 "util/configparser.c" break; - case 472: -#line 2321 "util/configparser.y" + case 488: +#line 2402 "util/configparser.y" { OUTYY(("P(server_ip_ratelimit_size:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->ip_ratelimit_size)) yyerror("memory size expected"); free((yyvsp[0].str)); } -#line 5948 "util/configparser.c" +#line 6109 "util/configparser.c" break; - case 473: -#line 2329 "util/configparser.y" + case 489: +#line 2410 "util/configparser.y" { OUTYY(("P(server_ratelimit_size:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->ratelimit_size)) yyerror("memory size expected"); free((yyvsp[0].str)); } -#line 5959 "util/configparser.c" +#line 6120 "util/configparser.c" break; - case 474: -#line 2337 "util/configparser.y" + case 490: +#line 2418 "util/configparser.y" { OUTYY(("P(server_ip_ratelimit_slabs:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -5971,11 +6132,11 @@ yyparse (void) } free((yyvsp[0].str)); } -#line 5975 "util/configparser.c" +#line 6136 "util/configparser.c" break; - case 475: -#line 2350 "util/configparser.y" + case 491: +#line 2431 "util/configparser.y" { OUTYY(("P(server_ratelimit_slabs:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -5987,11 +6148,11 @@ yyparse (void) } free((yyvsp[0].str)); } -#line 5991 "util/configparser.c" +#line 6152 "util/configparser.c" break; - case 476: -#line 2363 "util/configparser.y" + case 492: +#line 2444 "util/configparser.y" { OUTYY(("P(server_ratelimit_for_domain:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) { @@ -6005,11 +6166,11 @@ yyparse (void) "ratelimit-for-domain"); } } -#line 6009 "util/configparser.c" +#line 6170 "util/configparser.c" break; - case 477: -#line 2378 "util/configparser.y" + case 493: +#line 2459 "util/configparser.y" { OUTYY(("P(server_ratelimit_below_domain:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) { @@ -6023,11 +6184,11 @@ yyparse (void) "ratelimit-below-domain"); } } -#line 6027 "util/configparser.c" +#line 6188 "util/configparser.c" break; - case 478: -#line 2393 "util/configparser.y" + case 494: +#line 2474 "util/configparser.y" { OUTYY(("P(server_ip_ratelimit_factor:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -6035,11 +6196,11 @@ yyparse (void) else cfg_parser->cfg->ip_ratelimit_factor = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 6039 "util/configparser.c" +#line 6200 "util/configparser.c" break; - case 479: -#line 2402 "util/configparser.y" + case 495: +#line 2483 "util/configparser.y" { OUTYY(("P(server_ratelimit_factor:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -6047,20 +6208,20 @@ yyparse (void) else cfg_parser->cfg->ratelimit_factor = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 6051 "util/configparser.c" +#line 6212 "util/configparser.c" break; - case 480: -#line 2411 "util/configparser.y" + case 496: +#line 2492 "util/configparser.y" { OUTYY(("P(low-rtt option is deprecated, use fast-server-num instead)\n")); free((yyvsp[0].str)); } -#line 6060 "util/configparser.c" +#line 6221 "util/configparser.c" break; - case 481: -#line 2417 "util/configparser.y" + case 497: +#line 2498 "util/configparser.y" { OUTYY(("P(server_fast_server_num:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) <= 0) @@ -6068,11 +6229,11 @@ yyparse (void) else cfg_parser->cfg->fast_server_num = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 6072 "util/configparser.c" +#line 6233 "util/configparser.c" break; - case 482: -#line 2426 "util/configparser.y" + case 498: +#line 2507 "util/configparser.y" { OUTYY(("P(server_fast_server_permil:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -6080,11 +6241,11 @@ yyparse (void) else cfg_parser->cfg->fast_server_permil = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 6084 "util/configparser.c" +#line 6245 "util/configparser.c" break; - case 483: -#line 2435 "util/configparser.y" + case 499: +#line 2516 "util/configparser.y" { OUTYY(("P(server_qname_minimisation:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -6093,11 +6254,11 @@ yyparse (void) (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 6097 "util/configparser.c" +#line 6258 "util/configparser.c" break; - case 484: -#line 2445 "util/configparser.y" + case 500: +#line 2526 "util/configparser.y" { OUTYY(("P(server_qname_minimisation_strict:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -6106,11 +6267,11 @@ yyparse (void) (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 6110 "util/configparser.c" +#line 6271 "util/configparser.c" break; - case 485: -#line 2455 "util/configparser.y" + case 501: +#line 2536 "util/configparser.y" { OUTYY(("P(server_pad_responses:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -6119,11 +6280,11 @@ yyparse (void) (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 6123 "util/configparser.c" +#line 6284 "util/configparser.c" break; - case 486: -#line 2465 "util/configparser.y" + case 502: +#line 2546 "util/configparser.y" { OUTYY(("P(server_pad_responses_block_size:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -6131,11 +6292,11 @@ yyparse (void) else cfg_parser->cfg->pad_responses_block_size = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 6135 "util/configparser.c" +#line 6296 "util/configparser.c" break; - case 487: -#line 2474 "util/configparser.y" + case 503: +#line 2555 "util/configparser.y" { OUTYY(("P(server_pad_queries:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -6144,11 +6305,11 @@ yyparse (void) (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 6148 "util/configparser.c" +#line 6309 "util/configparser.c" break; - case 488: -#line 2484 "util/configparser.y" + case 504: +#line 2565 "util/configparser.y" { OUTYY(("P(server_pad_queries_block_size:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -6156,11 +6317,11 @@ yyparse (void) else cfg_parser->cfg->pad_queries_block_size = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 6160 "util/configparser.c" +#line 6321 "util/configparser.c" break; - case 489: -#line 2493 "util/configparser.y" + case 505: +#line 2574 "util/configparser.y" { #ifdef USE_IPSECMOD OUTYY(("P(server_ipsecmod_enabled:%s)\n", (yyvsp[0].str))); @@ -6172,11 +6333,11 @@ yyparse (void) #endif free((yyvsp[0].str)); } -#line 6176 "util/configparser.c" +#line 6337 "util/configparser.c" break; - case 490: -#line 2506 "util/configparser.y" + case 506: +#line 2587 "util/configparser.y" { #ifdef USE_IPSECMOD OUTYY(("P(server_ipsecmod_ignore_bogus:%s)\n", (yyvsp[0].str))); @@ -6188,11 +6349,11 @@ yyparse (void) #endif free((yyvsp[0].str)); } -#line 6192 "util/configparser.c" +#line 6353 "util/configparser.c" break; - case 491: -#line 2519 "util/configparser.y" + case 507: +#line 2600 "util/configparser.y" { #ifdef USE_IPSECMOD OUTYY(("P(server_ipsecmod_hook:%s)\n", (yyvsp[0].str))); @@ -6203,11 +6364,11 @@ yyparse (void) free((yyvsp[0].str)); #endif } -#line 6207 "util/configparser.c" +#line 6368 "util/configparser.c" break; - case 492: -#line 2531 "util/configparser.y" + case 508: +#line 2612 "util/configparser.y" { #ifdef USE_IPSECMOD OUTYY(("P(server_ipsecmod_max_ttl:%s)\n", (yyvsp[0].str))); @@ -6220,11 +6381,11 @@ yyparse (void) free((yyvsp[0].str)); #endif } -#line 6224 "util/configparser.c" +#line 6385 "util/configparser.c" break; - case 493: -#line 2545 "util/configparser.y" + case 509: +#line 2626 "util/configparser.y" { #ifdef USE_IPSECMOD OUTYY(("P(server_ipsecmod_whitelist:%s)\n", (yyvsp[0].str))); @@ -6235,11 +6396,11 @@ yyparse (void) free((yyvsp[0].str)); #endif } -#line 6239 "util/configparser.c" +#line 6400 "util/configparser.c" break; - case 494: -#line 2557 "util/configparser.y" + case 510: +#line 2638 "util/configparser.y" { #ifdef USE_IPSECMOD OUTYY(("P(server_ipsecmod_strict:%s)\n", (yyvsp[0].str))); @@ -6252,11 +6413,11 @@ yyparse (void) free((yyvsp[0].str)); #endif } -#line 6256 "util/configparser.c" +#line 6417 "util/configparser.c" break; - case 495: -#line 2571 "util/configparser.y" + case 511: +#line 2652 "util/configparser.y" { OUTYY(("P(server_edns_client_string:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); if(!cfg_str2list_insert( @@ -6264,11 +6425,11 @@ yyparse (void) fatal_exit("out of memory adding " "edns-client-string"); } -#line 6268 "util/configparser.c" +#line 6429 "util/configparser.c" break; - case 496: -#line 2580 "util/configparser.y" + case 512: +#line 2661 "util/configparser.y" { OUTYY(("P(edns_client_string_opcode:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -6279,11 +6440,11 @@ yyparse (void) free((yyvsp[0].str)); } -#line 6283 "util/configparser.c" +#line 6444 "util/configparser.c" break; - case 497: -#line 2592 "util/configparser.y" + case 513: +#line 2673 "util/configparser.y" { OUTYY(("P(name:%s)\n", (yyvsp[0].str))); if(cfg_parser->cfg->stubs->name) @@ -6292,31 +6453,31 @@ yyparse (void) free(cfg_parser->cfg->stubs->name); cfg_parser->cfg->stubs->name = (yyvsp[0].str); } -#line 6296 "util/configparser.c" +#line 6457 "util/configparser.c" break; - case 498: -#line 2602 "util/configparser.y" + case 514: +#line 2683 "util/configparser.y" { OUTYY(("P(stub-host:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->hosts, (yyvsp[0].str))) yyerror("out of memory"); } -#line 6306 "util/configparser.c" +#line 6467 "util/configparser.c" break; - case 499: -#line 2609 "util/configparser.y" + case 515: +#line 2690 "util/configparser.y" { OUTYY(("P(stub-addr:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->addrs, (yyvsp[0].str))) yyerror("out of memory"); } -#line 6316 "util/configparser.c" +#line 6477 "util/configparser.c" break; - case 500: -#line 2616 "util/configparser.y" + case 516: +#line 2697 "util/configparser.y" { OUTYY(("P(stub-first:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -6324,11 +6485,11 @@ yyparse (void) else cfg_parser->cfg->stubs->isfirst=(strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 6328 "util/configparser.c" +#line 6489 "util/configparser.c" break; - case 501: -#line 2625 "util/configparser.y" + case 517: +#line 2706 "util/configparser.y" { OUTYY(("P(stub-no-cache:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -6336,11 +6497,11 @@ yyparse (void) else cfg_parser->cfg->stubs->no_cache=(strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 6340 "util/configparser.c" +#line 6501 "util/configparser.c" break; - case 502: -#line 2634 "util/configparser.y" + case 518: +#line 2715 "util/configparser.y" { OUTYY(("P(stub-ssl-upstream:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -6349,11 +6510,11 @@ yyparse (void) (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 6353 "util/configparser.c" +#line 6514 "util/configparser.c" break; - case 503: -#line 2644 "util/configparser.y" + case 519: +#line 2725 "util/configparser.y" { OUTYY(("P(stub-prime:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -6362,11 +6523,11 @@ yyparse (void) (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 6366 "util/configparser.c" +#line 6527 "util/configparser.c" break; - case 504: -#line 2654 "util/configparser.y" + case 520: +#line 2735 "util/configparser.y" { OUTYY(("P(name:%s)\n", (yyvsp[0].str))); if(cfg_parser->cfg->forwards->name) @@ -6375,31 +6536,31 @@ yyparse (void) free(cfg_parser->cfg->forwards->name); cfg_parser->cfg->forwards->name = (yyvsp[0].str); } -#line 6379 "util/configparser.c" +#line 6540 "util/configparser.c" break; - case 505: -#line 2664 "util/configparser.y" + case 521: +#line 2745 "util/configparser.y" { OUTYY(("P(forward-host:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->hosts, (yyvsp[0].str))) yyerror("out of memory"); } -#line 6389 "util/configparser.c" +#line 6550 "util/configparser.c" break; - case 506: -#line 2671 "util/configparser.y" + case 522: +#line 2752 "util/configparser.y" { OUTYY(("P(forward-addr:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->addrs, (yyvsp[0].str))) yyerror("out of memory"); } -#line 6399 "util/configparser.c" +#line 6560 "util/configparser.c" break; - case 507: -#line 2678 "util/configparser.y" + case 523: +#line 2759 "util/configparser.y" { OUTYY(("P(forward-first:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -6407,11 +6568,11 @@ yyparse (void) else cfg_parser->cfg->forwards->isfirst=(strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 6411 "util/configparser.c" +#line 6572 "util/configparser.c" break; - case 508: -#line 2687 "util/configparser.y" + case 524: +#line 2768 "util/configparser.y" { OUTYY(("P(forward-no-cache:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -6419,11 +6580,11 @@ yyparse (void) else cfg_parser->cfg->forwards->no_cache=(strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 6423 "util/configparser.c" +#line 6584 "util/configparser.c" break; - case 509: -#line 2696 "util/configparser.y" + case 525: +#line 2777 "util/configparser.y" { OUTYY(("P(forward-ssl-upstream:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -6432,11 +6593,11 @@ yyparse (void) (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 6436 "util/configparser.c" +#line 6597 "util/configparser.c" break; - case 510: -#line 2706 "util/configparser.y" + case 526: +#line 2787 "util/configparser.y" { OUTYY(("P(name:%s)\n", (yyvsp[0].str))); if(cfg_parser->cfg->auths->name) @@ -6445,52 +6606,78 @@ yyparse (void) free(cfg_parser->cfg->auths->name); cfg_parser->cfg->auths->name = (yyvsp[0].str); } -#line 6449 "util/configparser.c" +#line 6610 "util/configparser.c" break; - case 511: -#line 2716 "util/configparser.y" + case 527: +#line 2797 "util/configparser.y" { OUTYY(("P(zonefile:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->auths->zonefile); cfg_parser->cfg->auths->zonefile = (yyvsp[0].str); } -#line 6459 "util/configparser.c" +#line 6620 "util/configparser.c" break; - case 512: -#line 2723 "util/configparser.y" + case 528: +#line 2804 "util/configparser.y" { OUTYY(("P(master:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->auths->masters, (yyvsp[0].str))) yyerror("out of memory"); } -#line 6469 "util/configparser.c" +#line 6630 "util/configparser.c" break; - case 513: -#line 2730 "util/configparser.y" + case 529: +#line 2811 "util/configparser.y" { OUTYY(("P(url:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->auths->urls, (yyvsp[0].str))) yyerror("out of memory"); } -#line 6479 "util/configparser.c" +#line 6640 "util/configparser.c" break; - case 514: -#line 2737 "util/configparser.y" + case 530: +#line 2818 "util/configparser.y" { OUTYY(("P(allow-notify:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->auths->allow_notify, (yyvsp[0].str))) yyerror("out of memory"); } -#line 6490 "util/configparser.c" +#line 6651 "util/configparser.c" break; - case 515: -#line 2745 "util/configparser.y" + case 531: +#line 2826 "util/configparser.y" + { + OUTYY(("P(zonemd-check:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->auths->zonemd_check = + (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 6664 "util/configparser.c" + break; + + case 532: +#line 2836 "util/configparser.y" + { + OUTYY(("P(zonemd-reject-absence:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->auths->zonemd_reject_absence = + (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 6677 "util/configparser.c" + break; + + case 533: +#line 2846 "util/configparser.y" { OUTYY(("P(for-downstream:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -6499,11 +6686,11 @@ yyparse (void) (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 6503 "util/configparser.c" +#line 6690 "util/configparser.c" break; - case 516: -#line 2755 "util/configparser.y" + case 534: +#line 2856 "util/configparser.y" { OUTYY(("P(for-upstream:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -6512,11 +6699,11 @@ yyparse (void) (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 6516 "util/configparser.c" +#line 6703 "util/configparser.c" break; - case 517: -#line 2765 "util/configparser.y" + case 535: +#line 2866 "util/configparser.y" { OUTYY(("P(fallback-enabled:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -6525,11 +6712,11 @@ yyparse (void) (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 6529 "util/configparser.c" +#line 6716 "util/configparser.c" break; - case 518: -#line 2775 "util/configparser.y" + case 536: +#line 2876 "util/configparser.y" { OUTYY(("P(name:%s)\n", (yyvsp[0].str))); if(cfg_parser->cfg->views->name) @@ -6538,11 +6725,11 @@ yyparse (void) free(cfg_parser->cfg->views->name); cfg_parser->cfg->views->name = (yyvsp[0].str); } -#line 6542 "util/configparser.c" +#line 6729 "util/configparser.c" break; - case 519: -#line 2785 "util/configparser.y" + case 537: +#line 2886 "util/configparser.y" { OUTYY(("P(view_local_zone:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "static")!=0 && strcmp((yyvsp[0].str), "deny")!=0 && @@ -6552,13 +6739,20 @@ yyparse (void) && strcmp((yyvsp[0].str), "always_transparent")!=0 && strcmp((yyvsp[0].str), "always_refuse")!=0 && strcmp((yyvsp[0].str), "always_nxdomain")!=0 + && strcmp((yyvsp[0].str), "always_nodata")!=0 + && strcmp((yyvsp[0].str), "always_deny")!=0 + && strcmp((yyvsp[0].str), "always_null")!=0 && strcmp((yyvsp[0].str), "noview")!=0 - && strcmp((yyvsp[0].str), "inform")!=0 && strcmp((yyvsp[0].str), "inform_deny")!=0) { + && strcmp((yyvsp[0].str), "inform")!=0 && strcmp((yyvsp[0].str), "inform_deny")!=0 + && strcmp((yyvsp[0].str), "inform_redirect") != 0 + && strcmp((yyvsp[0].str), "ipset") != 0) { yyerror("local-zone type: expected static, deny, " "refuse, redirect, transparent, " "typetransparent, inform, inform_deny, " - "always_transparent, always_refuse, " - "always_nxdomain, noview or nodefault"); + "inform_redirect, always_transparent, " + "always_refuse, always_nxdomain, " + "always_nodata, always_deny, always_null, " + "noview, nodefault or ipset"); free((yyvsp[-1].str)); free((yyvsp[0].str)); } else if(strcmp((yyvsp[0].str), "nodefault")==0) { @@ -6580,11 +6774,11 @@ yyparse (void) fatal_exit("out of memory adding local-zone"); } } -#line 6584 "util/configparser.c" +#line 6778 "util/configparser.c" break; - case 520: -#line 2824 "util/configparser.y" + case 538: +#line 2932 "util/configparser.y" { OUTYY(("P(view_response_ip:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); validate_respip_action((yyvsp[0].str)); @@ -6593,33 +6787,33 @@ yyparse (void) fatal_exit("out of memory adding per-view " "response-ip action"); } -#line 6597 "util/configparser.c" +#line 6791 "util/configparser.c" break; - case 521: -#line 2834 "util/configparser.y" + case 539: +#line 2942 "util/configparser.y" { OUTYY(("P(view_response_ip_data:%s)\n", (yyvsp[-1].str))); if(!cfg_str2list_insert( &cfg_parser->cfg->views->respip_data, (yyvsp[-1].str), (yyvsp[0].str))) fatal_exit("out of memory adding response-ip-data"); } -#line 6608 "util/configparser.c" +#line 6802 "util/configparser.c" break; - case 522: -#line 2842 "util/configparser.y" + case 540: +#line 2950 "util/configparser.y" { OUTYY(("P(view_local_data:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->views->local_data, (yyvsp[0].str))) { fatal_exit("out of memory adding local-data"); } } -#line 6619 "util/configparser.c" +#line 6813 "util/configparser.c" break; - case 523: -#line 2850 "util/configparser.y" + case 541: +#line 2958 "util/configparser.y" { char* ptr; OUTYY(("P(view_local_data_ptr:%s)\n", (yyvsp[0].str))); @@ -6633,11 +6827,11 @@ yyparse (void) yyerror("local-data-ptr could not be reversed"); } } -#line 6637 "util/configparser.c" +#line 6831 "util/configparser.c" break; - case 524: -#line 2865 "util/configparser.y" + case 542: +#line 2973 "util/configparser.y" { OUTYY(("P(view-first:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -6645,19 +6839,19 @@ yyparse (void) else cfg_parser->cfg->views->isfirst=(strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 6649 "util/configparser.c" +#line 6843 "util/configparser.c" break; - case 525: -#line 2874 "util/configparser.y" + case 543: +#line 2982 "util/configparser.y" { OUTYY(("\nP(remote-control:)\n")); } -#line 6657 "util/configparser.c" +#line 6851 "util/configparser.c" break; - case 536: -#line 2885 "util/configparser.y" + case 554: +#line 2993 "util/configparser.y" { OUTYY(("P(control_enable:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -6666,11 +6860,11 @@ yyparse (void) (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 6670 "util/configparser.c" +#line 6864 "util/configparser.c" break; - case 537: -#line 2895 "util/configparser.y" + case 555: +#line 3003 "util/configparser.y" { OUTYY(("P(control_port:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -6678,79 +6872,79 @@ yyparse (void) else cfg_parser->cfg->control_port = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 6682 "util/configparser.c" +#line 6876 "util/configparser.c" break; - case 538: -#line 2904 "util/configparser.y" + case 556: +#line 3012 "util/configparser.y" { OUTYY(("P(control_interface:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_append(&cfg_parser->cfg->control_ifs, (yyvsp[0].str))) yyerror("out of memory"); } -#line 6692 "util/configparser.c" +#line 6886 "util/configparser.c" break; - case 539: -#line 2911 "util/configparser.y" + case 557: +#line 3019 "util/configparser.y" { OUTYY(("P(control_use_cert:%s)\n", (yyvsp[0].str))); cfg_parser->cfg->control_use_cert = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 6702 "util/configparser.c" +#line 6896 "util/configparser.c" break; - case 540: -#line 2918 "util/configparser.y" + case 558: +#line 3026 "util/configparser.y" { OUTYY(("P(rc_server_key_file:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->server_key_file); cfg_parser->cfg->server_key_file = (yyvsp[0].str); } -#line 6712 "util/configparser.c" +#line 6906 "util/configparser.c" break; - case 541: -#line 2925 "util/configparser.y" + case 559: +#line 3033 "util/configparser.y" { OUTYY(("P(rc_server_cert_file:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->server_cert_file); cfg_parser->cfg->server_cert_file = (yyvsp[0].str); } -#line 6722 "util/configparser.c" +#line 6916 "util/configparser.c" break; - case 542: -#line 2932 "util/configparser.y" + case 560: +#line 3040 "util/configparser.y" { OUTYY(("P(rc_control_key_file:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->control_key_file); cfg_parser->cfg->control_key_file = (yyvsp[0].str); } -#line 6732 "util/configparser.c" +#line 6926 "util/configparser.c" break; - case 543: -#line 2939 "util/configparser.y" + case 561: +#line 3047 "util/configparser.y" { OUTYY(("P(rc_control_cert_file:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->control_cert_file); cfg_parser->cfg->control_cert_file = (yyvsp[0].str); } -#line 6742 "util/configparser.c" +#line 6936 "util/configparser.c" break; - case 544: -#line 2946 "util/configparser.y" + case 562: +#line 3054 "util/configparser.y" { OUTYY(("\nP(dnstap:)\n")); } -#line 6750 "util/configparser.c" +#line 6944 "util/configparser.c" break; - case 566: -#line 2966 "util/configparser.y" + case 584: +#line 3074 "util/configparser.y" { OUTYY(("P(dt_dnstap_enable:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -6758,11 +6952,11 @@ yyparse (void) else cfg_parser->cfg->dnstap = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 6762 "util/configparser.c" +#line 6956 "util/configparser.c" break; - case 567: -#line 2975 "util/configparser.y" + case 585: +#line 3083 "util/configparser.y" { OUTYY(("P(dt_dnstap_bidirectional:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -6771,31 +6965,31 @@ yyparse (void) (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 6775 "util/configparser.c" +#line 6969 "util/configparser.c" break; - case 568: -#line 2985 "util/configparser.y" + case 586: +#line 3093 "util/configparser.y" { OUTYY(("P(dt_dnstap_socket_path:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->dnstap_socket_path); cfg_parser->cfg->dnstap_socket_path = (yyvsp[0].str); } -#line 6785 "util/configparser.c" +#line 6979 "util/configparser.c" break; - case 569: -#line 2992 "util/configparser.y" + case 587: +#line 3100 "util/configparser.y" { OUTYY(("P(dt_dnstap_ip:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->dnstap_ip); cfg_parser->cfg->dnstap_ip = (yyvsp[0].str); } -#line 6795 "util/configparser.c" +#line 6989 "util/configparser.c" break; - case 570: -#line 2999 "util/configparser.y" + case 588: +#line 3107 "util/configparser.y" { OUTYY(("P(dt_dnstap_tls:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -6803,51 +6997,51 @@ yyparse (void) else cfg_parser->cfg->dnstap_tls = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 6807 "util/configparser.c" +#line 7001 "util/configparser.c" break; - case 571: -#line 3008 "util/configparser.y" + case 589: +#line 3116 "util/configparser.y" { OUTYY(("P(dt_dnstap_tls_server_name:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->dnstap_tls_server_name); cfg_parser->cfg->dnstap_tls_server_name = (yyvsp[0].str); } -#line 6817 "util/configparser.c" +#line 7011 "util/configparser.c" break; - case 572: -#line 3015 "util/configparser.y" + case 590: +#line 3123 "util/configparser.y" { OUTYY(("P(dt_dnstap_tls_cert_bundle:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->dnstap_tls_cert_bundle); cfg_parser->cfg->dnstap_tls_cert_bundle = (yyvsp[0].str); } -#line 6827 "util/configparser.c" +#line 7021 "util/configparser.c" break; - case 573: -#line 3022 "util/configparser.y" + case 591: +#line 3130 "util/configparser.y" { OUTYY(("P(dt_dnstap_tls_client_key_file:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->dnstap_tls_client_key_file); cfg_parser->cfg->dnstap_tls_client_key_file = (yyvsp[0].str); } -#line 6837 "util/configparser.c" +#line 7031 "util/configparser.c" break; - case 574: -#line 3029 "util/configparser.y" + case 592: +#line 3137 "util/configparser.y" { OUTYY(("P(dt_dnstap_tls_client_cert_file:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->dnstap_tls_client_cert_file); cfg_parser->cfg->dnstap_tls_client_cert_file = (yyvsp[0].str); } -#line 6847 "util/configparser.c" +#line 7041 "util/configparser.c" break; - case 575: -#line 3036 "util/configparser.y" + case 593: +#line 3144 "util/configparser.y" { OUTYY(("P(dt_dnstap_send_identity:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -6855,11 +7049,11 @@ yyparse (void) else cfg_parser->cfg->dnstap_send_identity = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 6859 "util/configparser.c" +#line 7053 "util/configparser.c" break; - case 576: -#line 3045 "util/configparser.y" + case 594: +#line 3153 "util/configparser.y" { OUTYY(("P(dt_dnstap_send_version:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -6867,31 +7061,31 @@ yyparse (void) else cfg_parser->cfg->dnstap_send_version = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 6871 "util/configparser.c" +#line 7065 "util/configparser.c" break; - case 577: -#line 3054 "util/configparser.y" + case 595: +#line 3162 "util/configparser.y" { OUTYY(("P(dt_dnstap_identity:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->dnstap_identity); cfg_parser->cfg->dnstap_identity = (yyvsp[0].str); } -#line 6881 "util/configparser.c" +#line 7075 "util/configparser.c" break; - case 578: -#line 3061 "util/configparser.y" + case 596: +#line 3169 "util/configparser.y" { OUTYY(("P(dt_dnstap_version:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->dnstap_version); cfg_parser->cfg->dnstap_version = (yyvsp[0].str); } -#line 6891 "util/configparser.c" +#line 7085 "util/configparser.c" break; - case 579: -#line 3068 "util/configparser.y" + case 597: +#line 3176 "util/configparser.y" { OUTYY(("P(dt_dnstap_log_resolver_query_messages:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -6900,11 +7094,11 @@ yyparse (void) (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 6904 "util/configparser.c" +#line 7098 "util/configparser.c" break; - case 580: -#line 3078 "util/configparser.y" + case 598: +#line 3186 "util/configparser.y" { OUTYY(("P(dt_dnstap_log_resolver_response_messages:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -6913,11 +7107,11 @@ yyparse (void) (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 6917 "util/configparser.c" +#line 7111 "util/configparser.c" break; - case 581: -#line 3088 "util/configparser.y" + case 599: +#line 3196 "util/configparser.y" { OUTYY(("P(dt_dnstap_log_client_query_messages:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -6926,11 +7120,11 @@ yyparse (void) (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 6930 "util/configparser.c" +#line 7124 "util/configparser.c" break; - case 582: -#line 3098 "util/configparser.y" + case 600: +#line 3206 "util/configparser.y" { OUTYY(("P(dt_dnstap_log_client_response_messages:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -6939,11 +7133,11 @@ yyparse (void) (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 6943 "util/configparser.c" +#line 7137 "util/configparser.c" break; - case 583: -#line 3108 "util/configparser.y" + case 601: +#line 3216 "util/configparser.y" { OUTYY(("P(dt_dnstap_log_forwarder_query_messages:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -6952,11 +7146,11 @@ yyparse (void) (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 6956 "util/configparser.c" +#line 7150 "util/configparser.c" break; - case 584: -#line 3118 "util/configparser.y" + case 602: +#line 3226 "util/configparser.y" { OUTYY(("P(dt_dnstap_log_forwarder_response_messages:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -6965,47 +7159,47 @@ yyparse (void) (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 6969 "util/configparser.c" +#line 7163 "util/configparser.c" break; - case 585: -#line 3128 "util/configparser.y" + case 603: +#line 3236 "util/configparser.y" { OUTYY(("\nP(python:)\n")); } -#line 6977 "util/configparser.c" +#line 7171 "util/configparser.c" break; - case 589: -#line 3137 "util/configparser.y" + case 607: +#line 3245 "util/configparser.y" { OUTYY(("P(python-script:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_append_ex(&cfg_parser->cfg->python_script, (yyvsp[0].str))) yyerror("out of memory"); } -#line 6987 "util/configparser.c" +#line 7181 "util/configparser.c" break; - case 590: -#line 3143 "util/configparser.y" + case 608: +#line 3251 "util/configparser.y" { OUTYY(("\nP(dynlib:)\n")); } -#line 6995 "util/configparser.c" +#line 7189 "util/configparser.c" break; - case 594: -#line 3152 "util/configparser.y" + case 612: +#line 3260 "util/configparser.y" { OUTYY(("P(dynlib-file:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_append_ex(&cfg_parser->cfg->dynlib_file, (yyvsp[0].str))) yyerror("out of memory"); } -#line 7005 "util/configparser.c" +#line 7199 "util/configparser.c" break; - case 595: -#line 3158 "util/configparser.y" + case 613: +#line 3266 "util/configparser.y" { OUTYY(("P(disable_dnssec_lame_check:%s)\n", (yyvsp[0].str))); if (strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -7014,21 +7208,21 @@ yyparse (void) (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 7018 "util/configparser.c" +#line 7212 "util/configparser.c" break; - case 596: -#line 3168 "util/configparser.y" + case 614: +#line 3276 "util/configparser.y" { OUTYY(("P(server_log_identity:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->log_identity); cfg_parser->cfg->log_identity = (yyvsp[0].str); } -#line 7028 "util/configparser.c" +#line 7222 "util/configparser.c" break; - case 597: -#line 3175 "util/configparser.y" + case 615: +#line 3283 "util/configparser.y" { OUTYY(("P(server_response_ip:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); validate_respip_action((yyvsp[0].str)); @@ -7036,30 +7230,30 @@ yyparse (void) (yyvsp[-1].str), (yyvsp[0].str))) fatal_exit("out of memory adding response-ip"); } -#line 7040 "util/configparser.c" +#line 7234 "util/configparser.c" break; - case 598: -#line 3184 "util/configparser.y" + case 616: +#line 3292 "util/configparser.y" { OUTYY(("P(server_response_ip_data:%s)\n", (yyvsp[-1].str))); if(!cfg_str2list_insert(&cfg_parser->cfg->respip_data, (yyvsp[-1].str), (yyvsp[0].str))) fatal_exit("out of memory adding response-ip-data"); } -#line 7051 "util/configparser.c" +#line 7245 "util/configparser.c" break; - case 599: -#line 3192 "util/configparser.y" + case 617: +#line 3300 "util/configparser.y" { OUTYY(("\nP(dnscrypt:)\n")); } -#line 7059 "util/configparser.c" +#line 7253 "util/configparser.c" break; - case 612: -#line 3208 "util/configparser.y" + case 630: +#line 3316 "util/configparser.y" { OUTYY(("P(dnsc_dnscrypt_enable:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -7067,11 +7261,11 @@ yyparse (void) else cfg_parser->cfg->dnscrypt = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 7071 "util/configparser.c" +#line 7265 "util/configparser.c" break; - case 613: -#line 3218 "util/configparser.y" + case 631: +#line 3326 "util/configparser.y" { OUTYY(("P(dnsc_dnscrypt_port:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -7079,21 +7273,21 @@ yyparse (void) else cfg_parser->cfg->dnscrypt_port = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 7083 "util/configparser.c" +#line 7277 "util/configparser.c" break; - case 614: -#line 3227 "util/configparser.y" + case 632: +#line 3335 "util/configparser.y" { OUTYY(("P(dnsc_dnscrypt_provider:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->dnscrypt_provider); cfg_parser->cfg->dnscrypt_provider = (yyvsp[0].str); } -#line 7093 "util/configparser.c" +#line 7287 "util/configparser.c" break; - case 615: -#line 3234 "util/configparser.y" + case 633: +#line 3342 "util/configparser.y" { OUTYY(("P(dnsc_dnscrypt_provider_cert:%s)\n", (yyvsp[0].str))); if(cfg_strlist_find(cfg_parser->cfg->dnscrypt_provider_cert, (yyvsp[0].str))) @@ -7101,21 +7295,21 @@ yyparse (void) if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_provider_cert, (yyvsp[0].str))) fatal_exit("out of memory adding dnscrypt-provider-cert"); } -#line 7105 "util/configparser.c" +#line 7299 "util/configparser.c" break; - case 616: -#line 3243 "util/configparser.y" + case 634: +#line 3351 "util/configparser.y" { OUTYY(("P(dnsc_dnscrypt_provider_cert_rotated:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_provider_cert_rotated, (yyvsp[0].str))) fatal_exit("out of memory adding dnscrypt-provider-cert-rotated"); } -#line 7115 "util/configparser.c" +#line 7309 "util/configparser.c" break; - case 617: -#line 3250 "util/configparser.y" + case 635: +#line 3358 "util/configparser.y" { OUTYY(("P(dnsc_dnscrypt_secret_key:%s)\n", (yyvsp[0].str))); if(cfg_strlist_find(cfg_parser->cfg->dnscrypt_secret_key, (yyvsp[0].str))) @@ -7123,22 +7317,22 @@ yyparse (void) if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_secret_key, (yyvsp[0].str))) fatal_exit("out of memory adding dnscrypt-secret-key"); } -#line 7127 "util/configparser.c" +#line 7321 "util/configparser.c" break; - case 618: -#line 3259 "util/configparser.y" + case 636: +#line 3367 "util/configparser.y" { OUTYY(("P(dnscrypt_shared_secret_cache_size:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->dnscrypt_shared_secret_cache_size)) yyerror("memory size expected"); free((yyvsp[0].str)); } -#line 7138 "util/configparser.c" +#line 7332 "util/configparser.c" break; - case 619: -#line 3267 "util/configparser.y" + case 637: +#line 3375 "util/configparser.y" { OUTYY(("P(dnscrypt_shared_secret_cache_slabs:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -7150,22 +7344,22 @@ yyparse (void) } free((yyvsp[0].str)); } -#line 7154 "util/configparser.c" +#line 7348 "util/configparser.c" break; - case 620: -#line 3280 "util/configparser.y" + case 638: +#line 3388 "util/configparser.y" { OUTYY(("P(dnscrypt_nonce_cache_size:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->dnscrypt_nonce_cache_size)) yyerror("memory size expected"); free((yyvsp[0].str)); } -#line 7165 "util/configparser.c" +#line 7359 "util/configparser.c" break; - case 621: -#line 3288 "util/configparser.y" + case 639: +#line 3396 "util/configparser.y" { OUTYY(("P(dnscrypt_nonce_cache_slabs:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -7177,19 +7371,19 @@ yyparse (void) } free((yyvsp[0].str)); } -#line 7181 "util/configparser.c" +#line 7375 "util/configparser.c" break; - case 622: -#line 3301 "util/configparser.y" + case 640: +#line 3409 "util/configparser.y" { OUTYY(("\nP(cachedb:)\n")); } -#line 7189 "util/configparser.c" +#line 7383 "util/configparser.c" break; - case 631: -#line 3312 "util/configparser.y" + case 649: +#line 3420 "util/configparser.y" { #ifdef USE_CACHEDB OUTYY(("P(backend:%s)\n", (yyvsp[0].str))); @@ -7200,11 +7394,11 @@ yyparse (void) free((yyvsp[0].str)); #endif } -#line 7204 "util/configparser.c" +#line 7398 "util/configparser.c" break; - case 632: -#line 3324 "util/configparser.y" + case 650: +#line 3432 "util/configparser.y" { #ifdef USE_CACHEDB OUTYY(("P(secret-seed:%s)\n", (yyvsp[0].str))); @@ -7215,11 +7409,11 @@ yyparse (void) free((yyvsp[0].str)); #endif } -#line 7219 "util/configparser.c" +#line 7413 "util/configparser.c" break; - case 633: -#line 3336 "util/configparser.y" + case 651: +#line 3444 "util/configparser.y" { #if defined(USE_CACHEDB) && defined(USE_REDIS) OUTYY(("P(redis_server_host:%s)\n", (yyvsp[0].str))); @@ -7230,11 +7424,11 @@ yyparse (void) free((yyvsp[0].str)); #endif } -#line 7234 "util/configparser.c" +#line 7428 "util/configparser.c" break; - case 634: -#line 3348 "util/configparser.y" + case 652: +#line 3456 "util/configparser.y" { #if defined(USE_CACHEDB) && defined(USE_REDIS) int port; @@ -7248,11 +7442,11 @@ yyparse (void) #endif free((yyvsp[0].str)); } -#line 7252 "util/configparser.c" +#line 7446 "util/configparser.c" break; - case 635: -#line 3363 "util/configparser.y" + case 653: +#line 3471 "util/configparser.y" { #if defined(USE_CACHEDB) && defined(USE_REDIS) OUTYY(("P(redis_timeout:%s)\n", (yyvsp[0].str))); @@ -7264,11 +7458,11 @@ yyparse (void) #endif free((yyvsp[0].str)); } -#line 7268 "util/configparser.c" +#line 7462 "util/configparser.c" break; - case 636: -#line 3376 "util/configparser.y" + case 654: +#line 3484 "util/configparser.y" { #if defined(USE_CACHEDB) && defined(USE_REDIS) OUTYY(("P(redis_expire_records:%s)\n", (yyvsp[0].str))); @@ -7280,11 +7474,11 @@ yyparse (void) #endif free((yyvsp[0].str)); } -#line 7284 "util/configparser.c" +#line 7478 "util/configparser.c" break; - case 637: -#line 3389 "util/configparser.y" + case 655: +#line 3497 "util/configparser.y" { OUTYY(("P(server_tcp_connection_limit:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); if (atoi((yyvsp[0].str)) < 0) @@ -7294,19 +7488,19 @@ yyparse (void) fatal_exit("out of memory adding tcp connection limit"); } } -#line 7298 "util/configparser.c" +#line 7492 "util/configparser.c" break; - case 638: -#line 3400 "util/configparser.y" + case 656: +#line 3508 "util/configparser.y" { OUTYY(("\nP(ipset:)\n")); } -#line 7306 "util/configparser.c" +#line 7500 "util/configparser.c" break; - case 643: -#line 3409 "util/configparser.y" + case 661: +#line 3517 "util/configparser.y" { #ifdef USE_IPSET OUTYY(("P(name-v4:%s)\n", (yyvsp[0].str))); @@ -7320,11 +7514,11 @@ yyparse (void) free((yyvsp[0].str)); #endif } -#line 7324 "util/configparser.c" +#line 7518 "util/configparser.c" break; - case 644: -#line 3424 "util/configparser.y" + case 662: +#line 3532 "util/configparser.y" { #ifdef USE_IPSET OUTYY(("P(name-v6:%s)\n", (yyvsp[0].str))); @@ -7338,11 +7532,11 @@ yyparse (void) free((yyvsp[0].str)); #endif } -#line 7342 "util/configparser.c" +#line 7536 "util/configparser.c" break; -#line 7346 "util/configparser.c" +#line 7540 "util/configparser.c" default: break; } @@ -7536,7 +7730,7 @@ yyparse (void) return yyresult; } -#line 3438 "util/configparser.y" +#line 3546 "util/configparser.y" /* parse helper routines could be here */ diff --git a/util/configparser.h b/util/configparser.h index baa3bb2d9cc5..1c9ec0324ace 100644 --- a/util/configparser.h +++ b/util/configparser.h @@ -156,210 +156,219 @@ extern int yydebug; VAR_CONTROL_KEY_FILE = 357, /* VAR_CONTROL_KEY_FILE */ VAR_CONTROL_CERT_FILE = 358, /* VAR_CONTROL_CERT_FILE */ VAR_CONTROL_USE_CERT = 359, /* VAR_CONTROL_USE_CERT */ - VAR_EXTENDED_STATISTICS = 360, /* VAR_EXTENDED_STATISTICS */ - VAR_LOCAL_DATA_PTR = 361, /* VAR_LOCAL_DATA_PTR */ - VAR_JOSTLE_TIMEOUT = 362, /* VAR_JOSTLE_TIMEOUT */ - VAR_STUB_PRIME = 363, /* VAR_STUB_PRIME */ - VAR_UNWANTED_REPLY_THRESHOLD = 364, /* VAR_UNWANTED_REPLY_THRESHOLD */ - VAR_LOG_TIME_ASCII = 365, /* VAR_LOG_TIME_ASCII */ - VAR_DOMAIN_INSECURE = 366, /* VAR_DOMAIN_INSECURE */ - VAR_PYTHON = 367, /* VAR_PYTHON */ - VAR_PYTHON_SCRIPT = 368, /* VAR_PYTHON_SCRIPT */ - VAR_VAL_SIG_SKEW_MIN = 369, /* VAR_VAL_SIG_SKEW_MIN */ - VAR_VAL_SIG_SKEW_MAX = 370, /* VAR_VAL_SIG_SKEW_MAX */ - VAR_CACHE_MIN_TTL = 371, /* VAR_CACHE_MIN_TTL */ - VAR_VAL_LOG_LEVEL = 372, /* VAR_VAL_LOG_LEVEL */ - VAR_AUTO_TRUST_ANCHOR_FILE = 373, /* VAR_AUTO_TRUST_ANCHOR_FILE */ - VAR_KEEP_MISSING = 374, /* VAR_KEEP_MISSING */ - VAR_ADD_HOLDDOWN = 375, /* VAR_ADD_HOLDDOWN */ - VAR_DEL_HOLDDOWN = 376, /* VAR_DEL_HOLDDOWN */ - VAR_SO_RCVBUF = 377, /* VAR_SO_RCVBUF */ - VAR_EDNS_BUFFER_SIZE = 378, /* VAR_EDNS_BUFFER_SIZE */ - VAR_PREFETCH = 379, /* VAR_PREFETCH */ - VAR_PREFETCH_KEY = 380, /* VAR_PREFETCH_KEY */ - VAR_SO_SNDBUF = 381, /* VAR_SO_SNDBUF */ - VAR_SO_REUSEPORT = 382, /* VAR_SO_REUSEPORT */ - VAR_HARDEN_BELOW_NXDOMAIN = 383, /* VAR_HARDEN_BELOW_NXDOMAIN */ - VAR_IGNORE_CD_FLAG = 384, /* VAR_IGNORE_CD_FLAG */ - VAR_LOG_QUERIES = 385, /* VAR_LOG_QUERIES */ - VAR_LOG_REPLIES = 386, /* VAR_LOG_REPLIES */ - VAR_LOG_LOCAL_ACTIONS = 387, /* VAR_LOG_LOCAL_ACTIONS */ - VAR_TCP_UPSTREAM = 388, /* VAR_TCP_UPSTREAM */ - VAR_SSL_UPSTREAM = 389, /* VAR_SSL_UPSTREAM */ - VAR_SSL_SERVICE_KEY = 390, /* VAR_SSL_SERVICE_KEY */ - VAR_SSL_SERVICE_PEM = 391, /* VAR_SSL_SERVICE_PEM */ - VAR_SSL_PORT = 392, /* VAR_SSL_PORT */ - VAR_FORWARD_FIRST = 393, /* VAR_FORWARD_FIRST */ - VAR_STUB_SSL_UPSTREAM = 394, /* VAR_STUB_SSL_UPSTREAM */ - VAR_FORWARD_SSL_UPSTREAM = 395, /* VAR_FORWARD_SSL_UPSTREAM */ - VAR_TLS_CERT_BUNDLE = 396, /* VAR_TLS_CERT_BUNDLE */ - VAR_HTTPS_PORT = 397, /* VAR_HTTPS_PORT */ - VAR_HTTP_ENDPOINT = 398, /* VAR_HTTP_ENDPOINT */ - VAR_HTTP_MAX_STREAMS = 399, /* VAR_HTTP_MAX_STREAMS */ - VAR_HTTP_QUERY_BUFFER_SIZE = 400, /* VAR_HTTP_QUERY_BUFFER_SIZE */ - VAR_HTTP_RESPONSE_BUFFER_SIZE = 401, /* VAR_HTTP_RESPONSE_BUFFER_SIZE */ - VAR_HTTP_NODELAY = 402, /* VAR_HTTP_NODELAY */ - VAR_HTTP_NOTLS_DOWNSTREAM = 403, /* VAR_HTTP_NOTLS_DOWNSTREAM */ - VAR_STUB_FIRST = 404, /* VAR_STUB_FIRST */ - VAR_MINIMAL_RESPONSES = 405, /* VAR_MINIMAL_RESPONSES */ - VAR_RRSET_ROUNDROBIN = 406, /* VAR_RRSET_ROUNDROBIN */ - VAR_MAX_UDP_SIZE = 407, /* VAR_MAX_UDP_SIZE */ - VAR_DELAY_CLOSE = 408, /* VAR_DELAY_CLOSE */ - VAR_UDP_CONNECT = 409, /* VAR_UDP_CONNECT */ - VAR_UNBLOCK_LAN_ZONES = 410, /* VAR_UNBLOCK_LAN_ZONES */ - VAR_INSECURE_LAN_ZONES = 411, /* VAR_INSECURE_LAN_ZONES */ - VAR_INFRA_CACHE_MIN_RTT = 412, /* VAR_INFRA_CACHE_MIN_RTT */ - VAR_INFRA_KEEP_PROBING = 413, /* VAR_INFRA_KEEP_PROBING */ - VAR_DNS64_PREFIX = 414, /* VAR_DNS64_PREFIX */ - VAR_DNS64_SYNTHALL = 415, /* VAR_DNS64_SYNTHALL */ - VAR_DNS64_IGNORE_AAAA = 416, /* VAR_DNS64_IGNORE_AAAA */ - VAR_DNSTAP = 417, /* VAR_DNSTAP */ - VAR_DNSTAP_ENABLE = 418, /* VAR_DNSTAP_ENABLE */ - VAR_DNSTAP_SOCKET_PATH = 419, /* VAR_DNSTAP_SOCKET_PATH */ - VAR_DNSTAP_IP = 420, /* VAR_DNSTAP_IP */ - VAR_DNSTAP_TLS = 421, /* VAR_DNSTAP_TLS */ - VAR_DNSTAP_TLS_SERVER_NAME = 422, /* VAR_DNSTAP_TLS_SERVER_NAME */ - VAR_DNSTAP_TLS_CERT_BUNDLE = 423, /* VAR_DNSTAP_TLS_CERT_BUNDLE */ - VAR_DNSTAP_TLS_CLIENT_KEY_FILE = 424, /* VAR_DNSTAP_TLS_CLIENT_KEY_FILE */ - VAR_DNSTAP_TLS_CLIENT_CERT_FILE = 425, /* VAR_DNSTAP_TLS_CLIENT_CERT_FILE */ - VAR_DNSTAP_SEND_IDENTITY = 426, /* VAR_DNSTAP_SEND_IDENTITY */ - VAR_DNSTAP_SEND_VERSION = 427, /* VAR_DNSTAP_SEND_VERSION */ - VAR_DNSTAP_BIDIRECTIONAL = 428, /* VAR_DNSTAP_BIDIRECTIONAL */ - VAR_DNSTAP_IDENTITY = 429, /* VAR_DNSTAP_IDENTITY */ - VAR_DNSTAP_VERSION = 430, /* VAR_DNSTAP_VERSION */ - VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES = 431, /* VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES */ - VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES = 432, /* VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES */ - VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES = 433, /* VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES */ - VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES = 434, /* VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES */ - VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES = 435, /* VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES */ - VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES = 436, /* VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES */ - VAR_RESPONSE_IP_TAG = 437, /* VAR_RESPONSE_IP_TAG */ - VAR_RESPONSE_IP = 438, /* VAR_RESPONSE_IP */ - VAR_RESPONSE_IP_DATA = 439, /* VAR_RESPONSE_IP_DATA */ - VAR_HARDEN_ALGO_DOWNGRADE = 440, /* VAR_HARDEN_ALGO_DOWNGRADE */ - VAR_IP_TRANSPARENT = 441, /* VAR_IP_TRANSPARENT */ - VAR_IP_DSCP = 442, /* VAR_IP_DSCP */ - VAR_DISABLE_DNSSEC_LAME_CHECK = 443, /* VAR_DISABLE_DNSSEC_LAME_CHECK */ - VAR_IP_RATELIMIT = 444, /* VAR_IP_RATELIMIT */ - VAR_IP_RATELIMIT_SLABS = 445, /* VAR_IP_RATELIMIT_SLABS */ - VAR_IP_RATELIMIT_SIZE = 446, /* VAR_IP_RATELIMIT_SIZE */ - VAR_RATELIMIT = 447, /* VAR_RATELIMIT */ - VAR_RATELIMIT_SLABS = 448, /* VAR_RATELIMIT_SLABS */ - VAR_RATELIMIT_SIZE = 449, /* VAR_RATELIMIT_SIZE */ - VAR_RATELIMIT_FOR_DOMAIN = 450, /* VAR_RATELIMIT_FOR_DOMAIN */ - VAR_RATELIMIT_BELOW_DOMAIN = 451, /* VAR_RATELIMIT_BELOW_DOMAIN */ - VAR_IP_RATELIMIT_FACTOR = 452, /* VAR_IP_RATELIMIT_FACTOR */ - VAR_RATELIMIT_FACTOR = 453, /* VAR_RATELIMIT_FACTOR */ - VAR_SEND_CLIENT_SUBNET = 454, /* VAR_SEND_CLIENT_SUBNET */ - VAR_CLIENT_SUBNET_ZONE = 455, /* VAR_CLIENT_SUBNET_ZONE */ - VAR_CLIENT_SUBNET_ALWAYS_FORWARD = 456, /* VAR_CLIENT_SUBNET_ALWAYS_FORWARD */ - VAR_CLIENT_SUBNET_OPCODE = 457, /* VAR_CLIENT_SUBNET_OPCODE */ - VAR_MAX_CLIENT_SUBNET_IPV4 = 458, /* VAR_MAX_CLIENT_SUBNET_IPV4 */ - VAR_MAX_CLIENT_SUBNET_IPV6 = 459, /* VAR_MAX_CLIENT_SUBNET_IPV6 */ - VAR_MIN_CLIENT_SUBNET_IPV4 = 460, /* VAR_MIN_CLIENT_SUBNET_IPV4 */ - VAR_MIN_CLIENT_SUBNET_IPV6 = 461, /* VAR_MIN_CLIENT_SUBNET_IPV6 */ - VAR_MAX_ECS_TREE_SIZE_IPV4 = 462, /* VAR_MAX_ECS_TREE_SIZE_IPV4 */ - VAR_MAX_ECS_TREE_SIZE_IPV6 = 463, /* VAR_MAX_ECS_TREE_SIZE_IPV6 */ - VAR_CAPS_WHITELIST = 464, /* VAR_CAPS_WHITELIST */ - VAR_CACHE_MAX_NEGATIVE_TTL = 465, /* VAR_CACHE_MAX_NEGATIVE_TTL */ - VAR_PERMIT_SMALL_HOLDDOWN = 466, /* VAR_PERMIT_SMALL_HOLDDOWN */ - VAR_QNAME_MINIMISATION = 467, /* VAR_QNAME_MINIMISATION */ - VAR_QNAME_MINIMISATION_STRICT = 468, /* VAR_QNAME_MINIMISATION_STRICT */ - VAR_IP_FREEBIND = 469, /* VAR_IP_FREEBIND */ - VAR_DEFINE_TAG = 470, /* VAR_DEFINE_TAG */ - VAR_LOCAL_ZONE_TAG = 471, /* VAR_LOCAL_ZONE_TAG */ - VAR_ACCESS_CONTROL_TAG = 472, /* VAR_ACCESS_CONTROL_TAG */ - VAR_LOCAL_ZONE_OVERRIDE = 473, /* VAR_LOCAL_ZONE_OVERRIDE */ - VAR_ACCESS_CONTROL_TAG_ACTION = 474, /* VAR_ACCESS_CONTROL_TAG_ACTION */ - VAR_ACCESS_CONTROL_TAG_DATA = 475, /* VAR_ACCESS_CONTROL_TAG_DATA */ - VAR_VIEW = 476, /* VAR_VIEW */ - VAR_ACCESS_CONTROL_VIEW = 477, /* VAR_ACCESS_CONTROL_VIEW */ - VAR_VIEW_FIRST = 478, /* VAR_VIEW_FIRST */ - VAR_SERVE_EXPIRED = 479, /* VAR_SERVE_EXPIRED */ - VAR_SERVE_EXPIRED_TTL = 480, /* VAR_SERVE_EXPIRED_TTL */ - VAR_SERVE_EXPIRED_TTL_RESET = 481, /* VAR_SERVE_EXPIRED_TTL_RESET */ - VAR_SERVE_EXPIRED_REPLY_TTL = 482, /* VAR_SERVE_EXPIRED_REPLY_TTL */ - VAR_SERVE_EXPIRED_CLIENT_TIMEOUT = 483, /* VAR_SERVE_EXPIRED_CLIENT_TIMEOUT */ - VAR_SERVE_ORIGINAL_TTL = 484, /* VAR_SERVE_ORIGINAL_TTL */ - VAR_FAKE_DSA = 485, /* VAR_FAKE_DSA */ - VAR_FAKE_SHA1 = 486, /* VAR_FAKE_SHA1 */ - VAR_LOG_IDENTITY = 487, /* VAR_LOG_IDENTITY */ - VAR_HIDE_TRUSTANCHOR = 488, /* VAR_HIDE_TRUSTANCHOR */ - VAR_TRUST_ANCHOR_SIGNALING = 489, /* VAR_TRUST_ANCHOR_SIGNALING */ - VAR_AGGRESSIVE_NSEC = 490, /* VAR_AGGRESSIVE_NSEC */ - VAR_USE_SYSTEMD = 491, /* VAR_USE_SYSTEMD */ - VAR_SHM_ENABLE = 492, /* VAR_SHM_ENABLE */ - VAR_SHM_KEY = 493, /* VAR_SHM_KEY */ - VAR_ROOT_KEY_SENTINEL = 494, /* VAR_ROOT_KEY_SENTINEL */ - VAR_DNSCRYPT = 495, /* VAR_DNSCRYPT */ - VAR_DNSCRYPT_ENABLE = 496, /* VAR_DNSCRYPT_ENABLE */ - VAR_DNSCRYPT_PORT = 497, /* VAR_DNSCRYPT_PORT */ - VAR_DNSCRYPT_PROVIDER = 498, /* VAR_DNSCRYPT_PROVIDER */ - VAR_DNSCRYPT_SECRET_KEY = 499, /* VAR_DNSCRYPT_SECRET_KEY */ - VAR_DNSCRYPT_PROVIDER_CERT = 500, /* VAR_DNSCRYPT_PROVIDER_CERT */ - VAR_DNSCRYPT_PROVIDER_CERT_ROTATED = 501, /* VAR_DNSCRYPT_PROVIDER_CERT_ROTATED */ - VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE = 502, /* VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE */ - VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS = 503, /* VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS */ - VAR_DNSCRYPT_NONCE_CACHE_SIZE = 504, /* VAR_DNSCRYPT_NONCE_CACHE_SIZE */ - VAR_DNSCRYPT_NONCE_CACHE_SLABS = 505, /* VAR_DNSCRYPT_NONCE_CACHE_SLABS */ - VAR_PAD_RESPONSES = 506, /* VAR_PAD_RESPONSES */ - VAR_PAD_RESPONSES_BLOCK_SIZE = 507, /* VAR_PAD_RESPONSES_BLOCK_SIZE */ - VAR_PAD_QUERIES = 508, /* VAR_PAD_QUERIES */ - VAR_PAD_QUERIES_BLOCK_SIZE = 509, /* VAR_PAD_QUERIES_BLOCK_SIZE */ - VAR_IPSECMOD_ENABLED = 510, /* VAR_IPSECMOD_ENABLED */ - VAR_IPSECMOD_HOOK = 511, /* VAR_IPSECMOD_HOOK */ - VAR_IPSECMOD_IGNORE_BOGUS = 512, /* VAR_IPSECMOD_IGNORE_BOGUS */ - VAR_IPSECMOD_MAX_TTL = 513, /* VAR_IPSECMOD_MAX_TTL */ - VAR_IPSECMOD_WHITELIST = 514, /* VAR_IPSECMOD_WHITELIST */ - VAR_IPSECMOD_STRICT = 515, /* VAR_IPSECMOD_STRICT */ - VAR_CACHEDB = 516, /* VAR_CACHEDB */ - VAR_CACHEDB_BACKEND = 517, /* VAR_CACHEDB_BACKEND */ - VAR_CACHEDB_SECRETSEED = 518, /* VAR_CACHEDB_SECRETSEED */ - VAR_CACHEDB_REDISHOST = 519, /* VAR_CACHEDB_REDISHOST */ - VAR_CACHEDB_REDISPORT = 520, /* VAR_CACHEDB_REDISPORT */ - VAR_CACHEDB_REDISTIMEOUT = 521, /* VAR_CACHEDB_REDISTIMEOUT */ - VAR_CACHEDB_REDISEXPIRERECORDS = 522, /* VAR_CACHEDB_REDISEXPIRERECORDS */ - VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM = 523, /* VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM */ - VAR_FOR_UPSTREAM = 524, /* VAR_FOR_UPSTREAM */ - VAR_AUTH_ZONE = 525, /* VAR_AUTH_ZONE */ - VAR_ZONEFILE = 526, /* VAR_ZONEFILE */ - VAR_MASTER = 527, /* VAR_MASTER */ - VAR_URL = 528, /* VAR_URL */ - VAR_FOR_DOWNSTREAM = 529, /* VAR_FOR_DOWNSTREAM */ - VAR_FALLBACK_ENABLED = 530, /* VAR_FALLBACK_ENABLED */ - VAR_TLS_ADDITIONAL_PORT = 531, /* VAR_TLS_ADDITIONAL_PORT */ - VAR_LOW_RTT = 532, /* VAR_LOW_RTT */ - VAR_LOW_RTT_PERMIL = 533, /* VAR_LOW_RTT_PERMIL */ - VAR_FAST_SERVER_PERMIL = 534, /* VAR_FAST_SERVER_PERMIL */ - VAR_FAST_SERVER_NUM = 535, /* VAR_FAST_SERVER_NUM */ - VAR_ALLOW_NOTIFY = 536, /* VAR_ALLOW_NOTIFY */ - VAR_TLS_WIN_CERT = 537, /* VAR_TLS_WIN_CERT */ - VAR_TCP_CONNECTION_LIMIT = 538, /* VAR_TCP_CONNECTION_LIMIT */ - VAR_FORWARD_NO_CACHE = 539, /* VAR_FORWARD_NO_CACHE */ - VAR_STUB_NO_CACHE = 540, /* VAR_STUB_NO_CACHE */ - VAR_LOG_SERVFAIL = 541, /* VAR_LOG_SERVFAIL */ - VAR_DENY_ANY = 542, /* VAR_DENY_ANY */ - VAR_UNKNOWN_SERVER_TIME_LIMIT = 543, /* VAR_UNKNOWN_SERVER_TIME_LIMIT */ - VAR_LOG_TAG_QUERYREPLY = 544, /* VAR_LOG_TAG_QUERYREPLY */ - VAR_STREAM_WAIT_SIZE = 545, /* VAR_STREAM_WAIT_SIZE */ - VAR_TLS_CIPHERS = 546, /* VAR_TLS_CIPHERS */ - VAR_TLS_CIPHERSUITES = 547, /* VAR_TLS_CIPHERSUITES */ - VAR_TLS_USE_SNI = 548, /* VAR_TLS_USE_SNI */ - VAR_IPSET = 549, /* VAR_IPSET */ - VAR_IPSET_NAME_V4 = 550, /* VAR_IPSET_NAME_V4 */ - VAR_IPSET_NAME_V6 = 551, /* VAR_IPSET_NAME_V6 */ - VAR_TLS_SESSION_TICKET_KEYS = 552, /* VAR_TLS_SESSION_TICKET_KEYS */ - VAR_RPZ = 553, /* VAR_RPZ */ - VAR_TAGS = 554, /* VAR_TAGS */ - VAR_RPZ_ACTION_OVERRIDE = 555, /* VAR_RPZ_ACTION_OVERRIDE */ - VAR_RPZ_CNAME_OVERRIDE = 556, /* VAR_RPZ_CNAME_OVERRIDE */ - VAR_RPZ_LOG = 557, /* VAR_RPZ_LOG */ - VAR_RPZ_LOG_NAME = 558, /* VAR_RPZ_LOG_NAME */ - VAR_DYNLIB = 559, /* VAR_DYNLIB */ - VAR_DYNLIB_FILE = 560, /* VAR_DYNLIB_FILE */ - VAR_EDNS_CLIENT_STRING = 561, /* VAR_EDNS_CLIENT_STRING */ - VAR_EDNS_CLIENT_STRING_OPCODE = 562, /* VAR_EDNS_CLIENT_STRING_OPCODE */ - VAR_NSID = 563 /* VAR_NSID */ + VAR_TCP_REUSE_TIMEOUT = 360, /* VAR_TCP_REUSE_TIMEOUT */ + VAR_MAX_REUSE_TCP_QUERIES = 361, /* VAR_MAX_REUSE_TCP_QUERIES */ + VAR_EXTENDED_STATISTICS = 362, /* VAR_EXTENDED_STATISTICS */ + VAR_LOCAL_DATA_PTR = 363, /* VAR_LOCAL_DATA_PTR */ + VAR_JOSTLE_TIMEOUT = 364, /* VAR_JOSTLE_TIMEOUT */ + VAR_STUB_PRIME = 365, /* VAR_STUB_PRIME */ + VAR_UNWANTED_REPLY_THRESHOLD = 366, /* VAR_UNWANTED_REPLY_THRESHOLD */ + VAR_LOG_TIME_ASCII = 367, /* VAR_LOG_TIME_ASCII */ + VAR_DOMAIN_INSECURE = 368, /* VAR_DOMAIN_INSECURE */ + VAR_PYTHON = 369, /* VAR_PYTHON */ + VAR_PYTHON_SCRIPT = 370, /* VAR_PYTHON_SCRIPT */ + VAR_VAL_SIG_SKEW_MIN = 371, /* VAR_VAL_SIG_SKEW_MIN */ + VAR_VAL_SIG_SKEW_MAX = 372, /* VAR_VAL_SIG_SKEW_MAX */ + VAR_VAL_MAX_RESTART = 373, /* VAR_VAL_MAX_RESTART */ + VAR_CACHE_MIN_TTL = 374, /* VAR_CACHE_MIN_TTL */ + VAR_VAL_LOG_LEVEL = 375, /* VAR_VAL_LOG_LEVEL */ + VAR_AUTO_TRUST_ANCHOR_FILE = 376, /* VAR_AUTO_TRUST_ANCHOR_FILE */ + VAR_KEEP_MISSING = 377, /* VAR_KEEP_MISSING */ + VAR_ADD_HOLDDOWN = 378, /* VAR_ADD_HOLDDOWN */ + VAR_DEL_HOLDDOWN = 379, /* VAR_DEL_HOLDDOWN */ + VAR_SO_RCVBUF = 380, /* VAR_SO_RCVBUF */ + VAR_EDNS_BUFFER_SIZE = 381, /* VAR_EDNS_BUFFER_SIZE */ + VAR_PREFETCH = 382, /* VAR_PREFETCH */ + VAR_PREFETCH_KEY = 383, /* VAR_PREFETCH_KEY */ + VAR_SO_SNDBUF = 384, /* VAR_SO_SNDBUF */ + VAR_SO_REUSEPORT = 385, /* VAR_SO_REUSEPORT */ + VAR_HARDEN_BELOW_NXDOMAIN = 386, /* VAR_HARDEN_BELOW_NXDOMAIN */ + VAR_IGNORE_CD_FLAG = 387, /* VAR_IGNORE_CD_FLAG */ + VAR_LOG_QUERIES = 388, /* VAR_LOG_QUERIES */ + VAR_LOG_REPLIES = 389, /* VAR_LOG_REPLIES */ + VAR_LOG_LOCAL_ACTIONS = 390, /* VAR_LOG_LOCAL_ACTIONS */ + VAR_TCP_UPSTREAM = 391, /* VAR_TCP_UPSTREAM */ + VAR_SSL_UPSTREAM = 392, /* VAR_SSL_UPSTREAM */ + VAR_TCP_AUTH_QUERY_TIMEOUT = 393, /* VAR_TCP_AUTH_QUERY_TIMEOUT */ + VAR_SSL_SERVICE_KEY = 394, /* VAR_SSL_SERVICE_KEY */ + VAR_SSL_SERVICE_PEM = 395, /* VAR_SSL_SERVICE_PEM */ + VAR_SSL_PORT = 396, /* VAR_SSL_PORT */ + VAR_FORWARD_FIRST = 397, /* VAR_FORWARD_FIRST */ + VAR_STUB_SSL_UPSTREAM = 398, /* VAR_STUB_SSL_UPSTREAM */ + VAR_FORWARD_SSL_UPSTREAM = 399, /* VAR_FORWARD_SSL_UPSTREAM */ + VAR_TLS_CERT_BUNDLE = 400, /* VAR_TLS_CERT_BUNDLE */ + VAR_HTTPS_PORT = 401, /* VAR_HTTPS_PORT */ + VAR_HTTP_ENDPOINT = 402, /* VAR_HTTP_ENDPOINT */ + VAR_HTTP_MAX_STREAMS = 403, /* VAR_HTTP_MAX_STREAMS */ + VAR_HTTP_QUERY_BUFFER_SIZE = 404, /* VAR_HTTP_QUERY_BUFFER_SIZE */ + VAR_HTTP_RESPONSE_BUFFER_SIZE = 405, /* VAR_HTTP_RESPONSE_BUFFER_SIZE */ + VAR_HTTP_NODELAY = 406, /* VAR_HTTP_NODELAY */ + VAR_HTTP_NOTLS_DOWNSTREAM = 407, /* VAR_HTTP_NOTLS_DOWNSTREAM */ + VAR_STUB_FIRST = 408, /* VAR_STUB_FIRST */ + VAR_MINIMAL_RESPONSES = 409, /* VAR_MINIMAL_RESPONSES */ + VAR_RRSET_ROUNDROBIN = 410, /* VAR_RRSET_ROUNDROBIN */ + VAR_MAX_UDP_SIZE = 411, /* VAR_MAX_UDP_SIZE */ + VAR_DELAY_CLOSE = 412, /* VAR_DELAY_CLOSE */ + VAR_UDP_CONNECT = 413, /* VAR_UDP_CONNECT */ + VAR_UNBLOCK_LAN_ZONES = 414, /* VAR_UNBLOCK_LAN_ZONES */ + VAR_INSECURE_LAN_ZONES = 415, /* VAR_INSECURE_LAN_ZONES */ + VAR_INFRA_CACHE_MIN_RTT = 416, /* VAR_INFRA_CACHE_MIN_RTT */ + VAR_INFRA_KEEP_PROBING = 417, /* VAR_INFRA_KEEP_PROBING */ + VAR_DNS64_PREFIX = 418, /* VAR_DNS64_PREFIX */ + VAR_DNS64_SYNTHALL = 419, /* VAR_DNS64_SYNTHALL */ + VAR_DNS64_IGNORE_AAAA = 420, /* VAR_DNS64_IGNORE_AAAA */ + VAR_DNSTAP = 421, /* VAR_DNSTAP */ + VAR_DNSTAP_ENABLE = 422, /* VAR_DNSTAP_ENABLE */ + VAR_DNSTAP_SOCKET_PATH = 423, /* VAR_DNSTAP_SOCKET_PATH */ + VAR_DNSTAP_IP = 424, /* VAR_DNSTAP_IP */ + VAR_DNSTAP_TLS = 425, /* VAR_DNSTAP_TLS */ + VAR_DNSTAP_TLS_SERVER_NAME = 426, /* VAR_DNSTAP_TLS_SERVER_NAME */ + VAR_DNSTAP_TLS_CERT_BUNDLE = 427, /* VAR_DNSTAP_TLS_CERT_BUNDLE */ + VAR_DNSTAP_TLS_CLIENT_KEY_FILE = 428, /* VAR_DNSTAP_TLS_CLIENT_KEY_FILE */ + VAR_DNSTAP_TLS_CLIENT_CERT_FILE = 429, /* VAR_DNSTAP_TLS_CLIENT_CERT_FILE */ + VAR_DNSTAP_SEND_IDENTITY = 430, /* VAR_DNSTAP_SEND_IDENTITY */ + VAR_DNSTAP_SEND_VERSION = 431, /* VAR_DNSTAP_SEND_VERSION */ + VAR_DNSTAP_BIDIRECTIONAL = 432, /* VAR_DNSTAP_BIDIRECTIONAL */ + VAR_DNSTAP_IDENTITY = 433, /* VAR_DNSTAP_IDENTITY */ + VAR_DNSTAP_VERSION = 434, /* VAR_DNSTAP_VERSION */ + VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES = 435, /* VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES */ + VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES = 436, /* VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES */ + VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES = 437, /* VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES */ + VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES = 438, /* VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES */ + VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES = 439, /* VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES */ + VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES = 440, /* VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES */ + VAR_RESPONSE_IP_TAG = 441, /* VAR_RESPONSE_IP_TAG */ + VAR_RESPONSE_IP = 442, /* VAR_RESPONSE_IP */ + VAR_RESPONSE_IP_DATA = 443, /* VAR_RESPONSE_IP_DATA */ + VAR_HARDEN_ALGO_DOWNGRADE = 444, /* VAR_HARDEN_ALGO_DOWNGRADE */ + VAR_IP_TRANSPARENT = 445, /* VAR_IP_TRANSPARENT */ + VAR_IP_DSCP = 446, /* VAR_IP_DSCP */ + VAR_DISABLE_DNSSEC_LAME_CHECK = 447, /* VAR_DISABLE_DNSSEC_LAME_CHECK */ + VAR_IP_RATELIMIT = 448, /* VAR_IP_RATELIMIT */ + VAR_IP_RATELIMIT_SLABS = 449, /* VAR_IP_RATELIMIT_SLABS */ + VAR_IP_RATELIMIT_SIZE = 450, /* VAR_IP_RATELIMIT_SIZE */ + VAR_RATELIMIT = 451, /* VAR_RATELIMIT */ + VAR_RATELIMIT_SLABS = 452, /* VAR_RATELIMIT_SLABS */ + VAR_RATELIMIT_SIZE = 453, /* VAR_RATELIMIT_SIZE */ + VAR_RATELIMIT_FOR_DOMAIN = 454, /* VAR_RATELIMIT_FOR_DOMAIN */ + VAR_RATELIMIT_BELOW_DOMAIN = 455, /* VAR_RATELIMIT_BELOW_DOMAIN */ + VAR_IP_RATELIMIT_FACTOR = 456, /* VAR_IP_RATELIMIT_FACTOR */ + VAR_RATELIMIT_FACTOR = 457, /* VAR_RATELIMIT_FACTOR */ + VAR_SEND_CLIENT_SUBNET = 458, /* VAR_SEND_CLIENT_SUBNET */ + VAR_CLIENT_SUBNET_ZONE = 459, /* VAR_CLIENT_SUBNET_ZONE */ + VAR_CLIENT_SUBNET_ALWAYS_FORWARD = 460, /* VAR_CLIENT_SUBNET_ALWAYS_FORWARD */ + VAR_CLIENT_SUBNET_OPCODE = 461, /* VAR_CLIENT_SUBNET_OPCODE */ + VAR_MAX_CLIENT_SUBNET_IPV4 = 462, /* VAR_MAX_CLIENT_SUBNET_IPV4 */ + VAR_MAX_CLIENT_SUBNET_IPV6 = 463, /* VAR_MAX_CLIENT_SUBNET_IPV6 */ + VAR_MIN_CLIENT_SUBNET_IPV4 = 464, /* VAR_MIN_CLIENT_SUBNET_IPV4 */ + VAR_MIN_CLIENT_SUBNET_IPV6 = 465, /* VAR_MIN_CLIENT_SUBNET_IPV6 */ + VAR_MAX_ECS_TREE_SIZE_IPV4 = 466, /* VAR_MAX_ECS_TREE_SIZE_IPV4 */ + VAR_MAX_ECS_TREE_SIZE_IPV6 = 467, /* VAR_MAX_ECS_TREE_SIZE_IPV6 */ + VAR_CAPS_WHITELIST = 468, /* VAR_CAPS_WHITELIST */ + VAR_CACHE_MAX_NEGATIVE_TTL = 469, /* VAR_CACHE_MAX_NEGATIVE_TTL */ + VAR_PERMIT_SMALL_HOLDDOWN = 470, /* VAR_PERMIT_SMALL_HOLDDOWN */ + VAR_QNAME_MINIMISATION = 471, /* VAR_QNAME_MINIMISATION */ + VAR_QNAME_MINIMISATION_STRICT = 472, /* VAR_QNAME_MINIMISATION_STRICT */ + VAR_IP_FREEBIND = 473, /* VAR_IP_FREEBIND */ + VAR_DEFINE_TAG = 474, /* VAR_DEFINE_TAG */ + VAR_LOCAL_ZONE_TAG = 475, /* VAR_LOCAL_ZONE_TAG */ + VAR_ACCESS_CONTROL_TAG = 476, /* VAR_ACCESS_CONTROL_TAG */ + VAR_LOCAL_ZONE_OVERRIDE = 477, /* VAR_LOCAL_ZONE_OVERRIDE */ + VAR_ACCESS_CONTROL_TAG_ACTION = 478, /* VAR_ACCESS_CONTROL_TAG_ACTION */ + VAR_ACCESS_CONTROL_TAG_DATA = 479, /* VAR_ACCESS_CONTROL_TAG_DATA */ + VAR_VIEW = 480, /* VAR_VIEW */ + VAR_ACCESS_CONTROL_VIEW = 481, /* VAR_ACCESS_CONTROL_VIEW */ + VAR_VIEW_FIRST = 482, /* VAR_VIEW_FIRST */ + VAR_SERVE_EXPIRED = 483, /* VAR_SERVE_EXPIRED */ + VAR_SERVE_EXPIRED_TTL = 484, /* VAR_SERVE_EXPIRED_TTL */ + VAR_SERVE_EXPIRED_TTL_RESET = 485, /* VAR_SERVE_EXPIRED_TTL_RESET */ + VAR_SERVE_EXPIRED_REPLY_TTL = 486, /* VAR_SERVE_EXPIRED_REPLY_TTL */ + VAR_SERVE_EXPIRED_CLIENT_TIMEOUT = 487, /* VAR_SERVE_EXPIRED_CLIENT_TIMEOUT */ + VAR_SERVE_ORIGINAL_TTL = 488, /* VAR_SERVE_ORIGINAL_TTL */ + VAR_FAKE_DSA = 489, /* VAR_FAKE_DSA */ + VAR_FAKE_SHA1 = 490, /* VAR_FAKE_SHA1 */ + VAR_LOG_IDENTITY = 491, /* VAR_LOG_IDENTITY */ + VAR_HIDE_TRUSTANCHOR = 492, /* VAR_HIDE_TRUSTANCHOR */ + VAR_HIDE_HTTP_USER_AGENT = 493, /* VAR_HIDE_HTTP_USER_AGENT */ + VAR_HTTP_USER_AGENT = 494, /* VAR_HTTP_USER_AGENT */ + VAR_TRUST_ANCHOR_SIGNALING = 495, /* VAR_TRUST_ANCHOR_SIGNALING */ + VAR_AGGRESSIVE_NSEC = 496, /* VAR_AGGRESSIVE_NSEC */ + VAR_USE_SYSTEMD = 497, /* VAR_USE_SYSTEMD */ + VAR_SHM_ENABLE = 498, /* VAR_SHM_ENABLE */ + VAR_SHM_KEY = 499, /* VAR_SHM_KEY */ + VAR_ROOT_KEY_SENTINEL = 500, /* VAR_ROOT_KEY_SENTINEL */ + VAR_DNSCRYPT = 501, /* VAR_DNSCRYPT */ + VAR_DNSCRYPT_ENABLE = 502, /* VAR_DNSCRYPT_ENABLE */ + VAR_DNSCRYPT_PORT = 503, /* VAR_DNSCRYPT_PORT */ + VAR_DNSCRYPT_PROVIDER = 504, /* VAR_DNSCRYPT_PROVIDER */ + VAR_DNSCRYPT_SECRET_KEY = 505, /* VAR_DNSCRYPT_SECRET_KEY */ + VAR_DNSCRYPT_PROVIDER_CERT = 506, /* VAR_DNSCRYPT_PROVIDER_CERT */ + VAR_DNSCRYPT_PROVIDER_CERT_ROTATED = 507, /* VAR_DNSCRYPT_PROVIDER_CERT_ROTATED */ + VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE = 508, /* VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE */ + VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS = 509, /* VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS */ + VAR_DNSCRYPT_NONCE_CACHE_SIZE = 510, /* VAR_DNSCRYPT_NONCE_CACHE_SIZE */ + VAR_DNSCRYPT_NONCE_CACHE_SLABS = 511, /* VAR_DNSCRYPT_NONCE_CACHE_SLABS */ + VAR_PAD_RESPONSES = 512, /* VAR_PAD_RESPONSES */ + VAR_PAD_RESPONSES_BLOCK_SIZE = 513, /* VAR_PAD_RESPONSES_BLOCK_SIZE */ + VAR_PAD_QUERIES = 514, /* VAR_PAD_QUERIES */ + VAR_PAD_QUERIES_BLOCK_SIZE = 515, /* VAR_PAD_QUERIES_BLOCK_SIZE */ + VAR_IPSECMOD_ENABLED = 516, /* VAR_IPSECMOD_ENABLED */ + VAR_IPSECMOD_HOOK = 517, /* VAR_IPSECMOD_HOOK */ + VAR_IPSECMOD_IGNORE_BOGUS = 518, /* VAR_IPSECMOD_IGNORE_BOGUS */ + VAR_IPSECMOD_MAX_TTL = 519, /* VAR_IPSECMOD_MAX_TTL */ + VAR_IPSECMOD_WHITELIST = 520, /* VAR_IPSECMOD_WHITELIST */ + VAR_IPSECMOD_STRICT = 521, /* VAR_IPSECMOD_STRICT */ + VAR_CACHEDB = 522, /* VAR_CACHEDB */ + VAR_CACHEDB_BACKEND = 523, /* VAR_CACHEDB_BACKEND */ + VAR_CACHEDB_SECRETSEED = 524, /* VAR_CACHEDB_SECRETSEED */ + VAR_CACHEDB_REDISHOST = 525, /* VAR_CACHEDB_REDISHOST */ + VAR_CACHEDB_REDISPORT = 526, /* VAR_CACHEDB_REDISPORT */ + VAR_CACHEDB_REDISTIMEOUT = 527, /* VAR_CACHEDB_REDISTIMEOUT */ + VAR_CACHEDB_REDISEXPIRERECORDS = 528, /* VAR_CACHEDB_REDISEXPIRERECORDS */ + VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM = 529, /* VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM */ + VAR_FOR_UPSTREAM = 530, /* VAR_FOR_UPSTREAM */ + VAR_AUTH_ZONE = 531, /* VAR_AUTH_ZONE */ + VAR_ZONEFILE = 532, /* VAR_ZONEFILE */ + VAR_MASTER = 533, /* VAR_MASTER */ + VAR_URL = 534, /* VAR_URL */ + VAR_FOR_DOWNSTREAM = 535, /* VAR_FOR_DOWNSTREAM */ + VAR_FALLBACK_ENABLED = 536, /* VAR_FALLBACK_ENABLED */ + VAR_TLS_ADDITIONAL_PORT = 537, /* VAR_TLS_ADDITIONAL_PORT */ + VAR_LOW_RTT = 538, /* VAR_LOW_RTT */ + VAR_LOW_RTT_PERMIL = 539, /* VAR_LOW_RTT_PERMIL */ + VAR_FAST_SERVER_PERMIL = 540, /* VAR_FAST_SERVER_PERMIL */ + VAR_FAST_SERVER_NUM = 541, /* VAR_FAST_SERVER_NUM */ + VAR_ALLOW_NOTIFY = 542, /* VAR_ALLOW_NOTIFY */ + VAR_TLS_WIN_CERT = 543, /* VAR_TLS_WIN_CERT */ + VAR_TCP_CONNECTION_LIMIT = 544, /* VAR_TCP_CONNECTION_LIMIT */ + VAR_FORWARD_NO_CACHE = 545, /* VAR_FORWARD_NO_CACHE */ + VAR_STUB_NO_CACHE = 546, /* VAR_STUB_NO_CACHE */ + VAR_LOG_SERVFAIL = 547, /* VAR_LOG_SERVFAIL */ + VAR_DENY_ANY = 548, /* VAR_DENY_ANY */ + VAR_UNKNOWN_SERVER_TIME_LIMIT = 549, /* VAR_UNKNOWN_SERVER_TIME_LIMIT */ + VAR_LOG_TAG_QUERYREPLY = 550, /* VAR_LOG_TAG_QUERYREPLY */ + VAR_STREAM_WAIT_SIZE = 551, /* VAR_STREAM_WAIT_SIZE */ + VAR_TLS_CIPHERS = 552, /* VAR_TLS_CIPHERS */ + VAR_TLS_CIPHERSUITES = 553, /* VAR_TLS_CIPHERSUITES */ + VAR_TLS_USE_SNI = 554, /* VAR_TLS_USE_SNI */ + VAR_IPSET = 555, /* VAR_IPSET */ + VAR_IPSET_NAME_V4 = 556, /* VAR_IPSET_NAME_V4 */ + VAR_IPSET_NAME_V6 = 557, /* VAR_IPSET_NAME_V6 */ + VAR_TLS_SESSION_TICKET_KEYS = 558, /* VAR_TLS_SESSION_TICKET_KEYS */ + VAR_RPZ = 559, /* VAR_RPZ */ + VAR_TAGS = 560, /* VAR_TAGS */ + VAR_RPZ_ACTION_OVERRIDE = 561, /* VAR_RPZ_ACTION_OVERRIDE */ + VAR_RPZ_CNAME_OVERRIDE = 562, /* VAR_RPZ_CNAME_OVERRIDE */ + VAR_RPZ_LOG = 563, /* VAR_RPZ_LOG */ + VAR_RPZ_LOG_NAME = 564, /* VAR_RPZ_LOG_NAME */ + VAR_DYNLIB = 565, /* VAR_DYNLIB */ + VAR_DYNLIB_FILE = 566, /* VAR_DYNLIB_FILE */ + VAR_EDNS_CLIENT_STRING = 567, /* VAR_EDNS_CLIENT_STRING */ + VAR_EDNS_CLIENT_STRING_OPCODE = 568, /* VAR_EDNS_CLIENT_STRING_OPCODE */ + VAR_NSID = 569, /* VAR_NSID */ + VAR_ZONEMD_PERMISSIVE_MODE = 570, /* VAR_ZONEMD_PERMISSIVE_MODE */ + VAR_ZONEMD_CHECK = 571, /* VAR_ZONEMD_CHECK */ + VAR_ZONEMD_REJECT_ABSENCE = 572 /* VAR_ZONEMD_REJECT_ABSENCE */ }; typedef enum yytokentype yytoken_kind_t; #endif @@ -469,210 +478,219 @@ extern int yydebug; #define VAR_CONTROL_KEY_FILE 357 #define VAR_CONTROL_CERT_FILE 358 #define VAR_CONTROL_USE_CERT 359 -#define VAR_EXTENDED_STATISTICS 360 -#define VAR_LOCAL_DATA_PTR 361 -#define VAR_JOSTLE_TIMEOUT 362 -#define VAR_STUB_PRIME 363 -#define VAR_UNWANTED_REPLY_THRESHOLD 364 -#define VAR_LOG_TIME_ASCII 365 -#define VAR_DOMAIN_INSECURE 366 -#define VAR_PYTHON 367 -#define VAR_PYTHON_SCRIPT 368 -#define VAR_VAL_SIG_SKEW_MIN 369 -#define VAR_VAL_SIG_SKEW_MAX 370 -#define VAR_CACHE_MIN_TTL 371 -#define VAR_VAL_LOG_LEVEL 372 -#define VAR_AUTO_TRUST_ANCHOR_FILE 373 -#define VAR_KEEP_MISSING 374 -#define VAR_ADD_HOLDDOWN 375 -#define VAR_DEL_HOLDDOWN 376 -#define VAR_SO_RCVBUF 377 -#define VAR_EDNS_BUFFER_SIZE 378 -#define VAR_PREFETCH 379 -#define VAR_PREFETCH_KEY 380 -#define VAR_SO_SNDBUF 381 -#define VAR_SO_REUSEPORT 382 -#define VAR_HARDEN_BELOW_NXDOMAIN 383 -#define VAR_IGNORE_CD_FLAG 384 -#define VAR_LOG_QUERIES 385 -#define VAR_LOG_REPLIES 386 -#define VAR_LOG_LOCAL_ACTIONS 387 -#define VAR_TCP_UPSTREAM 388 -#define VAR_SSL_UPSTREAM 389 -#define VAR_SSL_SERVICE_KEY 390 -#define VAR_SSL_SERVICE_PEM 391 -#define VAR_SSL_PORT 392 -#define VAR_FORWARD_FIRST 393 -#define VAR_STUB_SSL_UPSTREAM 394 -#define VAR_FORWARD_SSL_UPSTREAM 395 -#define VAR_TLS_CERT_BUNDLE 396 -#define VAR_HTTPS_PORT 397 -#define VAR_HTTP_ENDPOINT 398 -#define VAR_HTTP_MAX_STREAMS 399 -#define VAR_HTTP_QUERY_BUFFER_SIZE 400 -#define VAR_HTTP_RESPONSE_BUFFER_SIZE 401 -#define VAR_HTTP_NODELAY 402 -#define VAR_HTTP_NOTLS_DOWNSTREAM 403 -#define VAR_STUB_FIRST 404 -#define VAR_MINIMAL_RESPONSES 405 -#define VAR_RRSET_ROUNDROBIN 406 -#define VAR_MAX_UDP_SIZE 407 -#define VAR_DELAY_CLOSE 408 -#define VAR_UDP_CONNECT 409 -#define VAR_UNBLOCK_LAN_ZONES 410 -#define VAR_INSECURE_LAN_ZONES 411 -#define VAR_INFRA_CACHE_MIN_RTT 412 -#define VAR_INFRA_KEEP_PROBING 413 -#define VAR_DNS64_PREFIX 414 -#define VAR_DNS64_SYNTHALL 415 -#define VAR_DNS64_IGNORE_AAAA 416 -#define VAR_DNSTAP 417 -#define VAR_DNSTAP_ENABLE 418 -#define VAR_DNSTAP_SOCKET_PATH 419 -#define VAR_DNSTAP_IP 420 -#define VAR_DNSTAP_TLS 421 -#define VAR_DNSTAP_TLS_SERVER_NAME 422 -#define VAR_DNSTAP_TLS_CERT_BUNDLE 423 -#define VAR_DNSTAP_TLS_CLIENT_KEY_FILE 424 -#define VAR_DNSTAP_TLS_CLIENT_CERT_FILE 425 -#define VAR_DNSTAP_SEND_IDENTITY 426 -#define VAR_DNSTAP_SEND_VERSION 427 -#define VAR_DNSTAP_BIDIRECTIONAL 428 -#define VAR_DNSTAP_IDENTITY 429 -#define VAR_DNSTAP_VERSION 430 -#define VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES 431 -#define VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES 432 -#define VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES 433 -#define VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES 434 -#define VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES 435 -#define VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES 436 -#define VAR_RESPONSE_IP_TAG 437 -#define VAR_RESPONSE_IP 438 -#define VAR_RESPONSE_IP_DATA 439 -#define VAR_HARDEN_ALGO_DOWNGRADE 440 -#define VAR_IP_TRANSPARENT 441 -#define VAR_IP_DSCP 442 -#define VAR_DISABLE_DNSSEC_LAME_CHECK 443 -#define VAR_IP_RATELIMIT 444 -#define VAR_IP_RATELIMIT_SLABS 445 -#define VAR_IP_RATELIMIT_SIZE 446 -#define VAR_RATELIMIT 447 -#define VAR_RATELIMIT_SLABS 448 -#define VAR_RATELIMIT_SIZE 449 -#define VAR_RATELIMIT_FOR_DOMAIN 450 -#define VAR_RATELIMIT_BELOW_DOMAIN 451 -#define VAR_IP_RATELIMIT_FACTOR 452 -#define VAR_RATELIMIT_FACTOR 453 -#define VAR_SEND_CLIENT_SUBNET 454 -#define VAR_CLIENT_SUBNET_ZONE 455 -#define VAR_CLIENT_SUBNET_ALWAYS_FORWARD 456 -#define VAR_CLIENT_SUBNET_OPCODE 457 -#define VAR_MAX_CLIENT_SUBNET_IPV4 458 -#define VAR_MAX_CLIENT_SUBNET_IPV6 459 -#define VAR_MIN_CLIENT_SUBNET_IPV4 460 -#define VAR_MIN_CLIENT_SUBNET_IPV6 461 -#define VAR_MAX_ECS_TREE_SIZE_IPV4 462 -#define VAR_MAX_ECS_TREE_SIZE_IPV6 463 -#define VAR_CAPS_WHITELIST 464 -#define VAR_CACHE_MAX_NEGATIVE_TTL 465 -#define VAR_PERMIT_SMALL_HOLDDOWN 466 -#define VAR_QNAME_MINIMISATION 467 -#define VAR_QNAME_MINIMISATION_STRICT 468 -#define VAR_IP_FREEBIND 469 -#define VAR_DEFINE_TAG 470 -#define VAR_LOCAL_ZONE_TAG 471 -#define VAR_ACCESS_CONTROL_TAG 472 -#define VAR_LOCAL_ZONE_OVERRIDE 473 -#define VAR_ACCESS_CONTROL_TAG_ACTION 474 -#define VAR_ACCESS_CONTROL_TAG_DATA 475 -#define VAR_VIEW 476 -#define VAR_ACCESS_CONTROL_VIEW 477 -#define VAR_VIEW_FIRST 478 -#define VAR_SERVE_EXPIRED 479 -#define VAR_SERVE_EXPIRED_TTL 480 -#define VAR_SERVE_EXPIRED_TTL_RESET 481 -#define VAR_SERVE_EXPIRED_REPLY_TTL 482 -#define VAR_SERVE_EXPIRED_CLIENT_TIMEOUT 483 -#define VAR_SERVE_ORIGINAL_TTL 484 -#define VAR_FAKE_DSA 485 -#define VAR_FAKE_SHA1 486 -#define VAR_LOG_IDENTITY 487 -#define VAR_HIDE_TRUSTANCHOR 488 -#define VAR_TRUST_ANCHOR_SIGNALING 489 -#define VAR_AGGRESSIVE_NSEC 490 -#define VAR_USE_SYSTEMD 491 -#define VAR_SHM_ENABLE 492 -#define VAR_SHM_KEY 493 -#define VAR_ROOT_KEY_SENTINEL 494 -#define VAR_DNSCRYPT 495 -#define VAR_DNSCRYPT_ENABLE 496 -#define VAR_DNSCRYPT_PORT 497 -#define VAR_DNSCRYPT_PROVIDER 498 -#define VAR_DNSCRYPT_SECRET_KEY 499 -#define VAR_DNSCRYPT_PROVIDER_CERT 500 -#define VAR_DNSCRYPT_PROVIDER_CERT_ROTATED 501 -#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE 502 -#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS 503 -#define VAR_DNSCRYPT_NONCE_CACHE_SIZE 504 -#define VAR_DNSCRYPT_NONCE_CACHE_SLABS 505 -#define VAR_PAD_RESPONSES 506 -#define VAR_PAD_RESPONSES_BLOCK_SIZE 507 -#define VAR_PAD_QUERIES 508 -#define VAR_PAD_QUERIES_BLOCK_SIZE 509 -#define VAR_IPSECMOD_ENABLED 510 -#define VAR_IPSECMOD_HOOK 511 -#define VAR_IPSECMOD_IGNORE_BOGUS 512 -#define VAR_IPSECMOD_MAX_TTL 513 -#define VAR_IPSECMOD_WHITELIST 514 -#define VAR_IPSECMOD_STRICT 515 -#define VAR_CACHEDB 516 -#define VAR_CACHEDB_BACKEND 517 -#define VAR_CACHEDB_SECRETSEED 518 -#define VAR_CACHEDB_REDISHOST 519 -#define VAR_CACHEDB_REDISPORT 520 -#define VAR_CACHEDB_REDISTIMEOUT 521 -#define VAR_CACHEDB_REDISEXPIRERECORDS 522 -#define VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM 523 -#define VAR_FOR_UPSTREAM 524 -#define VAR_AUTH_ZONE 525 -#define VAR_ZONEFILE 526 -#define VAR_MASTER 527 -#define VAR_URL 528 -#define VAR_FOR_DOWNSTREAM 529 -#define VAR_FALLBACK_ENABLED 530 -#define VAR_TLS_ADDITIONAL_PORT 531 -#define VAR_LOW_RTT 532 -#define VAR_LOW_RTT_PERMIL 533 -#define VAR_FAST_SERVER_PERMIL 534 -#define VAR_FAST_SERVER_NUM 535 -#define VAR_ALLOW_NOTIFY 536 -#define VAR_TLS_WIN_CERT 537 -#define VAR_TCP_CONNECTION_LIMIT 538 -#define VAR_FORWARD_NO_CACHE 539 -#define VAR_STUB_NO_CACHE 540 -#define VAR_LOG_SERVFAIL 541 -#define VAR_DENY_ANY 542 -#define VAR_UNKNOWN_SERVER_TIME_LIMIT 543 -#define VAR_LOG_TAG_QUERYREPLY 544 -#define VAR_STREAM_WAIT_SIZE 545 -#define VAR_TLS_CIPHERS 546 -#define VAR_TLS_CIPHERSUITES 547 -#define VAR_TLS_USE_SNI 548 -#define VAR_IPSET 549 -#define VAR_IPSET_NAME_V4 550 -#define VAR_IPSET_NAME_V6 551 -#define VAR_TLS_SESSION_TICKET_KEYS 552 -#define VAR_RPZ 553 -#define VAR_TAGS 554 -#define VAR_RPZ_ACTION_OVERRIDE 555 -#define VAR_RPZ_CNAME_OVERRIDE 556 -#define VAR_RPZ_LOG 557 -#define VAR_RPZ_LOG_NAME 558 -#define VAR_DYNLIB 559 -#define VAR_DYNLIB_FILE 560 -#define VAR_EDNS_CLIENT_STRING 561 -#define VAR_EDNS_CLIENT_STRING_OPCODE 562 -#define VAR_NSID 563 +#define VAR_TCP_REUSE_TIMEOUT 360 +#define VAR_MAX_REUSE_TCP_QUERIES 361 +#define VAR_EXTENDED_STATISTICS 362 +#define VAR_LOCAL_DATA_PTR 363 +#define VAR_JOSTLE_TIMEOUT 364 +#define VAR_STUB_PRIME 365 +#define VAR_UNWANTED_REPLY_THRESHOLD 366 +#define VAR_LOG_TIME_ASCII 367 +#define VAR_DOMAIN_INSECURE 368 +#define VAR_PYTHON 369 +#define VAR_PYTHON_SCRIPT 370 +#define VAR_VAL_SIG_SKEW_MIN 371 +#define VAR_VAL_SIG_SKEW_MAX 372 +#define VAR_VAL_MAX_RESTART 373 +#define VAR_CACHE_MIN_TTL 374 +#define VAR_VAL_LOG_LEVEL 375 +#define VAR_AUTO_TRUST_ANCHOR_FILE 376 +#define VAR_KEEP_MISSING 377 +#define VAR_ADD_HOLDDOWN 378 +#define VAR_DEL_HOLDDOWN 379 +#define VAR_SO_RCVBUF 380 +#define VAR_EDNS_BUFFER_SIZE 381 +#define VAR_PREFETCH 382 +#define VAR_PREFETCH_KEY 383 +#define VAR_SO_SNDBUF 384 +#define VAR_SO_REUSEPORT 385 +#define VAR_HARDEN_BELOW_NXDOMAIN 386 +#define VAR_IGNORE_CD_FLAG 387 +#define VAR_LOG_QUERIES 388 +#define VAR_LOG_REPLIES 389 +#define VAR_LOG_LOCAL_ACTIONS 390 +#define VAR_TCP_UPSTREAM 391 +#define VAR_SSL_UPSTREAM 392 +#define VAR_TCP_AUTH_QUERY_TIMEOUT 393 +#define VAR_SSL_SERVICE_KEY 394 +#define VAR_SSL_SERVICE_PEM 395 +#define VAR_SSL_PORT 396 +#define VAR_FORWARD_FIRST 397 +#define VAR_STUB_SSL_UPSTREAM 398 +#define VAR_FORWARD_SSL_UPSTREAM 399 +#define VAR_TLS_CERT_BUNDLE 400 +#define VAR_HTTPS_PORT 401 +#define VAR_HTTP_ENDPOINT 402 +#define VAR_HTTP_MAX_STREAMS 403 +#define VAR_HTTP_QUERY_BUFFER_SIZE 404 +#define VAR_HTTP_RESPONSE_BUFFER_SIZE 405 +#define VAR_HTTP_NODELAY 406 +#define VAR_HTTP_NOTLS_DOWNSTREAM 407 +#define VAR_STUB_FIRST 408 +#define VAR_MINIMAL_RESPONSES 409 +#define VAR_RRSET_ROUNDROBIN 410 +#define VAR_MAX_UDP_SIZE 411 +#define VAR_DELAY_CLOSE 412 +#define VAR_UDP_CONNECT 413 +#define VAR_UNBLOCK_LAN_ZONES 414 +#define VAR_INSECURE_LAN_ZONES 415 +#define VAR_INFRA_CACHE_MIN_RTT 416 +#define VAR_INFRA_KEEP_PROBING 417 +#define VAR_DNS64_PREFIX 418 +#define VAR_DNS64_SYNTHALL 419 +#define VAR_DNS64_IGNORE_AAAA 420 +#define VAR_DNSTAP 421 +#define VAR_DNSTAP_ENABLE 422 +#define VAR_DNSTAP_SOCKET_PATH 423 +#define VAR_DNSTAP_IP 424 +#define VAR_DNSTAP_TLS 425 +#define VAR_DNSTAP_TLS_SERVER_NAME 426 +#define VAR_DNSTAP_TLS_CERT_BUNDLE 427 +#define VAR_DNSTAP_TLS_CLIENT_KEY_FILE 428 +#define VAR_DNSTAP_TLS_CLIENT_CERT_FILE 429 +#define VAR_DNSTAP_SEND_IDENTITY 430 +#define VAR_DNSTAP_SEND_VERSION 431 +#define VAR_DNSTAP_BIDIRECTIONAL 432 +#define VAR_DNSTAP_IDENTITY 433 +#define VAR_DNSTAP_VERSION 434 +#define VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES 435 +#define VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES 436 +#define VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES 437 +#define VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES 438 +#define VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES 439 +#define VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES 440 +#define VAR_RESPONSE_IP_TAG 441 +#define VAR_RESPONSE_IP 442 +#define VAR_RESPONSE_IP_DATA 443 +#define VAR_HARDEN_ALGO_DOWNGRADE 444 +#define VAR_IP_TRANSPARENT 445 +#define VAR_IP_DSCP 446 +#define VAR_DISABLE_DNSSEC_LAME_CHECK 447 +#define VAR_IP_RATELIMIT 448 +#define VAR_IP_RATELIMIT_SLABS 449 +#define VAR_IP_RATELIMIT_SIZE 450 +#define VAR_RATELIMIT 451 +#define VAR_RATELIMIT_SLABS 452 +#define VAR_RATELIMIT_SIZE 453 +#define VAR_RATELIMIT_FOR_DOMAIN 454 +#define VAR_RATELIMIT_BELOW_DOMAIN 455 +#define VAR_IP_RATELIMIT_FACTOR 456 +#define VAR_RATELIMIT_FACTOR 457 +#define VAR_SEND_CLIENT_SUBNET 458 +#define VAR_CLIENT_SUBNET_ZONE 459 +#define VAR_CLIENT_SUBNET_ALWAYS_FORWARD 460 +#define VAR_CLIENT_SUBNET_OPCODE 461 +#define VAR_MAX_CLIENT_SUBNET_IPV4 462 +#define VAR_MAX_CLIENT_SUBNET_IPV6 463 +#define VAR_MIN_CLIENT_SUBNET_IPV4 464 +#define VAR_MIN_CLIENT_SUBNET_IPV6 465 +#define VAR_MAX_ECS_TREE_SIZE_IPV4 466 +#define VAR_MAX_ECS_TREE_SIZE_IPV6 467 +#define VAR_CAPS_WHITELIST 468 +#define VAR_CACHE_MAX_NEGATIVE_TTL 469 +#define VAR_PERMIT_SMALL_HOLDDOWN 470 +#define VAR_QNAME_MINIMISATION 471 +#define VAR_QNAME_MINIMISATION_STRICT 472 +#define VAR_IP_FREEBIND 473 +#define VAR_DEFINE_TAG 474 +#define VAR_LOCAL_ZONE_TAG 475 +#define VAR_ACCESS_CONTROL_TAG 476 +#define VAR_LOCAL_ZONE_OVERRIDE 477 +#define VAR_ACCESS_CONTROL_TAG_ACTION 478 +#define VAR_ACCESS_CONTROL_TAG_DATA 479 +#define VAR_VIEW 480 +#define VAR_ACCESS_CONTROL_VIEW 481 +#define VAR_VIEW_FIRST 482 +#define VAR_SERVE_EXPIRED 483 +#define VAR_SERVE_EXPIRED_TTL 484 +#define VAR_SERVE_EXPIRED_TTL_RESET 485 +#define VAR_SERVE_EXPIRED_REPLY_TTL 486 +#define VAR_SERVE_EXPIRED_CLIENT_TIMEOUT 487 +#define VAR_SERVE_ORIGINAL_TTL 488 +#define VAR_FAKE_DSA 489 +#define VAR_FAKE_SHA1 490 +#define VAR_LOG_IDENTITY 491 +#define VAR_HIDE_TRUSTANCHOR 492 +#define VAR_HIDE_HTTP_USER_AGENT 493 +#define VAR_HTTP_USER_AGENT 494 +#define VAR_TRUST_ANCHOR_SIGNALING 495 +#define VAR_AGGRESSIVE_NSEC 496 +#define VAR_USE_SYSTEMD 497 +#define VAR_SHM_ENABLE 498 +#define VAR_SHM_KEY 499 +#define VAR_ROOT_KEY_SENTINEL 500 +#define VAR_DNSCRYPT 501 +#define VAR_DNSCRYPT_ENABLE 502 +#define VAR_DNSCRYPT_PORT 503 +#define VAR_DNSCRYPT_PROVIDER 504 +#define VAR_DNSCRYPT_SECRET_KEY 505 +#define VAR_DNSCRYPT_PROVIDER_CERT 506 +#define VAR_DNSCRYPT_PROVIDER_CERT_ROTATED 507 +#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE 508 +#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS 509 +#define VAR_DNSCRYPT_NONCE_CACHE_SIZE 510 +#define VAR_DNSCRYPT_NONCE_CACHE_SLABS 511 +#define VAR_PAD_RESPONSES 512 +#define VAR_PAD_RESPONSES_BLOCK_SIZE 513 +#define VAR_PAD_QUERIES 514 +#define VAR_PAD_QUERIES_BLOCK_SIZE 515 +#define VAR_IPSECMOD_ENABLED 516 +#define VAR_IPSECMOD_HOOK 517 +#define VAR_IPSECMOD_IGNORE_BOGUS 518 +#define VAR_IPSECMOD_MAX_TTL 519 +#define VAR_IPSECMOD_WHITELIST 520 +#define VAR_IPSECMOD_STRICT 521 +#define VAR_CACHEDB 522 +#define VAR_CACHEDB_BACKEND 523 +#define VAR_CACHEDB_SECRETSEED 524 +#define VAR_CACHEDB_REDISHOST 525 +#define VAR_CACHEDB_REDISPORT 526 +#define VAR_CACHEDB_REDISTIMEOUT 527 +#define VAR_CACHEDB_REDISEXPIRERECORDS 528 +#define VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM 529 +#define VAR_FOR_UPSTREAM 530 +#define VAR_AUTH_ZONE 531 +#define VAR_ZONEFILE 532 +#define VAR_MASTER 533 +#define VAR_URL 534 +#define VAR_FOR_DOWNSTREAM 535 +#define VAR_FALLBACK_ENABLED 536 +#define VAR_TLS_ADDITIONAL_PORT 537 +#define VAR_LOW_RTT 538 +#define VAR_LOW_RTT_PERMIL 539 +#define VAR_FAST_SERVER_PERMIL 540 +#define VAR_FAST_SERVER_NUM 541 +#define VAR_ALLOW_NOTIFY 542 +#define VAR_TLS_WIN_CERT 543 +#define VAR_TCP_CONNECTION_LIMIT 544 +#define VAR_FORWARD_NO_CACHE 545 +#define VAR_STUB_NO_CACHE 546 +#define VAR_LOG_SERVFAIL 547 +#define VAR_DENY_ANY 548 +#define VAR_UNKNOWN_SERVER_TIME_LIMIT 549 +#define VAR_LOG_TAG_QUERYREPLY 550 +#define VAR_STREAM_WAIT_SIZE 551 +#define VAR_TLS_CIPHERS 552 +#define VAR_TLS_CIPHERSUITES 553 +#define VAR_TLS_USE_SNI 554 +#define VAR_IPSET 555 +#define VAR_IPSET_NAME_V4 556 +#define VAR_IPSET_NAME_V6 557 +#define VAR_TLS_SESSION_TICKET_KEYS 558 +#define VAR_RPZ 559 +#define VAR_TAGS 560 +#define VAR_RPZ_ACTION_OVERRIDE 561 +#define VAR_RPZ_CNAME_OVERRIDE 562 +#define VAR_RPZ_LOG 563 +#define VAR_RPZ_LOG_NAME 564 +#define VAR_DYNLIB 565 +#define VAR_DYNLIB_FILE 566 +#define VAR_EDNS_CLIENT_STRING 567 +#define VAR_EDNS_CLIENT_STRING_OPCODE 568 +#define VAR_NSID 569 +#define VAR_ZONEMD_PERMISSIVE_MODE 570 +#define VAR_ZONEMD_CHECK 571 +#define VAR_ZONEMD_REJECT_ABSENCE 572 /* Value type. */ #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED @@ -682,7 +700,7 @@ union YYSTYPE char* str; -#line 686 "util/configparser.h" +#line 704 "util/configparser.h" }; typedef union YYSTYPE YYSTYPE; diff --git a/util/configparser.y b/util/configparser.y index 272a97969397..e22d48d41055 100644 --- a/util/configparser.y +++ b/util/configparser.y @@ -100,17 +100,18 @@ extern struct config_parser_state* cfg_parser; %token VAR_PRIVATE_DOMAIN VAR_REMOTE_CONTROL VAR_CONTROL_ENABLE %token VAR_CONTROL_INTERFACE VAR_CONTROL_PORT VAR_SERVER_KEY_FILE %token VAR_SERVER_CERT_FILE VAR_CONTROL_KEY_FILE VAR_CONTROL_CERT_FILE -%token VAR_CONTROL_USE_CERT +%token VAR_CONTROL_USE_CERT VAR_TCP_REUSE_TIMEOUT VAR_MAX_REUSE_TCP_QUERIES %token VAR_EXTENDED_STATISTICS VAR_LOCAL_DATA_PTR VAR_JOSTLE_TIMEOUT %token VAR_STUB_PRIME VAR_UNWANTED_REPLY_THRESHOLD VAR_LOG_TIME_ASCII %token VAR_DOMAIN_INSECURE VAR_PYTHON VAR_PYTHON_SCRIPT VAR_VAL_SIG_SKEW_MIN -%token VAR_VAL_SIG_SKEW_MAX VAR_CACHE_MIN_TTL VAR_VAL_LOG_LEVEL -%token VAR_AUTO_TRUST_ANCHOR_FILE VAR_KEEP_MISSING VAR_ADD_HOLDDOWN -%token VAR_DEL_HOLDDOWN VAR_SO_RCVBUF VAR_EDNS_BUFFER_SIZE VAR_PREFETCH -%token VAR_PREFETCH_KEY VAR_SO_SNDBUF VAR_SO_REUSEPORT VAR_HARDEN_BELOW_NXDOMAIN -%token VAR_IGNORE_CD_FLAG VAR_LOG_QUERIES VAR_LOG_REPLIES VAR_LOG_LOCAL_ACTIONS -%token VAR_TCP_UPSTREAM VAR_SSL_UPSTREAM -%token VAR_SSL_SERVICE_KEY VAR_SSL_SERVICE_PEM VAR_SSL_PORT VAR_FORWARD_FIRST +%token VAR_VAL_SIG_SKEW_MAX VAR_VAL_MAX_RESTART VAR_CACHE_MIN_TTL +%token VAR_VAL_LOG_LEVEL VAR_AUTO_TRUST_ANCHOR_FILE VAR_KEEP_MISSING +%token VAR_ADD_HOLDDOWN VAR_DEL_HOLDDOWN VAR_SO_RCVBUF VAR_EDNS_BUFFER_SIZE +%token VAR_PREFETCH VAR_PREFETCH_KEY VAR_SO_SNDBUF VAR_SO_REUSEPORT +%token VAR_HARDEN_BELOW_NXDOMAIN VAR_IGNORE_CD_FLAG VAR_LOG_QUERIES +%token VAR_LOG_REPLIES VAR_LOG_LOCAL_ACTIONS VAR_TCP_UPSTREAM +%token VAR_SSL_UPSTREAM VAR_TCP_AUTH_QUERY_TIMEOUT VAR_SSL_SERVICE_KEY +%token VAR_SSL_SERVICE_PEM VAR_SSL_PORT VAR_FORWARD_FIRST %token VAR_STUB_SSL_UPSTREAM VAR_FORWARD_SSL_UPSTREAM VAR_TLS_CERT_BUNDLE %token VAR_HTTPS_PORT VAR_HTTP_ENDPOINT VAR_HTTP_MAX_STREAMS %token VAR_HTTP_QUERY_BUFFER_SIZE VAR_HTTP_RESPONSE_BUFFER_SIZE @@ -153,6 +154,7 @@ extern struct config_parser_state* cfg_parser; %token VAR_SERVE_EXPIRED_TTL_RESET VAR_SERVE_EXPIRED_REPLY_TTL %token VAR_SERVE_EXPIRED_CLIENT_TIMEOUT VAR_SERVE_ORIGINAL_TTL VAR_FAKE_DSA %token VAR_FAKE_SHA1 VAR_LOG_IDENTITY VAR_HIDE_TRUSTANCHOR +%token VAR_HIDE_HTTP_USER_AGENT VAR_HTTP_USER_AGENT %token VAR_TRUST_ANCHOR_SIGNALING VAR_AGGRESSIVE_NSEC VAR_USE_SYSTEMD %token VAR_SHM_ENABLE VAR_SHM_KEY VAR_ROOT_KEY_SENTINEL %token VAR_DNSCRYPT VAR_DNSCRYPT_ENABLE VAR_DNSCRYPT_PORT VAR_DNSCRYPT_PROVIDER @@ -182,6 +184,7 @@ extern struct config_parser_state* cfg_parser; %token VAR_RPZ_CNAME_OVERRIDE VAR_RPZ_LOG VAR_RPZ_LOG_NAME %token VAR_DYNLIB VAR_DYNLIB_FILE VAR_EDNS_CLIENT_STRING %token VAR_EDNS_CLIENT_STRING_OPCODE VAR_NSID +%token VAR_ZONEMD_PERMISSIVE_MODE VAR_ZONEMD_CHECK VAR_ZONEMD_REJECT_ABSENCE %% toplevelvars: /* empty */ | toplevelvars toplevelvar ; @@ -223,6 +226,7 @@ content_server: server_num_threads | server_verbosity | server_port | server_harden_short_bufsize | server_harden_large_queries | server_do_not_query_address | server_hide_identity | server_hide_version | server_identity | server_version | + server_hide_http_user_agent | server_http_user_agent | server_harden_glue | server_module_conf | server_trust_anchor_file | server_trust_anchor | server_val_override_date | server_bogus_ttl | server_val_clean_additional | server_val_permissive_mode | @@ -242,8 +246,9 @@ content_server: server_num_threads | server_verbosity | server_port | server_local_data_ptr | server_jostle_timeout | server_unwanted_reply_threshold | server_log_time_ascii | server_domain_insecure | server_val_sig_skew_min | - server_val_sig_skew_max | server_cache_min_ttl | server_val_log_level | - server_auto_trust_anchor_file | server_add_holddown | + server_val_sig_skew_max | server_val_max_restart | + server_cache_min_ttl | server_val_log_level | + server_auto_trust_anchor_file | server_add_holddown | server_del_holddown | server_keep_missing | server_so_rcvbuf | server_edns_buffer_size | server_prefetch | server_prefetch_key | server_so_sndbuf | server_harden_below_nxdomain | server_ignore_cd_flag | @@ -299,7 +304,10 @@ content_server: server_num_threads | server_verbosity | server_port | server_stream_wait_size | server_tls_ciphers | server_tls_ciphersuites | server_tls_session_ticket_keys | server_tls_use_sni | server_edns_client_string | - server_edns_client_string_opcode | server_nsid + server_edns_client_string_opcode | server_nsid | + server_zonemd_permissive_mode | server_max_reuse_tcp_queries | + server_tcp_reuse_timeout | server_tcp_auth_query_timeout + ; stubstart: VAR_STUB_ZONE { @@ -366,6 +374,8 @@ authstart: VAR_AUTH_ZONE s->for_downstream = 1; s->for_upstream = 1; s->fallback_enabled = 0; + s->zonemd_check = 0; + s->zonemd_reject_absence = 0; s->isrpz = 0; } else yyerror("out of memory"); @@ -375,7 +385,7 @@ contents_auth: contents_auth content_auth | ; content_auth: auth_name | auth_zonefile | auth_master | auth_url | auth_for_downstream | auth_for_upstream | auth_fallback_enabled | - auth_allow_notify + auth_allow_notify | auth_zonemd_check | auth_zonemd_reject_absence ; rpz_tag: VAR_TAGS STRING_ARG @@ -856,6 +866,39 @@ server_tcp_idle_timeout: VAR_TCP_IDLE_TIMEOUT STRING_ARG free($2); } ; +server_max_reuse_tcp_queries: VAR_MAX_REUSE_TCP_QUERIES STRING_ARG + { + OUTYY(("P(server_max_reuse_tcp_queries:%s)\n", $2)); + if(atoi($2) == 0 && strcmp($2, "0") != 0) + yyerror("number expected"); + else if (atoi($2) < 1) + cfg_parser->cfg->max_reuse_tcp_queries = 0; + else cfg_parser->cfg->max_reuse_tcp_queries = atoi($2); + free($2); + } + ; +server_tcp_reuse_timeout: VAR_TCP_REUSE_TIMEOUT STRING_ARG + { + OUTYY(("P(server_tcp_reuse_timeout:%s)\n", $2)); + if(atoi($2) == 0 && strcmp($2, "0") != 0) + yyerror("number expected"); + else if (atoi($2) < 1) + cfg_parser->cfg->tcp_reuse_timeout = 0; + else cfg_parser->cfg->tcp_reuse_timeout = atoi($2); + free($2); + } + ; +server_tcp_auth_query_timeout: VAR_TCP_AUTH_QUERY_TIMEOUT STRING_ARG + { + OUTYY(("P(server_tcp_auth_query_timeout:%s)\n", $2)); + if(atoi($2) == 0 && strcmp($2, "0") != 0) + yyerror("number expected"); + else if (atoi($2) < 1) + cfg_parser->cfg->tcp_auth_query_timeout = 0; + else cfg_parser->cfg->tcp_auth_query_timeout = atoi($2); + free($2); + } + ; server_tcp_keepalive: VAR_EDNS_TCP_KEEPALIVE STRING_ARG { OUTYY(("P(server_tcp_keepalive:%s)\n", $2)); @@ -1296,6 +1339,15 @@ server_hide_trustanchor: VAR_HIDE_TRUSTANCHOR STRING_ARG free($2); } ; +server_hide_http_user_agent: VAR_HIDE_HTTP_USER_AGENT STRING_ARG + { + OUTYY(("P(server_hide_user_agent:%s)\n", $2)); + if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->hide_http_user_agent = (strcmp($2, "yes")==0); + free($2); + } + ; server_identity: VAR_IDENTITY STRING_ARG { OUTYY(("P(server_identity:%s)\n", $2)); @@ -1310,6 +1362,13 @@ server_version: VAR_VERSION STRING_ARG cfg_parser->cfg->version = $2; } ; +server_http_user_agent: VAR_HTTP_USER_AGENT STRING_ARG + { + OUTYY(("P(server_http_user_agent:%s)\n", $2)); + free(cfg_parser->cfg->http_user_agent); + cfg_parser->cfg->http_user_agent = $2; + } + ; server_nsid: VAR_NSID STRING_ARG { OUTYY(("P(server_nsid:%s)\n", $2)); @@ -1814,6 +1873,19 @@ server_val_sig_skew_max: VAR_VAL_SIG_SKEW_MAX STRING_ARG free($2); } ; +server_val_max_restart: VAR_VAL_MAX_RESTART STRING_ARG + { + OUTYY(("P(server_val_max_restart:%s)\n", $2)); + if(*$2 == '\0' || strcmp($2, "0") == 0) { + cfg_parser->cfg->val_max_restart = 0; + } else { + cfg_parser->cfg->val_max_restart = atoi($2); + if(!cfg_parser->cfg->val_max_restart) + yyerror("number expected"); + } + free($2); + } + ; server_cache_max_ttl: VAR_CACHE_MAX_TTL STRING_ARG { OUTYY(("P(server_cache_max_ttl:%s)\n", $2)); @@ -1986,6 +2058,15 @@ server_val_nsec3_keysize_iterations: VAR_VAL_NSEC3_KEYSIZE_ITERATIONS STRING_ARG cfg_parser->cfg->val_nsec3_key_iterations = $2; } ; +server_zonemd_permissive_mode: VAR_ZONEMD_PERMISSIVE_MODE STRING_ARG + { + OUTYY(("P(server_zonemd_permissive_mode:%s)\n", $2)); + if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->zonemd_permissive_mode = (strcmp($2, "yes")==0); + free($2); + } + ; server_add_holddown: VAR_ADD_HOLDDOWN STRING_ARG { OUTYY(("P(server_add_holddown:%s)\n", $2)); @@ -2741,6 +2822,26 @@ auth_allow_notify: VAR_ALLOW_NOTIFY STRING_ARG yyerror("out of memory"); } ; +auth_zonemd_check: VAR_ZONEMD_CHECK STRING_ARG + { + OUTYY(("P(zonemd-check:%s)\n", $2)); + if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->auths->zonemd_check = + (strcmp($2, "yes")==0); + free($2); + } + ; +auth_zonemd_reject_absence: VAR_ZONEMD_REJECT_ABSENCE STRING_ARG + { + OUTYY(("P(zonemd-reject-absence:%s)\n", $2)); + if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->auths->zonemd_reject_absence = + (strcmp($2, "yes")==0); + free($2); + } + ; auth_for_downstream: VAR_FOR_DOWNSTREAM STRING_ARG { OUTYY(("P(for-downstream:%s)\n", $2)); @@ -2791,13 +2892,20 @@ view_local_zone: VAR_LOCAL_ZONE STRING_ARG STRING_ARG && strcmp($3, "always_transparent")!=0 && strcmp($3, "always_refuse")!=0 && strcmp($3, "always_nxdomain")!=0 + && strcmp($3, "always_nodata")!=0 + && strcmp($3, "always_deny")!=0 + && strcmp($3, "always_null")!=0 && strcmp($3, "noview")!=0 - && strcmp($3, "inform")!=0 && strcmp($3, "inform_deny")!=0) { + && strcmp($3, "inform")!=0 && strcmp($3, "inform_deny")!=0 + && strcmp($3, "inform_redirect") != 0 + && strcmp($3, "ipset") != 0) { yyerror("local-zone type: expected static, deny, " "refuse, redirect, transparent, " "typetransparent, inform, inform_deny, " - "always_transparent, always_refuse, " - "always_nxdomain, noview or nodefault"); + "inform_redirect, always_transparent, " + "always_refuse, always_nxdomain, " + "always_nodata, always_deny, always_null, " + "noview, nodefault or ipset"); free($2); free($3); } else if(strcmp($3, "nodefault")==0) { diff --git a/util/data/dname.h b/util/data/dname.h index e37c11822b36..cb0f6735d924 100644 --- a/util/data/dname.h +++ b/util/data/dname.h @@ -261,7 +261,7 @@ int dname_is_root(uint8_t* dname); * Snip off first label from a dname, returning the parent zone. * @param dname: from what to strip off. uncompressed wireformat. * @param len: length, adjusted to become less. - * @return stripped off, or "." if input was ".". + * return stripped off, or "." if input was ".". */ void dname_remove_label(uint8_t** dname, size_t* len); @@ -271,7 +271,7 @@ void dname_remove_label(uint8_t** dname, size_t* len); * @param len: length, adjusted to become less. * @param n: number of labels to strip off (from the left). * if 0, nothing happens. - * @return stripped off, or "." if input was ".". + * return stripped off, or "." if input was ".". */ void dname_remove_labels(uint8_t** dname, size_t* len, int n); diff --git a/util/data/msgreply.c b/util/data/msgreply.c index 4830b343f0f3..00272fd1c64e 100644 --- a/util/data/msgreply.c +++ b/util/data/msgreply.c @@ -329,7 +329,10 @@ parse_create_rrset(sldns_buffer* pkt, struct rrset_parse* pset, return 0; /* copy & decompress */ if(!parse_rr_copy(pkt, pset, *data)) { - if(!region) free(*data); + if(!region) { + free(*data); + *data = NULL; + } return 0; } return 1; @@ -394,8 +397,13 @@ parse_copy_decompress_rrset(sldns_buffer* pkt, struct msg_parse* msg, pk->rk.type = htons(pset->type); pk->rk.rrset_class = pset->rrset_class; /** read data part. */ - if(!parse_create_rrset(pkt, pset, &data, region)) + if(!parse_create_rrset(pkt, pset, &data, region)) { + if(!region) { + free(pk->rk.dname); + pk->rk.dname = NULL; + } return 0; + } pk->entry.data = (void*)data; pk->entry.key = (void*)pk; pk->entry.hash = pset->hash; @@ -825,9 +833,15 @@ log_dns_msg(const char* str, struct query_info* qinfo, struct reply_info* rep) /* not particularly fast but flexible, make wireformat and print */ sldns_buffer* buf = sldns_buffer_new(65535); struct regional* region = regional_create(); - if(!reply_info_encode(qinfo, rep, 0, rep->flags, buf, 0, + if(!(buf && region)) { + log_err("%s: log_dns_msg: out of memory", str); + sldns_buffer_free(buf); + regional_destroy(region); + return; + } + if(!reply_info_encode(qinfo, rep, 0, rep->flags, buf, 0, region, 65535, 1, 0)) { - log_info("%s: log_dns_msg: out of memory", str); + log_err("%s: log_dns_msg: out of memory", str); } else { char* s = sldns_wire2str_pkt(sldns_buffer_begin(buf), sldns_buffer_limit(buf)); diff --git a/util/fptr_wlist.c b/util/fptr_wlist.c index a9e9d3a03239..de6dbd02a37d 100644 --- a/util/fptr_wlist.c +++ b/util/fptr_wlist.c @@ -196,8 +196,6 @@ int fptr_whitelist_pending_udp(comm_point_callback_type *fptr) { if(fptr == &serviced_udp_callback) return 1; - else if(fptr == &worker_handle_reply) return 1; - else if(fptr == &libworker_handle_reply) return 1; return 0; } @@ -205,8 +203,6 @@ int fptr_whitelist_pending_tcp(comm_point_callback_type *fptr) { if(fptr == &serviced_tcp_callback) return 1; - else if(fptr == &worker_handle_reply) return 1; - else if(fptr == &libworker_handle_reply) return 1; return 0; } @@ -583,6 +579,7 @@ int fptr_whitelist_mesh_cb(mesh_cb_func_type fptr) else if(fptr == &probe_answer_cb) return 1; else if(fptr == &auth_xfer_probe_lookup_callback) return 1; else if(fptr == &auth_xfer_transfer_lookup_callback) return 1; + else if(fptr == &auth_zonemd_dnskey_lookup_callback) return 1; return 0; } diff --git a/util/iana_ports.inc b/util/iana_ports.inc index 875851e6ac6d..b93af015da6f 100644 --- a/util/iana_ports.inc +++ b/util/iana_ports.inc @@ -118,7 +118,6 @@ 140, 141, 142, -143, 144, 145, 146, @@ -679,7 +678,6 @@ 990, 991, 992, -993, 995, 996, 997, @@ -4246,6 +4244,7 @@ 5504, 5505, 5506, +5540, 5553, 5554, 5555, @@ -4738,6 +4737,7 @@ 8006, 8007, 8008, +8017, 8019, 8020, 8021, @@ -5378,6 +5378,7 @@ 30999, 31016, 31029, +31337, 31416, 31457, 31620, diff --git a/util/net_help.c b/util/net_help.c index 3b5527adf430..06bc1f5dd7e6 100644 --- a/util/net_help.c +++ b/util/net_help.c @@ -887,7 +887,7 @@ log_cert(unsigned level, const char* str, void* cert) } #endif /* HAVE_SSL */ -#if defined(HAVE_SSL) && defined(HAVE_NGHTTP2) +#if defined(HAVE_SSL) && defined(HAVE_NGHTTP2) && defined(HAVE_SSL_CTX_SET_ALPN_SELECT_CB) static int alpn_select_cb(SSL* ATTR_UNUSED(ssl), const unsigned char** out, unsigned char* outlen, const unsigned char* in, unsigned int inlen, void* ATTR_UNUSED(arg)) @@ -1609,5 +1609,4 @@ sock_close(int socket) { closesocket(socket); } - # endif /* USE_WINSOCK */ diff --git a/util/net_help.h b/util/net_help.h index 45b607a430d5..79835270c477 100644 --- a/util/net_help.h +++ b/util/net_help.h @@ -42,6 +42,7 @@ #ifndef NET_HELP_H #define NET_HELP_H #include "util/log.h" +#include "util/random.h" struct sock_list; struct regional; struct config_strlist; @@ -76,8 +77,6 @@ struct config_strlist; /** timeout in milliseconds for UDP queries to auth servers. */ #define UDP_AUTH_QUERY_TIMEOUT 3000 -/** timeout in milliseconds for TCP queries to auth servers. */ -#define TCP_AUTH_QUERY_TIMEOUT 3000 /** Advertised version of EDNS capabilities */ #define EDNS_ADVERTISED_VERSION 0 /** Advertised size of EDNS capabilities */ @@ -94,6 +93,9 @@ extern uint16_t EDNS_ADVERTISED_SIZE; /** DNSKEY secure entry point, KSK flag */ #define DNSKEY_BIT_SEP 0x0001 +/** return a random 16-bit number given a random source */ +#define GET_RANDOM_ID(rnd) (((unsigned)ub_random(rnd)>>8) & 0xffff) + /** minimal responses when positive answer */ extern int MINIMAL_RESPONSES; diff --git a/util/netevent.c b/util/netevent.c index a2c0e6073e36..11c642a2bc38 100644 --- a/util/netevent.c +++ b/util/netevent.c @@ -51,6 +51,16 @@ #include "dnstap/dnstap.h" #include "dnscrypt/dnscrypt.h" #include "services/listen_dnsport.h" +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +#ifdef HAVE_NETDB_H +#include +#endif + #ifdef HAVE_OPENSSL_SSL_H #include #endif @@ -152,7 +162,7 @@ struct internal_signal { static struct comm_point* comm_point_create_tcp_handler( struct comm_base *base, struct comm_point* parent, size_t bufsize, struct sldns_buffer* spoolbuf, comm_point_callback_type* callback, - void* callback_arg); + void* callback_arg, struct unbound_socket* socket); /* -------- End of local definitions -------- */ @@ -289,6 +299,7 @@ udp_send_errno_needs_log(struct sockaddr* addr, socklen_t addrlen) # ifdef ENETDOWN case ENETDOWN: # endif + case EPERM: if(verbosity < VERB_ALGO) return 0; default: @@ -302,7 +313,7 @@ udp_send_errno_needs_log(struct sockaddr* addr, socklen_t addrlen) /* 'Cannot assign requested address' also when disconnected */ || (errno == EADDRNOTAVAIL) # endif - ) && verbosity < VERB_DETAIL) + ) && verbosity < VERB_ALGO) return 0; # ifdef EADDRINUSE /* If SO_REUSEADDR is set, we could try to connect to the same server @@ -408,7 +419,9 @@ static void p_ancil(const char* str, struct comm_reply* r) log_info("%s: unknown srctype %d", str, r->srctype); return; } + if(r->srctype == 6) { +#ifdef IPV6_PKTINFO char buf[1024]; if(inet_ntop(AF_INET6, &r->pktinfo.v6info.ipi6_addr, buf, (socklen_t)sizeof(buf)) == 0) { @@ -416,6 +429,7 @@ static void p_ancil(const char* str, struct comm_reply* r) } buf[sizeof(buf)-1]=0; log_info("%s: %s %d", str, buf, r->pktinfo.v6info.ipi6_ifindex); +#endif } else if(r->srctype == 4) { #ifdef IP_PKTINFO char buf1[1024], buf2[1024]; @@ -1200,7 +1214,7 @@ ssl_handshake(struct comm_point* c) int r; if(c->ssl_shake_state == comm_ssl_shake_hs_read) { /* read condition satisfied back to writing */ - comm_point_listen_for_rw(c, 1, 1); + comm_point_listen_for_rw(c, 0, 1); c->ssl_shake_state = comm_ssl_shake_none; return 1; } @@ -1257,7 +1271,11 @@ ssl_handshake(struct comm_point* c) if((SSL_get_verify_mode(c->ssl)&SSL_VERIFY_PEER)) { /* verification */ if(SSL_get_verify_result(c->ssl) == X509_V_OK) { +#ifdef HAVE_SSL_GET1_PEER_CERTIFICATE + X509* x = SSL_get1_peer_certificate(c->ssl); +#else X509* x = SSL_get_peer_certificate(c->ssl); +#endif if(!x) { log_addr(VERB_ALGO, "SSL connection failed: " "no certificate", @@ -1283,7 +1301,11 @@ ssl_handshake(struct comm_point* c) #endif X509_free(x); } else { +#ifdef HAVE_SSL_GET1_PEER_CERTIFICATE + X509* x = SSL_get1_peer_certificate(c->ssl); +#else X509* x = SSL_get_peer_certificate(c->ssl); +#endif if(x) { log_cert(VERB_ALGO, "peer certificate", x); X509_free(x); @@ -1300,6 +1322,7 @@ ssl_handshake(struct comm_point* c) c->repinfo.addrlen); } +#ifdef HAVE_SSL_GET0_ALPN_SELECTED /* check if http2 use is negotiated */ if(c->type == comm_http && c->h2_session) { const unsigned char *alpn; @@ -1311,13 +1334,14 @@ ssl_handshake(struct comm_point* c) c->use_h2 = 1; } } +#endif /* setup listen rw correctly */ if(c->tcp_is_reading) { if(c->ssl_shake_state != comm_ssl_shake_read) comm_point_listen_for_rw(c, 1, 0); } else { - comm_point_listen_for_rw(c, 1, 1); + comm_point_listen_for_rw(c, 0, 1); } c->ssl_shake_state = comm_ssl_shake_none; return 1; @@ -1348,7 +1372,9 @@ ssl_handle_read(struct comm_point* c) return tcp_req_info_handle_read_close(c->tcp_req_info); return 0; /* shutdown, closed */ } else if(want == SSL_ERROR_WANT_READ) { +#ifdef USE_WINSOCK ub_winsock_tcp_wouldblock(c->ev->ev, UB_EV_READ); +#endif return 1; /* read more later */ } else if(want == SSL_ERROR_WANT_WRITE) { c->ssl_shake_state = comm_ssl_shake_hs_write; @@ -1396,7 +1422,9 @@ ssl_handle_read(struct comm_point* c) return tcp_req_info_handle_read_close(c->tcp_req_info); return 0; /* shutdown, closed */ } else if(want == SSL_ERROR_WANT_READ) { +#ifdef USE_WINSOCK ub_winsock_tcp_wouldblock(c->ev->ev, UB_EV_READ); +#endif return 1; /* read more later */ } else if(want == SSL_ERROR_WANT_WRITE) { c->ssl_shake_state = comm_ssl_shake_hs_write; @@ -1489,7 +1517,9 @@ ssl_handle_write(struct comm_point* c) comm_point_listen_for_rw(c, 1, 0); return 1; /* wait for read condition */ } else if(want == SSL_ERROR_WANT_WRITE) { +#ifdef USE_WINSOCK ub_winsock_tcp_wouldblock(c->ev->ev, UB_EV_WRITE); +#endif return 1; /* write more later */ } else if(want == SSL_ERROR_SYSCALL) { #ifdef EPIPE @@ -1539,7 +1569,9 @@ ssl_handle_write(struct comm_point* c) comm_point_listen_for_rw(c, 1, 0); return 1; /* wait for read condition */ } else if(want == SSL_ERROR_WANT_WRITE) { +#ifdef USE_WINSOCK ub_winsock_tcp_wouldblock(c->ev->ev, UB_EV_WRITE); +#endif return 1; /* write more later */ } else if(want == SSL_ERROR_SYSCALL) { #ifdef EPIPE @@ -1620,6 +1652,10 @@ comm_point_tcp_handle_read(int fd, struct comm_point* c, int short_ok) if(errno == ECONNRESET && verbosity < 2) return 0; /* silence reset by peer */ #endif +#ifdef ECONNREFUSED + if(errno == ECONNREFUSED && verbosity < 2) + return 0; /* silence reset by peer */ +#endif #ifdef ENETUNREACH if(errno == ENETUNREACH && verbosity < 2) return 0; /* silence it */ @@ -1648,6 +1684,16 @@ comm_point_tcp_handle_read(int fd, struct comm_point* c, int short_ok) } #endif #else /* USE_WINSOCK */ + if(WSAGetLastError() == WSAECONNREFUSED && verbosity < 2) + return 0; + if(WSAGetLastError() == WSAEHOSTDOWN && verbosity < 2) + return 0; + if(WSAGetLastError() == WSAEHOSTUNREACH && verbosity < 2) + return 0; + if(WSAGetLastError() == WSAENETDOWN && verbosity < 2) + return 0; + if(WSAGetLastError() == WSAENETUNREACH && verbosity < 2) + return 0; if(WSAGetLastError() == WSAECONNRESET) return 0; if(WSAGetLastError() == WSAEINPROGRESS) @@ -1681,7 +1727,8 @@ comm_point_tcp_handle_read(int fd, struct comm_point* c, int short_ok) (int)sldns_buffer_limit(c->buffer)); } - log_assert(sldns_buffer_remaining(c->buffer) > 0); + if(sldns_buffer_remaining(c->buffer) == 0) + log_err("in comm_point_tcp_handle_read buffer_remaining is not > 0 as expected, continuing with (harmless) 0 length recv"); r = recv(fd, (void*)sldns_buffer_current(c->buffer), sldns_buffer_remaining(c->buffer), 0); if(r == 0) { @@ -2197,6 +2244,8 @@ ssl_http_read_more(struct comm_point* c) log_crypto_err("could not SSL_read"); return 0; } + verbose(VERB_ALGO, "ssl http read more skip to %d + %d", + (int)sldns_buffer_position(c->buffer), (int)r); sldns_buffer_skip(c->buffer, (ssize_t)r); return 1; #else @@ -2233,6 +2282,8 @@ http_read_more(int fd, struct comm_point* c) &c->repinfo.addr, c->repinfo.addrlen); return 0; } + verbose(VERB_ALGO, "http read more skip to %d + %d", + (int)sldns_buffer_position(c->buffer), (int)r); sldns_buffer_skip(c->buffer, r); return 1; } @@ -2370,7 +2421,7 @@ http_process_chunk_header(struct comm_point* c) return 1; } -/** handle nonchunked data segment */ +/** handle nonchunked data segment, 0=fail, 1=wait */ static int http_nonchunk_segment(struct comm_point* c) { @@ -2379,7 +2430,7 @@ http_nonchunk_segment(struct comm_point* c) * we are looking to read tcp_byte_count more data * and then the transfer is done. */ size_t remainbufferlen; - size_t got_now = sldns_buffer_limit(c->buffer) - c->http_stored; + size_t got_now = sldns_buffer_limit(c->buffer); if(c->tcp_byte_count <= got_now) { /* done, this is the last data fragment */ c->http_stored = 0; @@ -2388,13 +2439,12 @@ http_nonchunk_segment(struct comm_point* c) (void)(*c->callback)(c, c->cb_arg, NETEVENT_DONE, NULL); return 1; } - c->tcp_byte_count -= got_now; /* if we have the buffer space, * read more data collected into the buffer */ remainbufferlen = sldns_buffer_capacity(c->buffer) - sldns_buffer_limit(c->buffer); - if(remainbufferlen >= c->tcp_byte_count || - remainbufferlen >= 2048) { + if(remainbufferlen+got_now >= c->tcp_byte_count || + remainbufferlen >= (c->ssl?16384:2048)) { size_t total = sldns_buffer_limit(c->buffer); sldns_buffer_clear(c->buffer); sldns_buffer_set_position(c->buffer, total); @@ -2404,6 +2454,7 @@ http_nonchunk_segment(struct comm_point* c) } /* call callback with this data amount, then * wait for more */ + c->tcp_byte_count -= got_now; c->http_stored = 0; sldns_buffer_set_position(c->buffer, 0); fptr_ok(fptr_whitelist_comm_point(c->callback)); @@ -2762,6 +2813,11 @@ comm_point_http_handle_read(int fd, struct comm_point* c) return 0; } + if(c->http_stored >= sldns_buffer_position(c->buffer)) { + /* read did not work but we wanted more data, there is + * no bytes to process now. */ + return 1; + } sldns_buffer_flip(c->buffer); /* if we are partway in a segment of data, position us at the point * where we left off previously */ @@ -3184,7 +3240,7 @@ void comm_point_raw_handle_callback(int ATTR_UNUSED(fd), struct comm_point* comm_point_create_udp(struct comm_base *base, int fd, sldns_buffer* buffer, - comm_point_callback_type* callback, void* callback_arg) + comm_point_callback_type* callback, void* callback_arg, struct unbound_socket* socket) { struct comm_point* c = (struct comm_point*)calloc(1, sizeof(struct comm_point)); @@ -3223,6 +3279,7 @@ comm_point_create_udp(struct comm_base *base, int fd, sldns_buffer* buffer, c->inuse = 0; c->callback = callback; c->cb_arg = callback_arg; + c->socket = socket; evbits = UB_EV_READ | UB_EV_PERSIST; /* ub_event stuff */ c->ev->ev = ub_event_new(base->eb->base, c->fd, evbits, @@ -3244,7 +3301,7 @@ comm_point_create_udp(struct comm_base *base, int fd, sldns_buffer* buffer, struct comm_point* comm_point_create_udp_ancil(struct comm_base *base, int fd, sldns_buffer* buffer, - comm_point_callback_type* callback, void* callback_arg) + comm_point_callback_type* callback, void* callback_arg, struct unbound_socket* socket) { struct comm_point* c = (struct comm_point*)calloc(1, sizeof(struct comm_point)); @@ -3283,6 +3340,7 @@ comm_point_create_udp_ancil(struct comm_base *base, int fd, #endif c->callback = callback; c->cb_arg = callback_arg; + c->socket = socket; evbits = UB_EV_READ | UB_EV_PERSIST; /* ub_event stuff */ c->ev->ev = ub_event_new(base->eb->base, c->fd, evbits, @@ -3305,7 +3363,7 @@ static struct comm_point* comm_point_create_tcp_handler(struct comm_base *base, struct comm_point* parent, size_t bufsize, struct sldns_buffer* spoolbuf, comm_point_callback_type* callback, - void* callback_arg) + void* callback_arg, struct unbound_socket* socket) { struct comm_point* c = (struct comm_point*)calloc(1, sizeof(struct comm_point)); @@ -3361,6 +3419,7 @@ comm_point_create_tcp_handler(struct comm_base *base, c->repinfo.c = c; c->callback = callback; c->cb_arg = callback_arg; + c->socket = socket; if(spoolbuf) { c->tcp_req_info = tcp_req_info_create(spoolbuf); if(!c->tcp_req_info) { @@ -3400,7 +3459,8 @@ static struct comm_point* comm_point_create_http_handler(struct comm_base *base, struct comm_point* parent, size_t bufsize, int harden_large_queries, uint32_t http_max_streams, char* http_endpoint, - comm_point_callback_type* callback, void* callback_arg) + comm_point_callback_type* callback, void* callback_arg, + struct unbound_socket* socket) { struct comm_point* c = (struct comm_point*)calloc(1, sizeof(struct comm_point)); @@ -3454,6 +3514,7 @@ comm_point_create_http_handler(struct comm_base *base, c->repinfo.c = c; c->callback = callback; c->cb_arg = callback_arg; + c->socket = socket; c->http_min_version = http_version_2; c->http2_stream_max_qbuffer_size = bufsize; @@ -3518,7 +3579,7 @@ comm_point_create_tcp(struct comm_base *base, int fd, int num, uint32_t http_max_streams, char* http_endpoint, struct tcl_list* tcp_conn_limit, size_t bufsize, struct sldns_buffer* spoolbuf, enum listen_type port_type, - comm_point_callback_type* callback, void* callback_arg) + comm_point_callback_type* callback, void* callback_arg, struct unbound_socket* socket) { struct comm_point* c = (struct comm_point*)calloc(1, sizeof(struct comm_point)); @@ -3568,6 +3629,7 @@ comm_point_create_tcp(struct comm_base *base, int fd, int num, #endif c->callback = NULL; c->cb_arg = NULL; + c->socket = socket; evbits = UB_EV_READ | UB_EV_PERSIST; /* ub_event stuff */ c->ev->ev = ub_event_new(base->eb->base, c->fd, evbits, @@ -3589,12 +3651,12 @@ comm_point_create_tcp(struct comm_base *base, int fd, int num, port_type == listen_type_ssl || port_type == listen_type_tcp_dnscrypt) { c->tcp_handlers[i] = comm_point_create_tcp_handler(base, - c, bufsize, spoolbuf, callback, callback_arg); + c, bufsize, spoolbuf, callback, callback_arg, socket); } else if(port_type == listen_type_http) { c->tcp_handlers[i] = comm_point_create_http_handler( base, c, bufsize, harden_large_queries, http_max_streams, http_endpoint, - callback, callback_arg); + callback, callback_arg, socket); } else { log_err("could not create tcp handler, unknown listen " @@ -3895,11 +3957,13 @@ comm_point_close(struct comm_point* c) /* close fd after removing from event lists, or epoll.. is messed up */ if(c->fd != -1 && !c->do_not_close) { +#ifdef USE_WINSOCK if(c->type == comm_tcp || c->type == comm_http) { /* delete sticky events for the fd, it gets closed */ ub_winsock_tcp_wouldblock(c->ev->ev, UB_EV_READ); ub_winsock_tcp_wouldblock(c->ev->ev, UB_EV_WRITE); } +#endif verbose(VERB_ALGO, "close fd %d", c->fd); sock_close(c->fd); } @@ -3970,20 +4034,26 @@ comm_point_send_reply(struct comm_reply *repinfo) comm_point_send_udp_msg(repinfo->c, buffer, (struct sockaddr*)&repinfo->addr, repinfo->addrlen, 0); #ifdef USE_DNSTAP - if(repinfo->c->dtenv != NULL && - repinfo->c->dtenv->log_client_response_messages) - dt_msg_send_client_response(repinfo->c->dtenv, - &repinfo->addr, repinfo->c->type, repinfo->c->buffer); + /* + * sending src (client)/dst (local service) addresses over DNSTAP from udp callback + */ + if(repinfo->c->dtenv != NULL && repinfo->c->dtenv->log_client_response_messages) { + log_addr(VERB_ALGO, "from local addr", (void*)repinfo->c->socket->addr->ai_addr, repinfo->c->socket->addr->ai_addrlen); + log_addr(VERB_ALGO, "response to client", &repinfo->addr, repinfo->addrlen); + dt_msg_send_client_response(repinfo->c->dtenv, &repinfo->addr, (void*)repinfo->c->socket->addr->ai_addr, repinfo->c->type, repinfo->c->buffer); + } #endif } else { #ifdef USE_DNSTAP - if(repinfo->c->tcp_parent->dtenv != NULL && - repinfo->c->tcp_parent->dtenv->log_client_response_messages) - dt_msg_send_client_response(repinfo->c->tcp_parent->dtenv, - &repinfo->addr, repinfo->c->type, - ( repinfo->c->tcp_req_info - ? repinfo->c->tcp_req_info->spool_buffer - : repinfo->c->buffer )); + /* + * sending src (client)/dst (local service) addresses over DNSTAP from TCP callback + */ + if(repinfo->c->tcp_parent->dtenv != NULL && repinfo->c->tcp_parent->dtenv->log_client_response_messages) { + log_addr(VERB_ALGO, "from local addr", (void*)repinfo->c->socket->addr->ai_addr, repinfo->c->socket->addr->ai_addrlen); + log_addr(VERB_ALGO, "response to client", &repinfo->addr, repinfo->addrlen); + dt_msg_send_client_response(repinfo->c->tcp_parent->dtenv, &repinfo->addr, (void*)repinfo->c->socket->addr->ai_addr, repinfo->c->type, + ( repinfo->c->tcp_req_info? repinfo->c->tcp_req_info->spool_buffer: repinfo->c->buffer )); + } #endif if(repinfo->c->tcp_req_info) { tcp_req_info_send_reply(repinfo->c->tcp_req_info); diff --git a/util/netevent.h b/util/netevent.h index 4a2aa1677c02..c79f99b3eb6d 100644 --- a/util/netevent.h +++ b/util/netevent.h @@ -70,6 +70,7 @@ struct comm_point; struct comm_reply; struct tcl_list; struct ub_event_base; +struct unbound_socket; struct mesh_state; struct mesh_area; @@ -169,6 +170,8 @@ struct comm_point { /** if the event is added or not */ int event_added; + struct unbound_socket* socket; + /** file descriptor for communication point */ int fd; @@ -495,12 +498,13 @@ struct ub_event_base* comm_base_internal(struct comm_base* b); * @param buffer: shared buffer by UDP sockets from this thread. * @param callback: callback function pointer. * @param callback_arg: will be passed to your callback function. + * @param socket: and opened socket properties will be passed to your callback function. * @return: returns the allocated communication point. NULL on error. * Sets timeout to NULL. Turns off TCP options. */ struct comm_point* comm_point_create_udp(struct comm_base* base, int fd, struct sldns_buffer* buffer, - comm_point_callback_type* callback, void* callback_arg); + comm_point_callback_type* callback, void* callback_arg, struct unbound_socket* socket); /** * Create an UDP with ancillary data comm point. Calls malloc. @@ -511,12 +515,13 @@ struct comm_point* comm_point_create_udp(struct comm_base* base, * @param buffer: shared buffer by UDP sockets from this thread. * @param callback: callback function pointer. * @param callback_arg: will be passed to your callback function. + * @param socket: and opened socket properties will be passed to your callback function. * @return: returns the allocated communication point. NULL on error. * Sets timeout to NULL. Turns off TCP options. */ struct comm_point* comm_point_create_udp_ancil(struct comm_base* base, int fd, struct sldns_buffer* buffer, - comm_point_callback_type* callback, void* callback_arg); + comm_point_callback_type* callback, void* callback_arg, struct unbound_socket* socket); /** * Create a TCP listener comm point. Calls malloc. @@ -539,6 +544,7 @@ struct comm_point* comm_point_create_udp_ancil(struct comm_base* base, * to select handler type to use. * @param callback: callback function pointer for TCP handlers. * @param callback_arg: will be passed to your callback function. + * @param socket: and opened socket properties will be passed to your callback function. * @return: returns the TCP listener commpoint. You can find the * TCP handlers in the array inside the listener commpoint. * returns NULL on error. @@ -550,7 +556,7 @@ struct comm_point* comm_point_create_tcp(struct comm_base* base, struct tcl_list* tcp_conn_limit, size_t bufsize, struct sldns_buffer* spoolbuf, enum listen_type port_type, - comm_point_callback_type* callback, void* callback_arg); + comm_point_callback_type* callback, void* callback_arg, struct unbound_socket* socket); /** * Create an outgoing TCP commpoint. No file descriptor is opened, left at -1. diff --git a/util/shm_side/shm_main.c b/util/shm_side/shm_main.c index af8c5bcf3705..51039abf3ed8 100644 --- a/util/shm_side/shm_main.c +++ b/util/shm_side/shm_main.c @@ -130,6 +130,7 @@ int shm_main_init(struct daemon* daemon) /* Just release memory unused */ free(daemon->shm_info); + daemon->shm_info = NULL; return 0; } @@ -143,6 +144,7 @@ int shm_main_init(struct daemon* daemon) /* Just release memory unused */ free(daemon->shm_info); + daemon->shm_info = NULL; return 0; } @@ -156,6 +158,7 @@ int shm_main_init(struct daemon* daemon) /* Just release memory unused */ free(daemon->shm_info); + daemon->shm_info = NULL; return 0; } @@ -170,6 +173,7 @@ int shm_main_init(struct daemon* daemon) /* Just release memory unused */ free(daemon->shm_info); + daemon->shm_info = NULL; return 0; } @@ -210,6 +214,8 @@ void shm_main_shutdown(struct daemon* daemon) if (daemon->shm_info->ptr_arr) shmdt(daemon->shm_info->ptr_arr); + free(daemon->shm_info); + daemon->shm_info = NULL; #else (void)daemon; #endif /* HAVE_SHMGET */ diff --git a/util/storage/lookup3.c b/util/storage/lookup3.c index bb25eb433c94..c4026626c6d3 100644 --- a/util/storage/lookup3.c +++ b/util/storage/lookup3.c @@ -53,21 +53,69 @@ on 1 byte), but shoehorning those bytes into integers efficiently is messy. #include "util/storage/lookup3.h" #include /* defines printf for tests */ #include /* defines time_t for timings in the test */ -/*#include defines uint32_t etc (from config.h) */ -#include /* attempt to define endianness */ -#ifdef HAVE_SYS_TYPES_H -# include /* attempt to define endianness (solaris) */ -#endif -#if defined(linux) || defined(__OpenBSD__) + +/* + * If our build system provides endianness info, signalled by + * HAVE_TARGET_ENDIANNESS and the presence or absence of TARGET_IS_BIG_ENDIAN, + * use that. Otherwise try to work out the endianness. + */ +#if defined(HAVE_TARGET_ENDIANNESS) +# if defined(TARGET_IS_BIG_ENDIAN) +# define HASH_LITTLE_ENDIAN 0 +# define HASH_BIG_ENDIAN 1 +# else +# define HASH_LITTLE_ENDIAN 1 +# define HASH_BIG_ENDIAN 0 +# endif +#else +# include /* attempt to define endianness */ +# ifdef HAVE_SYS_TYPES_H +# include /* attempt to define endianness (solaris) */ +# endif +# if defined(linux) || defined(__OpenBSD__) # ifdef HAVE_ENDIAN_H # include /* attempt to define endianness */ # else # include /* on older OpenBSD */ # endif -#endif -#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__DragonFly__) -#include /* attempt to define endianness */ -#endif +# endif +# if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__DragonFly__) +# include /* attempt to define endianness */ +# endif + /* + * My best guess at if you are big-endian or little-endian. This may + * need adjustment. + */ +# if (defined(__BYTE_ORDER) && defined(__LITTLE_ENDIAN) && \ + __BYTE_ORDER == __LITTLE_ENDIAN) || \ + (defined(i386) || defined(__i386__) || defined(__i486__) || \ + defined(__i586__) || defined(__i686__) || defined(vax) || defined(MIPSEL) || defined(__x86)) +# define HASH_LITTLE_ENDIAN 1 +# define HASH_BIG_ENDIAN 0 +# elif (defined(__BYTE_ORDER) && defined(__BIG_ENDIAN) && \ + __BYTE_ORDER == __BIG_ENDIAN) || \ + (defined(sparc) || defined(__sparc) || defined(__sparc__) || defined(POWERPC) || defined(mc68000) || defined(sel)) +# define HASH_LITTLE_ENDIAN 0 +# define HASH_BIG_ENDIAN 1 +# elif defined(_MACHINE_ENDIAN_H_) + /* test for machine_endian_h protects failure if some are empty strings */ +# if defined(_BYTE_ORDER) && defined(_BIG_ENDIAN) && _BYTE_ORDER == _BIG_ENDIAN +# define HASH_LITTLE_ENDIAN 0 +# define HASH_BIG_ENDIAN 1 +# endif +# if defined(_BYTE_ORDER) && defined(_LITTLE_ENDIAN) && _BYTE_ORDER == _LITTLE_ENDIAN +# define HASH_LITTLE_ENDIAN 1 +# define HASH_BIG_ENDIAN 0 +# endif /* _MACHINE_ENDIAN_H_ */ +# else +# define HASH_LITTLE_ENDIAN 0 +# define HASH_BIG_ENDIAN 0 +# endif +#endif /* defined(HAVE_TARGET_ENDIANNESS) */ + +#define hashsize(n) ((uint32_t)1<<(n)) +#define hashmask(n) (hashsize(n)-1) +#define rot(x,k) (((x)<<(k)) | ((x)>>(32-(k)))) /* random initial value */ static uint32_t raninit = (uint32_t)0xdeadbeef; @@ -78,40 +126,6 @@ hash_set_raninit(uint32_t v) raninit = v; } -/* - * My best guess at if you are big-endian or little-endian. This may - * need adjustment. - */ -#if (defined(__BYTE_ORDER) && defined(__LITTLE_ENDIAN) && \ - __BYTE_ORDER == __LITTLE_ENDIAN) || \ - (defined(i386) || defined(__i386__) || defined(__i486__) || \ - defined(__i586__) || defined(__i686__) || defined(vax) || defined(MIPSEL) || defined(__x86)) -# define HASH_LITTLE_ENDIAN 1 -# define HASH_BIG_ENDIAN 0 -#elif (defined(__BYTE_ORDER) && defined(__BIG_ENDIAN) && \ - __BYTE_ORDER == __BIG_ENDIAN) || \ - (defined(sparc) || defined(__sparc) || defined(__sparc__) || defined(POWERPC) || defined(mc68000) || defined(sel)) -# define HASH_LITTLE_ENDIAN 0 -# define HASH_BIG_ENDIAN 1 -#elif defined(_MACHINE_ENDIAN_H_) -/* test for machine_endian_h protects failure if some are empty strings */ -# if defined(_BYTE_ORDER) && defined(_BIG_ENDIAN) && _BYTE_ORDER == _BIG_ENDIAN -# define HASH_LITTLE_ENDIAN 0 -# define HASH_BIG_ENDIAN 1 -# endif -# if defined(_BYTE_ORDER) && defined(_LITTLE_ENDIAN) && _BYTE_ORDER == _LITTLE_ENDIAN -# define HASH_LITTLE_ENDIAN 1 -# define HASH_BIG_ENDIAN 0 -# endif /* _MACHINE_ENDIAN_H_ */ -#else -# define HASH_LITTLE_ENDIAN 0 -# define HASH_BIG_ENDIAN 0 -#endif - -#define hashsize(n) ((uint32_t)1<<(n)) -#define hashmask(n) (hashsize(n)-1) -#define rot(x,k) (((x)<<(k)) | ((x)>>(32-(k)))) - /* ------------------------------------------------------------------------------- mix -- mix 3 32-bit values reversibly. diff --git a/util/ub_event_pluggable.c b/util/ub_event_pluggable.c index 235bba6ba797..4280d4db1a3c 100644 --- a/util/ub_event_pluggable.c +++ b/util/ub_event_pluggable.c @@ -666,7 +666,8 @@ ub_winsock_tcp_wouldblock(struct ub_event* ev, int eventbits) fptr_ok(ev->vmt != &default_event_vmt || ev->vmt->winsock_tcp_wouldblock == my_winsock_tcp_wouldblock); - (*ev->vmt->winsock_tcp_wouldblock)(ev, eventbits); + if (ev->vmt->winsock_tcp_wouldblock) + (*ev->vmt->winsock_tcp_wouldblock)(ev, eventbits); } } diff --git a/validator/autotrust.c b/validator/autotrust.c index 7ce07e0d82d7..9643a3ddb38b 100644 --- a/validator/autotrust.c +++ b/validator/autotrust.c @@ -1077,6 +1077,17 @@ trustanchor_state2str(autr_state_type s) return " UNKNOWN "; } +/** ctime r for autotrust */ +static char* autr_ctime_r(time_t* t, char* s) +{ + ctime_r(t, s); +#ifdef USE_WINSOCK + if(strlen(s) > 10 && s[7]==' ' && s[8]=='0') + s[8]=' '; /* fix error in windows ctime */ +#endif + return s; +} + /** print ID to file */ static int print_id(FILE* out, char* fname, uint8_t* nm, size_t nmlen, uint16_t dclass) @@ -1123,13 +1134,13 @@ autr_write_contents(FILE* out, char* fn, struct trust_anchor* tp) } if(fprintf(out, ";;last_queried: %u ;;%s", (unsigned int)tp->autr->last_queried, - ctime_r(&(tp->autr->last_queried), tmi)) < 0 || + autr_ctime_r(&(tp->autr->last_queried), tmi)) < 0 || fprintf(out, ";;last_success: %u ;;%s", (unsigned int)tp->autr->last_success, - ctime_r(&(tp->autr->last_success), tmi)) < 0 || + autr_ctime_r(&(tp->autr->last_success), tmi)) < 0 || fprintf(out, ";;next_probe_time: %u ;;%s", (unsigned int)tp->autr->next_probe_time, - ctime_r(&(tp->autr->next_probe_time), tmi)) < 0 || + autr_ctime_r(&(tp->autr->next_probe_time), tmi)) < 0 || fprintf(out, ";;query_failed: %d\n", (int)tp->autr->query_failed)<0 || fprintf(out, ";;query_interval: %d\n", (int)tp->autr->query_interval) < 0 || @@ -1160,7 +1171,7 @@ autr_write_contents(FILE* out, char* fn, struct trust_anchor* tp) ";;lastchange=%u ;;%s", str, (int)ta->s, trustanchor_state2str(ta->s), (int)ta->pending_count, (unsigned int)ta->last_change, - ctime_r(&(ta->last_change), tmi)) < 0) { + autr_ctime_r(&(ta->last_change), tmi)) < 0) { log_err("could not write to %s: %s", fn, strerror(errno)); free(str); return 0; @@ -1579,6 +1590,7 @@ key_matches_a_ds(struct module_env* env, struct val_env* ve, for(ds_idx=0; ds_idxlast_change, buf); + (void)autr_ctime_r(&ta->last_change, buf); if(buf[0]) buf[strlen(buf)-1]=0; /* remove newline */ log_info("[%s] %s ;;state:%d ;;pending_count:%d%s%s last:%s", trustanchor_state2str(ta->s), str, ta->s, ta->pending_count, @@ -2289,13 +2302,13 @@ autr_debug_print_tp(struct trust_anchor* tp) log_packed_rrset(NO_VERBOSE, "DNSKEY:", tp->dnskey_rrset); } log_info("file %s", tp->autr->file); - ctime_r(&tp->autr->last_queried, buf); + (void)autr_ctime_r(&tp->autr->last_queried, buf); if(buf[0]) buf[strlen(buf)-1]=0; /* remove newline */ log_info("last_queried: %u %s", (unsigned)tp->autr->last_queried, buf); - ctime_r(&tp->autr->last_success, buf); + (void)autr_ctime_r(&tp->autr->last_success, buf); if(buf[0]) buf[strlen(buf)-1]=0; /* remove newline */ log_info("last_success: %u %s", (unsigned)tp->autr->last_success, buf); - ctime_r(&tp->autr->next_probe_time, buf); + (void)autr_ctime_r(&tp->autr->next_probe_time, buf); if(buf[0]) buf[strlen(buf)-1]=0; /* remove newline */ log_info("next_probe_time: %u %s", (unsigned)tp->autr->next_probe_time, buf); diff --git a/validator/val_anchor.c b/validator/val_anchor.c index 9b6574c5d24a..b1a54e1f0195 100644 --- a/validator/val_anchor.c +++ b/validator/val_anchor.c @@ -971,7 +971,8 @@ anchors_dnskey_unsupported(struct trust_anchor* ta) { size_t i, num = 0; for(i=0; inumDNSKEY; i++) { - if(!dnskey_algo_is_supported(ta->dnskey_rrset, i)) + if(!dnskey_algo_is_supported(ta->dnskey_rrset, i) || + !dnskey_size_is_supported(ta->dnskey_rrset, i)) num++; } return num; @@ -1048,6 +1049,10 @@ anchors_apply_cfg(struct val_anchors* anchors, struct config_file* cfg) const char** zstr; char* nm; sldns_buffer* parsebuf = sldns_buffer_new(65535); + if(!parsebuf) { + log_err("malloc error in anchors_apply_cfg."); + return 0; + } if(cfg->insecure_lan_zones) { for(zstr = as112_zones; *zstr; zstr++) { if(!anchor_insert_insecure(anchors, *zstr)) { diff --git a/validator/val_nsec.c b/validator/val_nsec.c index 032d2ae03a42..a4e5b3137dbf 100644 --- a/validator/val_nsec.c +++ b/validator/val_nsec.c @@ -180,6 +180,7 @@ nsec_verify_rrset(struct module_env* env, struct val_env* ve, { struct packed_rrset_data* d = (struct packed_rrset_data*) nsec->entry.data; + if(!d) return 0; if(d->security == sec_status_secure) return 1; rrset_check_sec_status(env->rrset_cache, nsec, *env->now); diff --git a/validator/val_secalgo.c b/validator/val_secalgo.c index 15cccf017b4e..7abf66f01d2a 100644 --- a/validator/val_secalgo.c +++ b/validator/val_secalgo.c @@ -141,6 +141,69 @@ secalgo_hash_sha256(unsigned char* buf, size_t len, unsigned char* res) #endif } +/** hash structure for keeping track of running hashes */ +struct secalgo_hash { + /** the openssl message digest context */ + EVP_MD_CTX* ctx; +}; + +/** create secalgo hash with hash type */ +static struct secalgo_hash* secalgo_hash_create_md(const EVP_MD* md) +{ + struct secalgo_hash* h; + if(!md) + return NULL; + h = calloc(1, sizeof(*h)); + if(!h) + return NULL; + h->ctx = EVP_MD_CTX_create(); + if(!h->ctx) { + free(h); + return NULL; + } + if(!EVP_DigestInit_ex(h->ctx, md, NULL)) { + EVP_MD_CTX_destroy(h->ctx); + free(h); + return NULL; + } + return h; +} + +struct secalgo_hash* secalgo_hash_create_sha384(void) +{ + return secalgo_hash_create_md(EVP_sha384()); +} + +struct secalgo_hash* secalgo_hash_create_sha512(void) +{ + return secalgo_hash_create_md(EVP_sha512()); +} + +int secalgo_hash_update(struct secalgo_hash* hash, uint8_t* data, size_t len) +{ + return EVP_DigestUpdate(hash->ctx, (unsigned char*)data, + (unsigned int)len); +} + +int secalgo_hash_final(struct secalgo_hash* hash, uint8_t* result, + size_t maxlen, size_t* resultlen) +{ + if(EVP_MD_CTX_size(hash->ctx) > (int)maxlen) { + *resultlen = 0; + log_err("secalgo_hash_final: hash buffer too small"); + return 0; + } + *resultlen = EVP_MD_CTX_size(hash->ctx); + return EVP_DigestFinal_ex(hash->ctx, result, NULL); +} + +void secalgo_hash_delete(struct secalgo_hash* hash) +{ + if(!hash) return; + EVP_MD_CTX_destroy(hash->ctx); + free(hash); +} + /** * Return size of DS digest according to its hash algorithm. * @param algo: DS digest algo. @@ -450,29 +513,13 @@ static int setup_key_digest(int algo, EVP_PKEY** evp_key, const EVP_MD** digest_type, unsigned char* key, size_t keylen) { -#if defined(USE_DSA) && defined(USE_SHA1) - DSA* dsa; -#endif - RSA* rsa; - switch(algo) { #if defined(USE_DSA) && defined(USE_SHA1) case LDNS_DSA: case LDNS_DSA_NSEC3: - *evp_key = EVP_PKEY_new(); + *evp_key = sldns_key_dsa2pkey_raw(key, keylen); if(!*evp_key) { - log_err("verify: malloc failure in crypto"); - return 0; - } - dsa = sldns_key_buf2dsa_raw(key, keylen); - if(!dsa) { - verbose(VERB_QUERY, "verify: " - "sldns_key_buf2dsa_raw failed"); - return 0; - } - if(EVP_PKEY_assign_DSA(*evp_key, dsa) == 0) { - verbose(VERB_QUERY, "verify: " - "EVP_PKEY_assign_DSA failed"); + verbose(VERB_QUERY, "verify: sldns_key_dsa2pkey failed"); return 0; } #ifdef HAVE_EVP_DSS1 @@ -495,20 +542,9 @@ setup_key_digest(int algo, EVP_PKEY** evp_key, const EVP_MD** digest_type, #if defined(HAVE_EVP_SHA512) && defined(USE_SHA2) case LDNS_RSASHA512: #endif - *evp_key = EVP_PKEY_new(); + *evp_key = sldns_key_rsa2pkey_raw(key, keylen); if(!*evp_key) { - log_err("verify: malloc failure in crypto"); - return 0; - } - rsa = sldns_key_buf2rsa_raw(key, keylen); - if(!rsa) { - verbose(VERB_QUERY, "verify: " - "sldns_key_buf2rsa_raw SHA failed"); - return 0; - } - if(EVP_PKEY_assign_RSA(*evp_key, rsa) == 0) { - verbose(VERB_QUERY, "verify: " - "EVP_PKEY_assign_RSA SHA failed"); + verbose(VERB_QUERY, "verify: sldns_key_rsa2pkey SHA failed"); return 0; } @@ -532,20 +568,9 @@ setup_key_digest(int algo, EVP_PKEY** evp_key, const EVP_MD** digest_type, #endif /* defined(USE_SHA1) || (defined(HAVE_EVP_SHA256) && defined(USE_SHA2)) || (defined(HAVE_EVP_SHA512) && defined(USE_SHA2)) */ case LDNS_RSAMD5: - *evp_key = EVP_PKEY_new(); + *evp_key = sldns_key_rsa2pkey_raw(key, keylen); if(!*evp_key) { - log_err("verify: malloc failure in crypto"); - return 0; - } - rsa = sldns_key_buf2rsa_raw(key, keylen); - if(!rsa) { - verbose(VERB_QUERY, "verify: " - "sldns_key_buf2rsa_raw MD5 failed"); - return 0; - } - if(EVP_PKEY_assign_RSA(*evp_key, rsa) == 0) { - verbose(VERB_QUERY, "verify: " - "EVP_PKEY_assign_RSA MD5 failed"); + verbose(VERB_QUERY, "verify: sldns_key_rsa2pkey MD5 failed"); return 0; } *digest_type = EVP_md5(); @@ -823,6 +848,64 @@ secalgo_hash_sha256(unsigned char* buf, size_t len, unsigned char* res) (void)HASH_HashBuf(HASH_AlgSHA256, res, buf, (unsigned long)len); } +/** the secalgo hash structure */ +struct secalgo_hash { + /** hash context */ + HASHContext* ctx; +}; + +/** create hash struct of type */ +static struct secalgo_hash* secalgo_hash_create_type(HASH_HashType tp) +{ + struct secalgo_hash* h = calloc(1, sizeof(*h)); + if(!h) + return NULL; + h->ctx = HASH_Create(tp); + if(!h->ctx) { + free(h); + return NULL; + } + return h; +} + +struct secalgo_hash* secalgo_hash_create_sha384(void) +{ + return secalgo_hash_create_type(HASH_AlgSHA384); +} + +struct secalgo_hash* secalgo_hash_create_sha512(void) +{ + return secalgo_hash_create_type(HASH_AlgSHA512); +} + +int secalgo_hash_update(struct secalgo_hash* hash, uint8_t* data, size_t len) +{ + HASH_Update(hash->ctx, (unsigned char*)data, (unsigned int)len); + return 1; +} + +int secalgo_hash_final(struct secalgo_hash* hash, uint8_t* result, + size_t maxlen, size_t* resultlen) +{ + unsigned int reslen = 0; + if(HASH_ResultLenContext(hash->ctx) > (unsigned int)maxlen) { + *resultlen = 0; + log_err("secalgo_hash_final: hash buffer too small"); + return 0; + } + HASH_End(hash->ctx, (unsigned char*)result, &reslen, + (unsigned int)maxlen); + *resultlen = (size_t)reslen; + return 1; +} + +void secalgo_hash_delete(struct secalgo_hash* hash) +{ + if(!hash) return; + HASH_Destroy(hash->ctx); + free(hash); +} + size_t ds_digest_size_supported(int algo) { @@ -1451,6 +1534,82 @@ secalgo_hash_sha256(unsigned char* buf, size_t len, unsigned char* res) _digest_nettle(SHA256_DIGEST_SIZE, (uint8_t*)buf, len, res); } +/** secalgo hash structure */ +struct secalgo_hash { + /** if it is 384 or 512 */ + int active; + /** context for sha384 */ + struct sha384_ctx ctx384; + /** context for sha512 */ + struct sha512_ctx ctx512; +}; + +struct secalgo_hash* secalgo_hash_create_sha384(void) +{ + struct secalgo_hash* h = calloc(1, sizeof(*h)); + if(!h) + return NULL; + h->active = 384; + sha384_init(&h->ctx384); + return h; +} + +struct secalgo_hash* secalgo_hash_create_sha512(void) +{ + struct secalgo_hash* h = calloc(1, sizeof(*h)); + if(!h) + return NULL; + h->active = 512; + sha512_init(&h->ctx512); + return h; +} + +int secalgo_hash_update(struct secalgo_hash* hash, uint8_t* data, size_t len) +{ + if(hash->active == 384) { + sha384_update(&hash->ctx384, len, data); + } else if(hash->active == 512) { + sha512_update(&hash->ctx512, len, data); + } else { + return 0; + } + return 1; +} + +int secalgo_hash_final(struct secalgo_hash* hash, uint8_t* result, + size_t maxlen, size_t* resultlen) +{ + if(hash->active == 384) { + if(SHA384_DIGEST_SIZE > maxlen) { + *resultlen = 0; + log_err("secalgo_hash_final: hash buffer too small"); + return 0; + } + *resultlen = SHA384_DIGEST_SIZE; + sha384_digest(&hash->ctx384, SHA384_DIGEST_SIZE, + (unsigned char*)result); + } else if(hash->active == 512) { + if(SHA512_DIGEST_SIZE > maxlen) { + *resultlen = 0; + log_err("secalgo_hash_final: hash buffer too small"); + return 0; + } + *resultlen = SHA512_DIGEST_SIZE; + sha512_digest(&hash->ctx512, SHA512_DIGEST_SIZE, + (unsigned char*)result); + } else { + *resultlen = 0; + return 0; + } + return 1; +} + +void secalgo_hash_delete(struct secalgo_hash* hash) +{ + if(!hash) return; + free(hash); +} + /** * Return size of DS digest according to its hash algorithm. * @param algo: DS digest algo. diff --git a/validator/val_secalgo.h b/validator/val_secalgo.h index 52aaeb9f6d36..8b6080dc24a2 100644 --- a/validator/val_secalgo.h +++ b/validator/val_secalgo.h @@ -43,6 +43,7 @@ #ifndef VALIDATOR_VAL_SECALGO_H #define VALIDATOR_VAL_SECALGO_H struct sldns_buffer; +struct secalgo_hash; /** Return size of nsec3 hash algorithm, 0 if not supported */ size_t nsec3_hash_algo_size_supported(int id); @@ -67,6 +68,48 @@ int secalgo_nsec3_hash(int algo, unsigned char* buf, size_t len, */ void secalgo_hash_sha256(unsigned char* buf, size_t len, unsigned char* res); +/** + * Start a hash of type sha384. Allocates structure, then inits it, + * so that a series of updates can be performed, before the final result. + * @return hash structure. NULL on malloc failure or no support. + */ +struct secalgo_hash* secalgo_hash_create_sha384(void); + +/** + * Start a hash of type sha512. Allocates structure, then inits it, + * so that a series of updates can be performed, before the final result. + * @return hash structure. NULL on malloc failure or no support. + */ +struct secalgo_hash* secalgo_hash_create_sha512(void); + +/** + * Update a hash with more information to add to it. + * @param hash: the hash that is updated. + * @param data: data to add. + * @param len: length of data. + * @return false on failure. + */ +int secalgo_hash_update(struct secalgo_hash* hash, uint8_t* data, size_t len); + +/** + * Get the final result of the hash. + * @param hash: the hash that has had updates to it. + * @param result: where to store the result. + * @param maxlen: length of the result buffer, eg. size of the allocation. + * If not large enough the routine fails. + * @param resultlen: the length of the result, returned to the caller. + * How much of maxlen is used. + * @return false on failure. + */ +int secalgo_hash_final(struct secalgo_hash* hash, uint8_t* result, + size_t maxlen, size_t* resultlen); + +/** + * Delete the hash structure. + * @param hash: the hash to delete. + */ +void secalgo_hash_delete(struct secalgo_hash* hash); + /** * Return size of DS digest according to its hash algorithm. * @param algo: DS digest algo. diff --git a/validator/val_sigcrypt.c b/validator/val_sigcrypt.c index de730f681893..b15fba3f499d 100644 --- a/validator/val_sigcrypt.c +++ b/validator/val_sigcrypt.c @@ -386,6 +386,49 @@ int dnskey_algo_is_supported(struct ub_packed_rrset_key* dnskey_rrset, dnskey_idx)); } +int dnskey_size_is_supported(struct ub_packed_rrset_key* dnskey_rrset, + size_t dnskey_idx) +{ +#ifdef DEPRECATE_RSA_1024 + uint8_t* rdata; + size_t len; + int alg = dnskey_get_algo(dnskey_rrset, dnskey_idx); + size_t keysize; + + rrset_get_rdata(dnskey_rrset, dnskey_idx, &rdata, &len); + if(len < 2+4) + return 0; + keysize = sldns_rr_dnskey_key_size_raw(rdata+2+4, len-2-4, alg); + + switch((sldns_algorithm)alg) { + case LDNS_RSAMD5: + case LDNS_RSASHA1: + case LDNS_RSASHA1_NSEC3: + case LDNS_RSASHA256: + case LDNS_RSASHA512: + /* reject RSA keys of 1024 bits and shorter */ + if(keysize <= 1024) + return 0; + break; + default: + break; + } +#else + (void)dnskey_rrset; (void)dnskey_idx; +#endif /* DEPRECATE_RSA_1024 */ + return 1; +} + +int dnskeyset_size_is_supported(struct ub_packed_rrset_key* dnskey_rrset) +{ + size_t i, num = rrset_get_count(dnskey_rrset); + for(i=0; irk.type) == LDNS_RR_TYPE_NSEC && - section == LDNS_SECTION_AUTHORITY) { + section == LDNS_SECTION_AUTHORITY && qstate) { k->rk.dname = regional_alloc_init(qstate->region, can_owner, can_owner_len); if(!k->rk.dname) @@ -1199,6 +1242,59 @@ rrset_canonical(struct regional* region, sldns_buffer* buf, return 1; } +int +rrset_canonicalize_to_buffer(struct regional* region, sldns_buffer* buf, + struct ub_packed_rrset_key* k) +{ + struct rbtree_type* sortree = NULL; + struct packed_rrset_data* d = (struct packed_rrset_data*)k->entry.data; + uint8_t* can_owner = NULL; + size_t can_owner_len = 0; + struct canon_rr* walk; + struct canon_rr* rrs; + + sortree = (struct rbtree_type*)regional_alloc(region, + sizeof(rbtree_type)); + if(!sortree) + return 0; + if(d->count > RR_COUNT_MAX) + return 0; /* integer overflow protection */ + rrs = regional_alloc(region, sizeof(struct canon_rr)*d->count); + if(!rrs) { + return 0; + } + rbtree_init(sortree, &canonical_tree_compare); + canonical_sort(k, d, sortree, rrs); + + sldns_buffer_clear(buf); + RBTREE_FOR(walk, struct canon_rr*, sortree) { + /* see if there is enough space left in the buffer */ + if(sldns_buffer_remaining(buf) < can_owner_len + 2 + 2 + 4 + + d->rr_len[walk->rr_idx]) { + log_err("verify: failed to canonicalize, " + "rrset too big"); + return 0; + } + /* determine canonical owner name */ + if(can_owner) + sldns_buffer_write(buf, can_owner, can_owner_len); + else { + can_owner = sldns_buffer_current(buf); + sldns_buffer_write(buf, k->rk.dname, k->rk.dname_len); + query_dname_tolower(can_owner); + can_owner_len = k->rk.dname_len; + } + sldns_buffer_write(buf, &k->rk.type, 2); + sldns_buffer_write(buf, &k->rk.rrset_class, 2); + sldns_buffer_write_u32(buf, d->rr_ttl[walk->rr_idx]); + sldns_buffer_write(buf, d->rr_data[walk->rr_idx], + d->rr_len[walk->rr_idx]); + canonicalize_rdata(buf, k, d->rr_len[walk->rr_idx]); + } + sldns_buffer_flip(buf); + return 1; +} + /** pretty print rrsig error with dates */ static void sigdate_error(const char* str, int32_t expi, int32_t incep, int32_t now) diff --git a/validator/val_sigcrypt.h b/validator/val_sigcrypt.h index 755a1d6e126d..bbb95780d7fe 100644 --- a/validator/val_sigcrypt.h +++ b/validator/val_sigcrypt.h @@ -180,6 +180,23 @@ uint16_t ds_get_keytag(struct ub_packed_rrset_key* ds_rrset, size_t ds_idx); int dnskey_algo_is_supported(struct ub_packed_rrset_key* dnskey_rrset, size_t dnskey_idx); +/** + * See if the DNSKEY size at that algorithm is supported. + * @param dnskey_rrset: DNSKEY rrset. + * @param dnskey_idx: index of RR in rrset. + * @return true if supported. + */ +int dnskey_size_is_supported(struct ub_packed_rrset_key* dnskey_rrset, + size_t dnskey_idx); + +/** + * See if the DNSKEY size at that algorithm is supported for all the + * RRs in the DNSKEY RRset. + * @param dnskey_rrset: DNSKEY rrset. + * @return true if supported. + */ +int dnskeyset_size_is_supported(struct ub_packed_rrset_key* dnskey_rrset); + /** * See if DS digest algorithm is supported * @param ds_rrset: DS rrset @@ -334,4 +351,16 @@ int canonical_tree_compare(const void* k1, const void* k2); int rrset_canonical_equal(struct regional* region, struct ub_packed_rrset_key* k1, struct ub_packed_rrset_key* k2); +/** + * Canonicalize an rrset into the buffer. For an auth zone record, so + * this does not use a signature, or the RRSIG TTL or the wildcard label + * count from the RRSIG. + * @param region: temporary region. + * @param buf: the buffer to use. + * @param k: the rrset to insert. + * @return false on alloc error. + */ +int rrset_canonicalize_to_buffer(struct regional* region, + struct sldns_buffer* buf, struct ub_packed_rrset_key* k); + #endif /* VALIDATOR_VAL_SIGCRYPT_H */ diff --git a/validator/val_utils.c b/validator/val_utils.c index 2f36fccfd4fe..dd8d320e515d 100644 --- a/validator/val_utils.c +++ b/validator/val_utils.c @@ -418,7 +418,7 @@ verify_dnskeys_with_ds_rr(struct module_env* env, struct val_env* ve, struct module_qstate* qstate) { enum sec_status sec = sec_status_bogus; - size_t i, num, numchecked = 0, numhashok = 0; + size_t i, num, numchecked = 0, numhashok = 0, numsizesupp = 0; num = rrset_get_count(dnskey_rrset); for(i=0; idate_override = cfg->val_date_override; val_env->skew_min = cfg->val_sig_skew_min; val_env->skew_max = cfg->val_sig_skew_max; + val_env->max_restart = cfg->val_max_restart; c = cfg_count_numbers(cfg->val_nsec3_key_iterations); if(c < 1 || (c&1)) { log_err("validator: unparseable or odd nsec3 key " @@ -1487,7 +1488,7 @@ processInit(struct module_qstate* qstate, struct val_qstate* vq, enum val_classification subtype = val_classify_response( qstate->query_flags, &qstate->qinfo, &vq->qchase, vq->orig_msg->rep, vq->rrset_skip); - if(vq->restart_count > VAL_MAX_RESTART_COUNT) { + if(vq->restart_count > ve->max_restart) { verbose(VERB_ALGO, "restart count exceeded"); return val_error(qstate, id); } @@ -1640,7 +1641,7 @@ processInit(struct module_qstate* qstate, struct val_qstate* vq, errinf(qstate, key_entry_get_reason(vq->key_entry)); } /* no retries, stop bothering the authority until timeout */ - vq->restart_count = VAL_MAX_RESTART_COUNT; + vq->restart_count = ve->max_restart; vq->chase_reply->security = sec_status_bogus; vq->state = VAL_FINISHED_STATE; return 1; @@ -1848,7 +1849,7 @@ processValidate(struct module_qstate* qstate, struct val_qstate* vq, LDNS_RR_TYPE_DNSKEY, vq->key_entry->key_class); vq->chase_reply->security = sec_status_bogus; errinf(qstate, "while building chain of trust"); - if(vq->restart_count >= VAL_MAX_RESTART_COUNT) + if(vq->restart_count >= ve->max_restart) key_cache_insert(ve->kcache, vq->key_entry, qstate); return 1; } @@ -2064,7 +2065,7 @@ processFinished(struct module_qstate* qstate, struct val_qstate* vq, * endless bogus revalidation */ if(vq->orig_msg->rep->security == sec_status_bogus) { /* see if we can try again to fetch data */ - if(vq->restart_count < VAL_MAX_RESTART_COUNT) { + if(vq->restart_count < ve->max_restart) { int restart_count = vq->restart_count+1; verbose(VERB_ALGO, "validation failed, " "blacklist and retry to fetch data"); @@ -2605,6 +2606,7 @@ process_ds_response(struct module_qstate* qstate, struct val_qstate* vq, int id, int rcode, struct dns_msg* msg, struct query_info* qinfo, struct sock_list* origin) { + struct val_env* ve = (struct val_env*)qstate->env->modinfo[id]; struct key_entry_key* dske = NULL; uint8_t* olds = vq->empty_DS_name; vq->empty_DS_name = NULL; @@ -2638,7 +2640,7 @@ process_ds_response(struct module_qstate* qstate, struct val_qstate* vq, vq->chain_blacklist = NULL; /* fresh blacklist for next part*/ /* Keep the forState.state on FINDKEY. */ } else if(key_entry_isbad(dske) - && vq->restart_count < VAL_MAX_RESTART_COUNT) { + && vq->restart_count < ve->max_restart) { vq->empty_DS_name = olds; val_blacklist(&vq->chain_blacklist, qstate->region, origin, 1); qstate->errinf = NULL; @@ -2691,7 +2693,7 @@ process_dnskey_response(struct module_qstate* qstate, struct val_qstate* vq, /* bad response */ verbose(VERB_DETAIL, "Missing DNSKEY RRset in response to " "DNSKEY query."); - if(vq->restart_count < VAL_MAX_RESTART_COUNT) { + if(vq->restart_count < ve->max_restart) { val_blacklist(&vq->chain_blacklist, qstate->region, origin, 1); qstate->errinf = NULL; @@ -2730,7 +2732,7 @@ process_dnskey_response(struct module_qstate* qstate, struct val_qstate* vq, * state. */ if(!key_entry_isgood(vq->key_entry)) { if(key_entry_isbad(vq->key_entry)) { - if(vq->restart_count < VAL_MAX_RESTART_COUNT) { + if(vq->restart_count < ve->max_restart) { val_blacklist(&vq->chain_blacklist, qstate->region, origin, 1); qstate->errinf = NULL; @@ -2807,7 +2809,7 @@ process_prime_response(struct module_qstate* qstate, struct val_qstate* vq, lock_basic_unlock(&ta->lock); if(vq->key_entry) { if(key_entry_isbad(vq->key_entry) - && vq->restart_count < VAL_MAX_RESTART_COUNT) { + && vq->restart_count < ve->max_restart) { val_blacklist(&vq->chain_blacklist, qstate->region, origin, 1); qstate->errinf = NULL; diff --git a/validator/validator.h b/validator/validator.h index 35da1920aa39..a928e10a65d8 100644 --- a/validator/validator.h +++ b/validator/validator.h @@ -64,9 +64,6 @@ struct config_strlist; */ #define BOGUS_KEY_TTL 60 /* seconds */ -/** max number of query restarts, number of IPs to probe */ -#define VAL_MAX_RESTART_COUNT 5 - /** Root key sentinel is ta preamble */ #define SENTINEL_IS "root-key-sentinel-is-ta-" /** Root key sentinel is not ta preamble */ @@ -95,6 +92,9 @@ struct val_env { /** clock skew max for signatures */ int32_t skew_max; + /** max number of query restarts, number of IPs to probe */ + int32_t max_restart; + /** TTL for bogus data; used instead of untrusted TTL from data. * Bogus data will not be verified more often than this interval. * seconds. */